Bank hacker drains over Rs. 10 million from a fixed deposit, raising questions over fraud detection, passwords and customer protection.
A bank hacker has allegedly drained more than Rs. 10 million from a customer’s fixed deposit account at a leading commercial bank, raising serious concerns over digital banking security.
The money had been transferred step by step from the customer’s fixed deposit account to several other financial institutions. According to the complaint, the transfers were made without any prior notice or permission from the customer.
The customer realized what had happened only after checking the SMS alerts that arrived on their phone. By then, their wealth had disappeared within seconds.
Following an internal investigation into the financial loss, the bank stated that there were no faults in its systems.
The bank has pointed out that the transactions were carried out using the customer’s correct User ID and Password, and through the mobile device registered with the bank, identified as the Registered Device ID.
According to the bank’s assumption, the fraud may have been committed by externally accessing the customer’s device.
On that basis, the bank has informed the customer that it cannot be held responsible for the loss and that the matter should be investigated through the Criminal Investigation Department.
However, questions remain over why the bank’s fraud detection systems were not triggered when such a large amount was transferred within a short period.
The key technical issue is whether these transfers should have been flagged as “unusual” because they differed from the customer’s normal transaction pattern.
Cyber security experts say advanced banking systems should be able to instantly identify suspicious activity that deviates from a customer’s usual behaviour.
They say such systems should either temporarily suspend suspicious transfers or require step-up authentication before allowing them to proceed.
This raises concerns about whether banks can rely only on the argument that the “correct password was used” when customers trust financial institutions to safeguard their money.
What happens next could be critical, as the case may test how far banks are expected to protect customers from cyber fraud involving registered devices, stolen credentials, and suspicious transaction patterns.
