Bank of Baroda, the second-largest state-owned bank in India, has refuted allegations that its officials used unknown individuals’ phone numbers to inflate registrations for its mobile banking app, BoB World. An Al Jazeera report had claimed that bank officials linked unrelated mobile numbers to accounts to meet ambitious onboarding targets. However, a spokesperson for Bank of Baroda denied the accusations, asserting that their current mobile banking user base of 30 million customers was legitimately connected to unique mobile numbers associated with their bank accounts.
According to Al Jazeera’s report, in March 2022, Bank of Baroda officers in the Bhopal zone were assigned the task of onboarding at least 150 existing bank customers for the bank’s newly launched app, “bob World,” which had been introduced six months earlier. However, the officials faced difficulties in convincing people to sign up, and their regional office closely monitored their progress, reprimanding them for their underperformance.
The report further stated that an official, speaking anonymously, disclosed that he and his colleagues obtained a list of bank accounts not linked to mobile numbers. They then associated these accounts with any mobile numbers they could gather, including those of bank staff, sanitation and security workers, and their relatives. This process allowed them to generate the required one-time password (OTP) for app registration, after which they would sign up these accounts from the backend. Subsequently, the employees would deregister these customers from the app and reuse the same mobile numbers in a similar manner for other bank accounts.
These alleged irregularities were reportedly widespread, with employees from various regions Uttar Pradesh, Rajasthan, Gujarat and Jharkhand adopting similar practices to meet the demanding targets. The situation raised concerns about the safety of customer accounts since thousands of bank accounts were linked to unfamiliar mobile numbers.
In February of the previous year, after retiring, the individual sent an email expressing concerns about the immense pressure surrounding the activation of “bob World” and how it was leading to a situation resembling fraud. He pointed out that in some cases, the mobile number of the branch head was being used for activation, indicating a potential significant fraud in the making.
Internal communications within Bank of Baroda acknowledged the risk posed to tens of thousands of bank accounts due to their association with unknown individuals’ mobile numbers. These emails, initially sent in January 2022, instructed branches to discreetly investigate mobile numbers linked to multiple accounts and suggest whether those numbers should be removed.
The cleanup process was conducted in stages, starting with the delinking of phone numbers connected to 100 or more accounts, followed by numbers linked to 50-plus accounts, and then those associated with 30 or more accounts.
Linking unauthorized mobile numbers to bank accounts poses fraud risks, as unauthorized users can gain access to accounts, can change online banking passwords, get hold of new ATM cards and conduct unauthorized transactions.
In 2021, a Bank of Baroda customer from Uttar Pradesh suffered a loss of ₹1.5 million, when his registered mobile number became inactive and was subsequently assigned to someone else. The new user exploited the mobile banking access to carry out unauthorized transactions extensively.
Al Jazeera came across tweets from other Bank of Baroda customers who claimed that money sent to them through their mobile number-linked bank accounts ended up in different individuals’ bank accounts. This situation occurred due to their phone numbers being allegedly registered with multiple accounts. One individual mentioned losing ₹25,000 in this manner, while another reported losses of ₹2,500, ₹1,500, and more over the course of a year.
Despite the Indian government’s promotion of digital banking for a less-cash economy, this scandal casts doubts on the security of customers’ money and the handling of sensitive financial information by banks. Bank employees revealed that aggressive enrollment targets sometimes led to unethical practices, such as signing up customers without their knowledge using the bank’s official devices.
Many Bank of Baroda employees from various branches disclosed to Al Jazeera an additional method they used to increase app registrations. They specifically targeted working-class customers who still used feature phones and were unable to download the bank app. To sign up these customers, bank employees would take the SIM card from their feature phones and insert it into the branch’s official tablet or an employee’s smartphone, with the customers’ consent. Subsequently, the employees would personally assist the customers in the registration process by calling them to the branch and enrolling them individually using this approach.
Al Jazeera requested information from the bank under the Right to Information law, but Bank of Baroda claimed not to have data regarding the number of recommendations for delinking mobile numbers. The bank also declined to disclose details about the number of users joining and quitting the BoB World app.
In response to the allegations, Bank of Baroda maintained that its mobile app is designed with robust controls to prevent multiple linkages to the same mobile number. Customers are required to visit the bank branch in person for mobile number registration or updates, involving a two-factor authentication process.
Regarding linking bank accounts to mobile numbers, the bank stated that it allows the seeding of one mobile number to a maximum of eight customer IDs, provided they have the same registered address, for the convenience of family members.
(Source – Mint, Al Jazeera, and Moneylife)
We are not claiming whether this information is true or not, but we have mentioned the sources here. We are not responsible for any truth or misconception in relation to the recent BOB Fraud. Our reliance is on the aforementioned sources.
