Hot Deal

My Experience with SBI YONO ATM Fraud: How I Recovered My Money

1810°
Finance Ninja
shraaj

In December of 2021, I had a shocking experience when I discovered an unread SMS on my father's phone stating that 20,000 INR had been debited from his account via cardless withdrawal from SBI YONO at 01:35 PM. Despite my father's denial of making such a transaction, we contacted SBI customer care for assistance, but they were unhelpful. We then visited the bank branch, but they instructed us to file an FIR at a police station before further proceedings. However, even after filing the FIR, another 20,000 INR was withdrawn from the same ATM, and the police were stunned to see my father's card still in his possession.

Although the General Manager of the bank suggested that the card may have been lost and the funds stolen, we were confident that the card was still in our possession, and we hadn't shared any personal information. The bank branch initially refused to check the CCTV footage of the ATM where the transaction occurred, but we persisted, and they eventually agreed to do so after some arguments. Upon discovering that SBI had received over 200,000 complaints with only a small fraction of them being accepted and compensated, I felt disheartened but remained hopeful that I would receive the 40,000 INR owed to me.

As we regularly visited the bank, the branch manager informed us that they were working on the case and mentioned insurance protection for fraud by debit card for Visa/Mastercard, which unfortunately did not apply to our situation,because the card has to be used Physically but in my case it was CardLess transaction. Despite the setback, I maintained confidence and demonstrated to the bank that no harmful external apps were installed on my phone and that Samsung KNOX Security was enabled which was Hardware Layer Security.

We also filed a complaint with various concerned authorities, including the RBI, and presented all necessary proof to support our case.

After much perseverance- 3 months, the RBI Regional Team finally confirmed via email that my account would be credited with the 40,000Rs owed to me by SBI. My family and I were overjoyed, and my father closed all his transactions, debit card, and net banking to prevent any future occurrences. However, we kept the account activity for my father's work purposes.

This incident raises several questions, such as why SBI YONO or SBI YONO Lite did not have SMS verification in 2020, and how the fraudster obtained the OTP. Regardless, the experience taught me valuable lessons, such as regularly monitoring our bank accounts and being aware of security measures to safeguard against fraudsters.

In conclusion, my story highlights the importance of staying vigilant and taking swift action if we fall victim to ATM fraud. Reporting such incidents to relevant authorities and providing them with sufficient evidence can lead to a successful outcome.
Expired
Disclaimer
We are not SEBI/IRDA registered. The information provided herein is for education purposes only. We will not be responsible for any of your profit/loss with this channel's suggestions. Consult your financial advisor before making any decisions.
75 Comments  |  
41 Dimers
  • Sort By
Generous Generous
Link Copied

Great work. 

Helpful Helpful
Link Copied
Where there is a will...there is a way...everything is possible if we fight for it
Helpful Helpful
Link Copied

Thanks for sharing 

Deal Lieutenant Deal Lieutenant
Link Copied

Good job.

What I would be interested in knowing is what the bank found out about how the two withdrawals happened and their conclusion.

Finance Ninja Finance Ninja
Link Copied
Never know that thing how did they know?

In an Initial Investigation, SBI Mumbai Cyber Division Team investigated and there was a Guy Named Akshay....he even tried to add the Beneficiary but failed because of Additional Security Layer such as Profile Password (MPIN) he didn't know.

That's why, But when RBI Intervened that matter was pretty serious and also I have attached many reports such as SBI Net Banking hasn't had enough security measures and how the people are bypassing this nobody noticed!

https://trak.in/tags/business/2021/11/13/sbi-cu...

https://www.quora.com/Recently-a-lady-lost-Rs-6...
Savings Mentor Savings Mentor
Link Copied

Wait I don't understand your contradicting statement: 

"SBI YONO or SBI YONO Lite did not have SMS verification in 2020, and how the fraudster obtained the OTP."

Isn't OTP a way of SMS verification?

Personally I haven't been a victim of fraud yet but some impostor did attempt to break into one of my bank accounts by impersonating official bank customer care on Twitter and trying to get me into sending an SMS from my device to authorize his device so he could transfer the balance to his account. Daily I report at least a couple of such fraud accounts now on Twitter. But I feel it's a losing battle because of how Twitter easily allows such impostors to exist.

Finance Ninja Finance Ninja
Link Copied
Nope at that Time only entering USER ID and PASSWORD was enough

SBI Yono (AKA SBI Net Banking Tech Team Later implemented SMS Verification feature later on in an update)
View 12 more replies
Crowdpuller Crowdpuller
Link Copied

Same happened with my friend, 5-6 years before, we were in office and suddenly he got 6 sms of rs 10,000 withdrawal from ATM APPX 20 KM far from us, he checked whether ATM card with him, then check bank account, in between another 3 SMSs for 10,000 withdrawal, Total 90,000 was withdrawn. He complain to customer and during his talk to customer care 1 more message of 5000 debit, he blocked his card and and registered a complaint.

To our surprise whole 95000 was credited on 3rd day and customer care told us it was due to technical error at ATM

It was Axis Bank

Deal Cadet Deal Cadet
Link Copied

Mistake from the bank. Usually it will take more than 10 branch visits and 20 complaints and 30 calls to bank to get back money.

Entertainer Entertainer
Link Copied

Good work plus1.

Didn't u get any interest on that 40k?

Or 3 months is the normal period and after that interest is applicable?

Finance Ninja Finance Ninja
Link Copied

I guess so! 3 months is normal because as far as I remember I received it within 2.5 months

Deal Newbie Deal Newbie
Link Copied

Could you also elaborate/talk more about  why insurance protection for fraud by debit card for Visa/Mastercard was denied @shraaj

Finance Ninja Finance Ninja
Link Copied
Because it was a CardLess Transaction.

Which doesn't require a Physical Debit Card.

Deal Subedar Deal Subedar
Link Copied

Why to keep huge liquid cash and not make online fixed deposit for certain period of time and get renewed automatically? 

Specialist Specialist
Moderator
Link Copied
the FD's ,no doubt, can easily be made online.
but they can be closed and credited back to a/c with the same ease
View 1 more reply
Celeb Celeb
Link Copied

So many people accounts got debited by small amount like Rs 2000 etc.This was done using biometrics obtained from various platforms like Land Registration, AEPS etc......There are no strict laws in India and these type of transactions will increase drastically

Deal Cadet Deal Cadet
Link Copied

It Happened with my senior, about 5 years ago he lost 50k without sharing any details. Learning from him I kept most of my money in paper assets.He later on kept an account in SBI without any net banking, debit card or even UPI facility. That's hard for me to follow so I think paper assets like stocks and bonds are better secured than bank accounts these days.

Talk-Of-The-Town Talk-Of-The-Town
Link Copied

Why did fraud protection on the card did not apply to your situation?

Deal Cadet Deal Cadet
Link Copied

It sometimes feels like the banks/financial institutions want to force people to buy card protection plan, by sponsoring small time frauds to scare people. worried

Like Magnet Like Magnet
Link Copied

horrifying... scream

Generous Generous
Link Copied

who was your mobile operator ? was it airtel?

1. sim card cloning is when someone obtain your duplicate sim based on forge doc.

2. when using on android many apps have acess to SMS, if they also have your card detail then u r done


India is the best and greatest country in the world and its system is fully secure still such thing happen and people need to go to RBI /courts for justice

Critic Critic
Link Copied

1. No incoming/outgoing sms now on any duplicate/replacement sim for first 24 hours since activation.

View 3 more replies
Deal Captain Deal Captain
Link Copied

Were you able to find out how the fraud happened? @shraaj

Finance Ninja Finance Ninja
Link Copied
No!
Blaze Blaze
Link Copied

plus1 plus1 plus1 plus1

Deal Subedar Deal Subedar
Link Copied
I would say keep calm and close SBI accounts who gives public money to wealthy defaulters wink
Finance Ninja Finance Ninja
Link Copied
TRUE!😄

But, SBI is the Largest Bank in India. If it Fails, INDIA Will fail and that is not gonna happen.

In Every Scam/Fraud SBI is there but SBI can absorb many such things and The Fact is OUT OF EVERY 3 BANKING customers 1 IS FROM SBI and that's is why it has 45Crore+ Bank A/c.
View 7 more replies
Cool Cool
Link Copied

India is on top in the world on such scams. It's vary common and many people are getting looted. Many scammer tried to scam me and even I went to police station for giving complaint but police denied to take complaint as I didn't got looted.

Deal Newbie Deal Newbie
Link Copied

Same happened to the Carpenter working in my new house.

He tried a lot to get back his money but nothing worked.

As he was not educated so i took up the charge and raised consumer complaint against bank and filed things to RBI as well.

I made bank with the help of RBI to return his hard earned money to him.

Post Emperor Post Emperor
Link Copied
Not just yono similar story for all similar bank fraud because No strong legislation around this and ni strict action by RBI on banks, had there has been a fear of loosing his job the branch manager would run post to pillar to help you.. Unfortunately this is not the case
Deal Newbie Deal Newbie
Link Copied

ICICI has additionally the grid printed on debit card which is needed for almost all new benefeciaary transactions from netbanking. Unless somebody knows the grid details, its practically not possible unless you have very good luck toungueout 

Blaze Blaze
Link Copied

I'll tell you, this is done by the Backend team by a developer who has the Production database write access, a person who was working or could have left the organisation.

And the OTP part, this can also work out if they have a Database for OTP access too, so whatever the registered no is, they can access the OTP in their data base, it could become a huge data breach, but once such kind of activity is out, the whole bank can be sealed and shutdown. And Since SBI is a Govt-managed organisation, they won't let such news out.

For Not receiving SMS, they just have to manually disable the Push notification from the database.

This is how there is a data breach of any Organisation that occurs.

In the End all i can say is that, keep enough proof to claim the infringement of your Privacy.

Finance Ninja Finance Ninja
Link Copied
KG+ For such a wonderful information
Deal Cadet Deal Cadet
Link Copied

There was a similar incident with me. I use auto generated passwords for my bank accounts. I got a SMS during April 2021 that incorrect profile password is being entered which implies that the hacker had logged in successfully into my SBI account. I had immediately changed the login password. Luckily there was no loss. The possibility of password leak from my side is very minimal.

I think there was some breach in the SBI systems which didn't come in media. Within few days SBI implemented OTP for login.

Finance Ninja Finance Ninja
Link Copied
That's true
Deal Newbie Deal Newbie
Link Copied

This might be something done by an SBI employee, my brother works at one of the Government Bank and they had a similar case which was later found to be an employee's doing. That employee got sacked and imprisoned (not sure for how long).

I had a case with Amazon Pay Later(this service just came out) where my account which is like more than 5-6 years old had gotten Amazon Pay Later enabled with someone else's name and transactions of more than 10k were made and I got a call from Amazon Executive saying I should pay the amount.

I called their customer service and raised concern regarding this issue, they blocked Amazon Pay Later on my account and everything. A friend of mine used to work at Amazon and from him I got to know that some support staff was doing these things doing eKYC using any aadhar on any account enabling Pay Later and buying stuff.

Saale kaam shi se kaare to waise hi acche paise kma le. Apne fayade ke liye dusro ki life kharab krte h

Deal Cadet Deal Cadet
Link Copied

What's conclusion CCTV footage? How scam happened & does scamster caught in CCTV?

Helpful Helpful
Link Copied
+1
somehow this part is missing from the long story
View 1 more reply
Deal Cadet Deal Cadet
Link Copied

Can you provide all point of contacts , let's make a thread where we collect all point of contacts, who will be helping in such a case

Finance Ninja Finance Ninja
Link Copied
Ok,Remind me in the evening,I will try to make a thread about this.
View 1 more reply
Helpful Helpful
Link Copied

@shraaj 

your story does not add up

 YONO Cash, max limit is ₹10,000

you cant remove more then that 

YUNO App are safe and not that easy to get in 

- for this your fathers username and password were leaked in some way

- otp was also provided coz you cant login without otp in yuno

opt login has been mandatory in sbi since a long time even befor 2021

this whole insident is a case of mishap from the customer side dont blame it on bank

he must have sholder read the credentials while at the bank when your father was loggin in to his yuno app

Finance Ninja Finance Ninja
Link Copied

Read My First Line - It was in December 2020.


At that time, There were no Withdrawal Restrictions of Rs.20,000/Day 


There was no rule of OTP in that period later OTP Feature was announced!


You Just shut your Mouth Because RBI, Police, Bank, Judiciary, and Cyber Crime were involved in this case and without evidence or a single fault of 0.00001% of mine would have cost me the entire 40,000Rs and all the Above authorities understood their mistake and Directed me to refund My 40,000Rs.

View 2 more replies
Helpful Helpful
Link Copied

@admin A convenient way to spread misinformation in this forum he/she fails to provide proof and can't take criticism of the lightest kind

"You Just shut your Mouth" what does this say about a person?

read through the comments I have made

please pause this discussion it is spreading unnecessary fear among dasidime users about banking this discussion does not help a tad bit to prove its narrative in any shape or form

all it does is make people fear that this may happen with them not knowing how?

please take the action you seem fit im not commenting on this discussion any forther 

replyuser
Click here to reply
Reply