My Experience with SBI YONO ATM Fraud: How I Recovered My Money
- 12993
- 75
-
- Last Comment
In December of 2021, I had a shocking experience when I discovered an unread SMS on my father's phone stating that 20,000 INR had been debited from his account via cardless withdrawal from SBI YONO at 01:35 PM. Despite my father's denial of making such a transaction, we contacted SBI customer care for assistance, but they were unhelpful. We then visited the bank branch, but they instructed us to file an FIR at a police station before further proceedings. However, even after filing the FIR, another 20,000 INR was withdrawn from the same ATM, and the police were stunned to see my father's card still in his possession.
Although the General Manager of the bank suggested that the card may have been lost and the funds stolen, we were confident that the card was still in our possession, and we hadn't shared any personal information. The bank branch initially refused to check the CCTV footage of the ATM where the transaction occurred, but we persisted, and they eventually agreed to do so after some arguments. Upon discovering that SBI had received over 200,000 complaints with only a small fraction of them being accepted and compensated, I felt disheartened but remained hopeful that I would receive the 40,000 INR owed to me.
As we regularly visited the bank, the branch manager informed us that they were working on the case and mentioned insurance protection for fraud by debit card for Visa/Mastercard, which unfortunately did not apply to our situation,because the card has to be used Physically but in my case it was CardLess transaction. Despite the setback, I maintained confidence and demonstrated to the bank that no harmful external apps were installed on my phone and that Samsung KNOX Security was enabled which was Hardware Layer Security.
We also filed a complaint with various concerned authorities, including the RBI, and presented all necessary proof to support our case.
After much perseverance- 3 months, the RBI Regional Team finally confirmed via email that my account would be credited with the 40,000Rs owed to me by SBI. My family and I were overjoyed, and my father closed all his transactions, debit card, and net banking to prevent any future occurrences. However, we kept the account activity for my father's work purposes.
This incident raises several questions, such as why SBI YONO or SBI YONO Lite did not have SMS verification in 2020, and how the fraudster obtained the OTP. Regardless, the experience taught me valuable lessons, such as regularly monitoring our bank accounts and being aware of security measures to safeguard against fraudsters.
Good job.
What I would be interested in knowing is what the bank found out about how the two withdrawals happened and their conclusion.
In an Initial Investigation, SBI Mumbai Cyber Division Team investigated and there was a Guy Named Akshay....he even tried to add the Beneficiary but failed because of Additional Security Layer such as Profile Password (MPIN) he didn't know.
That's why, But when RBI Intervened that matter was pretty serious and also I have attached many reports such as SBI Net Banking hasn't had enough security measures and how the people are bypassing this nobody noticed!
https://trak.in/tags/business/2021/11/13/sbi-cu...
https://www.quora.com/Recently-a-lady-lost-Rs-6...
Wait I don't understand your contradicting statement:
"SBI YONO or SBI YONO Lite did not have SMS verification in 2020, and how the fraudster obtained the OTP."
Isn't OTP a way of SMS verification?
Personally I haven't been a victim of fraud yet but some impostor did attempt to break into one of my bank accounts by impersonating official bank customer care on Twitter and trying to get me into sending an SMS from my device to authorize his device so he could transfer the balance to his account. Daily I report at least a couple of such fraud accounts now on Twitter. But I feel it's a losing battle because of how Twitter easily allows such impostors to exist.
SBI Yono (AKA SBI Net Banking Tech Team Later implemented SMS Verification feature later on in an update)
Same happened with my friend, 5-6 years before, we were in office and suddenly he got 6 sms of rs 10,000 withdrawal from ATM APPX 20 KM far from us, he checked whether ATM card with him, then check bank account, in between another 3 SMSs for 10,000 withdrawal, Total 90,000 was withdrawn. He complain to customer and during his talk to customer care 1 more message of 5000 debit, he blocked his card and and registered a complaint.
To our surprise whole 95000 was credited on 3rd day and customer care told us it was due to technical error at ATM
It was Axis Bank
Mistake from the bank. Usually it will take more than 10 branch visits and 20 complaints and 30 calls to bank to get back money.
.
Could you also elaborate/talk more about why insurance protection for fraud by debit card for Visa/Mastercard was denied @shraaj
Which doesn't require a Physical Debit Card.
So many people accounts got debited by small amount like Rs 2000 etc.This was done using biometrics obtained from various platforms like Land Registration, AEPS etc......There are no strict laws in India and these type of transactions will increase drastically
It Happened with my senior, about 5 years ago he lost 50k without sharing any details. Learning from him I kept most of my money in paper assets.He later on kept an account in SBI without any net banking, debit card or even UPI facility. That's hard for me to follow so I think paper assets like stocks and bonds are better secured than bank accounts these days.
Why did fraud protection on the card did not apply to your situation?
horrifying... 
who was your mobile operator ? was it airtel?
1. sim card cloning is when someone obtain your duplicate sim based on forge doc.
2. when using on android many apps have acess to SMS, if they also have your card detail then u r done
India is the best and greatest country in the world and its system is fully secure still such thing happen and people need to go to RBI /courts for justice
1. No incoming/outgoing sms now on any duplicate/replacement sim for first 24 hours since activation.
Were you able to find out how the fraud happened? @shraaj
But, SBI is the Largest Bank in India. If it Fails, INDIA Will fail and that is not gonna happen.
In Every Scam/Fraud SBI is there but SBI can absorb many such things and The Fact is OUT OF EVERY 3 BANKING customers 1 IS FROM SBI and that's is why it has 45Crore+ Bank A/c.
India is on top in the world on such scams. It's vary common and many people are getting looted. Many scammer tried to scam me and even I went to police station for giving complaint but police denied to take complaint as I didn't got looted.
Same happened to the Carpenter working in my new house.
He tried a lot to get back his money but nothing worked.
As he was not educated so i took up the charge and raised consumer complaint against bank and filed things to RBI as well.
I made bank with the help of RBI to return his hard earned money to him.
ICICI has additionally the grid printed on debit card which is needed for almost all new benefeciaary transactions from netbanking. Unless somebody knows the grid details, its practically not possible unless you have very good luck 
I'll tell you, this is done by the Backend team by a developer who has the Production database write access, a person who was working or could have left the organisation.
And the OTP part, this can also work out if they have a Database for OTP access too, so whatever the registered no is, they can access the OTP in their data base, it could become a huge data breach, but once such kind of activity is out, the whole bank can be sealed and shutdown. And Since SBI is a Govt-managed organisation, they won't let such news out.
For Not receiving SMS, they just have to manually disable the Push notification from the database.
This is how there is a data breach of any Organisation that occurs.
In the End all i can say is that, keep enough proof to claim the infringement of your Privacy.
There was a similar incident with me. I use auto generated passwords for my bank accounts. I got a SMS during April 2021 that incorrect profile password is being entered which implies that the hacker had logged in successfully into my SBI account. I had immediately changed the login password. Luckily there was no loss. The possibility of password leak from my side is very minimal.
I think there was some breach in the SBI systems which didn't come in media. Within few days SBI implemented OTP for login.
This might be something done by an SBI employee, my brother works at one of the Government Bank and they had a similar case which was later found to be an employee's doing. That employee got sacked and imprisoned (not sure for how long).
I had a case with Amazon Pay Later(this service just came out) where my account which is like more than 5-6 years old had gotten Amazon Pay Later enabled with someone else's name and transactions of more than 10k were made and I got a call from Amazon Executive saying I should pay the amount.
I called their customer service and raised concern regarding this issue, they blocked Amazon Pay Later on my account and everything. A friend of mine used to work at Amazon and from him I got to know that some support staff was doing these things doing eKYC using any aadhar on any account enabling Pay Later and buying stuff.
Saale kaam shi se kaare to waise hi acche paise kma le. Apne fayade ke liye dusro ki life kharab krte h
somehow this part is missing from the long story
Can you provide all point of contacts , let's make a thread where we collect all point of contacts, who will be helping in such a case
your story does not add up
YONO Cash, max limit is ₹10,000
you cant remove more then that
YUNO App are safe and not that easy to get in
- for this your fathers username and password were leaked in some way
- otp was also provided coz you cant login without otp in yuno
opt login has been mandatory in sbi since a long time even befor 2021
this whole insident is a case of mishap from the customer side dont blame it on bank
he must have sholder read the credentials while at the bank when your father was loggin in to his yuno app
Read My First Line - It was in December 2020.
At that time, There were no Withdrawal Restrictions of Rs.20,000/Day
There was no rule of OTP in that period later OTP Feature was announced!
You Just shut your Mouth Because RBI, Police, Bank, Judiciary, and Cyber Crime were involved in this case and without evidence or a single fault of 0.00001% of mine would have cost me the entire 40,000Rs and all the Above authorities understood their mistake and Directed me to refund My 40,000Rs.
@admin A convenient way to spread misinformation in this forum he/she fails to provide proof and can't take criticism of the lightest kind
"You Just shut your Mouth" what does this say about a person?
read through the comments I have made
please pause this discussion it is spreading unnecessary fear among dasidime users about banking this discussion does not help a tad bit to prove its narrative in any shape or form
all it does is make people fear that this may happen with them not knowing how?
please take the action you seem fit im not commenting on this discussion any forther
Great work.