An Indian woman scammed of over ₹58 million in a 'digital arrest' fraud is now battling banks and regulators. Are institutions doing enough to protect victims?
 |
| Anjali lost ₹58.5 million to a cyber fraud. But her fight now is with India’s banks and courts—exposing systemic lapses in digital safety and accountability. Image: CH |
GURUGRAM, India — September 8, 2025:
It began with a phone call — and ended with a life savings wiped out. But for Anjali, a resident of Gurugram near Delhi, the trauma didn’t stop there. After being scammed out of ₹58.5 million (approx. $663,390) in a chilling “digital arrest” fraud, she is now battling another system: the very banks and institutions she trusted to protect her money.
What unfolded over five days in September 2024 was psychological coercion at its most sophisticated. Fraudsters impersonating law enforcement officials manipulated Anjali through video calls on Skype, threatening her with arrest, jail, and harm to her son unless she followed instructions. Under constant surveillance and duress, she liquidated nearly all her savings.
“After that, my brain stopped working. My mind shut down,” she told the BBC.
The money disappeared — rapidly, and with digital precision — through a maze of banks and shell accounts. A year later, Anjali is still searching for justice.
Anjali’s experience underscores a broader national crisis. Official figures show that reported cases of “digital arrest” fraud nearly tripled between 2022 and 2024, reaching 123,000 cases. In response, the Indian government has launched full-page newspaper ads, radio PSAs, and even direct warnings from the Prime Minister. Nearly 4,000 Skype IDs and 83,000 WhatsApp accounts have been blocked.
Yet, these efforts are reactive — not preventive. Victims, like Anjali, say banks have failed in their most basic responsibility: to flag suspicious activity and protect account holders from extraordinary and uncharacteristic transactions.
On 4 and 5 September 2024, Anjali made two massive bank transfers — ₹28 million and ₹30 million — under the scammers’ coercion. She was a premium customer at HDFC Bank, India's largest private lender. Yet she received no alert, no verification call, no flag — despite the transactions being over 200 times larger than her usual financial activity.
“If I get a call for a ₹50,000 credit card purchase, why didn’t I get one for a ₹28 million transfer from savings?” she asked.
HDFC Bank responded in an internal email — seen by the BBC — calling her claims “baseless.” They said the fraud was reported two to three days after the transfers and that the transactions were made on her instructions.
The banking ombudsman later closed her complaint, citing a 2017 rule: if the customer authorizes the transaction — even under duress — the loss is theirs.
Anjali painstakingly traced the movement of her funds. They first landed in an ICICI Bank account held by a man named “Mr Piyush.” That account had only a few thousand rupees before the transfer. No red flags were raised.
She questions why ICICI permitted large inflows and outflows without freezing the account or initiating further KYC checks. ICICI, in a statement, insisted it followed all KYC protocols and froze the account as soon as it was alerted.
But by then, it was too late.
Within four minutes, most of the funds had been dispersed into 11 accounts at Sree Padmavathi Cooperative Bank, affiliated with Federal Bank in Hyderabad. Eight account addresses were found to be fake; the rest belonged to a rickshaw driver, a widow, and a carpenter — none aware their identities were being used.
Police arrested Samudrala Venkateshwaralu, former director of the cooperative bank, accusing him of facilitating the creation of mule accounts — set up in real people's names and sold to criminals. He remains in jail.
Anjali has recovered only ₹10 million of the ₹58.5 million she lost. Her case, now joined with others, is pending before India's top consumer court, where the victims allege "deficiency of service" by banks. The next hearing is set for November.
Legal experts say these cases expose deep systemic flaws. Lawyer Mahendra Limaye, representing Anjali and others, argues that banks are not passive conduits but active enablers when they fail to flag high-risk patterns.
“Banks have a duty of care. If an account shows unusual activity, that transaction must be stopped,” he said.
In other countries, the tide is turning. The UK recently passed regulations requiring payment service providers to reimburse victims of authorized push payment (APP) frauds, barring specific exceptions.
India has no such framework.
To make matters worse, Anjali says she is now being taxed on the money she lost — since liquidated investments incur capital gains tax, even if the funds were stolen.
“There is no recognition of such crimes by the Income Tax department. This compounds the financial misery of victims,” she said.
India has leapfrogged into the digital age, boasting a robust fintech ecosystem and skyrocketing mobile banking adoption. But the infrastructure to police it — from cybercrime units to banking compliance systems — hasn’t kept pace.
Victims of sophisticated scams like "digital arrest" are left to pick up the pieces alone, as regulators point to outdated rules and banks refuse responsibility.
Anjali's story is no longer just about fraud. It’s about a regulatory and institutional ecosystem that seems ill-equipped to protect even its most trusting users.
And in a world where a scam can reach anyone — anywhere, anytime — the question is no longer whether someone will fall victim.
It’s who will be held accountable when they do.