RBI flags surge in bank fraud amounts despite drop in cases

Mumbai: While the number of bank fraud cases in India declined for the third consecutive year in FY26, the amount involved surged sharply during the year, according to the Reserve Bank of India’s (RBI) annual report released on Friday.

The report showed total fraud cases at banks fell to 10,114 in FY26 from 23,722 in FY25 and 35,800 in FY24. However, the amount involved rose to ₹48,021 crore in FY26, compared with ₹32,803 crore in FY25 and ₹11,013 crore in FY24.

Public sector banks accounted for the bulk of the amount involved at ₹35,709 crore, while private sector banks reported frauds worth ₹11,399 crore.

Fraud related to advances emerged as the biggest area of concern, accounting for 8,640 cases involving ₹40,774 crore in FY26, nearly 85% of the total amount involved during the year.

This compares with 4,549 cases involving ₹27,364 crore in FY25, accounting for about 83% of total fraud amounts, and 4,069 cases involving ₹10,461 crore in FY24, when advances-related frauds made up nearly 95% of the total amount involved.

In contrast, card, internet, and digital payment frauds — which dominated by volume in FY24 and FY25— fell sharply to 293 cases in FY26 from 13,332 in FY25 and 28,836 in FY24.

The jump in the fraud amount partly reflected the reporting of 314 cases worth ₹30,199 crore related to previous financial years, after banks revisited cases following the Supreme Court’s March 2023 judgement on fraud classification.

The RBI, in its report, said work on several supervisory and cyber resilience measures initiated in FY26 remains underway. These include a proposed service availability and resilience framework for digital banking channels, baseline guidelines on “Digital Forensic Readiness”, and a real-time dashboard to monitor outages across select banking services. The dashboard is currently being piloted with 10 banks through the Indian Banks’ Association.

The central bank also said it operationalised a “state-of-the-art” cyber range platform at the Institute for Development and Research in Banking Technology (IDRBT) to conduct simulated cyberattack drills for supervised entities.

For FY27, RBI has laid out an expanded cyber supervision agenda, including micro-data analytics for cyber risk, AI-focused thematic reviews, alignment of incident reporting with global Financial Stability Board standards, and onboarding more banks onto the real-time service availability monitoring platform.

“The rapid evolution of digital financial services has brought transformative benefits to India’s financial ecosystem… however, this growth also had an unintended consequence of increase in cyber-enabled frauds,” the RBI said in the report.

This comes days after Mint reported on 20 May that India’s largest banks were stepping up cyber defences, specialist hiring and insurance coverage amid fears that increasingly sophisticated AI systems could make cyberattacks faster and harder to contain.

Banks, including HDFC Bank and Axis Bank, told Mint they were expanding “red teaming”, AI-security operations and threat detection capabilities as concerns rise around AI-enabled attacks and vulnerabilities in digital banking systems.