What Happens To Your Money If Your Fintech Company Gets Defrauded?

Recently, some fraudsters siphoned off Rs 12 crore from CRED, a Bengaluru-based payment solutions fintech company. The incident has left many wondering; what does this mean for customers? Could users’ data be at risk? And most importantly, what happens to users’ money if the fintech company gets defrauded?

To get answers to these questions let’s understand the incident of what happened with CRED and what safeguard mechanisms are in place to protect customers.

The CRED Incident

To explore if the scam that defrauded CRED affects customers, we must understand how such fintech companies handle user funds.

Explains Wriju Ray, Chief Business Officer, IDfy, an Integrated Identity Platform, “As per law, CRED uses one or more bank accounts (in this case that of Axis bank) to keep the money of its users. Such accounts are called nodal accounts.” This is a standard practice in the fintech world to ensure transparency and security of customer data and funds.

The suspects in the CRED case reportedly stole sensitive data and forged Corporate Internet Banking (CIB) documents to execute the fraud. The police investigation revealed that the fraud did not occur due to any lapse in this fintech’s operations, rather it seems that an Axis Bank insider colluded with an accomplice to forge documents and access the funds.

What Safeguards Are In Place To Protect Customers?

According to Ray a fintech platform typically protects its users from fraud in the following ways;

• User Verification: Payment wallets such as CRED always verify their users when their accounts are opened by checking their ID cards and by matching their details against the user’s biometric details (selfie) or user’s bank account etc. Such apps also check to see if users are known money launderers from available lists.

• Authentication Protocols: Once these accounts are opened the user is authenticated every time he or she logs in.

• Constant Monitoring: The transactions are monitored regularly to identify patterns that might indicate some kind of fraud.

“Banks such as Axis Bank also have similar policies to safeguard their own customers, whether retail or corporate. In CRED case, what appears to have happened is fraudsters were able to overcome the security measures put in place by Axis Bank to safeguard its corporate customers,” says Ray.

What Should Customers/Users Do In Such Cases?

When a fraud happens at the platform level, such as the CRED incident, customers might feel anxious about the safety of their funds and data. However, Ray informs that the end-users in such fraud cases are not directly impacted.

The fraud was perpetrated against CRED, not its users, he informs.

The company alerted authorities and took up the issue with the Axis Bank which is a standard operating procedure for such incidents.

Customers on their part can ensure the safety of their personal data by following basic cybersecurity practices such as using strong passwords and avoiding phishing attempts at individual levels.

Are Customers entitled to any compensation?

When the fraud is against the fintech company itself, for instance, fraudsters targeted CRED’s corporate account and individual user account, customers are not entitled to any compensation.

Regulatory Oversight

In India, fintech companies operate under the regulatory purview of the Reserve Bank of India (RBI). There are standard SOPs laid out for how fintech companies should handle fraud cases.

Says Ray, “Any regulated entity must report frauds to the local or state or federal police (i.e. CBI) depending on the type of regulated entity, nature of the fraud, involvement of insiders, etc.”

Further, there should be board-mandated quarterly reviews of frauds being reported, which in turn inform the fraud management processes of the regulated entity.

As fintech continues to grow, customers should be aware of such frauds, even if they are against companies and do not affect them directly. Moreover, incidents like fraus against CRED underscore the importance of transparency, regulatory action, and collaborative effort between fintech platforms, banks, and regulators to ensure the safety of everyone’s money.