Ex-Insurance Staffer Arrested For Rs 24 Lakh Loan Fraud Using Customer Data

A former employee of a private insurance company has been arrested for allegedly using policyholders’ details to take loans in their names. The fraud, pegged at about Rs 24 lakh, was detected after one customer received loan-related messages for a transaction he had not authorised.

The accused, Imran Khan, was arrested in Panipat, Haryana, according to a recent report by The Times of India. Another person, Pulkit Sharma, was also arrested. Police have alleged that the accused used customer information to raise loans against insurance policies and moved the money to mule accounts.

The case was registered by Mumbai’s West Cyber Police, since the insurance company has its headquarters in Mumbai. Another employee, Anjali Rani, has also been named in the case and is yet to be arrested, according to the report.

Customer Got Alert For Loan He Never Took

The matter came to light in September 2025 when a policyholder from Gurugram received messages about a loan he had not applied for. He informed the insurance company, after which an internal inquiry was started.

The company’s fraud control team found that Khan and Rani had visited the customer’s house between July 26 and July 28. They had allegedly told him to shift to another policy and took his phone on the pretext of completing the process.

Police later found that a loan had been taken in the customer’s name, but the money had not gone to his account. On checking further, investigators found that 15 such loans had allegedly been sanctioned in the names of different customers.

The accused allegedly accessed One-Time Passwords (OTPs) from customers’ phones and generated Transaction Personal Identification Numbers (TPINs). These were then used to change the registered mobile numbers, email IDs, and bank account details in the company’s records. After this, loan alerts and other messages went to the accused instead of the actual policyholders.

As part of the verification process, the insurer reportedly transferred Re 1 to the newly added bank accounts before releasing the full loan amount. Since the contact details had already been changed, the customers did not receive the alerts. The loan money was then credited to mule accounts.

Do Not Hand Over Your Phone Or Share OTPs

The case is a reminder that policyholders should be careful even when the person approaching them claims to be from a bank, insurer, or any other financial company.

Customers should not hand over their phones to agents or staff members. They should also not share OTPs, TPINs, passwords, app PINs, or allow anyone to read messages on their phone. These details can be used to change registered information or approve financial transactions.

Any message about a new loan, change in mobile number, change in email ID, change in bank account, or update in policy records should be checked immediately. The safest way is to call the insurer’s official customer care number or visit the nearest branch.

Policyholders should also periodically check the mobile number, email ID, nominee, and bank account linked to their insurance policies. If anything looks wrong, it should be reported at once.

For insurers, the case points to the need for tighter checks before processing loans against policies, especially when customer contact details or bank account details have been changed recently.

Police have seized three mobile phones, six cheque books, and two passbooks from the arrested accused, according to the report. The investigation is still underway.

FAQs

1. How was the insurance loan fraud detected?
The fraud came to light when a policyholder received messages about a loan he had not applied for and alerted the insurance company.

2. What should policyholders avoid sharing with agents or staff?
Policyholders should not share OTPs, TPINs, passwords, app PINs, or hand over their phones, as these can be misused to change policy or bank details.

3. What should a customer do if they get a loan or policy change alert?
They should immediately contact the insurer through official customer care channels or visit a branch to verify the transaction.