RBI’s Annual Report 2024–25 shows a sharp disconnect between the number of bank frauds and the money being lost. The total value of bank frauds jumped from about ₹12,230 crore in FY24 to ₹36,014 crore in FY25—an almost threefold increase—while the number of cases fell from 36,060 to 23,953. This means the average fraud size has gone up dramatically, pointing to fewer but far more consequential incidents.
Public sector banks account for the bulk of the value, while private banks report the highest number of individual cases, especially in retail and digital channels. The data suggests that while controls are containing petty fraud to some extent, the system remains highly vulnerable to large, complex schemes that slip through traditional risk frameworks.
Loan Fraud Drives 90%+ of the Losses
The most worrying trend is the dominance of loan and advances frauds in the overall fraud mix. Frauds in the advances category surged to roughly ₹33,000 crore in FY25, up from around ₹10,000 crore in the previous year, and now account for well over 90% of total fraud value. These include diversion of funds, evergreening of stressed accounts, forged collateral, shell entities and misrepresentation of financials.
By contrast, card and internet frauds continue to generate the highest number of incidents—over 13,500 cases—but only a few hundred crore in value. Digital and card frauds remain the “everyday” pain point for customers and operations teams, while loan frauds are what blow holes in bank balance sheets and provisioning buffers.
Digital Payment Growth and New Risk Surface
India’s rapid shift to digital payments has fundamentally changed the threat landscape. UPI volumes, card-not-present transactions and mobile banking usage continue to set new records, expanding the surface area for phishing, social engineering, SIM swaps and account takeover. Even if individual digital fraud amounts are small, the sheer scale of real-time payments means that modest attack rates can translate into meaningful absolute losses and significant trust erosion.
RBI has repeatedly flagged weaknesses in cyber hygiene, KYC practices, transaction monitoring and grievance redressal, particularly in smaller banks and new-age institutions. The regulator’s agenda increasingly treats operational and cyber risk as systemic issues, not just compliance checkboxes—especially when fraud patterns cut across banks via mule accounts, coordinated scams and cross-border flows.
Why Fewer Cases but Higher Value?
The divergence between falling case counts and rising fraud value points to a structural problem in how risk is identified and managed. Several factors stand out:
Legacy underwriting gaps, where loan and advances frauds exploit weak due diligence, over-reliance on paper collateral and outdated risk models that do not fully leverage digital footprints and connected data.
Slow detection of large schemes, with big-ticket frauds often discovered late—sometimes years after origination—by which time losses are fully crystallised.
Fragmented views of customer risk, as siloed systems across lending, cards, trade and digital banking make it harder to spot cross-product anomalies and early warning signals.
For CXOs, this suggests that fraud is increasingly less a “cyber-only” problem and more a combined failure of governance, analytics, process and accountability across the credit and operations value chain.
What BFSI Leadership Needs to Prioritise
Given these trends, bank and NBFC leaders need to think of fraud management as a strategic capability, not a back-office function. Priorities include:
Rewiring credit risk and fraud analytics by integrating alternate data, network analysis and behavioural signals into underwriting to catch misrepresentation and collusion earlier.
Tightening governance around large exposures with stronger independent review of big-ticket loans, related-party exposures and sector concentrations, and ensuring early warning systems are actively used.
Modernising digital risk controls by moving from static controls and periodic audits to continuous monitoring of digital channels, including device reputation, anomaly detection and faster dispute handling.
Driving industry-level collaboration through shared fraud registries, bureau data and inter-bank coordination to track mule accounts, repeat offenders and emerging scam patterns rather than fighting fraud in silos.
India’s ₹36,014 crore fraud bill is not just a statistic; it is a signal that traditional approaches to credit, operations and cyber risk are out of sync with the scale and sophistication of today’s threats. For BFSI stakeholders, the question is no longer whether to transform fraud management, but how quickly they can close the gap between regulatory expectations, customer trust and current reality.
