The Reserve Bank of India (RBI)'s Innovation Hub has recently developed a new Artificial Intelligence (AI) tool called MuleHunter.ai.
While India's digital revolution is accelerating, simplifying, and increasing the transparency of financial transactions, it has also presented a lucrative opportunity for cybercriminals. Recent data indicates a threefold increase in bank fraud cases in India over the past few years. Significantly, this increase reflects not only new cases but also a reassessment of older cases and analysis of new data.
Rising Fraud and Evolving Tactics
Bank fraud is no longer limited to obtaining loans using forged documents. Online fraud, phishing attacks, SIM cloning, fraudulent UPI IDs, and fake accounts are now being used to perpetrate large-scale scams. Small online transactions, in particular, have become a significant threat to both banks and customers.
According to a Bloomberg report, over 50 percent of digital or card-based transactions involve fraud. Although these represent only 1.4 percent of the total fraud amount, their sheer volume is a cause for concern. Reported cases indicate over 1 million minor frauds annually, with the actual number likely being much higher.
UPI: Convenience or Security Breach?
The Unified Payments Interface (UPI) has revolutionized digital payments in India, processing over $3 trillion in transactions annually. The system offers 24/7 payment capabilities, with most transactions being free. However, this very simplicity is becoming a weapon for cybercriminals.
Anyone can easily create a virtual payment ID and request money. However, when such an ID is linked to a suspicious or fake name—for example, an account associated with amazon@money belonging to an individual named ckilpz louxn—it signals a serious threat. Investigations by security researcher Karan Saini have revealed numerous instances highlighting this new fraud technique using virtual IDs.
The Growing Web of Fake Accounts
India has attempted to strengthen digital identity through Aadhaar. Despite this, identity theft and banking fraud through fake accounts persist. Despite banks repeatedly requesting KYC documents, mule accounts (bank accounts opened under fictitious names) are being used for online gambling, cryptocurrency transactions, and illegal betting.
These fake accounts operate like legitimate customer accounts, but are controlled by criminal networks. These networks entice customers with the promise of small profits to use their accounts for illegal transactions, subsequently discarding them.
RBI's Initiative: MuleHunter.ai
The RBI's Innovation Hub has launched MuleHunter.ai, an AI-powered tool to combat fraud. This tool helps identify suspicious transactions and track mule accounts. A prototype of a digital payments intelligence platform is also under development to further strengthen the system.
However, experts believe that simply detecting suspicious transactions is insufficient. Until banks and related institutions are empowered to take immediate action, victims may not receive redress.
Legal Framework and Limitations
India's money laundering laws still do not permit banks to take immediate action in such cases. Investigations and funds recovery become even more complex when cases involve interstate or international elements. Furthermore, banks lack sufficient cybersecurity experts, hindering prompt responses.
Some Sectors are Improving
The Securities and Exchange Board of India (SEBI) mandated the @valid suffix for virtual payment handles for certain financial institutions, such as brokers, research analysts, and mutual funds, from October 2025. This will improve transparency and identity verification in transactions. While this step is necessary, it is not sufficient on its own.
A New Strategy for Digital Security is Needed
India needs to move towards a digital payment system that is secure, sustainable, and resilient. Currently, UPI is free for merchants, but this has reduced revenue streams for payment gateways and apps. Experts believe it is time to allow apps like Google Pay, PhonePe, and Paytm, and banks to charge minimal fees for their services to invest in their security systems.
In addition, the NPCI should allow private companies healthy competition to develop a robust and professional digital ecosystem.
