In recent years, India has witnessed a surge in online transactions, driven by the rapid digitization of services and the widespread adoption of mobile technology. Through digital wallets, transferring and receiving money, paying bills, or online purchasing become more convenient. However, along with the convenience of digital transactions comes the risk of fraudulent activities, including the OTP (One-Time Password) scams/ frauds in India. Recently Delhi police’s cyber station in its 2023 report has said cyber cases have surpassed murder incidents, kidnapping, and thefts in Delhi. While two murders, 32 kidnapping cases, and 1.7 theft cases are reported in Delhi every day on an average, the police receive at least 200 cyber complaints every day. The victims are usually Middle-aged people who are not that much aware of using bank applications and handling the phishing calls. The attacker masquerades themselves as the representative of the legitimate banks and telecom companies thus requesting the victims to share their OTP for linking their Aadhaar card, Pan Card, telephone number etc. with their bank account. Sharing the OTP is like giving the keys of your house to the thief. This gives the path to attacker to swipe off money from your account within fractions of seconds.


An OTP or one-time password is a security code that you get through email text or phone calls whenever you do a financial transaction or any online shopping and many more. Its main objective is to confirm your identification and guard against security breaches that might lead to financial fraud or data theft. The OTP scam typically involves fraudsters tricking individuals into revealing their OTPs, which are sent to their mobile phones to authenticate online transactions. Fraudsters employ various tactics, such as phishing emails, fake calls from banks or government agencies, and social engineering techniques, to deceive unsuspecting victims into divulging their OTPs. Once obtained, the fraudsters use the OTPs to conduct unauthorized transactions, resulting in financial loss and reputational damage to the victims.

In the beginning, Hackers send fake messages related to exciting offers, extending credit card limits, related easy loans, or pretending to bank customer care. If the user seems interested in that, then the fraudster sends them a form or redirects those users to a fake website so that scammers will quickly get their financial credentials. Lastly, users ask for OTP that comes to their device and this is how scammers do this cyber-attack on thousands of innocent people. Following ways are being practised by scammers to accomplish this scam to trap people-

  • Through Malware: Scammers try to steal users’ OTP by telling them to install or download a malicious app. Malware can easily steal data or OTP. 
  • Fake Exciting Offers or False Promises: Users can get into the trap of cyberpunks with fake offers or promises. Also, fraudsters send texts or emails to users so that they develop their interest in it and share all their pieces of information or OTPs with them. 
  • KYC Updating: Scammers can also send fake messages related to KYC updating. And these cyberpunks try to steal your personal and financial information which leads to falling victim.

This is how the OTP scams pose significant risks to both individuals & businesses. In response to the rising incidence of the OTP scam, Indian courts have directed landmark judgments to address this menace and to protect the interest of consumers. Supreme Court in 2020 in its judgment has affirmed very clearly the responsibility of banks & financial institutions to safeguard customer data & prevent unauthorized transactions. The court emphasized the need for robust cybersecurity measures and held banks accountable for any lapses in protecting customer information.

Furthermore, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, mandate organizations handling sensitive personal data, including OTPs, to implement stringent security measures to prevent unauthorized access and misuse. These rules prescribe specific standards for data protection and require organizations to implement encryption, access controls, and regular security audits to mitigate the risk of data breaches.


To mitigate the risk of falling victim to the OTP scam, individuals & businesses can adopt various preventive measures & best practices. These include:

  1. Be cautious with your OTP- Treat OTPs as highly confidential and never share them with anyone including callers or individuals claiming to be from your bank or financial institution.
  2. Avoid sharing personal information- Fraudsters often use social engineering techniques to trick individuals into revealing personal information. Be skeptical of unsolicited calls, emails, or messages asking for your OTP, bank account details, or other sensitive information.
  3. Verify callers or senders- If you receive a call, email, or message requesting your OTP or sensitive information, independently verify the authenticity of the request. Use the official contact details provided by your bank or financial institution to reach out and confirm if the request is genuine.
  4. Secure your mobile number- Since OTPs are usually sent to your registered mobile number, it is essential to keep your mobile device secure. Set up a lock screen PIN or password to prevent unauthorized access. Avoid sharing your mobile device with others and be cautious when installing apps or granting permissions.
  5. Enable SIM card security- Consider contacting your mobile service provider to enable additional security features for your SIM card.
  6. Enable transaction alerts- Most banks and financial institutions provide transaction alerts via SMS or email. Enable these alerts to receive real-time notifications for any financial transactions conducted using your accounts. If you notice any unauthorized activity, contact your bank immediately.
  7. Keep your device secure- Protect your mobile device and computer from malware and unauthorized access.
  8. Regularly review your bank statement- Thoroughly review your bank statements to identify any unauthorized transactions. Promptly report any discrepancies or suspicious activity to your bank
  9. Educate yourself about common scams- Stay informed about the latest scams and fraud techniques targeting individuals. Keep up to date with news and resources provided by your bank or financial institution.
  10. Report suspicious activity- If you suspect any fraudulent activity or receive phishing attempts, report it to your bank, police, and the Cyber Crime Cell in your area.

By implementing these precautions, one can significantly reduce the risk of falling victim to OPT-based financial scams/ frauds.


If somehow, accidentally one becomes a victim of an OTP scam/fraud, instead of worrying and wasting time, one immediately must notify your bank first, and report to them the whole incident resulting in a scam. According to RBI guidelines, the liability standards vary according to the type of fraud of transaction and as the OTP fraud is a result of the victim’s fault it Is covered by limited liability responsibility. The victim is responsible for paying the loss sustained up to the fraud was reported to the bank. If a loss occurs after reporting, it will be reimbursed within 10 business days. Any bank has 90 days to resolve your complaint and if it fails one can file an online complaint to RBI Ombudsmen.

Also, after reporting to the bank one can report to the nearest cyber cell or can lodge an FIR at any local police station. If the victim faces denial at the police station, can report the same by approaching the Commissioner of Police or the Judicial Magistrate of the city.

Alternatively, you can report it online through the National Cyber Crime Reporting Portal.


The prevalence of OTP fraud in India is rising. By carrying out your financial transactions securely, you may prevent such instances. And, if you want to stay away from this cyber fraud then Make a habit of avoiding dubious links, replying to phishing emails, or giving out your personal information over the phone. The OTP scam poses a significant threat to the digital ecosystem in India, endangering the financial security and privacy of individuals and businesses. By understanding the modus operandi of the OTP scam, implementing robust cybersecurity measures, and staying vigilant against fraudulent activities, individuals and businesses can protect themselves from falling victim to this pervasive threat. Legal interventions and landmark judgments play a crucial role in holding perpetrators accountable and fostering a safe and secure digital environment for all stakeholders.

Moreover, it is the duty & responsibility of an individual or business to immediately inform your banking institutions if you detect any fraudulent activity. In addition, you need to report the offence to the cybercrime unit and submit FIR. Also, you must raise your level of understanding regarding cyber threats, cybersecurity, and ongoing scams. Your money loss might be prevented with a little prudence! 

By- Esha Gandhi (intern)

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.


The following disclaimer governs the use of this website (“Website”) and the services provided by the Law offices of Kr. Vivek Tanwar Advocate & Associates in accordance with the laws of India. By accessing or using this Website, you acknowledge and agree to the terms and conditions stated in this disclaimer.

The information provided on this Website is for general informational purposes only and should not be considered as legal advice or relied upon as such. The content of this Website is not intended to create, and receipt of it does not constitute, an attorney-client relationship between you and the Law Firm. Any reliance on the information provided on this Website is done at your own risk.

The Law Firm makes no representations or warranties of any kind, express or implied, regarding the accuracy, completeness, reliability, or suitability of the information contained on this Website.

The Law Firm disclaims all liability for any errors or omissions in the content of this Website or for any actions taken in reliance on the information provided herein. The information contained in this website, should not be construed as an act of solicitation of work or advertisement in any manner.