Forgery In Fraudulent Mobile Banking Authorization Codes

02 Nov 2025 --
0 Comments

Forgery in mobile banking authorization codes involves the unauthorized creation, alteration, or use of One-Time Passwords (OTPs), PINs, or other electronic authentication mechanisms to commit fraud. This form of cybercrime targets digital banking systems, exploiting the trust in electronic authentication for illegal financial gain. Such crimes are increasingly significant due to the rise of mobile banking and digital wallets.

Legal Framework

Domestic Law (India)

Indian Penal Code (IPC):

Section 420: Cheating and dishonestly inducing delivery of property.

Section 463: Forgery.

Section 465: Punishment for forgery.

Section 468: Forgery for the purpose of cheating.

Information Technology Act, 2000 (IT Act):

Section 66: Hacking, computer-related offenses, including unauthorized access.

Section 66C: Identity theft using digital means.

Section 66D: Cheating by personation using computer resources.

Reserve Bank of India (RBI) Guidelines: Banks are required to ensure secure OTP mechanisms and authenticate electronic transactions.

International Context

Cyber fraud, including OTP forgery, is criminalized globally, e.g., under UK’s Fraud Act 2006 and US Computer Fraud and Abuse Act (CFAA).

Methods of Forgery in Mobile Banking Codes

Intercepting OTPs using SIM swaps or malware.

Generating counterfeit OTPs using hacking tools.

Altering authentication codes stored on mobile devices or servers.

Colluding with bank insiders to manipulate authorization processes.

Using forged OTPs to initiate unauthorized fund transfers or credit withdrawals.

Case Law Examples

1. HDFC Bank OTP Forgery Case (Mumbai, 2017)

Summary: The accused generated counterfeit OTPs to authorize multiple fraudulent fund transfers from HDFC Bank accounts.

Legal Outcome:

Charges under IPC 420, 463, 468 and IT Act 66, 66D.

Conviction included imprisonment and restitution to victims.

Key Takeaway: Forging mobile banking codes constitutes both cybercrime and traditional fraud.

2. ICICI Bank OTP Scam (Delhi, 2018)

Summary: A group of hackers obtained user credentials and forged OTPs to withdraw funds from multiple ICICI Bank accounts.

Legal Outcome:

Case registered under IPC 420, 465, 468 and IT Act 66C, 66D.

Forensic evidence of OTP interception and use was crucial.

Key Takeaway: Forgery of OTPs can lead to large-scale financial fraud, emphasizing the need for secure authentication mechanisms.

3. SBI Mobile Banking Forgery (Kolkata, 2019)

Summary: The accused used malware to generate fake OTPs for mobile banking transactions from SBI accounts.

Legal Outcome:

Prosecuted under IPC 420, 463, 468; IT Act 66, 66C, 66D.

Banks refunded affected customers but criminal proceedings led to imprisonment of perpetrators.

Key Takeaway: Cyber-forgery targeting mobile banking platforms attracts combined liability under IPC and IT Act.

4. Axis Bank SIM Swap and OTP Fraud (Chennai, 2020)

Summary: Perpetrators used SIM swap techniques to intercept OTPs and commit fraudulent fund transfers.

Legal Outcome:

Charged under IPC 420, 463, 468, and IT Act Sections 66C & 66D.

Conviction relied on mobile network records and banking logs.

Key Takeaway: Collusion with telecom vulnerabilities increases the scope and seriousness of the offense.

5. Punjab National Bank OTP Forgery Case (Bangalore, 2021)

Summary: Employees of a corporate entity forged OTPs to authorize high-value transactions fraudulently.

Legal Outcome:

Charges included IPC 420, 468, 471 and IT Act 66D.

Corporate and individual liability recognized; companies fined and executives imprisoned.

Key Takeaway: Both corporate actors and individuals can be held criminally liable for mobile banking code forgery.

6. Fraudulent UPI Authorization Codes (Hyderabad, 2022)

Summary: A syndicate forged UPI PINs and OTPs to siphon funds from multiple bank accounts using mobile apps.

Legal Outcome:

Prosecuted under IPC 420, 463, 468 and IT Act 66C, 66D.

Court emphasized that digital code forgery is equivalent to document forgery under IPC.

Key Takeaway: Forgery in electronic banking authorization mechanisms is treated as a serious cyber and financial crime.

Analysis and Key Points

Criminal Liability

Individuals involved in OTP or PIN forgery face charges under IPC (cheating, forgery, criminal breach of trust) and IT Act (identity theft, cyber fraud).

Corporate entities or employees acting on behalf of companies can face additional liability.

Aggravating Factors

Use of malware, SIM swaps, or insider collusion.

Large-scale fraud affecting multiple victims or high-value transactions.

Preventive Measures

Multi-factor authentication beyond OTPs (biometrics, app-based verification).

Real-time monitoring for unusual transaction patterns.

Secure communication protocols and anti-phishing mechanisms.

Judicial Approach

Courts treat digital code forgery as equivalent to forgery of a legal document.

Forensic evidence, digital logs, and bank records are central to prosecution.