[Resolved]  State Bank of India — Fraud at SBI Cards?

State Bank of India is one of the largest Commercial Banks in India. A few years back, I had notified the Bank that there was an indication of a software bug in their “Senior Citizen Account Software” and it was resulting in an excess of 16% being charged on the expenses account in the Bank compared to whatever interest was due to be paid to a customer. ie. For every RS 100 paid to the customer, RS 116/- was debited to the charges account. This was based on the observation of two accounts in one of the branches which was stated to have similar problems in 70 more cases. I had then notified the Bank that this was indicative of a possible fraud amounting to nearly R 8000 crores. I had also suggested that there was a need for software audit to eliminate the problem.

To the best of my knowledge nothing has been done in this regard though there was a public statement at that time from a DGM that it was due to a software error and would be corrected from the following accounting year.

Since last April, I have been indicating to SBI Cards division that there is a likelihood of a malicious software code in their Credit Card processing system which is claiming excess amount from the Card holder. I am enclosing an extract of a statement (Please see the statement here http://www.naavi.org/cl_editorial_08/sbi_card_april_17.jpg) from a Card account which shows a simple one month statement of expenses including transactions booked internally by the Bank. According to simple arithmetic, the statement adds up to indicate a net amount payable by the client to the extent of Rs 4678.02. However, the Bank indicates an amount payable of Rs 9453.42.

Unfortunately, over the last 6 to seven months, the Bank authorities have not been able to sort out the issue of how the statement shows an amount of RS 9453.42 payable instead of RS 4678.02.

The matter has been reported to the Chairman as well as the Banking Ombudsman. Their intervention has also been ignored by the Card division which is acutually subcontracted to the GE. The software engineers who are managing the division are not able to accept the manual arithmetical calculations and have been maintaining “What is shown as the amount payable in the top right corner of the statement is what is payable”.

They seem to think that if their Computer says 2+2 is 5, then it must be correct.

If this is the level of intelligence of the staff members, if the customer’s money in the Bank safe? Can the shareholders of the Bank trust the management of the Bank for safeguarding the investor’s interest?

As an Information Security observer, it appears that the software of the card division has been fraudulently manipulated and at certain conditional fulfillment, it charges customers an amount higher than what is payable. We need to know the other end of this transaction whether the money is being dumped within the Bank as additional profit or is being siphoned off by any individuals. There is a distinct possibility of a fraud of large proportion involved in the incident.

This being the second incident in which a potential fraud in SBI has been brought to the notice of the public, I hope that the top management of the Bank would realise that they may be liable for negligence in not taking appropriate action.

This matter is being brought to the public notice since scores of e-mails and several registered letters to the card division have had no impact.

In the interest of public, it is necessary for a CBI enquiry to be ordered to conduct an audit of the software used for card processing. Until then the card division should suspend its activities.

I urge all customers of SBI cards to check their accounts regularly, add up the card usage and check if the amount shown as payable in the statement is correct.

vijayashankar