Hi everyone,  

Welcome to the 161st edition of The Pattern, a weekly where we dive into the latest from the world of economy, technology and finance. Let’s get started!  

We no longer get calls that say: "I am calling from your bank, your card will be blocked. If you want to keep it running, share your card number." 

That trick is now extinct. Just like species shed weak traits and adopt stronger ones, scams have followed their own Darwinian path. 

The modern fraudster’s playbook now features deepfake video calls, one-click PDF scams, AI-generated voices mimicking your family members, and digital arrest threats, enough to make our palms sweat whenever we see an unknown caller or WhatsApp text. 

And it's happening just when digital payments in India are hitting 18,120.82 crore transactions worth ₹2,330.72 lakh crore in FY 2024-25 These numbers are a milestone for the economy and an all-you-can-eat buffet for fraudsters. 

The problem: Attacks from all directions 

Bank fraud losses hit ₹36,014 crore in FY25, nearly 3X from last year. Public sector banks alone bore the brunt of ₹25,667 crore. And that’s only what was reported, the real figure is far larger. A war has begun, and it needs a tactical, war-room strategy. 

RBI isn't sitting on the sidelines. Instead, it’s assembled its own anti-fraud ‘Avengers’—tools, platforms, lists, phone numbers, and, yes, even a domain name switch. 

Let's open this toolbox. 

DPIP: RBI's latest weapon 

India’s Digital Public Infrastructure (DPI), under the supervision and guidance of the RBI, has built the Digital Payment Intelligence Platform (DPIP)—a real-time, centralised fraud detection and prevention system. 

Its objectives are clear: 

• •

• Enable real-time detection and blocking of suspicious transactions 

• •

• Facilitate cross-bank data sharing on fraud trends, mule accounts, and malicious domains 

• •

• Integrate with tools like MuleHunter.ai, domain blacklists, and AI-driven fraud algorithms 

• •

• Support coordinated response mechanisms between banks, telcos, and regulators 

DPIP is being prototyped by the Reserve Bank Innovation Hub in collaboration with 5–10 banks. It is expected to be operational within the coming months. 

Fraud Risk Indicator: Setting the battleground with mobile numbers  

A scammer’s first attack is still your phone number. From account verification and transaction alerts to OTPs and payment confirmations, the mere 10-digit number handles everything, making it both a primary digital ID and prime target. 

To address this, the RBI has introduced the Financial Fraud Risk Indicator (FRI) which is a tool developed by the Department of Telecommunications (DoT).  

This system flags mobile numbers as medium, high, or very high risk based on data from the National Cybercrime Reporting Portal. Banks can now assess the risk level of a mobile number in real-time, even before a transaction begins, allowing them to intervene proactively. 

But that's only one side of the cleanup. 

Mobile Number Revocation List: Flagging 10-digit fraud numbers 

Earlier this year, the RBI also mandated the use of TRAI's Mobile Number Revocation List (MNRL). This database contains numbers that have been permanently disconnected, flagged for fraud, or simply deactivated. Banks must now check customer records against the MNRL, update registered mobile numbers after proper verification and monitor suspicious accounts more closely. 

The intent is clear: mobile numbers must be  scrutinised as rigidly as PAN or Aadhaar cards. 

.bank.in: Shifting the domain 

While digital identity is being reinforced, so is digital infrastructure. In February 2025, the RBI directed all banks to move their banking websites to the '.bank.in' domain by October 31, 2025. This might seem excessive, but it's actually a strategic cybersecurity upgrade to shrink phishing domains dramatically. 

Beyond traditional checks: Cybersecurity is expanding the focus 

While much of the regulatory spotlight is on payment fraud, the RBI's cybersecurity lens is widening. In its latest updates, the central bank highlighted the need for a more resilient financial ecosystem as a whole, beyond banks and FinTechs. 

The emphasis being risk-based supervision, zero-trust cybersecurity models, and AI-aware defense strategies across the broader financial system—including digital lending apps and mutual fund platforms. 

The anti-fraud fight now stretches beyond platforms, phone numbers, and databases to awareness campaigns, telecom integrations, and behavioural analytics.  

Banks are now required to list their verified customer care numbers on the Sanchar Saathi portal. Transactional and service-related calls must originate only from numbers within the 1600xx series, and promotional calls through the 140xx series, adding another layer of trust verification.  

There's also growing emphasis on device binding, two-factor authentication, and customer education. RBI, in collaboration with telecom and payment authorities, are using SMS alerts and online campaigns to spread cybercrime awareness. 

We’ve all noticed the rise in RBI’s public awareness campaigns TVCs, highlighting various types of fraud (and Amitabh Bachchan), educating us on “Jaankar Baniye, Satark Rahiye!” 

RBI's evolving playbook 

Fraud control is not limited to clean-up anymore. The RBI is now adopting a front-foot strategy to tackle scammers at the door, before they can even make the first move.  

With DPIP, FFRI, MNRL, .bank.in domains, and collaborative data ecosystems, India’s digital economy can thrive without fear. 

Scammers will keep sharpening their tricks, but the safeguards are upgrading just as fast 

That's a wrap for this week! I’ll see you again next week. As always, leaving you with a few reads to explore. Have a great weekend! 

Reading List: 

1. 1. Gold loans turn microfinance companies' best bet amid fears about the unsecured 

2. 2. The worrying rise of personal, credit card and gold loans in India 

3. 3. RBI directs banks, other lenders not to levy pre-payment charges on biz loans to individuals, MSEs 

4. 4. FinTech deepens access to formal credit with 11 crore loans in FY 2024–25 

5. 5. Unsecured loans pose risks to asset quality, RBI data shows 

Thank you for reading. If you liked this edition, forward it to your friends, peers, and colleagues. You can also connect with me on X here and follow FinBox on LinkedIn to always get all updates. 

Cheers, 

Mayank