Source: BS
Context of the News
In a major step toward strengthening digital-payment fraud control, the Indian Digital Payment Intelligence Corporation (IDPIC) — newly empowered as the nodal entity for digital payment intelligence — will soon roll out real-time risk scoring of digital bank deposits, much like the credit scores assigned to loan accounts. The development was announced by K. Satyanarayana Raju, MD & CEO of IDPIC, who described the move as Phase 2 of a project conceived by the RBI Innovation Hub (RBIH), the wholly-owned subsidiary of the RBI. Phase 1 had already produced the MuleHunter.AI tool — designed to detect mule accounts (existing bank accounts used by cybercriminals to park or route money from cyber frauds such as digital arrests, impersonation, and investment scams) and to build a suspects registry shared across banks.
Key Highlights
- Purpose: Tackle mule accounts that route money from cyber frauds.
- Project phases:
- Phase 1: MuleHunter.AI — detection of mule accounts and creation of a suspects registry.
- Phase 2 (now): Real-time risk scoring of digital deposits.
- Implementing entities:
- RBI Innovation Hub (RBIH) — conceived the project.
- IDPIC — will be the nodal organisation to maintain the registry and integrate with banks.
- Integration so far: 6 banks (4 public sector + 2 private sector).
- Operational design:
- Banks identify mule accounts → info goes into the registry.
- Registry shared across banks by IDPIC.
- When new accounts are opened, banks can screen applicants against the registry.
- If a match is found, banks conduct enhanced due diligence.
About the News
What new measure has been announced for digital payments?
The IDPIC has announced that digital bank deposits will soon be assigned real-time risk scores — similar to credit scores assigned to loan accounts — to help banks identify and stop the use of mule accounts in cyber fraud.
What are “mule accounts”?
Mule accounts are existing bank accounts used by cybercriminals to park and route money from cyber-frauds — including digital arrests, impersonation scams, investment and financial frauds. Often, the account holder is either complicit or has been deceived into renting out account access.
What is the IDPIC?
The Indian Digital Payment Intelligence Corporation is the nodal entity for detecting, preventing, and analysing fraud in India’s rapidly expanding digital payments ecosystem in real time. Its MD & CEO is K. Satyanarayana Raju.
Who developed MuleHunter.AI?
The RBI Innovation Hub (RBIH) — a wholly-owned subsidiary of the RBI — developed MuleHunter.AI, which forms the first phase of the broader mule-account initiative.
How does MuleHunter.AI work?
(a) Banks identify mule accounts based on suspicious transaction patterns. (b) Information about these accounts is fed into a shared suspects registry. (c) The registry is accessible to other banks, allowing them to flag matches when new accounts are being opened. (d) Matching applicants undergo enhanced due diligence.
How many banks are currently integrated?
Six banks — four public sector and two private sector — have been integrated with the registry infrastructure so far. IDPIC will scale this up as the nodal organisation.
What is Phase 2 of the project?
Real-time risk scoring of digital deposits — meaning every digital deposit can be scored on-the-fly to flag suspicious transactions, allowing banks to intervene before fraud proceeds spread further.
What is the urgency of this initiative?
Cyber-fraud losses have mushroomed. Per Lok Sabha data, between FY22 and September 2025, banks reported 5.83 lakh payment frauds involving ₹3,588 crore, with only ₹239 crore recovered — implying a recovery rate of only ~6.7%. Internet banking, credit cards, and debit cards dominate the fraud landscape.
Why are mule accounts the key target?
Because every cyber fraud — phishing, impersonation, fake investments, “digital arrests”, romance scams — ultimately routes money through some bank account. If those routing accounts can be identified, blocked, or flagged before they are used, the entire fraud economy is disrupted at the money-flow choke point.
What is the bigger structural significance?
This represents India’s move toward AI-based, real-time, system-wide fraud intelligence — fitting into the broader Digital Public Infrastructure (DPI) philosophy: just as Aadhaar provides identity, UPI provides payments, AA provides data, IDPIC is meant to provide fraud intelligence as shared digital infrastructure for the financial sector.
Background Concepts
What is the RBI Innovation Hub (RBIH)?
The Reserve Bank Innovation Hub is a wholly-owned subsidiary of the RBI, set up in 2022 in Bengaluru, to foster innovation in the financial services sector. It works on projects spanning digital lending, identity, fraud prevention, financial inclusion, and cross-border payments.
What are some examples of cyber frauds in India?
(a) Digital arrests — scammers impersonate police/CBI/customs to extort victims under threat of fake arrest. (b) Impersonation scams — fake calls from “banks”, “RBI”, “telecom operators” tricking users into sharing OTPs. (c) Investment / financial frauds — fake trading platforms, Ponzi schemes. (d) UPI scams — fake QR codes, request-money traps. (e) Job and lottery scams. (f) Romance and matrimonial scams.
What is KYC and why is it relevant here?
Know Your Customer (KYC) is the regulatory process by which banks and financial institutions verify the identity of their customers — a key safeguard under the Prevention of Money Laundering Act (PMLA), 2002. Strong KYC plus mule-account intelligence prevents fraudulent and synthetic identities from accessing the banking system.
What is the Indian Cybercrime Coordination Centre (I4C)?
A central body under the Ministry of Home Affairs that coordinates India’s response to cybercrime. It runs the Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS) and the helpline 1930, which allows victims of online financial fraud to report incidents and stop fraudulent transactions in real time.
What is the National Cyber Crime Reporting Portal?
cybercrime.gov.in — an MHA-run portal that allows citizens to report cybercrime, including financial fraud. It is integrated with the 1930 helpline and the CFCFRMS platform.
What is the Financial Intelligence Unit – India (FIU-IND)?
The central national agency responsible for receiving, processing, analysing, and disseminating information relating to suspicious financial transactions to enforcement and intelligence agencies. It functions under the Ministry of Finance.
What is Aadhaar-enabled Payment System (AePS)?
A payment service that allows people to transact using Aadhaar authentication (typically biometric). While transformative for financial inclusion, it has also been targeted by frauds involving stolen biometrics or fingerprint cloning.
Why is real-time risk scoring a powerful tool?
Because traditional fraud detection often kicks in after the fact — by which time funds have been moved through layers of mule accounts. Real-time scoring allows banks to intervene mid-transaction, freezing or flagging suspicious deposits before they propagate.
What is a “suspects registry”?
A shared database of accounts/entities flagged as suspicious based on prior fraud activity, transaction anomalies, or other signals. It allows the financial system to act as a whole rather than each bank operating in isolation — a key principle of systemic fraud intelligence.
What is Digital Public Infrastructure (DPI) and how does fraud intelligence fit in?
DPI refers to open, interoperable digital platforms like Aadhaar (identity), UPI (payments), Account Aggregator (data), ULI (credit), Bhashini (language). A fraud-intelligence platform like IDPIC’s registry can be seen as DPI for risk — a shared safety net across the financial system.
How does this fit with the RBI’s broader fraud-control measures?
The RBI has progressively rolled out measures including: (a) 24-hour cooling period for first-time UPI payments above ₹2,000. (b) Two-factor authentication for card-not-present transactions. (c) Mandatory reporting of frauds by banks within set timeframes. (d) Cybersecurity guidelines for banks and NBFCs. (e) Setting up of CSITE Cell for cyber-security inspections.
Practice MCQs
Q1. With reference to the Indian Digital Payment Intelligence Corporation (IDPIC), consider the following statements:
- It is the nodal entity for detecting, preventing, and analysing fraud in India’s digital payments ecosystem.
- It will maintain the suspects registry for mule accounts.
- The MuleHunter.AI tool was developed by the RBI Innovation Hub.
- The IDPIC will assign real-time risk scores to digital deposits in Phase 2 of the project.
How many of the above statements are correct? (a) Only one (b) Only two (c) Only three (d) All four (e) None
Q2. Consider the following statements about mule accounts:
- They are bank accounts opened in fictitious names only.
- They are used by cybercriminals to park money from cyber frauds.
- Cyber frauds like digital arrests, impersonation, and investment scams typically route money through mule accounts.
- Controlling mule accounts is critical to controlling overall cyber fraud volumes.
Which of the above are correct? (a) 1, 2 and 3 only (b) 2, 3 and 4 only (c) 2 and 4 only (d) 1 and 4 only (e) All four
Q3. With reference to the data on bank-reported payment frauds in India between FY22 and September 2025, consider the following statements:
- Internet banking and credit cards account for the largest share of fraud value.
- The total recovery rate of fraud value is around 6.7%.
- UPI fraud value is the largest among all payment channels.
- Aadhaar-enabled Payment System (AePS) has the highest fraud volume of all channels.
Which of the above are correct? (a) 1 and 2 only (b) 1, 2 and 4 only (c) 2 and 3 only (d) 1 and 4 only (e) All four
Q4. Consider the following statements about India’s cybercrime response architecture:
- The Indian Cybercrime Coordination Centre (I4C) functions under the Ministry of Home Affairs.
- The Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS) and the 1930 helpline are run under I4C.
- The Financial Intelligence Unit – India (FIU-IND) functions under the Ministry of Finance.
- The RBI Innovation Hub is a wholly-owned subsidiary of the Reserve Bank of India.
Which of the above are correct? (a) 1, 2 and 3 only (b) 1, 3 and 4 only (c) 2 and 4 only (d) 1 and 4 only (e) All four
Answer Key
- (d) — All four statements are correct.
- (b) — Statements 2, 3, 4 are correct. Statement 1 is wrong; mule accounts are typically existing bank accounts, often opened in real names — they are used (sometimes by the account holders themselves) to route fraudulent money, not just opened in fictitious names.
- (a) — Statements 1, 2 are correct. Statement 3 is wrong; UPI fraud value (₹2.13 cr) is among the smallest — internet banking and credit cards dominate. Statement 4 is wrong; AePS is far from the highest in fraud volume — credit cards and internet banking lead in volume.
- (e) — All four statements are correct.
Exam Relevance
| Exam | Relevance |
|---|---|
| Banking (RBI Gr B, SBI PO, IBPS, NABARD) | Banking & Economy — high importance |
| SEBI / IRDAI / NABARD Grade A | Financial regulation, fraud prevention |
