CBI raids 65 locations in ₹820-crore UCO Bank 'fraud case'
The case involved money being reflected in origin as well as recipient accounts
The The Central Bureau of Investigation said on Thursday it has uncovered a massive fraud worth ₹820 crore involving unauthorised transactions into accounts at UCO Bank, adding that it had carried out raids at 67 locations in seven cities in Rajasthan and Maharashtra.

The agency cited a complaint from the bank that alleged IMPS transactions were wrongfully posted in 41,000 bank accounts between November 10 and 13, and attributed it to changes made to a part of the bank’s system without authorisation.
The agency identified two engineers --- Avishek Srivastava and Supriya Mallick of LCode Technologies --- for having allegedly changed settings on UCO’s IMPS server, causing transactions to be credited to UCO accounts without actual debits from originating banks being posted.
In other words, the money reflected in both accounts — the destination (UCO) one and the originating accounts.
The agency said numerous account holders then withdrew the wrongfully credited funds, totalling ₹820 crore. “Numerous account holders have exploited this situation, making wrongful gains by withdrawing funds through various banking channels,” the spokesperson said.
The agency said several account holders conspired and collaborated with the accused persons and took these transactions in their accounts in a “syndicated manner”.
In the FIR, seen by HT, the agency described the core of the problem: UCO Bank’s app uses an intermediary tool called Connect24, which interfaces with the core banking system (CBS) that banks use to exchange information about fund transfers.
Software logs showed Srivastava and Mallick changing settings, without authorisation from the bank officials, which caused a failed response to be sent to originating banks despite UCO accounts being credited, allowing customers to withdraw the amounts.
CBI registered its case on November 21 after a UCO Bank complaint. Raids were conducted at 67 locations on Thursday after initial raids in December targeting 13 sites. Dozens of suspects have been examined.
Over 330 police personnel, including 120 from Rajasthan Police, in 40 teams and 80 independent witnesses were involved in the action spread across multiple cities including Jodhpur, Jaipur, Jalore, Nagaur, Barmer, Phalodi) and Pune (Maharashtra).
“During these operations, approximately 130 incriminating documents related to UCO Bank and IDFC, as well as 43 digital devices (including 40 mobile phones, 2 hard disks, and 1 internet dongle) were seized for forensic analysis. Additionally, 30 suspects were also found and examined on the spot,” the spokesperson said.
LCode did not respond to emails sent seeking a comment.
Cyber frauds incidents related to digital payments and banking technologies have been a growing concern in India’s financial sector, but incidents involving a bank’s contractors have been rare.
The National Cybercrime Reporting Portal in 2021 received over 450,000 complaints, which grew by 113.7% in 2022 when over 966,000 cases were registered, the agency’s chief, Rajesh Kumar, said in January.

E-Paper

