How to avoid fraud with inoperative accounts

Inoperative accounts refer to bank accounts that have not recorded any customer-initiated transactions—such as deposits, withdrawals, or fund transfers—for a specified period, usually two years. These accounts, though still technically active, are considered dormant due to prolonged inactivity. The Reserve Bank of India (RBI) and other financial institutions define clear guidelines on identifying and managing such accounts.

Banks are required to monitor account activity regularly and flag accounts that meet the criteria of inactivity. Once an account becomes inoperative, certain features like online banking, ATM access, or fund transfers may be restricted until reactivation measures are completed. The funds in the account remain intact and continue to earn interest as applicable, but additional verification is required before allowing transactions.

Inoperative accounts pose unique security and operational challenges, especially when left unattended for extended periods. Therefore, both banks and customers must stay vigilant about monitoring account status and ensuring regular use.

An account becomes inoperative when there are no transactions initiated by the account holder for two consecutive years. Transactions that qualify include cash deposits, withdrawals, fund transfers, cheque clearances, or any service-based activity performed by the customer. However, automated entries such as interest credits or bank charges do not count towards activity.

The inoperative status applies to various types of accounts, including savings accounts, current accounts, and fixed deposit-linked accounts. Joint accounts and those held by minors are also subject to this classification. To protect account holders, banks often send reminders through SMS, email, or post before classifying the account as inoperative.

Reactivation of such accounts typically involves the account holder submitting a written request, completing KYC documentation, and, in some cases, initiating a small transaction. Some banks may also require in-person verification or a video KYC process, especially if the account has been inactive for a long period.

Common reasons for inactivity include change of residence, account redundancy (having multiple accounts), relocation abroad, or lack of awareness. In some cases, account holders may be unaware that an account has been flagged as dormant until they attempt to access services. Therefore, customers are encouraged to maintain periodic activity in all their accounts and respond to bank communications regarding dormancy or verification requirement

Inoperative accounts may seem harmless at first glance, but they carry a number of financial and security risks. Since these accounts do not receive regular attention from their holders, they can become easy targets for fraudulent activities. Cybercriminals and internal bad actors may exploit these dormant accounts to perform unauthorised transactions or mask illicit activities.

One significant risk is identity theft. If fraudsters gain access to account credentials or outdated documents, they can impersonate the account holder and attempt to initiate unauthorised changes or withdrawals. Since the original owner may not be monitoring the account, such actions could go unnoticed for months.

In addition to financial fraud, inoperative accounts may also incur penalties or lose out on important service updates due to communication lapses. If linked to investment or credit products, inactivity could affect related services such as interest payments or loan servicing.

In cases where the account balance is substantial, the risk increases due to potential misuse. To mitigate such threats, banks may enforce stricter KYC verification before reactivation and monitor dormant accounts for unusual activity. Still, the onus also lies with customers to stay proactive in managing and securing their accounts.

Fraudsters often target inoperative accounts precisely because they are left unchecked. These accounts can be used as conduits for layering or laundering illicit funds, making them ideal entry points for financial crime. Criminals may use phishing emails or social engineering tactics to obtain login credentials or duplicate documents of dormant account holders.

Once access is gained, transactions may be initiated in small amounts to test bank monitoring systems. If undetected, larger withdrawals or transfers may follow. In some cases, internal collusion within banking staff has also been reported, where dormant accounts are used to process unauthorised transactions without the account holder’s knowledge.

Another method involves updating contact details like mobile numbers or email addresses through forged requests, thereby redirecting OTPs and alerts to fraudsters. If the account is not linked to active mobile banking or if KYC documents are outdated, banks may have difficulty verifying the legitimacy of such changes quickly.

Fraudsters may also misuse inoperative accounts to generate counterfeit statements or use them as reference accounts in fraudulent loan applications. The lack of active oversight from the account holder provides them a wider window to operate without detection.

This misuse highlights the importance of timely monitoring, KYC updates, and account reconciliation—especially for individuals with multiple or legacy bank accounts.

• Maintain regular transactions: Perform at least one customer-initiated transaction annually to keep your account active.
• Check account statements frequently: Review statements even for accounts you rarely use. Look for any unrecognised transactions.
• Enable digital alerts: Activate SMS and email alerts for balance updates, logins, and withdrawals to catch suspicious activity quickly.
• Keep KYC documents updated: Ensure your Aadhaar, PAN, address, and mobile number are current with the bank.
• Secure login credentials: Do not share your account passwords, PINs, or OTPs with anyone. Change passwords regularly.
• Respond to bank queries: If your bank contacts you about dormancy or document updates, act promptly.
• Close unused accounts: If an account is no longer required, consider closing it formally rather than leaving it dormant.
• Link to active mobile number: Ensure all accounts are linked to an active and accessible mobile number for receiving real-time alerts.
• Use secure devices: Log in to online banking only from trusted, virus-free devices.
• Monitor for changes in contact details: If you receive alerts about changes to mobile number or email ID without your action, notify the bank immediately.

• Set up monthly account summaries: Opt for monthly e-statements or printed summaries even for rarely used accounts.
• Log in periodically: Access your internet banking or mobile app at least once every few months to check balances.
• Review all account-linked services: Reconcile linked auto-debits, standing instructions, and investment payouts regularly.
• Check for unauthorised access: Review login logs if provided by the bank for any unusual access history.
• Validate communication records: Ensure your bank has not attempted to contact you through outdated or inactive email or phone numbers.
• Contact customer care proactively: If you notice any inactivity notices, call or visit your branch immediately for clarity.
• Keep track of login history:  Monitor your net banking login history and immediately report unknown logins.
• Use mobile banking apps securely: Always log out after sessions, and avoid accessing accounts through public Wi-Fi.
• Update alert preferences: Choose alert settings that notify you of all transactions, not just large-value ones.
• Cross-verify ATM usage: If your account shows ATM withdrawals, verify whether those were authorised.

• Submit updated address proof when relocating: Changes in residence should be communicated to avoid communication lapses.
• Renew expired documents: Keep Aadhaar, PAN, and passport copies current and valid in your bank’s records.
• Update contact information: Provide your latest mobile number and email ID to avoid missing alerts.
• Verify document uploads after submission: Confirm that your online KYC submissions have been received and approved.
• Check KYC status periodically: Use the bank’s app or portal to confirm that your KYC is up to date.

• Do not ignore KYC reminder messages: Treat reminders for KYC renewal or address confirmation as high priority.
• Verify sender details: Ensure that emails and SMS messages are genuinely from your bank before acting.
• Respond even if account is rarely used: Low activity does not exempt you from compliance. Respond to all official bank communications.
• Clarify ambiguous requests: If you receive unclear messages or calls, contact your bank directly to confirm.
• Use official contact channels: Avoid responding to suspicious emails or third-party messages. Use verified bank numbers and websites.

• Do not share account access with third parties: Even if an account is inactive, sharing credentials may lead to misuse.
• Do not ignore inactivity alerts: These are early warnings that can help prevent dormancy and fraud.
• Avoid logging in from public devices: Public computers may store your login details, exposing your account to misuse.
• Do not delay KYC updates: A delay in submitting updated KYC may result in service restrictions.
• Do not assume dormant accounts are safe: Inactivity does not guarantee security; regular monitoring is essential.
• Do not postpone reactivation: If you receive a dormancy alert, act immediately to verify and update the account.
• Do not discard bank emails unread: Official communication may contain important alerts about account status or changes.
• Do not use weak passwords: Simple or reused passwords are vulnerable. Use complex and unique login credentials.
• Avoid leaving high balances in unused accounts: Move surplus funds to active accounts or investments to reduce risk.
• Do not assume joint account safety: Joint accounts also require monitoring; activity by one holder does not exempt risk.

• Do not treat dormancy alerts as spam: Messages about inactivity or verification are legitimate and require attention.
• Avoid dismissing KYC expiry warnings: Failure to respond may lead to restrictions or account suspension.
• Never overlook OTP delivery failure: Missed OTPs may signal unauthorised changes to contact information.
• Avoid missing regulatory updates: Banks may send changes to terms, charges, or digital policies affecting inactive accounts.
• Do not assume SMS alerts are non-critical: Even balance messages may contain signs of account tampering.

• Never share login credentials via email or phone: Banks never ask for these details; avoid unsolicited requests.
• Do not provide personal details on unknown websites: Always check the domain before entering sensitive information.
• Avoid social media disclosures: Do not mention account-related details or screenshots publicly.
• Reject unknown calls asking for bank information: Do not disclose details unless you have initiated the call.
• Do not use third-party agents for verification: Visit the branch or use official digital platforms for KYC or updates.

• Do not postpone reactivation once notified: The longer the delay, the higher the risk of unauthorised activity.
• Avoid ignoring bank reactivation instructions: These are required to restore full access and avoid account restrictions.
• Do not assume inactive accounts are exempt from fraud: Dormant status may increase the risk if unchecked.
• Delay in reactivation may affect other services: Inoperative accounts linked to investments or EMI payments can disrupt services.
• Do not skip visiting branch if required: If online reactivation is not possible, complete the process offline as advised.

Inoperative accounts may carry legal consequences if not managed properly. For example, if fraudulent activity is detected in a dormant account due to negligence, the account holder may face scrutiny for failing to secure their financial information. Moreover, dormant accounts may be flagged for additional investigation under anti-money laundering (AML) regulations.

Banks are required to report inoperative accounts to the regulator and may be obligated to transfer balances to a designated government fund, especially if the account remains unclaimed for over ten years. To reclaim such funds, the account holder must go through a formal verification process.

Failure to update KYC in an inoperative account may also result in restrictions that hinder access to other linked financial services such as loans or investments. In some cases, if the dormant account is used for illegal transactions, even unknowingly, the holder could be held accountable under applicable financial laws.

Therefore, keeping an account active and compliant with regulations is not only a matter of convenience but also a legal safeguard.

Financial institutions and regulatory bodies run customer awareness programs to educate individuals about the risks of inoperative accounts and the steps needed to prevent fraud. These initiatives often include SMS alerts, email campaigns, website updates, and branch outreach activities.

Banks conduct KYC drives and in-app reminders to ensure users update their details in time. Some institutions host webinars, distribute educational brochures, or include warning banners in account dashboards highlighting dormant account risks.

Regulatory bodies like the RBI also issue public advisories and guidelines to help customers understand how to manage inactive accounts. Topics include recognising phishing messages, verifying account activity, and reporting suspicious behaviour.

Awareness programs play a critical role in fraud prevention by bridging the knowledge gap and encouraging responsible account management. Customers are advised to actively engage with these programs and take preventive measures suggested by their banks.

Inoperative accounts may seem harmless, but if left unattended, they pose significant financial and legal risks. Dormant accounts are often vulnerable to unauthorised access, identity theft, and misuse due to the absence of regular monitoring. Proactive measures such as maintaining periodic activity, updating KYC details, and promptly responding to bank communications can significantly reduce the risk of fraud.

Banks and regulatory authorities have implemented structured protocols to help customers safeguard their dormant accounts. These include verification mechanisms, real-time alerts, and secure digital platforms. However, the primary responsibility lies with the account holder to ensure their accounts—active or otherwise—are secure, compliant, and regularly reviewed.

Understanding the risks and responsibilities associated with inoperative accounts empowers individuals to manage their finances more securely and with greater awareness.