The Delhi Police have arrested 18 individuals for duping State Bank of India (SBI) credit card holders of nearly ₹2.6 crore in a nationwide fraud. The operation, which ran for six months, relied on insider leaks at a Gurugram-based call centre and a sophisticated money-laundering network that spanned cash deals and cryptocurrency transactions.
Interestingly, the syndicate targeted SBI cardholders across India but deliberately avoided customers based in Delhi, police officials confirmed.
How the Fraudsters Operated
According to Deputy Commissioner of Police (IFSO) Vinit Kumar, the gang gained access to confidential SBI customer data with the help of insiders at Teleperformance, a call centre in Gurugram responsible for handling sensitive Card Protection Plan (CPP) data.
Using this leaked information, the fraudsters posed as SBI executives, contacting unsuspecting customers and tricking them into sharing one-time passwords (OTPs) and card verification values (CVVs).
Armed with this information, the gang purchased high-value electronic gift cards from online platforms, particularly travel booking websites. These digital assets were then either:
- Sold to travel agents for cash, or
- Converted into Tether (USDT cryptocurrency), effectively removing the money from the traditional banking system.
Data Protection and DPDP Act Readiness: Hundreds of Senior Leaders Sign Up for CDPO Program
Masterminds and Key Players Identified
The Delhi Police have identified Ankit Rathi, Waseem, and Vishal Bhardwaj as the masterminds behind the ₹2.6 crore scam.
The insider leak was allegedly orchestrated by call centre employees Vishesh Lahori and Durgesh Dhakad, who siphoned off SBI credit card data. Other arrested individuals were responsible for:
- Operations and logistics (fraud execution and card misuse),
- Finance handling (managing cash flow and crypto transactions),
- SIM card supply (to maintain anonymity).
During raids, police recovered 52 mobile phones, multiple SIM cards, and detailed customer bank records, further underlining the scale of the fraud.
Teleperformance Call Centre Under Scanner
The investigation has raised serious concerns over Teleperformance, the Gurugram-based call centre that handled SBI’s CPP operations. Police allege that large-scale data leaks occurred at the company, compromising thousands of customers’ banking credentials.
Officials have called into question Teleperformance’s security protocols, suggesting that its failure to safeguard confidential information enabled the fraud syndicate to operate at scale.
“The breach exposes systemic gaps in corporate data protection and raises urgent questions about the outsourcing of sensitive banking operations to private call centres,” the police noted.
Wider Implications for Banking Security
The case underscores a worrying trend: insider threats in financial data ecosystems. Unlike typical phishing scams, this operation combined legitimate banking data with fraudulent impersonation, making it harder for victims to detect foul play until it was too late.
With customer data being sold, misused, or leaked, cybersecurity experts warn that banks must strengthen oversight over third-party vendors like call centres. The use of cryptocurrencies such as Tether (USDT) for laundering further highlights how digital assets are being misused to escape regulatory checks.
What Lies Ahead
The arrested individuals are being interrogated, and Delhi Police may expand the investigation to uncover whether the data breach at Teleperformance was isolated or systemic.
Meanwhile, authorities have advised SBI customers to:
- Never share OTP, CVV, or PIN details with callers claiming to be bank executives,
- Report suspicious activity immediately to the National Cyber Crime Reporting Portal (1930),
- Regularly update passwords and monitor transaction alerts.
The case serves as a stark reminder that in India’s fast-growing digital financial ecosystem, insider leaks pose as much risk as external cyberattacks.