• Hey there! Welcome to TFC! View fewer ads on the website just by signing up on TF Community.

The Biggest Loophole of 2025 (So Far): When a Major Banks IT System Failed

Apply For Lifetime Free IDFC First Credit Card
TechnoFino said:
Last year, I shared an article about how Mr. X, Y, and Z attempted to exploit a loophole. Among them, Mr. Z managed to outsmart the system and made some profit. You can check out that article https://www.technofino.in/community...f-2024-turned-into-a-nightmare-for-one.34900/.

But today, I’m going to share something even more fascinating - a loophole, or rather, a technical glitch that exists in one of India’s biggest banks.

This glitch was reported to me by a member of the TechnoFino Community. They stumbled upon this issue purely by chance and reached out to me for guidance. What follows is not just bizarre - it's a serious concern for the banking ecosystem.

Let’s First Understand the Loophole (The Technical Bug):​

On June 11, 2025, I received a message from a TF Community member who discovered a strange issue and wanted my opinion.

He was using the debit card of a family member’s account to repay his credit card bills.
  • On June 5, he made a payment of ₹41,747 through PhonePe using this debit card to his Axis Bank credit card.
    The amount was debited from the bank account and credited to the Axis bank credit card - everything looked perfectly normal.
  • On June 6, he paid the remaining few lakhs using the same debit card via Unipay, successfully clearing all his credit card dues from the previous month - again, no issues.
    The payments were debited from the bank account and credited across 7-8 different credit cards.

    View attachment 101034
But then came the twist.

On June 9, out of nowhere, he received a refund of ₹41,747 - the exact amount he had paid via PhonePe to the Axis bank credit card.

View attachment 101036

Upon checking, PhonePe showed no transaction failure, and the Axis Bank card still retained the payment. The card balance reflected that the payment was intact.

Assuming this to be a glitch on PhonePe’s end, he immediately repaid the ₹41,747 to the same Axis card - thinking it was a technical error and not wanting to risk a late fee or interest. (Smart move - he had read my post on the biggest loophole of 2024 and was a bit cautious.)

But Then Came the Real Shocker​

On June 10, he received refunds for all the credit card bill payments made on June 6 - the entire few lakhs!

View attachment 101037

This immediately reminded him of something that had happened in April, 2025:
  • In the first week of April, he had used this same debit card for a ₹5 transaction - which had gone through successfully.
  • 4–5 days later, the ₹5 was refunded back to the account.
  • He assumed the website had refunded it due to a glitch and didn’t bother - it was just ₹5, after all.
But here's the kicker:
On June 9, the same day he got the ₹41,747 refund, the ₹5 from April was debited again from the account - this time silently, not even reflected properly in the account statement.

So Here’s How the Bug Behaves:​

  1. You use the Debit Card on any platform or merchant.
  2. The amount gets debited from your bank account and the merchant is paid - everything works as expected.
  3. 4–5 working days later, the same amount is refunded back to your account.
  4. Then, after a random period (10 to 50 days), the same amount is again debited from your account.
That’s the cycle.

Why Did He Contact Me?​

Here’s what he told me:

He’s currently managing a credit card debt of ₹7–8 lakhs and saw this as a boon - a rare opportunity to clear his dues temporarily.
But based on his observation of the April transaction and the recent refund, he feared that the bank might attempt to debit the refunded amounts again between the 10th to 50th day, possibly around or after July 31st.

His concern?
By then, his account won’t have sufficient balance, and the account may go into negative or lien, affecting his banking relationship.

So, he asked me:

My Reply (Sent on June 11, 2025):​



His Email To SBI:
On the same day, he also sent an email to his bank, SBI. However, despite emailing the bank and even the AGMs, they didn’t bother to take any action or contact him. This clearly highlights how poor SBI’s customer service is. Unfortunately, this is the kind of customer service we receive from SBI — the largest bank in India, both in terms of capital and the number of customers.

View attachment 101063
View attachment 101064

Update (As of June 19, 2025)​

Today, he messaged me again:



He also shared a screenshot showing his current bank balance at (-) ₹5,31,426.

View attachment 101038

He has already repaid a portion to his bank account and will eventually clear the entire negative balance.

View attachment 101067
View attachment 101068

I know you’re all eager to know the name of the debit card - well, it’s the SBI Nari Shakti Debit Card.

Final Thoughts​

This incident should be a serious eye-opener for all banks. How is it even possible that such a massive glitch still exists in a bank like SBI, the largest bank in India?
Thanks to this individual who chose to report the issue and allow me to post about it. But imagine how many could have already exploited this bug for profit.
The RBI mandates regular IS (Information Systems) audits, but even after those, how does such a critical issue remain undetected?

Let’s be honest - most people, when they discover a bug like this, don’t think about ethics or the greater good. They think of profit.

A Request to Indian Banks and SBI​

Start a bug bounty program - seriously.
This one step can change the game. People will voluntarily report bugs if they feel seen, heard, and rewarded.

And to SBI, if you're reading this - please don’t demand repayment from the person who reported this glitch. He’s facing financial stress and still chose to do the right thing by informing us and allowing this to be shared publicly.

Reward him instead. He just helped you discover something your entire IT and audit team missed.
Click to expand...
Even if it's a bug, bank has all the details to prove that a glitch has happened and right to recover the money.
Imagine by mistake you excessively given money to a person, don't we try to recover, mistakes do happen. I don't think banks have to pay for bug bounty because their records will not tally and finally will figure out.
 
Aniket Sharma said:
What will happen if the account is closed before getting the amount debited?

🤣😂
Click to expand...
sapne-dekhna-achi-baat-he.webp
magar fantacy ko sach samjhna
achi baat nahi hai 🤣


A/c close kaise hoga aur kaun kardega without recovering the lien amount? Lien balance ka recovery hoga tabhi A/c closure ka approval milega, waise SBI hai DC unblock jab online nahi hota toh A/c closure kya hi online hoga 🤣 online bhi hota toh system neg. bal ko aage proceed nahi karne deta...and aadhar bank ke record mein nahone se address ya baaki details pull out nahi ho sakta ya kar sakta ye bhi bharam hai bas, bataiye if reason jaana ho toh mein hi kuch basis bata dunga...
 
Aniket said:
View attachment 101084
magar fantacy ko sach samjhna
achi baat nahi hai 🤣


A/c close kaise hoga aur kaun kardega without recovering the lien amount? Lien balance ka recovery hoga tabhi A/c closure ka approval milega, waise SBI hai DC unblock jab online nahi hota toh A/c closure kya hi online hoga 🤣 online bhi hota toh system neg. bal ko aage proceed nahi karne deta...and aadhar bank ke record mein nahone se address ya baaki details pull out nahi ho sakta ya kar sakta ye bhi bharam hai bas, bataiye if reason jaana ho toh mein hi kuch basis bata dunga...
Click to expand...
Basis sbi k case me kaam ni krti na isliye doubt rh jata hai
 
TechnoFino said:
Last year, I shared an article about how Mr. X, Y, and Z attempted to exploit a loophole. Among them, Mr. Z managed to outsmart the system and made some profit. You can check out that article https://www.technofino.in/community...f-2024-turned-into-a-nightmare-for-one.34900/.

But today, I’m going to share something even more fascinating - a loophole, or rather, a technical glitch that exists in one of India’s biggest banks.

This glitch was reported to me by a member of the TechnoFino Community. They stumbled upon this issue purely by chance and reached out to me for guidance. What follows is not just bizarre - it's a serious concern for the banking ecosystem.

Let’s First Understand the Loophole (The Technical Bug):​

On June 11, 2025, I received a message from a TF Community member who discovered a strange issue and wanted my opinion.

He was using the debit card of a family member’s account to repay his credit card bills.
  • On June 5, he made a payment of ₹41,747 through PhonePe using this debit card to his Axis Bank credit card.
    The amount was debited from the bank account and credited to the Axis bank credit card - everything looked perfectly normal.
  • On June 6, he paid the remaining few lakhs using the same debit card via Unipay, successfully clearing all his credit card dues from the previous month - again, no issues.
    The payments were debited from the bank account and credited across 7-8 different credit cards.

    View attachment 101034
But then came the twist.

On June 9, out of nowhere, he received a refund of ₹41,747 - the exact amount he had paid via PhonePe to the Axis bank credit card.

View attachment 101036

Upon checking, PhonePe showed no transaction failure, and the Axis Bank card still retained the payment. The card balance reflected that the payment was intact.

Assuming this to be a glitch on PhonePe’s end, he immediately repaid the ₹41,747 to the same Axis card - thinking it was a technical error and not wanting to risk a late fee or interest. (Smart move - he had read my post on the biggest loophole of 2024 and was a bit cautious.)

But Then Came the Real Shocker​

On June 10, he received refunds for all the credit card bill payments made on June 6 - the entire few lakhs!

View attachment 101037

This immediately reminded him of something that had happened in April, 2025:
  • In the first week of April, he had used this same debit card for a ₹5 transaction - which had gone through successfully.
  • 4–5 days later, the ₹5 was refunded back to the account.
  • He assumed the website had refunded it due to a glitch and didn’t bother - it was just ₹5, after all.
But here's the kicker:
On June 9, the same day he got the ₹41,747 refund, the ₹5 from April was debited again from the account - this time silently, not even reflected properly in the account statement.

So Here’s How the Bug Behaves:​

  1. You use the Debit Card on any platform or merchant.
  2. The amount gets debited from your bank account and the merchant is paid - everything works as expected.
  3. 4–5 working days later, the same amount is refunded back to your account.
  4. Then, after a random period (10 to 50 days), the same amount is again debited from your account.
That’s the cycle.

Why Did He Contact Me?​

Here’s what he told me:

He’s currently managing a credit card debt of ₹7–8 lakhs and saw this as a boon - a rare opportunity to clear his dues temporarily.
But based on his observation of the April transaction and the recent refund, he feared that the bank might attempt to debit the refunded amounts again between the 10th to 50th day, possibly around or after July 31st.

His concern?
By then, his account won’t have sufficient balance, and the account may go into negative or lien, affecting his banking relationship.

So, he asked me:

My Reply (Sent on June 11, 2025):​



His Email To SBI:
On the same day, he also sent an email to his bank, SBI. However, despite emailing the bank and even the AGMs, they didn’t bother to take any action or contact him. This clearly highlights how poor SBI’s customer service is. Unfortunately, this is the kind of customer service we receive from SBI — the largest bank in India, both in terms of capital and the number of customers.

View attachment 101063
View attachment 101064

Update (As of June 19, 2025)​

Today, he messaged me again:



He also shared a screenshot showing his current bank balance at (-) ₹5,31,426.

View attachment 101038

He has already repaid a portion to his bank account and will eventually clear the entire negative balance.

View attachment 101067
View attachment 101068

I know you’re all eager to know the name of the debit card - well, it’s the SBI Nari Shakti Debit Card.

Final Thoughts​

This incident should be a serious eye-opener for all banks. How is it even possible that such a massive glitch still exists in a bank like SBI, the largest bank in India?
Thanks to this individual who chose to report the issue and allow me to post about it. But imagine how many could have already exploited this bug for profit.
The RBI mandates regular IS (Information Systems) audits, but even after those, how does such a critical issue remain undetected?

Let’s be honest - most people, when they discover a bug like this, don’t think about ethics or the greater good. They think of profit.

A Request to Indian Banks and SBI​

Start a bug bounty program - seriously.
This one step can change the game. People will voluntarily report bugs if they feel seen, heard, and rewarded.

And to SBI, if you're reading this - please don’t demand repayment from the person who reported this glitch. He’s facing financial stress and still chose to do the right thing by informing us and allowing this to be shared publicly.

Reward him instead. He just helped you discover something your entire IT and audit team missed.
Click to expand...
I think this issue is related to RuPay debit cards and the Bharat Connect (BBPS) bill payment system. I faced a similar issue a few months ago. I used my IDFC FIRST Tap RuPay debit card on Freecharge to pay two credit card bills. The payments were successfully credited to my credit cards, but a few days later, I received refunds in my IDFC account for those transactions. However, after some time, both amounts were debited from my account again. I had completely forgotten about it until I saw this post.

@Abhishek012
 
Strange said:
I think this issue is related to RuPay debit cards and the Bharat Connect (BBPS) bill payment system. I faced a similar issue a few months ago. I used my IDFC FIRST Tap RuPay debit card on Freecharge to pay two credit card bills. The payments were successfully credited to my credit cards, but a few days later, I received refunds in my IDFC account for those transactions. However, after some time, both amounts were debited from my account again. I had completely forgotten about it until I saw this post.

@Abhishek012
Click to expand...
RuPay is not at fault. This bug works with Visa / Mastercard as well.

Main issue isn't with Paytm, PhonePe, SBI or any portal. The real culprit is BBPS or Bharat Connect.

People are unnecessarily hating on SBI and blaming it. SBI is just giving you a DC to earn reward points when paying for bills.

This bug works on any platform that uses BBPS. Last time, many people exploited it through Jio Finance, Unipay, Airtel app, and even HDFC billpay using indusind, idfc, hdfc, axis DCs.

Well, It was a great time. Everyone maxed out their debit card rewards and also received refunds. Though, most of the stuff were later revoked 😅, but rewards stayed.
 
This is not looting but getting looted.
discussion talk GIF
 
Sab theek but you are saying sbi should not as money from the guy? Seriously by this logic lakhs of other people will demand money unnecessarily by exploiting in crores

and if bounty announced many hackers will try to hack into system or try to make bugs with nasty relationships with developers
 
Strange said:
I think this issue is related to RuPay debit cards and the Bharat Connect (BBPS) bill payment system. I faced a similar issue a few months ago. I used my IDFC FIRST Tap RuPay debit card on Freecharge to pay two credit card bills. The payments were successfully credited to my credit cards, but a few days later, I received refunds in my IDFC account for those transactions. However, after some time, both amounts were debited from my account again. I had completely forgotten about it until I saw this post.

@Abhishek012
Click to expand...
All the faults are from the BBPOU and BBPCU side, not from RuPay, Visa, MasterCard or BBPS.

Now, if you ask – 'What is this BBPOU and BBPCU ?'

Actually, BBPOU and BBPCU haven't integrated properly.

All these companies.. :backhand-index-pointing-down: :backhand-index-pointing-down:

bbpou.webp
bbpou.webp

As for BBPS, its role mostly comes at the end — like settlement of payments, which usually happens the next day or after few hours on the same day.

BBPS Transaction Flow -

bbps transaction flow.webp

If there's any glitch or bug in the BBPOU or BBPCU system and the system marks a successful payment as failed, then BBPCU will refund the customer. And if BBPOU's side shows the payment as successful, then the biller will be credited.

This BBPS is somewhat like the UPI system. I’ve said many times that UPI is rarely down—UPI servers are up 99.99% of the time. Problems usually occur on the receiver's bank side, sender's bank side, or with TSP companies that connect UPI with the banks.

BBPS is also like UPI but for India's bill payment system. Here, the sender bank is BBPCU, and your receiver bank is BBPOU. If either one has issues, you’ll see problems like this.

Now, what’s the solution?

Well, in a few years, everything will be resolved. When BBPS was launched in 2015, people even used to get refunds for electricity bill payments. But now, you’ll rarely hear of anyone getting a refund from BBPS after paying an electricity bill.

@6ix9ine
 
Abhishek012 said:
All the faults are from the BBPOU and BBPCU side, not from RuPay, Visa, MasterCard or BBPS.

Now, if you ask – 'What is this BBPOU and BBPCU ?'

Actually, BBPOU and BBPCU haven't integrated properly.

All these companies.. :backhand-index-pointing-down: :backhand-index-pointing-down:

View attachment 101100
View attachment 101099

As for BBPS, its role mostly comes at the end — like settlement of payments, which usually happens the next day or after few hours on the same day.

BBPS Transaction Flow -

View attachment 101103

If there's any glitch or bug in the BBPOU or BBPCU system and the system marks a successful payment as failed, then BBPCU will refund the customer. And if BBPOU's side shows the payment as successful, then the biller will be credited.

This BBPS is somewhat like the UPI system. I’ve said many times that UPI is rarely down—UPI servers are up 99.99% of the time. Problems usually occur on the receiver's bank side, sender's bank side, or with TSP companies that connect UPI with the banks.

BBPS is also like UPI but for India's bill payment system. Here, the sender bank is BBPCU, and your receiver bank is BBPOU. If either one has issues, you’ll see problems like this.

Now, what’s the solution?

Well, in a few years, everything will be resolved. When BBPS was launched in 2015, people even used to get refunds for electricity bill payments. But now, you’ll rarely hear of anyone getting a refund from BBPS after paying an electricity bill.

@6ix9ine
Click to expand...
But hai toh BBPS ke under hi na, normal person would blame BBPS only. Baki, yes technical details are there as you shown.
 
You must log in or register to reply here.

Similar threads

TechnoFino
The Biggest Loophole of 2024 Turned into a Nightmare for One
Replies
166
Views
15K
CardTox
C
Back
Top