• Hey there! Welcome to TFC! View fewer ads on the website just by signing up on TF Community.

Unauthorized CKYCRR Enquiry by SBI Cards & Payment Services Ltd. – Alert for All Users.

Apply For Lifetime Free IDFC First Credit Card
Fintellect

Fintellect

TF Buzz

Issue Summary:

On 04 August 2025, I received a CKYCR SMS alert from CERSAI stating that SBI Cards and Payment Services Ltd. had fetched my CKYCR (Central KYC Registry) Record bearing reference number 50071620638291.
However, I want to clarify upfront:

👉 I never applied for any SBI Credit Card, loan, or any financial product from SBI Cards.
👉 I never gave consent (electronic, physical, verbal, or otherwise) to SBI Cards for fetching my CKYC data.
Click to expand...

This appears to be unauthorized access to sensitive financial data.

What is CKYCRR? Why is this serious?

CKYCRR is a centralized KYC repository managed by CERSAI (Central Registry of Securitisation, Asset Reconstruction and Security Interest of India). Banks and NBFCs are allowed to access your CKYC only with your explicit, auditable consent.

Fetching CKYC without consent is not just a breach of RBI guidelines, but also:
  • A potential violation of privacy
  • May result in unauthorized loan or credit card processing
  • Could harm your credit score and expose you to financial fraud

What I Did Immediately:

  1. 📧 Emailed SBI Card Nodal Officer demanding:
    • Reason for CKYC fetch
    • Internal reference ID or application number
    • Verifiable proof of consent (timestamp, IP, OTP, etc.)
    • Call recordings or screenshots (if any consent was claimed)
  2. 📧 Emailed CKYCR (CERSAI) Helpdesk asking:
    • How SBI Card was allowed to fetch my CKYC
    • If consent was submitted, I requested full traceability logs

Which Rules/Acts Were Violated?

  • RBI Master Direction – KYC (Updated June 2025): Consent is mandatory for data fetch.
  • CKYC FAQ by CERSAI – Point J: Reporting entities must have auditable customer consent.
  • DPDP Act, 2023 (Digital Personal Data Protection): Processing without consent is punishable.
  • Information Technology Act, 2000 – Section 43A, 72A

Why This Matters for You:

  • Even if you don’t apply for a credit card or loan, your data can still be fetched and misused.
  • You may be unaware of unauthorized applications or hits to your credit report.
  • Such practices erode trust and can cause financial and reputational harm.

How to Stay Protected:

  1. Turn on CKYC SMS alerts (if not already enabled).
  2. Avoid sharing PAN/mobile on random credit card comparison platforms.
  3. Revoke consent from platforms you no longer use (like Paisabazaar, Bankbazaar, other 3rd parties, etc.).
  4. Check your CIBIL/CRIF/Equifax/Experian reports regularly for any hard inquiries or accounts you didn’t authorize.
  5. File a complaint with:


💬 Has anyone else here noticed CKYCR fetch notifications from banks or NBFCs without consent?​

  • Check your SMS logs or email alerts.
  • Let’s compile names of such entities and raise collective awareness.
Stay aware. Stay protected.
– Fintellect
 

Attachments

  • CKYCR by SBI Card.webp
    CKYCR by SBI Card.webp
    16.9 KB · Views: 16
Apply For LTF IndusInd Bajaj Tiger Credit Card
@Fintellect can you tell me like I have savings account with X Bank from 10 years from 2014 to 2024 and I closed that in June 2024 but almost 1 year later in may 2025 I received message that your kyc record registered with ckyc from that bank? I had no relationship with them excluding the account which was closed.

So, Is it legal or not? Should I report this or it is normal.
 
Fintellect said:

Issue Summary:

On 04 August 2025, I received a CKYCR SMS alert from CERSAI stating that SBI Cards and Payment Services Ltd. had fetched my CKYCR (Central KYC Registry) Record bearing reference number 50071620638291.
However, I want to clarify upfront:



This appears to be unauthorized access to sensitive financial data.

What is CKYCRR? Why is this serious?

CKYCRR is a centralized KYC repository managed by CERSAI (Central Registry of Securitisation, Asset Reconstruction and Security Interest of India). Banks and NBFCs are allowed to access your CKYC only with your explicit, auditable consent.

Fetching CKYC without consent is not just a breach of RBI guidelines, but also:
  • A potential violation of privacy
  • May result in unauthorized loan or credit card processing
  • Could harm your credit score and expose you to financial fraud

What I Did Immediately:

  1. 📧 Emailed SBI Card Nodal Officer demanding:
    • Reason for CKYC fetch
    • Internal reference ID or application number
    • Verifiable proof of consent (timestamp, IP, OTP, etc.)
    • Call recordings or screenshots (if any consent was claimed)
  2. 📧 Emailed CKYCR (CERSAI) Helpdesk asking:
    • How SBI Card was allowed to fetch my CKYC
    • If consent was submitted, I requested full traceability logs

Which Rules/Acts Were Violated?

  • RBI Master Direction – KYC (Updated June 2025): Consent is mandatory for data fetch.
  • CKYC FAQ by CERSAI – Point J: Reporting entities must have auditable customer consent.
  • DPDP Act, 2023 (Digital Personal Data Protection): Processing without consent is punishable.
  • Information Technology Act, 2000 – Section 43A, 72A

Why This Matters for You:

  • Even if you don’t apply for a credit card or loan, your data can still be fetched and misused.
  • You may be unaware of unauthorized applications or hits to your credit report.
  • Such practices erode trust and can cause financial and reputational harm.

How to Stay Protected:

  1. Turn on CKYC SMS alerts (if not already enabled).
  2. Avoid sharing PAN/mobile on random credit card comparison platforms.
  3. Revoke consent from platforms you no longer use (like Paisabazaar, Bankbazaar, other 3rd parties, etc.).
  4. Check your CIBIL/CRIF/Equifax/Experian reports regularly for any hard inquiries or accounts you didn’t authorize.
  5. File a complaint with:


💬 Has anyone else here noticed CKYCR fetch notifications from banks or NBFCs without consent?​

  • Check your SMS logs or email alerts.
  • Let’s compile names of such entities and raise collective awareness.
Stay aware. Stay protected.
– Fintellect
Click to expand...
I have received these sms three times previous month. Asked clarification but received vague reply from sbicard. No new enquiry was made, so i gave up
 
You must log in or register to reply here.
Back
Top