Private sector lender Yes Bank informed the exchanges on Thursday that fraudulent transactions worth $280,000 took place using multi-currency prepaid forex cards of 5,000 customers.
The bank said that the cards were issued in partnership with BookMyForex to customers in a Latin American country.
It did not reveal the country’s name but said that the specific country did not mandate two-factor authentication for e-commerce transactions.
The fraudulent transactions were carried out on 15 merchants based out of the Latin American country in the early hours of February 24, 2026, between 3:30 AM and 8:30 AM (IST), the bank informed the exchanges.
“As a security measure, the bank has subsequently restricted e-commerce transactions from the specific Latin American country,” it said in a statement.
However, due to the bank’s monitoring and control mechanisms, 688 unauthorised transaction attempts were declined. This led to safeguarding approximately $0.1 million.
It said the bank was working with the card network to ensure that the impacted customers do not face any financial loss.
This has led the Mumbai-headquartered lender to face scrutiny from the Reserve Bank of India, which has issued a summons to Yes Bank questioning it over the breach.
According to reports, there was a breach of card data, particularly the CVV numbers of customers, which may have been used to approve the transactions on behalf of the actual customer.
The central bank has asked the lender to furnish details of the breach, including the sequence of events that led to the fraud. The RBI has also asked about the steps taken by the bank as part of the emergency containment measures.
In its statement to the exchanges, Yes Bank said that it is committed to the highest standards of data security and customer protection and continues to closely monitor the situation.
The stock of Yes Bank was trading at around Rs 21 on Thursday after opening flat on the bourses. The government-owned State Bank of India holds a stake of over 10 percent in Yes Bank.
