On Feb 24, 2026, dozens of users began posting in Indian finance/credit-card communities that they were receiving many rapid debit/decline / alert messages showing attempted or successful international transactions on their BookMyForex-Yes Bank cards.
The pattern reported by users is: multiple email/SMS alerts within minutes, transactions denominated in foreign currencies (examples cited: BRL, AED, USD), and difficulty reaching customer support or using the app to block the card. These user reports are visible in a large Reddit thread and in posts on X/Twitter.
Immediate User Reports And Timelines
Multiple cardholders reported receiving 10+ alert messages within minutes, and at least one user claimed they received around 40 transaction messages, of which about half succeeded, before they could act. The earliest public posts show affected users trying to log into the card portal, using the “card management” link provided in transactional emails, and setting limits or disabling international use to stop further drains. These are first-hand timestamps and statements from affected customers rather than an official forensic timeline.
Several users describe attempts to contact customer support by phone and email that went unanswered or were busy; others said the mobile app was non-responsive or down when they urgently needed to block the card.
Anjali, a customer of the bank, shared her experience with us, “I got a bunch of emails and saw that the scammer had taken money out of my card.”
This pattern, rapid fraud attempts, simultaneous customer care overload, and users being forced to use self-service portals, appears consistently across the social media posts. That combination is typical in large card compromises where attackers act quickly and at scale.
What Victims Are Reporting
Affected customers repeatedly reported transactions in foreign currencies (BRL, AED, USD) and attempts that were both “declined” and “succeeded” depending on timing and available balances. Several users specifically said the alerts showed “invalid security details” or rapid declines followed by successful debits as balances were reloaded or authorizations processed. These details come from user screenshots and message summaries posted in the Reddit thread.
Users also shared the same remediation step: log into the card management portal URL included in transactional emails (many cited cards.bookmyforex.com/login) and immediately disable international transactions or set daily limits to zero. Multiple users said that the step helped stop further authorizations. Where users had a balance on the card, some reported partial losses; others said they were lucky and had zero balance at the time.
Customer Support Collapse
Anjali also shared that the bank is non-responsive. “Obviously, I tried to block the account first and then saw online that others were aggrieved too. I have disputed the transactions, but haven’t heard back from the bank yet.”
This is not the story of one customer. Across posts, the dominant complaint was that phone lines were busy and emails unanswered; many users said they waited 30+ minutes or could not get through. Some described the call center as “swamped” and the mobile app as “non-responsive” at the moment of crisis; that degraded the usual incident-response options for cardholders and pushed people to community forums for advice. Those posts are contemporary, real-time user complaints that make up the bulk of the public evidence so far.
When a payment provider or partner experiences fraud, customer trust erodes fastest where communication is absent.
BookMyForex’s own public documentation states that the forex card is insured against loss from counterfeiting, skimming, phishing, and internet banking fraud, but insurance and dispute resolution still require timely coordination (blocking cards, lodging disputes, and chargeback processes via the issuing bank).
That gap between policy and operational response is the immediate consumer concern
What Is BookMyForex?
BookMyForex’s prepaid product is a co-branded multi-currency forex card issued in partnership with YES Bank Ltd and Visa, a structure that places customer-facing services (reload portal, app) in BookMyForex’s orbit and settlement/issuing responsibilities with the bank.
Because both a fintech/merchant platform and a bank are involved, a compromise could stem from either side (or a third-party vendor), which complicates root-cause attribution and places a premium on prompt joint disclosure.
If the compromise proves to be a platform/data leak (card numbers, CVVs, expiry dates, tokenization failures, or back-end access), there are two likely vectors: (a) an internal system or partner API was breached, or (b) skimming/merchant compromise tied to international terminals.
Past large incidents in India’s card ecosystem have impacted millions of cards and prompted RBI action. The precedent shows regulators take reporting and remediation seriously once a breach is confirmed.
However, as of Feb 24, 2026, there is no public regulatory filing or exchange disclosure from the bank clarifying the scale. That absence is notable because banks are required to report material cyber incidents.
Also Read: Why Did Yes Bank Fail And What’s Next For Other Private Banks?
Corporate And Regulatory Obligations
Under India’s regulatory framework, banks and payment-system participants are required to report unusual cyber incidents promptly. The Reserve Bank of India’s cyber security framework reiterates that banks must report unusual incidents (successful or attempted) to the RBI and CERT-IN in prescribed timelines, typically within hours of discovery, depending on severity. If the event here meets materiality thresholds (wide-scale unauthorized transactions), the bank should notify the RBI and publish appropriate remedial steps.
Separately, BookMyForex is majority-owned by MakeMyTrip Limited (as disclosed in corporate filings), which raises investor and governance questions about incident response, customer restitution, and third-party vendor oversight. Consumers and regulators are likely to demand a clear timeline, forensic findings, and remediation commitments once the companies investigate.
What Must Customers Do
Immediate steps (do them now if you have a BookMyForex/YES Bank forex card): log in to your BookMyForex card portal and disable international transactions or set daily limits to zero; preserve every SMS/e-mail alert and transaction ID; call YES Bank’s fraud hotline and demand a written FIR or complaint reference number; and immediately freeze or replace the card. Several Reddit users report that using the card-management portal to block international use stopped further attempts.
If your card suffered successful debits, file a formal dispute with the issuing bank and ask for chargebacks. Keep screenshots of the unauthorized alerts and note timestamps; submit a police complaint (FIR) if funds are lost.
Consumers should also monitor their email/SMS for phishing and change passwords for any portal tied to the card. If BookMyForex/YES Bank announces a remediation mechanism (insurance, refund policy), follow their instructions but insist on a written acknowledgement.
What appears to be a large, fast-moving set of unauthorized transaction attempts on BookMyForex-issued forex cards has generated dozens of user complaints, and at least some confirmed monetary losses in public social posts.
The pattern of tens of simultaneous authorizations, user accounts of dozens of message alerts, and the reported difficulty in reaching support make this an incident with potentially wide customer impact, but formal forensic attribution and the total number of affected customers remain unannounced.
What to watch: an official statement or bulletin from BookMyForex, YES Bank Ltd, or the RBI; any consumer remediation or refund instructions; and the forensic timeline (how the compromise occurred).
Images: Google Images
Sources: Personal Accounts, Reddit
Find the blogger: Katyayani Joshi
This post is tagged under: BookMyForex, Yes Bank, data breach India, cyber security India, fintech breach, banking fraud India, card fraud alert, forex card fraud, financial fraud India, digital payments India, cyber attack India, data leak India, personal data breach, online fraud alert, banking security, RBI guidelines, consumer protection India, fraud prevention tips, breaking news India, fintech news India, cybersecurity awareness, money safety, scam alert India, financial literacy India
Disclaimer: We do not hold any right, copyright over any of the images used, these have been taken from Google. In case of credits or removal, the owner may kindly mail us.
Other Recommendations
ResearchED: What Is A Bad Bank And Why Is It Good?
