From the reports I have read, it seems Karvy misused the POA given by clients (to enable trading) and used it to transfer client’s shares into their own account and then sold them, pocketing the cash.
Operationally, every time there is a debit/credit in my demat account, I get an sms AND email, end of day from both the depository and NSE/BSE - did this not happen with Karvy customers? or where these details changed by Karvy? if so:
- How easy is it to change these details given that they are part of the elaborate cKYC process?
- What safeguards have been placed by Zerodha (or other brokers / SEBI mandates) to ensure that this cannot be done at a corporate level or by a group of bad actors within an organization?
I did read the post by @nithin but it does not touch upon these likely process gaps - possibly everyone is still awaiting details of the modus operandi.
Edit: As pointed out by @Siva, alerts are only for debits.