ED Arrests Mahesh Shetye in Panchkula Tech Scam

The Enforcement Directorate’s Chandigarh Zonal Office has arrested Mahesh Chandrashekhar Shetye for allegedly running a fake technical-support call centre from Panchkula’s IT Park and laundering scam proceeds into India through hawala channels.

ED says Shetye, owner of M/s Certiszep Innovations (OPC) Pvt. Ltd., was taken into custody on 29 November 2025 under the Prevention of Money Laundering Act (PMLA), 2002. A Special Court in Panchkula has granted the agency seven days of custodial interrogation, till 6 December 2025, to deepen the probe into what investigators describe as a well-organised international tech-support scam targeting U.S. citizens.

Fake Tech-Support Centre in Panchkula’s IT Park

According to ED, the alleged scam was being run from a call centre on the second floor of a building in Plot No. 7, Sector 22, IT Park, Panchkula. The operation reportedly had no Department of Telecommunications (DoT) licence, no valid client contracts with the brands it claimed to represent and no documented regulatory compliance for cross-border customer support.

The money-laundering case is based on three FIRs:

• FIR No. 100/2025 & FIR No. 101/2025 – registered at Cyber Crime Police Station, Panchkula
• FIR No. 344/2025 – registered at Chandimandir Police Station

These FIRs allege that the accused were running illegal call centres that impersonated customer-support representatives of various U.S.-based companies and internet service providers.

How U.S. Victims Were Targeted and Cheated

Investigators say the call centre staff used VoIP dialers to make calls to people in the United States, while appearing to call from domestic-looking numbers. The alleged scam followed a familiar tech-support pattern:

• Agents posed as representatives of brands such as popular streaming platforms and ISPs, including Netflix-like and Amazon-like services and U.S. cable operators.
• They claimed there were urgent technical problems, account issues or malware infections on victims’ devices.
• Victims were persuaded to grant remote access using screen-control tools, allowing the agents to manipulate what was visible on screen and increase pressure.
• Under this pressure, victims were induced to make “service payments” or “security deposits” ranging from around USD 100 to USD 5,000 per case.

Payments were routed through contemporary U.S. payment channels such as Zelle, Remitly, Bitcoin, CashApp and gift cards. ED alleges that once funds were collected in the U.S., they were channelled back to India through a hawala network, bypassing formal banking channels and AML safeguards.

ED: Mahesh Shetye as Key Operator and Main Accused

ED identifies Mahesh Chandrashekhar Shetye as the main accused in FIR No. 100/2025. He is alleged to have actively controlled the Panchkula call centre under the banner of Certiszep Innovations (OPC) Pvt. Ltd. with the assistance of associates including Surbhi Duhan, Rishabh Duhan and Rahul Chookar.

Employees questioned during the investigation reportedly identified Shetye as a key operator and decision-maker within the fake tech-support set-up, responsible for overall execution and financial flows.

The call centre is alleged to have functioned purely as a fraud infrastructure unit – with no genuine service contracts, no local customer base and no verifiable business model other than contacting and exploiting foreign victims.

Hawala Channels and Layering of Scam Proceeds

ED’s early findings suggest that the proceeds of crime (PoC) generated abroad were brought into India predominantly in cash via hawala operators. Once the money entered India, it was allegedly layered through multiple bank accounts and entities tied to Shetye.

According to the agency:

• Cash received from hawala operators was deposited into Shetye’s personal bank accounts.
• Significant flows went into the accounts of Mack & Kris Enterprises, described as a proprietary concern linked to Shetye.
• Funds were further layered through the bank account of his mother, Smt. Shalini Shetye, and other connected individuals and entities.

The laundered funds were then allegedly used for:

• Property purchases and other asset acquisitions,
• Car purchases and high-value consumer spending, and
• Investments and transfers routed through third-party firms to obscure the origin of money.

ED has indicated that the tech-support scam generated proceeds of crime running into several crores of rupees, with investigations continuing to quantify exact amounts and identify all layering routes.

7-Day ED Custody and the Road Ahead

Following his arrest on 29 November, Shetye was produced before the Special PMLA Court in Panchkula. The court granted ED custody for seven days, allowing investigators to:

• Interrogate him on the structure and financing of the call centre network,
• Trace the full chain of hawala operators and money mules,
• Identify additional associates, vendors and foreign collaborators, and
• Recover devices, records and assets linked to the alleged laundering scheme.

The agency has stressed that its probe is ongoing and that the arrest marks only one step in a wider investigation into fake tech-support call centres targeting foreign nationals.

As with all such cases, the allegations remain subject to judicial scrutiny, and any final determination of guilt or liability will be made by the competent courts.

Why This Tech-Support Scam Matters for Banks, Fintechs and Platforms

For financial institutions and payment intermediaries, the Panchkula case is another reminder of how cross-border cyber fraud increasingly intersects with mainstream payment rails. Even though victims are overseas, the proceeds ultimately flow into Indian accounts and businesses.

Key risk angles include:

• Use of modern payment apps – Remittances via Zelle, Remitly, crypto and wallet-based apps require upgraded monitoring for scam-linked typologies, even when originating offshore.
• Hawala as an integration layer – Informal value transfer systems continue to be used to bring scam proceeds into India, where they re-enter the formal economy through cash deposits and layering.
• Tech-support and remote-access scams – These scams blur the line between cybercrime and financial crime, making it vital for banks and fintechs to recognise tell-tale behavioural patterns in customer transactions.

For digital platforms, telecom providers and outsourcing ecosystems, the case underlines the need to keep a close watch on small “BPO style” outfits that may in reality be operating as scam farms targeting foreign markets.

Shunyatax Global View – Tech-Support Scams, Hawala & AML

At Shunyatax Global, the Mahesh Shetye case is seen as a live illustration of how tech-support scams, hawala networks and AML gaps can combine into a cross-border risk problem for financial institutions and regulators.

For banks, NBFCs, payment firms and large platforms, we typically focus on three core defence layers against similar schemes:

1. Behavioural and typology-based monitoring
   Designing rules and models that flag patterns linked to tech-support and impersonation scams – such as unusual overseas remittances followed by clustered cash deposits, or sudden spikes in incoming transfers to newly active accounts.
2. Counterparty and hawala-risk mapping
   Mapping networks of small firms, proprietorships and family-linked accounts that may be acting as integration points for scam proceeds, and embedding these insights into AML risk-scoring.
3. Forensic-ready investigations and coordination
   Ensuring that when red flags emerge, institutions can rapidly preserve evidence, freeze flows and coordinate with agencies such as ED and cybercrime units in a way that stands up in PMLA proceedings.

Institutions that treat cyber-enabled fraud and money laundering as a single, integrated risk stream are better positioned to contain losses and regulatory exposure.

Shunyatax.in Cyber Fraud & AML Advisory

If your organisation handles cross-border payments, digital lending, wallets or platform payouts, cases like the Panchkula tech-support scam are a clear signal to revisit your fraud and AML defences.

Shunyatax Global works with banks, fintechs, payment aggregators and platforms to:

• Map exposure to tech-support, impersonation and other cyber-fraud typologies.
• Strengthen AML frameworks for hawala-style integration and layering risks.
• Design data-driven early-warning systems for scam-linked customer behaviour.
• Support internal investigations and regulatory engagement in complex cross-border cases.

Visit Shunyatax Auditing Services to request a confidential review of your cyber fraud and AML posture, and to follow the Shunyatax News & Insights column for ongoing coverage of financial crime, cyber risk and regulatory developments.