[vishnugupta]

Semantically you are right, however there's more to it.

Bank transfer can be invoked within the context of a business transaction (e.g., buying on Amazon) or as a standalone payment with no context attached to it.

In the first case, the money goes through many intermediaries such as payment gateway, merchant, acquirer, etc. In this instance, a customer can dispute a payment at different levels beginning with the merchant (or marketplace), their issuer, and finally file a case in the consumer court. 90% of the disputes get settled by the merchant/marketplace. Issuers typically side with the consumer because their primary customers are consumers. Consumer courts take time to settle a dispute, but they do work.

It's possible for fly-by-night sellers to con a bunch of customers but it's rare. Because payment gateways and acquirers have gotten their act together in recent years and they do stricter KYB checks (Know Your Business).

The bulk of the theft happens through person-to-person bank transfer, i.e., devoid of any business context. Here, the fraudsters con a gullible person to reveal bank credentials and also second-factor auth. Social engineering attacks are also common. But the thing is you always know the destination bank account. So you can track the fraudster as the destination bank would have done a KYC. The key point to note here is that the money can always be physically traced. And there are laws that let victim claw back that money if they can provide sufficient evidence of fraud.