Having worked in Internet banking in Client Implemenations for 6yrs with another indian mnc . i can surely say this is shocking and definitely a vendors (I guess this is TCS product) developer has introduced a backdoor into the system.
Please escalate this at the highest levels. I cant seem to fathom how long this vulnerability has existed and how many people have misused this or were affected this.
Lastly, I want to congratulate you for finding this bug. Good Work and awesome way of reporting it on Medium . Congratulations!