Digital financial frauds in India: a call for improved investigation strategies
- March 25, 2024
- Posted by: OptimizeIAS Team
- Category: DPN Topics
No Comments
Digital financial frauds in India: a call for improved investigation strategies
Subject: Science and tech
Section: Awareness in IT and computers
Context:
A recent report by the Indian Cyber Crime Coordination Centre revealed that digital financial frauds accounted for a staggering ₹1.25 lakh crore over the last three years.
More on news:
- Cybercrime poses a burgeoning threat in India, impacting millions of individuals and organizations.
- According to the National Crime Records Bureau (NCRB), cybercrimes in India in 2023 resulted in a staggering loss of ₹66.66 crore, with 4,850 reported cases. A recent report by the Indian Cyber Crime Coordination Centre (I4C) revealed that digital financial frauds accounted for a staggering ₹1.25 lakh crore over the last three years.
- According to the National Cybercrime Reporting Portal (NCRP), in 2023, at least ₹10,319 crore was reported to be lost by victims of digital financial fraud. According to the report, the number of complaints received in 2023 alone was 6.94 lakh.
How digital frauds work
- While various names have been given to diverse types of frauds, the general modus operandi of a fraudster is any one of the following:
- (a) convincing the victim to send money, either by impersonation (fake WhatsApp/FB/Insta, social media profiles) or by giving them a false promise of greater return (investment, crypto, held up custom package etc.)
- (b) by taking credentials such as Unified Payments Interface ID (UPI), Personal Identification Number (PIN), One-Time Password (OTP) or Internet banking ID/password from the victim and then using the same on other apps/websites and transferring money without the knowledge of the victim.
- For this the customer will either be given a fake link which looks exactly like a UPI app screen/banking website or the victim will be conned into installing a screen sharing app.
- The scammers can also convince the victims over phone to give out those details.
- When these details are used on official banking apps this gives the fraudsters access to even the Fixed Deposits/Recurring Deposits which are also siphoned out in most cases.
After the scam
- After a fraudster empties a victim’s bank account, the money undergoes a series of circulations in broadly three stages.
- The first stage is a temporary account into which the fraudsters transfer victims’ money.
- This account will be used to receive money from various other victims as well. From here, the money is then transferred into a second stage account.
- The second category of accounts are a group of accounts among which money is circulated.
- There are a lot of middlemen who are money circulators.
- Their task is only to receive money from first level bank accounts for a nominal cut.
- The victim’s money is then split into small parts and then circulated within these accounts, by a person who is sitting in a different corner of the country.
- After sufficient churning, the money is then transferred into a third stage account which is a sink account.
- This can be a bank account, an e-wallet etc. Here, the total defrauded amount from a group of victims is re-collected.
- The money is then withdrawn in a large chunk through conventional methods of either ATMs/cheques or e-wallet cash outlets such as an e-wallet payments bank.
How can frauds be prevented
- Most frauds can be prevented with some basic technological interventions:
- Firstly, just as Google accounts do not allow logging in from a new device unless permission is granted by the former, financial institutions must be mandated to replicate this feature in their apps.
- As soon as a UPI ID, password or OTP is entered in a different device, an alert must be generated in a previous device with no further action being allowed until it is approved by the person.
- Secondly, the screen share facility must be disabled.
- Banking and financial apps must disable screen-sharing to run on top of them. And finally, in the bank statement, all banks/NBFCs/SEs must be mandated to provide comprehensible data. Currently only partly printed numbers are shown which even knowledgeable customers are unable to understand.
- The transaction description must contain the receiver’s account/mobile or any other identifying number irrespective of it being within the same bank or to an outside bank.
- One of the biggest hindrances law enforcement agencies face is in following the money trail.
- The siphoned off money hops across bank accounts and wallets within minutes but supervised entities / banks / NBFCs / wallets are not able to give the required details to agencies with the same speed.
- Most of the crime is reported after 24 hours of the commission.
Speeding up information access
Certain basic changes to the form of data provided to enforcement agencies can help in minimizing delays:
- (a) the banks/NBFCs/SEs must be mandated to provide data in a predetermined format with all the terms explained.
- The data must be given in a CSV or XLSX file. For example, the CDR (Call Data Record) shared to enforcement agencies has a fixed format and fixed file types, such as .CSV or .XLSX.
- Currently the banks give the statement either in a printed hardcopy or in PDF format.
- This causes huge inconveniences to the investigating officers.
- Most tech-savvy officers are often held back only because they do not get the data in a usable format.
- (b) The International Mobile Equipment Identity (IMEI) must be recorded.
- All banking and financial apps must be mandated to save IMEI details of the device being used.
- Fraudsters use fake mobile numbers and fake bank accounts which span across different States with the goal of adding layers to increase anonymity and preventing agencies from prosecuting them.
- Thus, the IMEI becomes crucial evidence in determining the device and its location.
- Recording IMEI will make for stronger evidence in establishing a device and its connection to fraudsters in a court of law.
The road ahead
- The Bharatiya Nagarik Suraksha Sanhita 2023 which is set to replace the Indian Penal Code of 1861, recognises ‘organized crime’ as a “continuous unlawful activity”.
- Digital financial frauds are very much covered in this definition.
- Law enforcement agencies face a lot of difficulties in conducting interstate raids and arrests.
- It requires a large team and coordinated effort. Interstate digital financial fraud networks must be recognised as a serious crime and bail may be restricted by the Courts.
- Additionally, digital frauds create a considerable amount of black money when seen from a macroeconomic perspective.
- The Indian Cyber Crime Coordination Centre (I4C) was inaugurated by the government to deal with all types of cybercrimes in a comprehensive and coordinated manner.
- It will be set up under the newly created Cyber and Information Security (CIS) division of the MHA.
It has seven components:
- National Cyber Crime Threat Analytics Unit
- National Cyber Crime Reporting Portal
- National Cyber Crime Training Centre
- Cyber Crime Ecosystem Management Unit
- National Cyber Crime Research and Innovation Centre
- National Cyber Crime Forensic Laboratory Ecosystem
- Platform for Joint Cyber Crime Investigation Team.
Functions:
- The I4C will assist in centralising cyber security investigations, prioritise the development of response tools and bring together private companies to contain the menace.
National Cyber Crime Portal
- It is an initiative of Ministry of Home Affairs, Government of India under National Mission for the safety of women to facilitate victims/complainants to report cybercrime complaints online.
- This portal caters to complaints pertaining to cyber-crimes only with special focus on cyber-crimes against women and children.
- It caters all types of cyber-crime complaints including complaints pertaining to online Child Pornography (CP), Child Sexual Abuse Material (CSAM) or sexually explicit content such as Rape/Gang Rape (CP/RGR) content and other cyber-crimes such as mobile crimes, online and social media crimes, online financial frauds, ransomware, hacking, cryptocurrency crimes and online cyber trafficking.
- The portal also provides an option of reporting an anonymous complaint for reporting online Child Pornography (CP) or sexually explicit content such as Rape/Gang Rape (RGR) content.
- Complaints reported on this portal are dealt by law enforcement agencies/ police based of respective States/ UTs on the information available in the complaints.