It is unfortunate that some of the unpleasant prophesies of Naavi.org on increasing Card related frauds are becoming a reality. It is reported that Mumbai Police statistics show that in the first 9 months of 2015, Credit card frauds rose by 90% over the corresponding period last year. Overall Cyber Crimes rose by 52% and obscene e-mails by 34%.
It has been pointed out in the article that the reasons for this massive raise in frauds include
a) Pushing of technology to persons who does not understand the security implications
b) Card cloning and Vishing
c) Lack of safeguards built around technology
Naavi.org agrees that the all the above reasons do contribute to the increasing card frauds and reflect that there is a fundamental flaw in the system of regulation.
Firstly, Banks are going too fast in introducing insecure technology to serve their commercial needs and RBI has failed in its duty as a regulator to prevent insecure services hitting the market.
In June 2001, RBI did mention that Banks need to obtain Cyber Insurance against technology related frauds and consider them as the Bank’s legal risk. However, Banks have neither obtained Cyber Insurance nor taken the onus on securing the system. On the other hand, they are going ahead with increasing risk in new services.
Though initially the “Adjudicators” in Chennai and Mumbai gave relief to victims of bank frauds by holding the Banks liable on Section 43 of ITA 2000/8 read with Section 85, Banks held up delivery of justice through appeals which were held up due to reasons such as “Non Appointment of Chair Person for Cyber Appellate Tribunal” since 2011, and mis-judgement of at least one Adjudicator in Bangalore which has not been corrected by Karnataka High Court and pending because of the Cyber Appellate Tribunal being non functional.
The mis-judgement was perhaps a consequence of ignorance of the Adjudicator or it could have been a decision influenced by the affected bank and the conflicting relations it had with the decision maker. The inability of Karnataka High Court was again a matter of the inability of the concerned judge to appreciate the facts of the case which was mis represented by the Bank as well as its reluctance to take responsibility for delivery of justice to the victims. The non availability of Chair person in Cyber Appellate Tribunal is perhaps a conspiracy between the affected Banks and the officials since 2011 as well as the controversies surrounding the NJAC.
The Modi Government is encouraging greater use of the card system in meeting its its digital economy goals but the IT ministry under Mr Ravi Shankar Prasad and RBI under Raghuram Rajan are both incompetent and uninterested in ensuring security of the financial model of Digital India.
As we go into the next decade, there will be more and more of these card frauds involving amounts less than 10000/-, with the use of mobile wallets where security is the secondary objective for the Banks. The amounts individually will be too small for victims to pursue legal remedies and hence most of the accused will go unpunished.
Police are doing a great disservice by not recognizing that Banks who introduce insecure banking services are to be considered as mainly liable for such frauds and have failed to charge the respective Banks in cases of frauds. These banks not only fail in introducing untested technology but also repeatedly fail in the KYC obligations. Many of the mobile service providers are also guilty of KYC failures and since the mobile KYC is the foundation for many mobile based services, these failures of KYC reflect in increased frauds.
In many cases of frauds including the “Call from Information division of Delhi Consumer Courts” reported in these columns, Police have not taken any pro active remedial action. Call centers are operating in Delhi NCR region right under the nose of the countries top police authorities in which people are recruited for doing frauds by calling prospective victims and BPO operations are being run. Naavi.org itself has provided a couple of phone numbers during the last week and there is no news that Police has actually acted on it.
If Police want every such crime to be confirmed only with a complaint from the affected person and refuse to investigate without a complaint, then these frauds will not come down.
Just as Banks are an indirect cause of such frauds due to their negligence, Police by their inaction are also contributing to the proliferation of these crimes.
Despite the clear instructions of RBI for Banks to secure the victims by a system of Cyber Insurance, and their flouting of such regulatory guidelines, it is unfortunate that Police have not made Banks a co-accused in any of these card cases. In cases where there is a possibility of the involvement of Bank employees, Police may initiate action. But what we are trying to say is that even when there is no direct evidence of the involvement of Bank employees, using the “Negligence” aspect under Section 85 of ITA 2000/8, Police are bound to make Banks pay for the losses of the fraud victims. Banks themselves need to cover this risk through Cyber Insurance.
In the case of S.Umashankar Vs ICICI Bank, after the adjudicator held the Bank negligent and granted compensation, the undersigned wrote specific letters to the DGP of Tamil Nadu to pursue criminal charges against ICICI Bank. But they failed to do so. Now in Mumbai, there have been many decisions of the adjudicator Rajesh Aggarwal against Banks. He was transferred out of the position so that he does not create fresh problems for Banks. But the Police in Mumbai could have initiated their own criminal action against each of the Banks held guilty in the civil proceedings of the adjudicator. This would have created a deterrence against continuance of the crime and would have also woken up organizations such as RBI and Indian Bank’s Association. Their reluctance to charge Banks under Section 85 of ITA 2000/8 is therefore a contributory factor for the increase of cyber frauds.
I hope that Mumbai Police will now show the way for the rest by filing cases under Section 43-66 of ITA 2000/8 read along with Section 85 of ITA 2000/8 in all the cases in which Mr Rajesh Agarwal has found the Banks guilty of negligence and granted compensation to the fraud victims.
Simultaneously, the Chief Justice of India should immediately clear the papers which is reportedly being held up at his office for appointment of the Chair person for Cyber Appellate Tribunal. Also the Karnataka High Court which is sitting on a PIL in this respect without listing it for final hearing to also expedite the hearing so that all these institutions work in unison with the Police to improve the counter cyber crime ec0 system.
It is not necessary to remind the authorities that a substantial part of this crime income may be also reaching the terrorists and funding their operations against India. Hence neglecting them is a grave error on the part of the Law enforcement, Judiciary and the Government.
As I have highlighted several times, the Anti Modi brigade will use the increasing Cyber Crime as a charge of inefficiency against Mr Modi’s Governance particularly when the heat is felt by the beneficiaries of Jandhan yojana in villages.
Law and Order in Cyber Space will be a relevant election issue in 2019 elections which will determine whether Mr Modi’s policies will survive to serve the country in future or not. If Mr Modi does not realize it now and act appropriately, it will be too late to save the country.
Naavi
Related Article: Hotel Industry will be the next big victim
Nice article..
really, there has been an increase in credit card based frauds.
Recently a guy from surat, exploited the ICICI bank platform money2india and did a fraud of about 3.6 Cr. Thankfully, the culprit was caught and the legal proceedings are underway.
The more importantly, these overseas payment mechanisms arent much tested.. this results in some really trivial exploitation.. no need for any technically sound attacker, its the procedure is flawed sometimes.
The more shocking news that i came across recently is a revelation by a famous hacker ‘samy kamkar’ he has deviced a small tool called ‘MagSpoof’ that can predict the american express credit card number from an expired/lost card.
A really interesting post and a video link that shows the whole process in details..
this video demonstrates how much we are vulnerable these days and the banking regulator is in ‘coma’ there is an urgent need to step up security.
Link: http://www.theregister.co.uk/2015/11/25/kamkar_credit_card/
Most consumers are simply unaware of these risks that they are likely or facing by way of hacking or financial crimes. Most crimes do not come to light and are hushed up by the banks due to loss of reputation and fear of facing a run or panic among the public. The banks have better financial resources to hire good lawyers who are and get matters protracted in a legal battle which would leave the common man high and dry, leave alone his financial loss and misery. Awareness is the key here. We need to educate the common person about the legal risks.
Most consumers are simply unaware of these risks that they are likely or facing by way of hacking or financial crimes. Anyways, Good Article. Thank you