The Fintech Association of India (FACE) has asked its members to explore joining the Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS) – part of the National Cybercrime Reporting Portal. Besides, FACE members are also to appoint a nodal officer to attend to customer grievances and engage with law-enforcement agencies to prevent fraud.
The move is significant on the part of FACE and should be seen in the context of it being an applicant to become a self-regulatory organisation (SRO) among fintech lenders. The Reserve Bank of India (RBI) is expected to make an announcement on the first SRO in this space shortly; the other applicant in this area is the Digital Lenders’ Association of India.
CFCRMS provides an integrated platform where all stakeholders, including states and union territories, major banks and financial intermediaries, payment wallets, crypto exchanges and e-commerce companies work in tandem for quick, decisive, and system-based effective action to prevent the flow of money from victims’ account to cyber fraudsters’ account.
The increased use of digital modes of transactions and the convergence among regulated entities (REs) – banks, legacy non-banking financial companies, new-age fintechs, insurance players and payment firms – in servicing customers have upped the touchpoints for cyber frauds.
It may be recalled that the RBI is also to set up a Digital Payments Intelligence Platform (DPIP) to harness advanced technologies to mitigate payment-fraud risks. A committee has been set up under the chairmanship of A P Hota, former managing director and chief executive officer of the National Payments Corporation of India, which is expected to give its recommendations within two months.
Putting forward the reasons for DPIP, the central bank said that many frauds occurred by influencing unsuspecting victims to make the payment or share credentials. While the payment ecosystem (banks, NPCI, card networks, payment aggregators, and payment apps) take various measures on an ongoing basis to protect customers from such frauds, there is a need for network-level intelligence and real-time data sharing across payment systems.
More From This Section
Last week, the minister of state for finance, Pankaj Chaudhar, told the Lok Sabha that the sum lost on account of cyber fraud had more than doubled to Rs 177.05 crore in FY24 from Rs 69.68 crore in FY23 on account of credit, debit card and internet banking frauds. The quantum of loss was Rs 80.33 crore in FY22, Rs 50.10 crore in FY21, and Rs 44.22 crore in FY20.
The Report on Currency and Finance FY24 themed ‘India’s Digital Revolution’ said, according to an RBI survey on awareness and use of digital payments, 94.5 per cent users held that they had not experienced any fraud. The incidence of an encounter with fraud or attempted fraud was lower in metros (4.1 per cent) compared to semi-urban areas (6.4 per cent). Vishing – “voice phishing”, which involves defrauding people over the phone, enticing them to divulge sensitive information – emerged as the most prevalent method in frauds or attempted frauds (54.2 per cent), followed by phishing (37.2 per cent), misuse of ‘collect request’ (28.7 per cent), and remote access (25.5 per cent).
Additionally, about 11 per cent of digital frauds or fraud attempts involved the use of fake numbers associated with e-wallets or banks. While at the aggregate level the incidence of fraud is low, digital payments can attract more users by ensuring a safer, reliable, and trustworthy digital payment ecosystem.
Countering frauds
- CFCRMS is an integrated platform where all stakeholders, including states and Union Territories, major banks and financial intermediaries work in tandem to tackle cyber fraud
- The Report on Currency and Finance FY24 says 94.5 per cent users held that they had not experienced any fraud
- The incidence of an encounter with fraud or attempted fraud was lower in metros (4.1 per cent) compared to semi-urban areas (6.4 per cent)
- Vishing is the most prevalent method in frauds or attempted frauds (54.2 per cent), followed by phishing (37.2 per cent), misuse of ‘collect request’ (28.7 per cent), and remote access (25.5 per cent).