To cut a web of frauds, India needs to strengthen security systems

Job scams, Ponzi schemes, blackmail are increasing: Here is what can be done to protect people

Siddharth Asthana, a Noida resident, was out of work when last year he joined a Telegram group offering jobs that he could do at home for monetary returns. The catch: He had to make an initial investment of Rs 1,000 to Rs 5,000.
 

“I considered taking a chance due to the relatively modest initial investment. Before I knew, my investments had risen to Rs 50,000, yielding a profit exceeding Rs 40,000. By evening, I had invested over Rs 20 lakh, after which the Telegram group’s bosses (administrators or admins), codenamed Teacher and Stacy, stopped responding to my messages,” said Asthana, 42.
 

Asthana is among the tens of thousands of Indians who have been cheated online. More than 3 million cybercrime complaints have been reported by citizens till date, according to data from the Union home ministry. Such crimes include job fraud, Ponzi schemes, illegal lending apps, impersonation, and ‘sextortion’. As many as 52,974 cybercrimes were reported in 2021 and the number increased by over 24 per cent to 65,893 in 2022, according to the National Crime Records Bureau. As many as 46.5 per cent of people accused of cybercrimes were convicted in 2022. (Data for 2023 will be released later.)
 

Indians have lost nearly Rs 10,300 crore to cyber fraud since 2021. The government’s Indian Cybercrime Coordination Centre has blocked Rs 1,130 crore, out of which Rs 110 crore has been returned to victims. The National Helpline for Cybercrime, 1930, receives some 50,000 calls daily.
 

‘Cyber misadventure’
 

Rajanikant Chaubey, a 38-year old resident of Bhopal, lost Rs 20 lakh to an online fraud promising him profit by investing in cryptocurrency. “I wanted to make money, and this arrangement looked genuine. Group admins created my account on a well-designed, functional crypto website which showed my credentials, total investment and profits in the same manner as an online broker would display details,” he said.
 

However, each time Choubey transferred money to Telegram admins, he was directed to a merchant account featuring address, name, and account number different from what he was given initially. He did not find this suspicious. 
 

Telegram group admins using fictitious names coerced Choubey to invest larger amounts after every ‘successful milestone’. Asthana and Choubey separately withdrew money from their banks' overdraft facility or took personal loans to finance their investments.

Choubey said some 70 per cent of his monthly salary goes to repay loans that he took to fund his “cyber misadventure”.

Some cybersecurity experts suggest all financial institutions, big or small, have transaction-monitoring procedures to track the movement of funds and impose triggers when they observe aberrations. 

“Based on a merchant category and the type of business owner one can assume his or her transaction per day to be Rs X. Now, if the person keeps exceeding that limit, one should have a trigger for transaction monitoring. These transactions should then be investigated and accounts frozen, if fluctuations happen continuously over a period of time,” said Wriju Ray, chief business officer at IDfy, a Mumbai-based identity verification company.

Despite know-your-customer (KYC) norms, cheats appear to have access to dormant or intermediary bank accounts. Such intermediary bank accounts, also known as money mules, are used to siphon off funds from victims. In some cases, individuals rent their account for a minor commission to facilitate movement of stolen funds.

Wriju said strengthening the know-your-business (KYB) process and implementing third party audits to check merchant systems would help prevent fraud. “The KYB process may not only convey if an entity exists or not, but also show who are the shareholders or beneficiaries of an entity. As a result, you can find out if there is a disconnect between what they’re selling versus what they claim to be. When a lot of payment players on-boarded merchants, they did not implement due diligence on the nature of business, which is a basic exercise,” he said.

Strengthen security

Investments in cybersecurity and safeguarding user data will be necessary to curtail cybercrimes. Dilip Asbe, managing director and chief executive officer of National Payments Corporation of India, last week acknowledged the threat of frauds arising out of cybersecurity breach as a serious one. Firms must strengthen their systems by investing in cybersecurity systems and procedures.

“The threat of cyber frauds is very real. I have heard that firms operating in the financial services space should invest close to 25 per cent of their information technology (IT) spends towards cyber and information security. Currently, that contribution may be around 10 per cent,” he said at a panel discussion in Mumbai.

“Apart from thinking about IT budgets, companies need to invest in technology that prevents data leaks, segregates personal data from non-personal ones, and adds layers of security on top of it in order to secure the same,” said Ray.

Experts Business Standard spoke to believe the pace of digital adoption in the country has outperformed awareness.

“At some point of time, we have to figure out how to manage this cyber fraud menace. The problem is we have grown so fast in technology without there being remedial measures,” said Prashanth Shivadass, partner at law firm Shivadass & Shivadass Law Chambers.
 

The country will need dynamic cyber laws to keep digital frauds or data breaches in check. “Any law including the Digital Personal Data Protection (DPDP 2023) will require constant evolution to stay in line with advancements in technology. What might seem exemplary right now, may become obsolete in the next two years, and we need to prepare for that,” he said. 

“Trust in digital systems is only so long as the overall experience continues to be flawless. Users will think twice before using systems once their safety is compromised,” said Pankit Desai, co-founder and CEO of Sequretek, a cybersecurity firm.

The fightback

• Cybercrimes include job fraud, Ponzi schemes, illegal lending apps, blackmail
• National portal has got more than 3 mn cybercrime complaints to date
• Authorities have blocked 2,800 URLs, 595 mobile apps 
• Claim to have saved more than Rs 1,100 cr for fraud victims

Data source: Home Ministry