India Battles Rising Cybercrime as Financial Fraud Escalates

Cyberspace has made geographical boundaries irrelevant for the purpose of exchanging information and interaction across the world with the advent of innovative technologies and modern gadgets. Simultaneously, it has brought about challenges posed by cyber criminals who find newer ways to defraud the people who mostly lack cyber literacy. Official data show that in India, there has been an exponential rise in the number of internet users as well as cybercrime and fraud incidents at a rapid pace.

The National Crime Records Bureau (NCRB), which compiles and publishes statistics on crimes, has revealed some details relating to cybercrime cases in India. In the three years of 2019, 2020, and 2021, the total number of these cases registered across the country was 44,735, 50,035, and 52,974, respectively. The number of cyber fraud cases in the same years stood at 6,229, 10,395, and 14,007, respectively. As per the information reported to and tracked by the Indian Computer Emergency Response Team (CERT-In, which is under the Electronics and IT Ministry), 11,58,208, 14,02,809, and 13,91,457 numbers of cyber security incidents like phishing, malicious mobile applications, and ransomware were observed and handled by it in 2020, 2021, and 2022 respectively. 

In such a background where the number of such cases is fast-growing, India has only 312 cyber police stations and a toothless set of laws to deal with the crimes.

Official data collected from banks and non-banking financial institutions (NBFIs) in the recent past has been revealing. As reported by banks and NBFIs, in FY2021, the cases of actual fraud stood at 7.05 lakh, which was worth Rs 542.7 crore. In FY2022, the volume grew to 12.27 lakh, whose total value came to Rs 1,357.06 crore. In FY2023, the volume shot up to 19.94 lakh, which amounted to Rs 2,537.35 crore. In 2021, the total number of frauds reported for ATMs and others was about 10.8 lakh, worth Rs 1,119 crore. That means, for every 67,000 ATM transactions, one fraud was being committed. 

In 2022, 17.6 lakh was the number of frauds, whose total value was estimated at Rs 2,113 crore. This translated into one fraud for every 64,000 transactions, according to data from the Revenue Department. On a sample assessment of 24 banks, the number of alerts generated by the banks' fraud risk monitoring system increased by 13% on a year-on-year basis in FY 2022-23, compared to FY 2021-22.

Regarding the volume of financial crimes reported in the entire country, the Ministry of Home Affairs informed a parliamentary panel: "The volume of financial crimes which were reported in financial year 2020-21 was 2.62 lakh. It has gone up to 6.94 lakh in 2022". This was reported to Parliament by the 31-member Standing Committee on Finance, headed by senior MP Jayant Sinha, late last month. 

"About the number of FIRs filed throughout the country, there is a variation. Overall, the national average is about 1.7%. For every 100 complaints that come to the NCRB, the states are registering 71 FIRs," the Union Home Ministry said. But it put the onus of reporting FIRs on the state governments, saying law and order was a "state subject’"

Various intelligence and security agencies reported to the parliamentary standing committee on the issue, and some suspicious trends were identified. These included opening a large number of mule accounts through a Video Customer Identification Process (V-CIP) based KYC procedure. It was later found that most of them had common email and postal addresses and were used for scams. A number of illegal applications, available for download from fraudulent websites, were created to lure gullible people into investing money in mining and trading cryptocurrency and forex trading. Suspicious transactions linked to certain gaming websites were also used to fool customers. Prima facie, these websites appeared registered overseas in places like Curacao, Malta or Cyprus, but all of them were linked to Indian bank accounts. 

During the analysis of these financial transactions, it was found that the network of foreign registered websites linked to Indian accounts was engaged in fraudulent means of collecting money from individuals through false inducements. A major financial fraud was found to be linked with a recent act of terrorism, where the main accused was funded through cryptocurrency, the parliamentary panel was informed.

"There are four major trends that we have seen. The first one is the use of crypto for money laundering and terror financing. The second is the use of mule accounts with false addresses. That is the second typology. The third typology is the use of international online betting sites both for purpose of money laundering and terror financing. The fourth trend we have seen is the lending apps and apps for investments which have been used and which have been caught in the system. So, these four typologies have been primarily reported. as regards the mule account, it is mostly in India. But in the three other instances, the offshore entities were involved. … There is a clear set of online betting sites which are based out of tax havens,” officials told the panel.

The Standing Committee, which recommended, among other things, the establishment of a centralised agency to deal with cybercrime, quoted officials saying that "sometimes when the investigation starts, it starts too late and it is carried out by multiple or different law enforcement agencies some of which do not understand what the modus operandi is, how the digital payment system operates and so on. Having some sort of a centralised agency which is responsible for investigating these frauds, which is trained in these matters, especially the widespread frauds, who can pick up the reports that come from different law enforcement agencies and carry out a single investigation, will be helpful."

Noting the galloping numbers of cyber-financial frauds, the Committee pointed out that the total number of cyber police stations in the country was merely 312. These included 55 in Maharashtra, 45 in Karnataka, and 35 in West Bengal. Interestingly, only seven cyber crime police stations exist in Jharkhand, which has reported a large number of phishing phone calls and other forms of cyber crimes. Jamtara is a city in this state, and it is known as one of the fountainheads of cybercrimes; a very popular Bollywood film has been made on it by the same name and subject.

Besides the lack of these police stations in the country, the current regulatory frameworks are focused mostly on fire-fighting instead of anticipating and dealing with emerging threats and vulnerabilities of the digital financial ecosystem. The existing regulatory mechanism for cyber security also involves multiple agencies, which needs a high level of coordination to address the challenges and ensure a comprehensive approach effectively. 

Hence, the Standing Committee on Finance stressed the need for setting up a centralised authority to ensure cyber security in the financial services ecosystem. Such a centralised body would have an “overarching regulatory authority specifically focused on cyber security”, such as the Directorate General of Civil Aviation (DGCA) that ensures a well-regulated and safe aviation system. It would “shoulder the responsibility of safeguarding the nation's critical IT infrastructure and networks from cyber threats. Collaborating with state governments, district administrations and private sector entities, it would develop and implement robust cyber security policies, guidelines, and best practices,” the panel recommended. However, such a step should have been taken years ago. 

The writer has extensively covered internal security, defence and civil aviation for the Press Trust of India for three decades. Views are personal.