News Excerpt: 

A recent report by the Indian Cyber Crime Coordination Centre revealed that digital financial frauds accounted for a staggering ₹1.25 lakh crore over the last three years.

Key points of Report: 

• According to the National Crime Records Bureau (NCRB), cybercrimes in India in 2023 resulted in a staggering loss of ₹66.66 crore, with 4,850 reported cases. 
• A recent report by the Indian Cyber Crime Coordination Centre (I4C) revealed that digital financial frauds accounted for a staggering ₹1.25 lakh crore over the last three years. 
• According to the National Cybercrime Reporting Portal (NCRP), in 2023, at least ₹10,319 crore was reported to be lost by victims of digital financial fraud.
•  According to the report, the number of complaints received in 2023 alone was 6.94 lakh.

What are the problems faced during investigations?

• The general modus operandi of a fraudster is any one of the following: 

• Convincing the victim to send money, either by impersonation (fake WhatsApp/FB/Insta, social media profiles) or by giving them a false promise of greater return (investment, crypto, held up custom package etc.)
• By taking credentials such as Unified Payments Interface ID (UPI), Personal Identification Number (PIN), One-Time Password (OTP) or Internet banking ID/password from the victim 
• Then using the same on other apps/websites and transferring money without the knowledge of the victim. 
• For this the customer will either be given a fake link which looks exactly like a UPI app screen/banking website or the victim will be conned into installing a screen sharing app.
• The scammers can also convince the victims over phone to give out those details. When these details are used on official banking apps this gives the fraudsters access to even the Fixed Deposits/Recurring Deposits which are also siphoned out in most cases.
• By taking card details and convincing the victim to share OTP.

In how many stages does money undergo a series of circulations?

• The money undergoes a series of circulations in broadly three stages. 

• The first stage is a temporary account into which the fraudsters transfer victims’ money. This account will be used to receive money from various other victims as well.
• From here, the money is then transferred into a second-stage account. 
• The second category of accounts are a group of accounts among which money is circulated. 
• There are a lot of middlemen who are money circulators. 
• Their task is only to receive money from first-level bank accounts for a nominal cut. 
• The victim’s money is then split into small parts and then circulated within these accounts, by a person who is sitting in a different corner of the country.
• After sufficient churning, the money is then transferred into a third stage account which is a sink account. 
• This can be a bank account, an e-wallet etc. Here, the total defrauded amount from a group of victims is re-collected. 
• The money is then withdrawn in a large chunk through conventional methods of either ATMs/cheques or e-wallet cash outlets such as an e-wallet payments bank.

How can most of the frauds be prevented?

• Firstly, just as Google accounts do not allow logging in from a new device unless permission is granted by the former, financial institutions must be mandated to replicate this feature in their apps. 
• As UPI ID, password or OTP is entered in a different device, an alert must be generated in a previous device with no further action being allowed until it is approved by the person. 
• Secondly, the screen share facility must be disabled. Banking and financial apps must disable screen-sharing to run on top of them. 
• And finally, in the bank statement, all banks/NBFCs/SEs must be mandated to provide comprehensible data. 
• Currently only partly printed numbers are shown which even knowledgeable customers are unable to understand. 
• The transaction description must contain the receiver’s account/mobile or any other identifying number irrespective of it being within the same bank or to an outside bank.

What hindrances do law enforcement agencies face in tracing money trails efficiently?

• Rapid movement of siphoned-off funds across multiple bank accounts and digital wallets impedes tracking efforts.
• Supervised entities such as banks, NBFCs, and wallets often struggle to provide necessary details to law enforcement promptly.
• Crimes are frequently reported after 24 hours of occurrence, delaying investigative action.
• Victims' actions, such as deleting evidence from their devices due to stress and trauma, further hinder investigation.
• By the time a money trail is established, the funds are typically withdrawn from the system, making it challenging to identify perpetrators or recover the money.

How can certain basic changes to the form of data provided to enforcement agencies help in minimizing delays?

• The banks/NBFCs/SEs must be mandated to provide data in a predetermined format with all the terms explained. The data must be given in a CSV or XLSX file. For example, the CDR (Call Data Record) shared to enforcement agencies has a fixed format and fixed file types, such as .CSV or .XLSX. 
• Currently the banks give the statement either in a printed hardcopy or in PDF format. This causes huge inconveniences to the investigating officers. 
• Most tech-savvy officers are often held back only because they do not get the data in a usable format. 
• The International Mobile Equipment Identity (IMEI) must be recorded.
• All banking and financial apps must be mandated to save IMEI details of the device being used. Fraudsters use fake mobile numbers and fake bank accounts which span across different States with the goal of adding layers to increase anonymity and preventing agencies from prosecuting them. 
• Thus, the IMEI becomes crucial evidence in determining the device and its location.
• Recording IMEI will make for stronger evidence in establishing a device and its connection to fraudsters in a court of law.

Way forward:

• The Bharatiya Nagarik Suraksha Sanhita 2023 which is set to replace the Indian Penal Code of 1861, recognises ‘organised crime’ as a “continuous unlawful activity”. Digital financial frauds are very much covered in this definition. 
• Law enforcement agencies face a lot of difficulties in conducting interstate raids and arrests. 
  • It requires a large team and coordinated effort. Interstate digital financial fraud networks must be recognised as a serious crime and bail may be restricted by the Courts. 
• Instead of a specialised unit, if the fintech and telecom industries are mandated to take certain preventive steps in their technology and provide data in a manner which enables speedier investigation, the prevention, detection, recovery and conviction will be much more effective. 
  • Faster availability of data will make it easier to identify and convict pan-Indian gangs.