Each one of you who is reading these lines has, at some point of time, been a target of cybercrime. If a survey is conducted to validate this, the hit rate will be 100 per cent. Not even 99 per cent. All of us with a bank account or an email ID or a simple mobile phone have been target of at least attempted cybercrimes. There must be an opened or unopened email or SMS in your inbox luring you to claim a lottery worth a few million pounds. Some might have been weirdly lucky to have inherited property worth millions of dollars left by some unknown old lady in the US who couldn’t find someone other than you to bestow her generosity upon. Some others might have received phone calls from a bank officer informing that their ATM card has been blocked and he can reactivate it if one is foolish enough to divulge all the details including the secret CVV number of the card.
Most of the informed readers here would not get into the trap. Most of us would know that there is someone on the other end trying to fool us and steal the money lying in our bank accounts. But unfortunately, given the low level of awareness and extensive reach of the ATM network in the country, every day hundreds of people are being robbed by cyber criminals. There was a time when some Nigerian nationals were credited with such frauds. In fact, in the field of cyber crime investigation, many such offences are still called Nigerian Frauds. But the trends show that our home-grown criminals have marched ahead of their Nigerian counterparts long back. It will surprise you to know that cyber criminals have dedicated call centres now. It is no more some amateur trying to commit a crime once in a while. Now they have proper offices with dedicated manpower. When these employees or partners in crime start their day, they have databases of banks revealing contact details of their customers. Their tools are similar to those of any regular call centre -- laptops, desktops, phones, excel sheets etc. Their modus operandi is amazingly simple. They call up hundreds of people every day to tell them, in very sophisticated language and seemingly authentic ways, about unfortunate blocking of their ATM card due to some technical snag. The person is told that he has to come to bank personally to get his ATM card fixed. And in case he wants to get the card reactivated online, he may share his card details. Now, who would like to go to the bank if a courteous bank staff is willing to help over phone? Once card number, its expiry date and CVV number are shared, they advise the person to switch off the mobile for 15-20 minutes for ‘system updation’. As the unsuspecting victim switches off his mobile, the criminals quickly make expensive purchases from online shopping portals. By the time the mobile is switched on and SMS alerts from bank start dropping in, his bank account is empty.
Online shopping portals every day deliver dozens of laptops, expensive watches and cameras in an obscure town named Jamtara on Jharkhand-West Bengal border. Police of many states know that Jamtara is one of many hubs where cyber criminals have their call centres. Every day they fleece people from all over the country and get their booty safely home delivered. No questions asked. Courier guys are given hefty tips, as much as `1,000 rupees per delivery.
Police stations across the country are flooded with complaints of online frauds. Students and young people are looted in name of giving jobs. Old people are losing their savings in name of online insurance deposit facilities. Then there are fraud lotteries and fortunes to be claimed and fake stories of blocked ATM cards. The list just goes on.
The other half of this story is equally unfortunate. In most police stations in the country, it is more difficult to lodge an FIR for a cyber crime than a murder case. People manning police stations are not sufficiently trained to handle cyber crime cases. They are comfortable with traditional crimes like murder, dacoity or robbery. But if one tells them that he has been robbed online, most of police station staff will look lost and puzzled and somehow avoid the case. With electronic evidence, it is easier to detect and prove a cybercrime. But lack of priority, interest, training and equipment to deal with cybercrimes has allowed criminals to have a field day. Easy availability of mobile SIM cards and use of fake documents to procure them have compounded the problem. Further, most of the cyber offences are bailable in nature, which weakens their deterrent effect.
The only way to control the growing menace of cybercrime is to create awareness among people and put better security systems in place. Police can only investigate and catch cybercriminals when someone has already been cheated. But with expansion of banking network, growing reach of ATM cards and rapid growth of online shopping portals, cybercriminals will have no dearth of victims for many more years.
Banks and online shopping portals are among the biggest beneficiaries of the IT revolution. With millions of ATMs and online transactions, banks have been able to cut their manpower to a large extent and save huge money. But do we see any worthwhile effort on their part to educate customers regarding dangers of cybercrime? Banks provide ATM card almost without your asking for it. They keep calling to sell credit cards. How many calls do we receive from banks for creating awareness against cybercrime?
If a bank has allowed its database to reach cybercriminals, how is a customer solely responsible if his money is stolen from the bank? But once the money moves out of the customer’s account, the bank simply washes its hands off. They don’t even share information quickly enough to stop the fraudulent transaction midway. It is high time banks and online shopping portals were held vicariously liable for the losses to their innocent customers due to cybercrimes. They must be forced to cough up money to create awareness among masses, especially the rural folks who have been handed over ATM cards without being educated about the risks associated with them.
The security mechanism put in place by banks has largely failed to save people from cybercriminals. There is an urgent need to revisit the entire gamut of security systems of online banking and putting new safeguards in place. For example, when the SMS alert system fails, why can’t banks and shopping portals ensure that an online transaction will only go through after an automated call is answered by the customer from his designated number? In advanced western countries, the security norms of VISA or MasterCard may be sufficient. But requirements of semi computer literate Indian population are entirely different. Banks must spend more money to ensure that their unsuspecting customers are not duped just because they have reposed so much faith in the banking system. (Views expressed are personal)
The author is an IPS officer. E-mail: aarun.bothra@gmail.com