The Computer Emergency Response Team (CERT-In), the nodal cyber security agency of the government, is working with the Reserve Bank of India (RBI) and banks to track and disable phishing websites in an effort to thwart online frauds, Anurag Thakur, the Minister of State for Finance said in response to Parliamentary questions on Wednesday.
The question on digital financial transactions was raised by three Members of Parliament (MPs) from the Shiv Sena party: Rahul Shewale, Hemant Patil and Omprakash Rajenimbalkar. They asked the government if online frauds were on the rise as digital financial transactions are growing, the reasons for the rise in frauds and what laws and regulations existed to combat these issues. The MPs also sought information on addition steps taken by the government to make digital financial transactions safer.
“Online or Digital payments have been on a rise especially after the spread of COVID-19 pandemic in the country. Based on the fraud reporting done by Banks, it is observed that frauds in online banking are primarily on account of Social engineering techniques like Vishing and Phishing”—Anurag Thakur, the Minister of State for Finance
He said CERT-In has issued 37 advisories for users and institutions related to digital financial transactions.
In his response, Thakur listed a number of regulatory measures taken by RBI such as the limited liability framework for unauthorised or fraudulent transactions, the Ombudsman Scheme for Digital Transactions, cyber security regulations for banks, cards, ATMs, the recent Digital Payments Security Controls framework and various other measures mandated for banks and other entities. He added that banks, the IT Ministry and the RBI are also running various consumer awareness campaigns.
Online bank frauds worth Rs 244 crore in FY20
Anil Desai, MP from the Shiv Sena party raised questions in the Rajya Sabha, on March 23, 2021, on whether online bank frauds were on the rise and what mechanism the government has in place to combat such cyber crimes. Desai also sought details on whether the government has a 24 monitoring operation for cyber crimes.
In response, Thakur said that there were a total of Rs 244 crore worth of ATM, debit card, credit card and internet banking frauds in 2019-20 as per RBI data. In comparison, there were Rs 149 crore worth of similar frauds in 2018-19 and Rs 168 crore worth of frauds in 2017-18, he said.
“Reserve Bank reviews the cyber security developments and threats on an ongoing basis and necessary measures are taken to strengthen the cyber resilience of banks. Cyber incidents are analysed from the point of view of sophistication of attack as well as systemic impact. RBI has also set up a Cyber Crisis Management Group to address any major incidents reported including suggesting ways to respond.” — Anurag Thakur, Minister of State for Finance
Thakur stated that the RBI conducts cyber security preparedness testing among banks with the help of CERT-In and that it issues advisories to banks on various threats and incidents in order to prompt them to take preventive or corrective action. The minister also listed a number of regulatory measures and circulars issued by the RBI on pre-paid instruments, PIN authentication, EMV compliance and card transaction limit controls.
“RBI have advised banks to set up Security Operation Centre (SOC) for constant and continuous monitoring of the environment using appropriate and cost effective technology tools. Further, the banks have also been advised to implement Risk based transaction monitoring or surveillance process as part of fraud risk management system across all delivery channels. The banks have also been advised to notify the customer, through alternate communication channels, of all payment or fund transfer transactions above a specified value determined by the customer”—Anurag Thakur, the Minister of State for Finance
Sale of credit and debit card data
Two Lok Sabha MPs from the Bharatiya Janata Party, Ravindra Shyamnarayan and Dr Ram Shankar Katheria, raised questions on the steps taken by the government to curb the illicit sales of credit card and debit card information onlineThey also asked if banks or the government were liable to provide compensation for the loss caused due to the data theft.
In response, Thakur said that CERT-In was aware of a data leak of nearly 1.3 million Indian card holders on a darknet forum in October 2019 and that the IT ministry, along with CERT-In has alerted the banks and the RBI to verify the data leak and take necessary actions.
With regards to liability, Thakur restated the RBI’s policy on limited liability for unauthorised or fradulent transactions. As per the policy, a customer does not bear the full loss if the fault is on the part of the bank. If the fault lies neither with the bank or customer, and if the customer notifies the bank of the fraud within three working days, their liability is zero.
“Where the loss is due to the customer’s negligence, the customer has to bear the entire loss until he reports the unauthorised transaction to the bank; and Where the fault lies neither with the customer nor with the bank and lies elsewhere in the system and the customer reports between four to seven working days of the unauthorised transaction, the maximum liability of the customer ranges from Rs 5,000 to Rs 25,000, depending on the type of account/ instrument”—Anurag Thakur, the Minister of State for Finance
Thakur said that the government had set up Cyber Swachhta Kendras. which works on thwarting malware issues and the National Cyber Coordination Centre, while the IT ministry and CERT-In routinely issues advisories and conducts mock-drills and programs to increase awareness. While CERT-In has conducted 50 mock drills for both government and private sector organisations across sectors, a total of 12 drills were conducted in the financial sector with the RBI and the Institute for Development and Research in Banking Technology.
Online Shopping Scams
Lok Sabha MP Maulana Badruddin Ajmal from the All India United Democratic Front asked the government if there was a sharp rise in online shopping scams and data for the same. He asked if these cases were being solved to protect consumers and what steps the Government was taking to stop online shopping frauds. Ajmal also asked about the role of thee National Consumer Helpline (NCH).
In response, Som Parkash, the Minister of State for Commerce & Industry said that the NCH is an an automated grievance redressal platform which is operational across six zones in the country. The NCH has partnered with more than 600 companies and receives around 70,000 grievances per month.
According to NCH data, there were a total 967 complaints registered with regards to online frauds between April 2020 and February 2021. However, these accounted for only 0.157% of all grievances handled by the NCH during the same period. In comparison, there were 1,119 grievances (0.15%) registered between April 2019 and March 2020 and around 531 grievances registered (0.09%) with regards to online frauds between April 2018 and March 2019.
Parkash said that State governments and Union Territories were primarily responsible for prevention, detection, investigation and and prosecution of cyber crime since ‘police’ and ‘public order’ are state subjects under the Indian Constitution. He stated that under the Consumer Protection Act, 2019, the government had notified the E-Commerce Rules, 2020 in order to prevent unfair trade practices in the industry.
“These Rules require e-Commerce entities to establish adequate grievance redressal mechanisms and redress the complaint within one month from the date of receipt. Furthermore, under the Consumer Protection Act, a three tier quasi-judicial mechanism has been set up at District, State and Central levels for better protection of the interests of consumers and to provide simple and speedy redressal of consumer disputes including online frauds”—Anurag Thakur, the Minister of State for Finance
Parkash added that the government has launched the National Cyber Crime Reporting Portal and that it routinely issues alerts and advisories, provides training to law enforcement personnel, judicial officers and prosecutors and is working on improving cyber forensic facilities. He said that such frauds would be prosecuted under the Indian Penal Code, 1860 and Information Technology Act, 2000.
- Government says crypto-trading gains and exchange services are taxable
- Nearly 12 lakh cyber security incidents observed in 2020: MHA
- CERT-In warns Transport Ministry of targeted intrusions: Report