As digital arrests rise, Parliament panel pitches a plan to hunt down cyber cons
- With online financial frauds on the rise, a parliamentary panel has recommended bold steps to protect individuals and fight cyber fraudsters. Implementation, however, could be tricky.
New Delhi/Mumbai: To crack down on surging online financial frauds such as ‘digital arrests’, a parliamentary panel has recommended that banks use government-issued IDs to trace, freeze, and blacklist mule accounts siphoning crores of rupees. Experts call it a crucial first step, but banks warn implementation will be difficult.
Discussions have begun at ministerial levels to understand how the recommendations by a parliamentary standing committee on home affairs can be implemented to reduce the extent of online financial frauds in India, said officials with direct knowledge of the matter.
“One proposal… has been to freeze all accounts linked to an ID (such as Aadhaar or PAN) in case a fraudulent transaction is detected. The second proposal is to blacklist the ID itself, so that perpetrators cannot reuse stolen documents to open unlimited accounts," one of them said, requesting anonymity.
“The objective is to narrow down the path that cyber criminals follow to distribute money in fragments across hundreds of accounts." the official added.
Digital arrests have emerged as a menace for users across the internet. Overall, money lost to online financial frauds nearly tripled last year to ₹21,181 crore, according to the National Cybercrime Reporting Portal. Of this, only ₹2,530 crore—about 12% of the total amount—was frozen or recovered.
Overall, NCRP received more than 2 million complaints related to online financial frauds last year.
The parliamentary panel, in its report tabled in Parliament on 20 August, advised “integration of digital identification checks, like Aadhaar-based e-KYC (know your customer) to ensure every person initiating a deposit is authentic, thereby limiting anonymity that criminals exploit". Mint has seen a copy of the panel’s recommendations.
“Despite the implementation of KYC measures, mule accounts continue to be opened at banks, indicating lapses or negligence on the part of bank personnel. The Committee suggests exploring implementation of behavioural biometrics that analyze customer patterns, like typing speed or mouse movement of users to spot unusual activity, to alert the bank and temporarily block suspicious deposits," it added.
Banks, however, have raised concerns about the panel’s recommendations.
“At least three banks involved in the discussions flagged that implementing a system where each and every ID in their database is actively tracked and monitored is a massive operational challenge, and would be very difficult to comply with," said the official quoted earlier.
- A parliamentary panel standing committee has proposed stricter ID-based tracking to curb cyber frauds. Recommendations include using Aadhaar/PAN-based e-KYC to trace, freeze, and blacklist mule accounts, aiming to disrupt the flow of money through hundreds of accounts in digital arrests.
- While experts call the ID-based tracking a crucial first step, banks warn that monitoring all accounts linked to IDs is operationally complex. Regulatory clarity and technological support will be essential.
- Experts also highlighted the need for stronger regulations, AI-based fraud detection, and mass awareness campaigns to protect victims and prevent misuse.
Who’s liable?
The standing committee, which has been discussing the issue since January, has also recommended a relook at the contentious issue of customer liability—the contractual responsibility and consequences of falling prey to a fraudster—with relation to banks.
“Liability limits may be made more customer-centric and effective, by personalizing them according to individual security behaviour. The Committee suggests the Reserve Bank (RBI) explore the possibility of rewarding users who report fraud promptly with lower liability," the panel said in its report.
N.S. Nappinai, senior counsel at the Supreme Court and founder of Cyber Saathi, a nonprofit, placed the onus on banks.
“Victims must have a means to recover their monies. Banks are responsible for KYC compliance and also to protect against misuse. But the bigger need of the hour is for regulation to enforce liability clauses upon banks, and ensure recovery of monies by customer victims," she said, while welcoming the panel’s recommendations.
Broadly, the committee’s recommendations have raised conversations around revisiting India’s cybercrime-related regulations and establishing rules for users in line with the rising threats of financial frauds.
“There are various steps being discussed at a ministerial level keeping national security interests in mind, including a single regulatory mechanism that offers directives and lays down legal requirements for banks, enterprises, users and all other stakeholders to follow," said Vinayak Godse, chief executive of industry body Nasscom-backed Data Security Council of India.
The Ministry of Electronics and Information Technology (Meity), via the Indian Cyber Emergency Response Team (Cert-In), and the Ministry of Home Affairs (MHA), via the Indian Cybercrime Coordination Centre (I4C) areto oversee implementation of the panel’s recommendations. RBI, the Securities and Exchange Board of India (Sebi), State Bank of India, and HDFC Bank were also parties to the discussions.
Mint’s emails seeking answers on the development of regulations based on the parliamentary committee’s report to I4C, Cert-In, RBI and Sebi did not receive responses. Emails sent to SBI and HDFC Bank also received no responses.
Tracing the stolen money
Krishna Sastry Pendyala, cyber security partner at consulting firm EY India and a former cyber forensics scientist with the home ministry, said document-based tracking would be an “effective first step" against digital arrests and financial frauds.
“However, this is not a blanket step—in many cases, identity details of elderly individuals, or those in the dark, are stolen without their knowledge [for use in online financial frauds]. Freezing their ability to use their own account or government-issued identification can cause massive disruption, because not everyone may be equipped well enough to visit a bank and resolve their plight," he said.
“Instead, what’s important is for mass-scale awareness drives, and detecting fraudulent transactions based on location data, usage patterns, transaction patterns in an account using AI, and alerting users before a transaction is made."
Mint reported on 16 September that banks are more keen on offering loans rather than attracting depositors. The reason: rising scrutiny over mule accounts and concerns of digital fraud.
A public sector banker had said that the Union government’s PAN 2.0 project is working to eliminate cyber security risks, and when it comes into force, customer verification would be more seamless.
Meanwhile, a working group of the Indian Banks’ Association has suggested that RBI give banks more flexibility in freezing bank accounts used in online frauds.
Under the Prevention of Money Laundering Act, banks do not have the authority to freeze or block accounts without proper authorization from a court or law enforcement agencies, the group said in its report in April, which Mint has seen. “Bringing all bank cyber teams under one roof will have faster access to freezing the accounts on a real-time basis, on immediate reporting of fraud."
Stakeholders involved in digital arrest investigations, too, welcomed the idea of using government IDs to trace money trails.
“Currently, cyber crime investigators first freeze the bank accounts where the stolen money is transferred, and they have to email banks for the same—making it a time-consuming process," said a former cyber crime policy inspector in Maharashtra, requesting anonymity.
“This is because there can be hundreds of bank accounts where the stolen money is transferred to, and done so rapidly. Tracking down the accounts by linking them with IDs would expedite this process."
topics
