Online Banking Fraud In India
Author: Mr. Harshal Sreen, Institute of Law, Nirma University.
We live in a digital world where more members than ever before are banking online or on their mobile phones. The deregulation and adoption of technology led to a revolution in the Banking Industry. Through technology development, banking services have become available 24×7 through online banking and in electronically enabled exchanges where everything from stocks to currency futures contracts can be traded. In the present day global scenario, the banking system has acquired new dimensions. Now internet banking is widely used to check account details, make purchases, pay bills, transfer funds, print statements, etc.
Security is an issue in Internet banking systems. Internet Banking Fraud is a fraud or theft committed using online technology to illegally remove money from a bank account and/or transfer money to an account in a different bank. Online bank fraud is one of the most widespread forms of cybercrime. Generally, the user identity is the customer identification number and a password is provided to secure transactions. But due to some ignorance or silly mistakes you can easily fall into the trap of cybercriminals. As more and more people use their phones and computers for banking, business transactions, and internet shopping, they become more attractive to cybercriminals, who use email messages, websites, chat rooms, message boards and social networks to get access to your personal information. Due to these ever-expanding banking services, bank frauds have increased in the last many years.
In India, banking fraud is not so alarming compared to the US and European banking sector, still, it poses a formidable challenge to the Indian banking industry. Over 50,000 frauds had hit banks in India FY09-FY19, RBI said in a response to an RTI query. Bank frauds worth ₹2.05 trillion happened in the last 11 years, reveals RBI data. Reserve Bank of India (RBI) has registered a total of 921 cases of fraud involving ATM/debit cards, credit cards, and Internet banking, wherein the amount involved was Rs 1 lakh and above, during 2018-19. During the year 2015-16, 2016-17, 2017-18, the number of such cases of fraud registered by the RBI stood at 1,191, 1,372 and 2,059 respectively. The RBI plans to set up a compliance and tracking system portal to tackle the proliferation of cyber fraud and seeks to establish a better redressal mechanism for consumers. With digital transactions gaining traction, RBI’s customer-protection measures are seen as a bid to promote and improve confidence in the digital channel.
Types of fraud
Scams that request your account information. Phishing is the process of collecting your personal information through e-mails or websites claiming to be legitimate. You may receive an email that directs you to a page that looks similar to an official website and asks you to update your sensitive information such as usernames, passwords, and credit card numbers. It is a popular trick used to extract valuable information that results in identity theft and financial loss.
· Identity theft
Identity fraud is where a dishonest person will gather personal details in order to conduct a fraud that will financially hurt the user. These fraudsters can obtain user personal information in a number of ways, via telephone scams or on the internet.
· Spyware and Adware
Spyware is a type of software that secretly collects user personal and information while on the Internet. Adware is a type of spyware used to track visitors’ habits and interests on the Internet. Adware can monitor the types of site user visits, the articles read or the type’s banners user click on and so forth. Many times this information is sold to a third party for the purpose of marketing.
- Money Mule:
In this kind of bank fraud, the hacker contacts the customers via online mediums to convince them to receive money into their bank accounts on the basis of fake exchange of commissions or promises of quick money. The fraudster transfers the money to a mule’s account. This illegal transfer forms a chain, one mule transfers to the other and so on.
Website spoofing is the act of creating a website, as a hoax, with the intention of performing fraud. To make spoof sites seem legitimate, phishers use the names, logos, graphics and even code of the actual website. They can even fake the URL that appears in the address field at the top of your browser window and the Padlock icon that appears at the bottom right corner.
Vishing is an attempt of a fraudster to take confidential details from you over a phone call. Details like user id, login & transaction password, OTP (One time password), URN (Unique registration number), Card PIN, Grid card values, CVV or any personal parameters such as date of birth, mother’s maiden name. Fraudsters claim to represent banks and attempt to trick customers into providing their personal and financial details over the phone. These details will then be used to conduct fraudulent activities on your account without your permission leading to financial loss.
Legal Regime to Control Banking Frauds in India
The Reserve Bank of India has set up a ‘working group on internet banking’ to examine various aspects of the concept of net banking. The focus of these laws is on technology, legal, regulatory, supervisory, and security issues, and include the following aspects:
- The Consumer Protection Act, 1986 defines the rights of consumers who are availing banking services. Since banking is a service that is defined in the Act, a consumer complaint can be filed against the bank for lack of safe banking services.
- Section 3(2) of the Information Technology Act, 2000 provides for technologies to authenticate the source of an electronic record.
- Banks are bound to comply with the confidentiality of the customer’s accounts.
- Banks in India have to provide a safety valve to the consumers.
Who will be held liable
With an increase in digital payments and net banking transactions, the threat of hacking and other types of online fraud has increased. The Reserve Bank of India (RBI), in its annual report 2017-2018, has made it clear as to who will bear the financial liability in case of all unauthorized electronic banking transactions. A framework has been established on limiting the liability of such bank customers.
Whether the loss will be borne by you or by your bank depends on whose fault or negligence it is in the case. In all cases, you are supposed to immediately alert your bank about any unauthorized banking transaction. If the negligence is from the side of bank RBI mandates that the whole loss will be borne by the bank and not by the customer. The liability of the customer will be zero in this case. In some cases, it may so happen that the fault lies within the system and neither the bank nor the customer is at fault. The customer’s liability will be zero if he or she reports it to the bank within 3 working days of receiving the communication from the bank about the unauthorized transaction.
What to do in case of a credit/debit card fraud?
The moment you come to know that a suspicious transaction has been done on your credit/debit card, inform the card issuer immediately. One should lodge a formal complaint with the bank and ideally call up the customer care number to block the card or the account immediately.
The online complaint lodging system for economic and cyber offences of a few cities are as below:
Mumbai: Email: [email protected]
Also, Read our most-read Article,