Cybersecurity: Readying the Indian consumer
By Kanishk Gaur
The Indian business market for cybersecurity services and product companies is booming during the pandemic with startups reaching $100 million valuations.
However, an ordinary person is still suffering as fraudsters can easily access her digital wallet, internet banking and newly created UPI identity. There’s no solution for such frauds, as there is no central authority to respond to cybercrime.
State Police handles Cybercrime-related matters, but fraudsters are sitting miles away, sometimes outside the state or union territory and many a time outside India. So, what recourse can an individual take if she has been duped online or harassed by scamsters via encrypted VOIP calls? While such crime can be reported on the national portal set up by the ministry of home affairs, ultimately it falls within the state police’s domain. And, there is little to no co-ordination between police authorities across state lines. The police of that state could shield the local mafia, and the police where the crime occurred would have little authority over the matter.
Another issue is tracing money sources. When it comes to vishing crimes, fraudsters use bank accounts of people who are either not aware of the entire operation or agree to such scams for a share.
The Netflix series Jamtara was one such example of organised vishing crime. However, there are plenty of Jamtara like towns in India.
Another type of attack is lottery schemes where vishing techniques are used by sending videos on WhatsApp, and users are duped into calling an unknown WhatsApp number. When users call this number, an initial deposit is requested from users to collect the lottery amount. Fraudsters request an initial payment of Rs 25,000-30,000.
Open source intelligence analysis reveals geolocation of criminals to be remote villages in states of Maharashtra, Jharkhand, Bihar, Chhattisgarh, West Bengal and the modus of operandi is to target consumers of another state.
Since there is no central cybercrime coordinating or responding agency in India, resources with the states police departments are also limited.
Organised cybercrime is mushrooming in India at an exponential pace.
Hence to tackle and respond to such frauds services providers, such as telcos, insurances companies, banks will have to bundle security services with leading security companies. Since not everyone in India could pay extra for digital security, the government also needs to step in.
Multiple government schemes enabled for Digital Payments must have a strong mechanism to report frauds. Similarly, companies linking digital payment methods enabled by the government such as UPI must have some liability in case frauds happen due to security weaknesses in their systems. Programmes to make consumers are aware of security-related risks must be launched, informing users of new cybercrime trends and making her aware of such practices. The regulatory bodies such as RBI, NPCI need to expand their security monitoring capability and update their security guidelines to tackle threats.