Opinion | Cybercrime in India: Taming The Raging Bull

Every year lakhs of Indians become unsuspecting victims of cybercrime, often losing their life savings. The raging bull of cybercrime in India is a major GDP deflator. Globally 2-2.5 per cent of GDP is lost to cybercrime, and I humbly posit that India that is Bharat, is amongst the worst sufferers globally.

Injecting a Personal Note

On October 12, 2019, between 1022 to 1928 hours, through three coordinated remote transactions in quick succession, in a classic cybercrime case, I was swindled off Rs 2,61,028.38 from my savings bank account with State Bank of India (SBI), Kalyani Nagar Branch, Pune. All that swindlers left in my account were Rs. 4.28. As a SBI probationary officer of the 1981 batch, I had access to the top management of the bank who on my complaint, instituted an enquiry committee of five senior officers and an enquiry report was sent to me after three months. It was my fault. Period. Being emotionally attached to the bank, I decided to rest my case. Earlier, my complaint about cyber fraud to the Reserve Bank of India (RBI) and the Ministry of Finance did not even elicit a reply.

Alas! The bank did not have an electronic counter to detect and stop the fraud perpetrated by the notorious Jamtara gang which swindled my savings. The bank also did not have the much-needed insurance cover to protect hapless customers from cyber fraud. Pune Police Commissioner acted within minutes on my verbal complaint but by that time, the money had already vanished without leaving a trail.

Tales From Cities

1. A 27-year-old housewife lost her life savings of Rs 7.2 lakh after being lured by online crooks to invest in prepaid tasks with the lure of ‘extra income’. Cyber crooks had reached her through a messaging app.
2. A 41-year security guard was duped by cyber crooks with fraudsters siphoning off his bank account without his knowledge. Crooks managed to get details of the account and simply transferred the money to a private bank account in West Bengal.
3. A 32-year-old woman lost Rs 16.6 lakh, duped by a conman whom she met on social media. The modus operandi was using another woman to tell her there was a huge cash parcel in her name and she needed to transfer Rs 16.6 lakh to a bank account for different charges to get hold of the cash booty.
4. A 25-year-old pharmacist was duped of Rs 9 lakh after taking part in an online task which turned out to be a fraud. The modus operandi was an invitation through a link to join a prepaid task.
5. A cyber crook robbed a 37-year-old woman of Rs 18 lakh between April and September this year. He had contacted her through a matrimonial site telling her he liked her profile. He apparently got the money transferred for the interior of the house and for investing in the share market on her behalf.
6. Two software engineers and NGO volunteers were collectively duped of Rs 37 lakh in separate online task frauds. This included a 35-year-old male software engineer losing Rs 23.3 lakh, a 27-year-old techie cheated of Rs 12.24 lakh and an NGO volunteer robbed by Rs 2.07 lakh.
7. Two software engineers, including a woman (37) lost Rs 34 lakh to cyber crooks who trapped her with the bait of a handsome return on performing online tasks like rating hotels or liking online videos. The crooks got the two victims to open an account on a mobile messenger application to communicate with them and perform tasks.
8. As reported today, in another case, a 33-year-old marketing manager working with a digital marketing company was defrauded of Rs 3.57 lakh to different UPI IDs given by crooks, who promised her handsome earnings on online ratings of restaurants.

The above dozen cases of online fraud have been culled out by me, as reported in just one newspaper in the past three days. These frauds have been perpetrated on hapless people. Victims have been both illiterate and highly literate.

High Cybercrime Rate, Guilty Roam Scot-free

The National Crime Record Bureau (NCRB), during the last five years, has reported nationwide cybercrime data of 21796 (2017), 27248 (2018), 44735 (2019), 50035 (2020) and 52974 (2021). Despite the high number of arrests, the conviction rate is alarmingly poor. Convictions 162 (2017), 601 (2018), 486 (2019), 1369 (2020) and 736 (2021) against arrests 11601 (2017), 13569 (2018), 15268 (2019), 18420 (2020) and 27374 (2021).

The arrest-to-conviction rate has been appallingly low, varying from a lowly low of 1.40 per cent (2017), 4.42 per cent (2018), 3.2 per cent (2019) and 2.69 per cent (2021). Even the best conviction rate in 2020, at 8.9 per cent, is minuscule, below ten per cent.

NCRB Cybercrime Data A Fraud on the Nation

Having talked about cybercrime data collated annually by NCRB, I humbly posit that the NCRB cyber fraud data is a big fraud on the nation. It is not even the tip of the iceberg. My assertion is backed by the cybercrime data of complaints received at the National Cybercrime Reporting Portal (NCRP) in Delhi where since January 2022, more than 2.5 lakh cyber fraud complaints have been received. However, investigation into a majority of these cases is pending since only 1-2 per cent of the complaints are converted into FIRs. In terms of recovery of money lost, the pan-India data suggests not more than 2-5 per cent of money defrauded is recovered.

And if proof is needed of what I say, it is here:

• In Pune — my hometown — as per police data, till August 18, 2023, a total of 22,671 cybercrimes were recorded against 19,500 and 19,020 during the same period in 2022 and 2021. For a city with 71 lakh population, it is an astounding 319 cybercrimes per day and 15 per hour.
• Delhi: As per Delhi police data, in 2023 up to August, with 25000 cybercrime cases filed, there has been a 212 per cent increase compared to the 8,000 cases filed last year in the same period. The cases, ranging from UPI fraud to bank and email scams, have resulted in financial losses exceeding Rs 200 crore this year. Among the cyber frauds committed in Delhi this year is the biggest cyber scam of a 34-year-old doctor duped of Rs 4 crore by a gang posing as officials from the Narcotics Control Bureau.
• Mumbai: Data collated from an RTI application from Mumbai police shows a whopping Rs 615 crore has been lost between 2013 and June 2023 to cyber fraud. And this year, cybercrime has gone up by 50 per cent over last year.
• Chennai: 33 per cent of all criminal cases booked by Chennai crime branch this year between January and April relate to cyber offences.
• Ahmedabad: Between 2020 and 2022, the number of calls received by the cyber helpline number from victims of cyber fraud spiked 11 times. According to Gujarat police figures, a total of 24,689 calls were made by the victims in 2020. In 2021, the calls surged to 67,879, and 2022 saw an unprecedented 2,75,264 calls. In recent months, every day over 230 Amdavadis were conned by cybercriminals. It translates to nearly 10 victims every hour. And more than 50,000 in eight months of 2023.
• Bengaluru: In Karnataka, nearly Rs 1 crore on average was stolen every day by cyber fraudsters in 2022, recording a surge of 150 per cent in the money lost in internet crimes, according to the data shared by the state home department. Karnataka lost a whopping Rs 363 crore in 2022, and since 2019, the scamsters have managed to siphon away Rs 722 crore.

Cybercrime Defined

Cybercrime refers to the illegal activities conducted in cyberspace, targeting computer systems, networks, individuals, organisations and even nations for financial gain or disruption. These nefarious activities include phishing, ransomware attacks, identity theft, hacking, and distributed denial-of-service (DDoS) attacks, among others.

Cybercrime can be recognised in two ways-

• Computer as a Target: Using a computer to attack other computers. Example- hacking, virus/worm attacks, and DOS attacks.
• Computer as a weapon: Using a computer to commit real-world crimes. Examples- cyber terrorism, IPR violations, credit card frauds, EFT frauds, pornography etc.

Cybercrime: Fast Growing Global Pandemic

According to a worldwide survey ‘Economic Impact of Cybercrimes’ by the Centre for Strategic and International Studies (CSIS), $600 billion i.e., close to 1 per cent of worldwide GDP is annually lost to cybercrimes. It is a quantum jump from $4.14 billion in 2015. Other data put the annual global GDP loss due to cybercrime at 2-2.5 per cent. Also, a recent report from Cybersecurity Ventures indicates the global loss due to cybercrime will reach $10.5 trillion by 2025 with an estimated growth rate of 15 per cent annually for cybercrime over the next five years.

Huge financial loss is indubitably the most ubiquitous aftereffect of cybercrimes. But cybercrimes also have several other disastrous consequences for businesses and individuals. Just to give a few examples-

One, in developing countries including India, cybercriminals often rob unsuspecting individuals of their entire life savings in one go.

Two, the loss of sensitive customer data can result in penalties and fines for failing to protect customer data. Often businesses are sued over data breaches.

Three, cyber fraud relating to breach of security leads to huge negative investor perception for businesses which often results in increased costs for borrowing, and raising more capital can be challenging after a security breach.

Four, due to a loss of reputation and damaged brand identity after a cyberattack, customers’ trust in a business invariably nosedives. Businesses not only end up losing current customers but also find it difficult to gain new customers.

India that is Bharat faces Humungous Threat

As per a Norton Life Lock survey in 2020, Rs 1.24 trillion was lost in India due to cybercrimes with 63 per cent of Indian victims incurring financial loss, whereas in 2019, India lost Rs 1.25 trillion to cybercrimes. Also, as per a Government of India report, both in 2021 and 2022, India witnessed around 14 lakh cybersecurity incidents.

Types of Cybercrimes in India

As regards types of crimes, all-encompassing types have been reported from India — online cheating/frauds, ATM card/credit card frauds, online business frauds, multilevel marketing frauds, social media crimes, hacking, data theft, corporate espionage, spoofing, web jacking and cyber terrorism.

A growing type of individual-level fraud is targeting students and job seekers on multiple social media portals and luring them by creating fake jobs or posing as a recruiter.

Modus Operandi of Fraudsters

Intriguingly, most cyber frauds are interstate and often transnational. Cybercriminals are getting sophisticated and types of cybercrimes are evolving. Examples are legion — reverse engineering of mobile apps, ransomware, remote access and screen sharing frauds, message app banking frauds, phishing, QR-related frauds, sim swap frauds and malicious application frauds are few of the multiple ways.

All types of modus operandi are employed by cyber criminals to defraud innocents. A case in point is the accused posing as bank officials, investment company executives, or tech executives to get information from unsuspecting victims. Once they get confidential data such as credit card details, OTPs, net banking passwords, or other details, they siphon off the money in no time. This is the way the gangs based in Jharkhand, West Bengal, Bihar, Haryana, Gujarat and Chhattisgarh operate. The operation of fake call centres and their remotely located handlers is so swift that recovering money becomes impossible as the gangs distribute money to their associates in no time, including sending money to offshore accounts.

Cybercrime Set to Go Over the Roof

India has entered a unique era of digital revolution. Today, the country has more than 750 million active internet users, in both rural and urban India (90 per cent of adult population uses the internet, next only to China). Also, smartphone penetration in India, which powers the digitisation movement is likely to cross 1.2 billion by 2025. Also, the use of smartphone-based internet is likely to spread fast with “Bharat broadband” connecting villages. With this, cybercrime will cease to be merely an urban phenomenon.

Digital payments and online banking are witnessing high growth, a tremendous boost with consumers, even small-time vendors transacting en-masse online. But with more online transaction growth, there will be more cybercrimes and it will grow exponentially.

Cybercrime No One’s Baby

By its very nature, cybercrime is mostly an interstate crime and more often a transnational crime, requiring coordinated action between states and nations. But cybercrime in India is no one’s baby. The Central government washes off its hand with the assertion that ‘police’ and ‘public order’ are state subjects as per the Seventh Schedule of the Constitution of India and that states/UTs are primarily responsible for the prevention, detection, investigation and prosecution of crimes including cybercrime through their Law Enforcement Agencies (LEAs). The LEAs take legal action as per the provisions of the law against the offenders. The Central government says that it supplements the initiatives of the state governments through advisories and financial assistance under various schemes for their capacity building. But the truth beckons that cybercrime is increasing by leaps and bounds and neither Central nor state governments are acting purposively in tandem with each other.

The above shows the shallowness of the cyber fraud protection protocols and their enforcement in the country.

Chalte Chalte- The Way Forward

It is time for India to get its act together. A few actions are immediately needed at the governmental level. These are as under:

1. Due to the interstate and even transnational nature of cybercrimes, there is a need to immediately bring “cybercrime” to Item 3 “Concurrent List” of the Seventh Schedule of the Constitution.
2. The country needs, as of yesterday, best practices law against cybercrime. We are a unique country where we haul up beggars and imprison them in beggars’ homes for 10 years on summary trial while cybercriminals roam freely. It is time to have exemplary punishment for cybercrime, which should be a minimum of 5 years. Punishments not only have to be exemplary but swift as well.
3. There is a case for best practices communication strategy targeting victims.
4. There is a massive need for upgrading skills and infrastructure in police stations (every police station needs a cybercrime cell, one dedicated cybercrime police station has not helped) and lower courts (every district court to start with needs to have a dedicated cybercrime court which based on records swiftly give exemplary punishment). Cybercrime does not leave human witnesses.
5. It is time for institutions to regularly upgrade their cybersecurity protocols.
6. CASA (current and savings bank account) is the cheapest source of money for banks. It is time for banks to provide Rs 500000 insurance against cybercrime to account holders.

Individual sufferers of cybercrime too must safeguard them. A few ways are using strong passwords and frequently changing them, keeping social media accounts private, securing mobile devices, protecting your computer, online identity and data using encryption.

Akhileshwar Sahay is a Multidisciplinary Thought Leader with Action Bias, India based International Impact Consultant. He works as President Advisory Services of the consulting company BARSYL. Views expressed in the above piece are personal and solely that of the author. They do not necessarily reflect News18’s views.