Unique Solutions to Curb Cyber Crimes in India!

Unique Solutions to Curb Cyber Crimes in India!

Unique Solutions to Curb Cyber Crimes in India:

Cyber fraud has increased in India exponentially over the years. Factors like illiteracy, jurisdictional issues, anonymity that virtual world offers etc has contributed to it. 

In recent times these fraudsters have created mayhem in the lives of innocent citizens. These organized gangs of criminals are no lesser than robbers of real life. Given the way these criminals have devastated the lives of several millions of people, these cases should be treated with utmost seriousness. 

Social Ills:
These criminals are negatively affecting the society. At one hand, honest people toil hard to earn few thousand of rupees per month. While, on the other these criminals defraud people of millions of rupees with impunity. They spoil of the lives of honest, hard working population who deserve utmost respect. Therefore, these cyber criminals deserve no mercy and should be awarded commensurate punishment to prevent social degeneration. 

The write up, discusses and elucidates unique, out of box solutions to curb these crimes. 

Present Situation:
Cyber sphere in India is not governed by a single explicit cyber law but by combination of them including Information Technology Act, Indian Penal Code, Intellectual Property related laws etc. They aim to protect citizens from various cyber crimes like hacking, ransom-ware, obscenity, defamation etc. 

Cyber Crimes Defined under IT Act:

  • Section 43: Penalty and compensation for damage to computer, computer system, etc.
  • Section 65: Tampering with computer source documents.
  • Section 66: Computer related offence
  • Section 66B: Punishment for dishonestly receiving stolen computer resource or communication device.
  • Section 66C: Punishment for identity theft.
  • Section 66D: Punishment for cheating by personation by using computer resource
  • Section 66E: Punishment for violation of privacy.
  • Section 66F: Punishment for cyber terrorism
  • Section 67: Punishment for publishing or transmitting obscene material in electronic form.
  • Section 67A: Punishment for publishing or transmitting of material containing sexually explicit act, etc., in electronic form.
  • Section 67B: Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc., in electronic form.
  • Section 67C: Preservation and retention of information by intermediaries

Whether Offences are Compoundable, Cognizable and Bailable?
Section 77A of IT Act says – “Subject to certain exceptions, all the offences under the IT Act for which the punishment is imprisonment for a term of 3 years or less, are compoundable. The provisions of sections 265B and 265C of the Code of Criminal Procedure, 1973 shall apply with respect to such compounding”.

Section 77B of the IT Act further lays down – “Notwithstanding anything contained in the Code of Criminal Procedure, all the offences punishable with imprisonment of 3 years and above under the IT Act shall be cognizable and all offences punishable with imprisonment of 3 years or less shall be bailable offences’. 

As such, most of cyber crimes under IT Act are bailable, except: 

  • Section 67: Publishing or transmitting obscene material in electronic form.
  • Section 67 A: Publishing or transmitting of material containing sexually explicit act, etc., in electronic form.
  • Section 67 B: Publishing or transmitting of material depicting children in sexually explicit act, etc., in electronic form
  • Section 66 F: Cyber terrorism. 

As evident, the current form of Information Technology Act is not deterrent enough. Following changes can help create necessary impact: 

All the penal section should be made non compoundable, non bailable and higher punishment be awarded to repeat offenders. The impact of crime on the life of victim should be taken into account and in rare cases life imprisonment (till the reminder of life) to accused should also be awarded.  

Consider a case, where victim had stored money for medical related expense and due to fraud, he/she is unable to save his family member or under depression the victim commits suicide. Here, harshest punishment be awarded to cyber criminals including imprisonment for life. 

Recovery / Seizure of Property of Cyber Criminals:
A majority of cyber crimes are executed for financial benefits. Therefore, recovery / seizure of ill gotten wealth is pre-requisite to break the backbone of cyber criminals. 

It calls for simple, speedy and practical recovery process. For example, if fraudster does not appear before police despite orders under Section 91 Cr.P.C, his/ her entire bank account be frozen and money recovered with prior permission of the Court of law. If needed, immovable assets like land, house etc of cyber criminal also be sold to refund money back to the victim. 

Despite all efforts, if money couldn’t be recouped then the criminal should be forced to undergo longer period of jail term. 

Making ATM PIN Mandatory:
Due to digital illiteracy, OTP frauds also known as “Vishing” are still commonplace. Citizen at large have become aware that they must not share OTP with strangers. As a result, overwhelming majority of vishing fraud victims are only those who are first time users. Cyber criminals are often able to convince them to share the One Time Password needed for financial transactions. Therefore, to protect these gullible citizens an additional layer of authentication can be thought as discussed below:   

ATM PIN + OTP:

  • To perform financial transaction from accounts of these first time users, ATM PIN should also be made mandatory. It will certainly help curb online frauds, as first time users are also quite wary of sharing their ATM PIN to strangers. 
  • To avoid inconvenience to experienced online users, the feature should be made optional. 

Biometric Based ATM Money Withdrawal:
In India, thousands of individuals become victim of ATM skimming, card cloning and ATM card exchange daily. These frauds have one common element – scammer fraudulently gathering the card details (the card itself or cloned magnetic strip) as well as the ATM PIN, which enables them to withdraw money illegally from the victim’s account. 

Therefore, money withdrawal from ATM should have an additional layer of authentication – “What we are”. For example, fingerprint/ palm-print should be made compulsory for money withdrawal and it will help curb aforesaid mentioned crimes very effectively. Alternatively, entering the OTP received on the bank linked mobile number be made compulsory for withdrawing money from ATMs. 

State & National Level Co-ordination:
Given the nature of cyber crime, where criminals generally hail from outside local police jurisdiction, necessites state and national co-ordination. Precisely for the same reason police is reluctant to file FIRs and fewer raids are conducted, as they are resource intensive.  

The end result is non registration of FIR or the final report being filed as untraced or cancelled without proper investigation. 

Either mechanism be developed for pan India police co ordination or law be tweaked. A out of box solution generally envisaged is as following: Suppose a criminal residing in Jamtara, Jharkhand commits fraud on a person living in Haryana. Then, the law should enable Jharkhand police to raid and apprehend the accused. Further, the trial be conducted in Haryana with help of modern technologies like Video Conferencing. 

Investigation Power to SI or ASI rank:
Presently Information Technology Act, permit only inspector rank and above to investigate IT Act related cases. Here is the relevant section reproduced below:

Section 78 in Information Technology Act, 2000
Power to investigate offences: Notwithstanding anything contained in the Code of Criminal Procedure, 1973 (2 of 1974), a police officer not below the rank of Inspector shall investigate any offence under this Act.

With exponential rise in the number of these cases, it has become near impossible for inspector and above ranks to investigate them personally. Therefore, investigation power should be devolved to Sub Inspector or Assistant Sub Inspector rank police officers. 

Special Courts:
Cyber crimes are technical crimes which requires in depth understanding of technicalities. At times, even knowledge of coding and machine languages are required. Therefore, special court be established with judges well versed in technicalities for better outcome of the cases.  

Centralized Platform for Data Sharing:
Currently, the process to receive information required for investigation purposes is cumbersome. It often results in inordinate delays, which proves fatal for many cases. 

Therefore, a central mechanism/ platform should be evolved to provide requisite data to LEAs in time bound and hassle free manner. In this regard, a collaborative platform of TSPs, banks, payment gateways, OTTs etc is the way forward. 

Foreign Entities:
Foreign players in Indian market like WhatsApp, Telegram, Wire Secure Messenger, Go Daddy etc must comply with Indian rules and regulations. They must share data required for investigation purposes with police and other enforcement agencies. 

Also they should provide data within a given time frame. Any non compliance should be viewed strictly and repeated non compliance should lead to permanent ban. 

Biometric Based Financial Transaction:
Reserve Bank of India had introduced a new guideline for Tele Shopping / Mobile / Interactive Voice Response Transaction, done using credit card. As per the guideline, all such transactions required an additional password validation, starting from January 1, 2011.  

The idea was to prevent credit card abuse and frauds, and to secure all such transactions done over the Mobile or Interactive Voice Response system. Before this guideline, a credit card transaction over an IVR system required the following:

  • Credit card number
  • Card Expiry date
  • CVV Number 

So, with stolen credit cards, fraudsters were able to make fraudulent transactions, as all the details were present on the card itself. However, after this guideline, two additional things were needed to perform an online transaction. 

  • Mobile Number
  • IVR 3D Secure OTP (One Time Password) 

However, fraudsters still fool people by asking their OTP, UPI PIN. Therefore, UPI based platform should go for stricter authentication standards including biometric confirmation for payment processing. 

One Device, One Fraud, No More:
Currently, the process to block SIM of cyber criminals is a tedious, cumbersome and time consuming process. And, there is no way to block devices based on their IMEI identity. Therefore, a process should be evolved to block devices of fraudsters. Certainly, the ongoing project “Central Equipment Identity Register” is a step in this direction.  

The website https://ceir.gov.in/ reads as follows:

What is Central Equipment Identity Register?
With the aim to curtail the counterfeit mobile phone market and discourage mobile phone theft, protect consumer interest and facilitate law enforcement authorities for lawful interception, DoT intends to implement Central Equipment Identity Registry (CEIR) that connects to the IMEI database of all the mobile Operators. CEIR acts as a central system for all network Operators to share black listed mobile devices so that devices blacklisted in one network will not work on other networks even if the Subscriber Identity Module (SIM) card in the device is changed.

How to Block a Lost/ Stolen Device?
The user can block the device by any one of the following means:

1.Through a form submitted on this website. The procedure to do it is as follows: -

  • File a report with the police, and keep a copy of the report.
  • Get a duplicate SIM Card for the lost number from your telecom service provider (eg, Airtel, Jio, Voda/Idea, BSNL, MTNL etc.). This is essential because you will need to provide this as the primary mobile number (OTP will be sent on this number) while submitting the request for blocking your IMEI.
  • Note: As per TRAI's regulation, SMS facility on re-issued SIMs is enabled after 24 hours of SIM activation.
  • Get your documents ready - a copy of police report and an Identity Proof must be provided. You can also provide the mobile purchase invoice.
  • Fill out the request registration form for blocking the IMEI of lost/stolen phone, and attach the required documents. 
  • After submitting the form, you will be given a Request ID. The same can be used for checking the status of your request and for unblocking the IMEI in future.

2.Through TSP’s specified customer outlets.
3.Through State Police.

Other Steps to Curb Cyber Crimes:

  • The raiding police party be adequately and timely compensated for expenses incurred on long distance raids. The expenses can be recovered later on from fraudster. 
  • Training of police personnel and creation of more dedicated cyber cells at state and district level will certainly help improve quality of cyber crime investigation. 
  • All bank account be linked with PAN and Aadhar card. It will enable police and Law Enforcement to freeze all the bank account of fraudster in one go. 

Conclusion:
Cyber crimes are no longer handiwork of lone wolf cyber criminals. Now a days, cyber criminals acts in well planned and concerted manner to fool innocent citizens. Their organized nature of criminal activity can only be countered through meticulous planning, co ordination and well implementation at the ground level. 

The aforesaid discussed solutions will certainly go a long way curbing these social evils. 
(The suggestions are personal based on interaction with LEAs and cyber experts).