Cyber fraud has increased in India exponentially over the years. Factors like illiteracy, jurisdictional issues, anonymity that virtual world offers etc has contributed to it.
In recent times these fraudsters have created mayhem in the lives of innocent citizens. These organized gangs of criminals are no lesser than robbers of real life. Given the way these criminals have devastated the lives of several millions of people, these cases should be treated with utmost seriousness.
These criminals are negatively affecting the society. At one hand, honest people toil hard to earn few thousand of rupees per month. While, on the other these criminals defraud people of millions of rupees with impunity. They spoil of the lives of honest, hard working population who deserve utmost respect. Therefore, these cyber criminals deserve no mercy and should be awarded commensurate punishment to prevent social degeneration.
The write up, discusses and elucidates unique, out of box solutions to curb these crimes.
Cyber sphere in India is not governed by a single explicit cyber law but by combination of them including Information Technology Act, Indian Penal Code, Intellectual Property related laws etc. They aim to protect citizens from various cyber crimes like hacking, ransom-ware, obscenity, defamation etc.
Cyber Crimes Defined under IT Act:
Whether Offences are Compoundable, Cognizable and Bailable?
Section 77A of IT Act says – “Subject to certain exceptions, all the offences under the IT Act for which the punishment is imprisonment for a term of 3 years or less, are compoundable. The provisions of sections 265B and 265C of the Code of Criminal Procedure, 1973 shall apply with respect to such compounding”.
Section 77B of the IT Act further lays down – “Notwithstanding anything contained in the Code of Criminal Procedure, all the offences punishable with imprisonment of 3 years and above under the IT Act shall be cognizable and all offences punishable with imprisonment of 3 years or less shall be bailable offences’.
As such, most of cyber crimes under IT Act are bailable, except:
As evident, the current form of Information Technology Act is not deterrent enough. Following changes can help create necessary impact:
All the penal section should be made non compoundable, non bailable and higher punishment be awarded to repeat offenders. The impact of crime on the life of victim should be taken into account and in rare cases life imprisonment (till the reminder of life) to accused should also be awarded.
Consider a case, where victim had stored money for medical related expense and due to fraud, he/she is unable to save his family member or under depression the victim commits suicide. Here, harshest punishment be awarded to cyber criminals including imprisonment for life.
Recovery / Seizure of Property of Cyber Criminals:
A majority of cyber crimes are executed for financial benefits. Therefore, recovery / seizure of ill gotten wealth is pre-requisite to break the backbone of cyber criminals.
It calls for simple, speedy and practical recovery process. For example, if fraudster does not appear before police despite orders under Section 91 Cr.P.C, his/ her entire bank account be frozen and money recovered with prior permission of the Court of law. If needed, immovable assets like land, house etc of cyber criminal also be sold to refund money back to the victim.
Despite all efforts, if money couldn’t be recouped then the criminal should be forced to undergo longer period of jail term.
Making ATM PIN Mandatory:
Due to digital illiteracy, OTP frauds also known as “Vishing” are still commonplace. Citizen at large have become aware that they must not share OTP with strangers. As a result, overwhelming majority of vishing fraud victims are only those who are first time users. Cyber criminals are often able to convince them to share the One Time Password needed for financial transactions. Therefore, to protect these gullible citizens an additional layer of authentication can be thought as discussed below:
ATM PIN + OTP:
Biometric Based ATM Money Withdrawal:
In India, thousands of individuals become victim of ATM skimming, card cloning and ATM card exchange daily. These frauds have one common element – scammer fraudulently gathering the card details (the card itself or cloned magnetic strip) as well as the ATM PIN, which enables them to withdraw money illegally from the victim’s account.
Therefore, money withdrawal from ATM should have an additional layer of authentication – “What we are”. For example, fingerprint/ palm-print should be made compulsory for money withdrawal and it will help curb aforesaid mentioned crimes very effectively. Alternatively, entering the OTP received on the bank linked mobile number be made compulsory for withdrawing money from ATMs.
State & National Level Co-ordination:
Given the nature of cyber crime, where criminals generally hail from outside local police jurisdiction, necessites state and national co-ordination. Precisely for the same reason police is reluctant to file FIRs and fewer raids are conducted, as they are resource intensive.
The end result is non registration of FIR or the final report being filed as untraced or cancelled without proper investigation.
Either mechanism be developed for pan India police co ordination or law be tweaked. A out of box solution generally envisaged is as following: Suppose a criminal residing in Jamtara, Jharkhand commits fraud on a person living in Haryana. Then, the law should enable Jharkhand police to raid and apprehend the accused. Further, the trial be conducted in Haryana with help of modern technologies like Video Conferencing.
Investigation Power to SI or ASI rank:
Presently Information Technology Act, permit only inspector rank and above to investigate IT Act related cases. Here is the relevant section reproduced below:
Section 78 in Information Technology Act, 2000
Power to investigate offences: Notwithstanding anything contained in the Code of Criminal Procedure, 1973 (2 of 1974), a police officer not below the rank of Inspector shall investigate any offence under this Act.
With exponential rise in the number of these cases, it has become near impossible for inspector and above ranks to investigate them personally. Therefore, investigation power should be devolved to Sub Inspector or Assistant Sub Inspector rank police officers.
Cyber crimes are technical crimes which requires in depth understanding of technicalities. At times, even knowledge of coding and machine languages are required. Therefore, special court be established with judges well versed in technicalities for better outcome of the cases.
Centralized Platform for Data Sharing:
Currently, the process to receive information required for investigation purposes is cumbersome. It often results in inordinate delays, which proves fatal for many cases.
Therefore, a central mechanism/ platform should be evolved to provide requisite data to LEAs in time bound and hassle free manner. In this regard, a collaborative platform of TSPs, banks, payment gateways, OTTs etc is the way forward.
Foreign players in Indian market like WhatsApp, Telegram, Wire Secure Messenger, Go Daddy etc must comply with Indian rules and regulations. They must share data required for investigation purposes with police and other enforcement agencies.
Also they should provide data within a given time frame. Any non compliance should be viewed strictly and repeated non compliance should lead to permanent ban.
Biometric Based Financial Transaction:
Reserve Bank of India had introduced a new guideline for Tele Shopping / Mobile / Interactive Voice Response Transaction, done using credit card. As per the guideline, all such transactions required an additional password validation, starting from January 1, 2011.
The idea was to prevent credit card abuse and frauds, and to secure all such transactions done over the Mobile or Interactive Voice Response system. Before this guideline, a credit card transaction over an IVR system required the following:
So, with stolen credit cards, fraudsters were able to make fraudulent transactions, as all the details were present on the card itself. However, after this guideline, two additional things were needed to perform an online transaction.
However, fraudsters still fool people by asking their OTP, UPI PIN. Therefore, UPI based platform should go for stricter authentication standards including biometric confirmation for payment processing.
One Device, One Fraud, No More:
Currently, the process to block SIM of cyber criminals is a tedious, cumbersome and time consuming process. And, there is no way to block devices based on their IMEI identity. Therefore, a process should be evolved to block devices of fraudsters. Certainly, the ongoing project “Central Equipment Identity Register” is a step in this direction.
The website https://ceir.gov.in/ reads as follows:
What is Central Equipment Identity Register?
With the aim to curtail the counterfeit mobile phone market and discourage mobile phone theft, protect consumer interest and facilitate law enforcement authorities for lawful interception, DoT intends to implement Central Equipment Identity Registry (CEIR) that connects to the IMEI database of all the mobile Operators. CEIR acts as a central system for all network Operators to share black listed mobile devices so that devices blacklisted in one network will not work on other networks even if the Subscriber Identity Module (SIM) card in the device is changed.
How to Block a Lost/ Stolen Device?
The user can block the device by any one of the following means:
1.Through a form submitted on this website. The procedure to do it is as follows: -
2.Through TSP’s specified customer outlets.
3.Through State Police.
Other Steps to Curb Cyber Crimes:
Cyber crimes are no longer handiwork of lone wolf cyber criminals. Now a days, cyber criminals acts in well planned and concerted manner to fool innocent citizens. Their organized nature of criminal activity can only be countered through meticulous planning, co ordination and well implementation at the ground level.
The aforesaid discussed solutions will certainly go a long way curbing these social evils.
(The suggestions are personal based on interaction with LEAs and cyber experts).