What are FASTag Frauds & How to Prevent in India 2020

What are FASTag Frauds & How to Prevent in India 2020

What are FASTag Frauds & How to Prevent in India:

FASTag is an electronic toll collection system in India, operated by the National Highway Authority of India (NHAI). On 19 October 2019, it was announced that FASTag will be mandatory on all National Highways from 1st of December 2019 and non-FASTag users will be charged double the toll.

Since then, FASTag has become a buzzword in India. It’s a device that employs Radio Frequency Identification technology for cashless payments at toll plazas. The tag is pasted on the windscreen of the vehicle and thus can be read even while the vehicle is in motion. In short, it enables the vehicle owner to make toll payment directly from the FASTag linked bank account without stopping at toll. Thereby, saving previous time and fuel. 

With rise in popularity of FASTag and deadline approaching near (currently February 2019), cyber criminals are trying all the means possible to defraud citizens using it as tool. 

How FASTag Frauds Happen?
The fraudsters have long been defrauding people by exploiting their greed and sense of urgency. Few examples include lottery prizes, voucher redemption, money refund, expiration of card, urgent verification of bank details etc. Now, fraudsters are using FASTag recharge using UPI as one of the pretexts. 

Other pretexts relating to FASTag includes, helping them in the registration process of FASTag or helping them in getting FASTag free of cost. Officially, the first FASTag related scam has been reported by a Bangalore man who lost Rs 50 K to the fraudster. 

Steps Involved in Fraud:
Step 1: Fraudster approaches the victim, with pretext of helping him as aforesaid mentioned. 
Step 2: Fraudster seeks personal information like card details and CVV, or UPI PIN as part of the process. 
Step 3: After receiving details like UPI PIN, the fraudster performs unauthorized bank transaction and then is nowhere to be found. 
In most of the cases, the fraudster impersonates bank manger, bank help desk personnel etc. 

How To Prevent FASTag Fraud?
To protect yourself from becoming victim of similar frauds, you should:

  • Never Share Personal Details: You should never share card details or UPI PIN with any stranger, irrespective of the rank and authority they claim during the conversation process. Only after getting access to such sensitive data, fraudsters can commit fraud.
  • Need for Awareness: There is an urgent need to aware the public regarding the utility of FASTag, how it works, registration process and latest modus operandi being adopted by cyber criminals.
  • Ideal Response? If you receive such calls, immediately disconnect it. Also, you may report the same to the nearest Police Station or cyber cell. Alternatively, you may report it online via National Cybercrime Reporting Portal – cybercrime.gov.in

It must also be borne in mind that, FASTag is available only via following sources: a) MyFASTag App, b) Bank branches, c) Paytm and d) Amazon India only. No one can provide you FASTag sitting at home through phone calls. 
The registration process does not require any password or online banking details at all. Also, you should not fill any random form, as the data may be misused later on. 

Refund Process for Victims: 
Victims in FASTag fraud cases are concerned not only with conviction of cyber criminals but also with the refund of money. It is pertinent to mention here that - the bank’s (All scheduled commercial banks, Small finance bank and Payment Banks) liability in case of Unauthorized Electronic Banking Transactions is governed by RBI circular - RBI/2017-18/15, DBR.No.Leg.BC.78/09.07.005/2017-18 dated July 06, 2017.

You may read the following:

  1. Salient Points of the Circular
  2. How to Report Unauthorized Transactions to Bank
  3. Liability of customers in such cases
  4. Refund Rules
  5. Burden of Proof

At the blog: https://cyber-cops.com/blog/sop-for-money-refund-in-online-fraud-cases

Procedure Victims Should Follow: 
There is no strict procedure to be followed, except for rigid timelines. However, for maximum efficiency, following procedure is recommended:

Step 1: The complainant/ victim should lodge a complaint with the nearest Police Station or Cyber Cell. Following documents should be submitted along with the complaint:

  • Self attested, Government ID proof of the complainant
  • Screen Shots of the SMS which reflects the unauthorized transaction details (received on the victim's registered mobile number)
  • A detailed application describing the whole incident i.e., how the caller obtained the private information like card details, OTP or UPI PIN etc.
  • Phone numbers of the fraudster (if available) i.e., WhatssApp, IMO, WeChat, Skype, email etc
  • Updated bank statement reflecting the unauthorized transaction
  • Any other relevant detail

The chats, fraudulent mails, voice recordings, phone messages etc. should be retained in the “Original Device” as such. This is important to enable adduce them as evidence in the Court of Law. Once, the contents from original device are deleted, they lose their sanctity (even though present in other devices, as forwarded materials). Hence, care must be taken not to delete the original incriminating evidences.   

Ideally, an FIR should be lodged (U/S 154 Cr.P.C), but if police resists get a DDR (Daily Diary Register) entry made and receive a stamped copy of the proof of submission of the complaint. Now-a-days several state police allows lodging similar complaint via mobile application or web based interfaces too.

The whole idea is to lend weight and credibility to the complaint you shall finally make to your bank, with the use of such FIR/ DDR entry.

Step 2: Submit a similar complaint to the nearest bank branch and the RBI branch. The complaint to RBI branch is primarily meant to pressurize the bank to deal with the case swiftly and strictly as per the procedure prescribed by RBI.

RBI Bank branches: The RBI branches pan India can be seen using this link - https://www.rbi.org.in/Scripts/Regionaloffices.aspx

Care must be taken to ensure you notify the bank within three working days of receiving the communication from the bank regarding the unauthorized transaction, to enjoy zero customer liability.  

Step 3: Stay in contact with bank officials, seeking refund as per RBI guidelines. In case of delay, seek reasons for the same.  

The complete procedure for money refund in online fraud cases, has been explained here: https://cyber-cops.com/blog/sop-for-money-refund-in-online-fraud-cases

#Caution: Never search for customer care numbers online, as malicious elements have created Phishing pages which may direct you to wrong “customer care numbers”, leading to further victimization. Rather the customer care executive number can be found at the back side of the credit/ debit card.