Safety shield for digital payments

The exponential growth in digital payments is a key indicator of growth in India’s digital economy, but the devil is in the details. The spectacular growth has come with the problem of cyber fraud, which threatens to erode the trust of users in the digital payment ecosystem. Official data shows that cyber frauds have increased by 128% in the country, and 60% of these are financial frauds. The Parliamentary Standing Committee on Communication and Information Technology has pressed the alarm bells over low conviction rates against soaring cases of such fraud. Information furnished by the Ministry of Electronics and Information Technology (MeITY) before the parliamentary panel speaks volumes about the rapid pace of growth in digital payments in the country.  The total payment transaction volume had increased from Rs 2,071 crore in 2017-18 to Rs 13,462 crore in 2022–23 and crossed Rs 7437 crore as of September 24, 2023. The Ministry projects that digital payments in India are expected to grow over threefold by 2025 due to growing smartphone penetration, COVID-led changes in consumer behaviour, and government policies for financial inclusion. The Indian Cyber Crime Coordination Centre (I4C), established by the Ministry of Home Affairs, launched the National Cybercrime Reporting Portal (NCRP) to facilitate reporting of all types of cybercrime, including financial frauds, from anywhere round the clock. Since the inception of NCRP in August 2019, more than 30.60 lakh cybercrimes have been reported across the country through the portal, which is indicative of the huge challenge banks, other financial institutions, and law-enforcing agencies are grappling with to protect the digital payments system from cybercriminals. The Citizen Financial Cyber Frauds Reporting and Management System (CFCFRMS), developed as part of NCRP, is an innovative response to foil attempts by cybercriminals to empty the accounts. Being an integrated platform of law enforcement agencies of states and union territories, banks and financial intermediaries, payment wallets, crypto exchanges, and e-commerce companies, CFCFRMS enables prompt system-based action to prevent money flow from accounts of customers to accounts of fraudsters and restore the amount to the victim’s account. The parliamentary panel’s report highlights that since the launch of this integrated platform in April 2021, more than Rs 880 crore has been stopped from flowing to accounts of fraudsters and resorted to accounts of 3,50,000 victims. This is reflective of India developing its capability to thwart financial fraud by cybercriminals, provided victims report about the frauds promptly through the portal. Spreading awareness about the portal and the importance of prompt reporting of cybercrimes, therefore, must remain a key focus of financial fraud prevention. One of the modus operandi of cyber frauds described in the report is indicative of the abuse of technology by cybercriminals towards unsuspecting victims. It explains that Android platforms provide a side-loading installation feature that is exploited by cybercriminals for creating Malicious Financial Apps. These apps are developed by cybercriminals and sent to victims via links on Messenger or SMS. Upon installation of these apps by the citizens, sensitive phone information like SMS, call logs, etc. gets compromised. The Parliamentary Committee expressed concern that conviction rates are very low, due to which punitive measures have not been very effective in tackling cybercrimes. The NCRP reported 10,30,709 cybercrime complaints last year until November 15, 2023, compared to 6,94,440 complaints reported in 2022, which points towards cybercrime growing at exponential rates. The report refers to National Crime Records Bureau data, which highlights that, as against the 54,979 cyber cases registered for trial in 2021, in only 491 cases, the accused have been convicted, which is only 0.89 percent of the cases registered. Conviction rates recorded a sharp decline from 2.73 percent in 2020. The Committee impressed upon the government to undertake a statutory and legislative overhaul in respect of cybercrime to make punishment measures a strong deterrent for cybercriminals. The government estimates a requirement of 2.21 lakh cyber security professionals in the country, but the non-availability of skilled professionals has led to a huge shortage. The Committee recommends training the staff of central monitoring agencies and state law enforcement agencies to equip them with the necessary skills as cyber security professionals to overcome the shortage, which is a pragmatic suggestion. Some of the steps initiated by the Reserve Bank of India to enhance digital payment security and reduce frauds include putting in place a system for providing additional authentication and validation based on information not visible on the cards, card networks ensuring mandatory PIN authentication for all transactions performed using credit, debit, and prepaid cards, and banks putting in place a system of online alerts for all types of transactions, irrespective of the amount, and permitting all mobile banking transactions involving debit to the account only to be validated through two-factor authentication. Informing users about safety measures is essential to strengthening safety in the digital payment ecosystem.