While online or digital payments have been on a rise especially after the spread of the COVID19 pandemic in India, it is observed that these frauds are taking place through social engineering techniques like vishing and phishing, says the government. During FY2019-20, banks have reported frauds worth Rs244 crore related with ATM-debit card, credit card and internet banking.
Sanjay Dhotre, minister of state for electronics and information technology, while replying to a question in the Lok Sabha, says, "Government has taken policy level initiatives to ensure appropriate and secure functioning of digital payment transactions, in the country. Reserve Bank of India (RBI) has mandated two factor authentication which provides an additional layer of security to the end customers using online modes of payment. Additionally, customer awareness messages and campaigns are available on all prominent bank sites covering caution to be exercised by customers while performing online transactions."
Three members of Parliament (MPs) Rahul Ramesh Shewale, Hemant Sriram Patil and Omprakash Bhupal Sinh Alias Pawan Raje Nimbalkar have asked questions on increased online frauds and steps taken by the government to make digital transactions safe.
The minister says, RBI in its master directions issued on 18 February 2021, had advised banks to implement customer protection controls for their digital payment applications. These controls include, cautioning the customers against commonly known threats in recent times like phishing, vishing, reverse-phishing and remote access of mobile devices and educating the customers to secure and safeguard their account details, credentials, PIN, card details, and devices.
"Banks have been directed to examine the fraud cases and report them to law enforcement agencies, examine staff accountability, complete proceedings against the erring staff expeditiously, take steps to recover the amount involved in the fraud, claim insurance wherever applicable and streamline the system as also the procedures so that frauds do not recur," the minister says.
Vishing is a social engineering attack in which, the fraudster calls the victim and entices them to provide sensitive information, or click a link, or perform an action they otherwise would not perform. Online frauds carried out via email are called phishing and those committed via text or SMS are known as smishing.
Baking customers have zero liability in case of unauthorised transactions occurring due to contributory fraud, negligence, and deficiency on the part of the bank and due to third party breach, provided, they notify the bank regarding the unauthorised transactions within three working days of receiving the communication from the bank regarding this transaction.
As per RBI’s circular on 'customer protection – limiting liability of customers in unauthorised electronic banking transactions' dated 6 July 2017, customer’s entitlement to zero liability arises where the unauthorised transaction occurs in the events contributory fraud, negligence or deficiency on the part of the bank or third party breach where the deficiency lies neither with the bank nor with the customer, but lies elsewhere in the system, and the customer notifies the bank within three working days of receiving the communication from the bank regarding the unauthorised transaction.
The Indian Computer Emergency Response Team (CERT-In) is working in coordination with RBI and banks to track and disable phishing websites. "Regarding securing digital payments, 37 advisories have been issued (by CERT-In) for users and institutions," Mr Dhotre says.
As per the reply, all authorised entities and banks issuing prepaid payment instruments (PPIs) in the country have been advised by CERT-In through RBI to carry out special audit by empanelled auditors of CERT-In on a priority basis and to take immediate steps to comply with the findings of the audit report and ensure implementation of security best practices.
Further, RBI has introduced ‘Ombudsman Scheme for Digital Transactions, 2019’ in the public interest and in the interest of fair conduct of business relating to payment systems, to provide a mechanism of ombudsman for redressal of complaints against deficiency in services related to digital transactions, the minister added.
Separately, replying to a question in the Rajya Sabha on banking frauds, Anurag Thakur, minister of state for finance says, over the past three years, scheduled commercial banks witnessed increase in frauds related with ATM, debit card, credit card and internet banking. These frauds increased to Rs244.01 crore in FY2019-20 from Rs168.99 crore recorded in FY2017-18, the minister says.
Anil Desai, an MP from Shiv Sena had asked questions about increasing number of cyber criminals committing banking frauds and the mechanism put in place by the government to check cybercrimes.
Mr Thakur says, RBI has asked issuers of PPIs to introduce a system where every successive payment transaction in a wallet is authenticated by explicit customer consent. Banks are asked to ensure that all new PPIs issued in the form of cards are EMV chip and PIN compliant. Banks are also asked to ensure that all reissuance or renewal of PPIs in the form of cards are EMV Chip and PIN compliant, Mr Thakur informed the upper house.