How good is the idea of going cashless when cyber crime and online frauds are on a steady rise?
Two months ago, details of over 30 lakh debit cards were feared to have been compromised and leaked at ATMs. This led to a nationwide alert over debit card usage as users became both cautious and concerned about using their debit cards at ATMs or merchant organisations.
A month after this incident, the prime minister announced demonetisation and urged people to go cashless to make India a largely cashless economy. This is despite the fact that cyber crime and online frauds are on a steady rise with Indians mostly ignorant of the dangers of cyber and online fraud.
Cyberspace has always been a target of organised criminal groups for its ease of access despite several encryption, firewall and online security methods. Online fraud is one of the most prevalent economic crimes in India, which has been gradually assuming large proportions with increased use of online modes for payments and transactions. With online transactions increasing with the growth of e-commerce and e-retail, the dangers of online fraud are more real today.
Although there is no organised data yet on the extent of online fraud in India, with the increase in online transactions, these are expected to increase manifold. According to the Union home ministry, cases of online frauds increased from 747 in 2013 to 1,178 in 2014 and 2,300 in 2015. The 2016 figure is proportionately higher. According to industry estimates, India’s digital payments industry is expected to touch $500 billion by 2020, which necessitates even stronger methods of protecting users from online fraud.
Globally, the incidence of online and cyber fraud is increasing rapidly. A study conducted by Juniper Research found that the value of global online fraudulent transactions is expected to reach $25.6 billion by 2020, up from $10.7 billion last year. The study predicts that three areas would be pushing the incidence of online fraud: e-retail, which, at $16.6 billion, will account for 65 per cent of online fraud by value in 2020; banking, which will account for $6.9 billion or 27 per cent; and airline ticketing, which will account for $ 1.5 billion or six per cent of online fraud in the next four years. The pattern in India is not very different.
Online transaction is extremely sensitive as far as security is concerned and open to fraud because a lot of private and commercial information is transmitted through the internet and is mostly vulnerable. Worse, there is no single solution or a foolproof way to protect the data.
Most online banking frauds are conducted either through phishing, hacking, stealing of banking information or through cloning of credit and debit cards. With online transaction, internet banking and mobile and e-wallet transactions increasing, more avenues for online fraud have opened up.
The chances of online fraud have also increased because of the increased use of mobile phones for online transactions. Today, two out of three Indians (65 per cent) access the internet more often on a mobile device than on a PC. In fact, the smart phone is often the first and only device used for accessing the internet.
Another factor is that there is little regard for privacy in India and people readily share personal information and grant permissions when online. Apart from phishing, where fraudsters trick people to give out their card or online account details, there is also the problem of the PIN of credit and debit card being leaked from the handlers of such information—payment gateways and banks. Some people also use stolen or duplicate and cloned mobile SIM cards to get one-time passwords and then misuse a person’s account to commit online fraud.
A few months ago, the RBI came out with a proposal to limit customers’ liability in online fraud cases. This was necessitated because there was an increase in online transactions and, with that, complaints regarding electronic banking had also increased, RBI deputy governor S.S. Mundra had said. These complaints were mainly related to unauthorised fund transfers, fraudulent withdrawals from ATMs using duplicate and cloned cards and phishing through e-mails to get personal information.
“Despite the growing threat and awareness of cyber crime, consumers in India are complacent about protecting their personal information,” says Ritesh Chopra, country manager, Norton by Symantec. “The Norton Cybersecurity Insights report 2016 highlights that 30 per cent Indians have agreed to sharing their banking account passwords with someone else and 79 per cent know they must actively protect their information online, but they still share passwords and engage in other risky behaviour.”
According to the Norton survey, a shocking 36 per cent either always grant permissions or simply don’t know enough about the kind of permissions they may have granted online or through their mobile phone. It said that one in two Indians have granted access to contacts and mobile data, close to 40 per cent have granted permission to access their camera, bookmarks and browser history and close to 30 per cent have granted permission to apps for tracking their geo-location. Another matter of concern is that 42 per cent of the respondents said they have experienced a security problem, threat or nuisance as a result of using their devices for online shopping and 52 per cent believe their mobile wallet has come under threat as a result of using other apps on their devices, especially social media apps that pose the greatest threats.
With online, mobile and e-wallet transactions on the rise, the possibility of online frauds is likely to grow. The government and companies will have to strengthen security and fix liability before India moves fully into a cashless zone.