“As per RBI data on frauds reported by Scheduled Commercial Banks (SCBs) under the category “Card/Internet- ATM/Debit Cards, Credit Cards and Internet Banking", the amount involved in such frauds, based on the year of occurrence, has declined from Rs. 185 crore in the financial year 2019-20 to Rs. 160 crore in the financial year 2020-21 {year-on-year (Y-o-Y) decline of 15.2%} and to Rs. 128 crore in the financial year 2021-22 (Y-o-Y decline of 17.5%),"Minister of State for Finance said in the Lok Sabha.
He further said that as per information received from the National Crime Records Bureau (NCRB) regarding cases registered in respect of such frauds, the latest published data pertains to the year 2020, according to which, in respect of frauds related to ATMs/ credit cards / debit cards, online banking and OTP for the year 2018 to 2020, 16450 cases were registered and 8981 cases were disposed of.
He was replying to Opposition's question on whether the RBI has proposed to make cardless cash withdrawal facility available across all banks and ATM networks using the Unified Payment Interface (UPI), in addition to enhancing ease of transactions, to help prevent frauds such as card skimming, card cloning, etc.
"RBI has issued instructions on Cyber Security Framework in Banks and have mandated SCBs to report all unusual cyber incidents to RBI within two to six hours of occurrence of such incidents. These incidents are analysed for the pattern of attack and the vulnerabilities exploited, and where needed, advisories/alerts are issued to the banks so as to avoid repeat attacks/exploitation of the same vulnerabilities,: the Minister informed the House.
The corrective steps taken by the Government to prevent fraud and cheating through online transactions
1) A comprehensive circular on Cyber Security Framework in Banks was issued by RBI on 2.6.2016, wherein banks were advised to put in place a board-approved cyber-security policy elucidating the strategy containing an appropriate approach to combat cyber threats given the level of complexity of business and acceptable levels of risk.
2) Guidelines on Cyber Security Controls for third party ATM Switch Application Service Providers (ASPs) have been issued by RBI on 31.12.2019.
3) Master Directions on Digital Payment Security Controls have been issued by RBI on 18.2.2021, wherein banks have been advised to put in place necessary controls to protect the confidentiality and integrity of customer data, and processes associated with the digital product/services offered.
4) A National Cyber Crime Reporting Portal has been launched by the Ministry of Home Affairs to enable public to report incidents pertaining to all types of cybercrimes, and a toll-free number has also been operationalised to get assistance in lodging online complaints.
5) For immediate reporting of financial frauds and to stop siphoning-off of funds by the fraudsters, Financial Cyber Fraud Reporting and Management System module has been made operational by the Indian Cyber Crime Coordination Centre (I4C), working under the Ministry of Home Affairs.
6) The Indian Computer Emergency Response Team (CERT-IN) under the Ministry of Electronics and Information Technology issues alerts and advisories regarding latest cyber threats and countermeasures on regular basis to ensure safe usage of digital technologies, and is working in coordination with service providers, regulators and LEAs to track and disable phishing websites and facilitate investigation of fraudulent activities.
A number of steps have been taken to enhance security of digital payment transactions
- conversion of magnetic strip card to EMV chip and PIN cards;
- mandating enablement of online alerts for all transactions;
- certification of merchant terminals;
- mandating PIN entry for all ATM transactions
- enabling all ATMs for processing EMV chip and PIN cards;
- restricting international usage by default and enablement of the same only after specific mandate from the customer;
- Capping the value/mode of transactions/beneficiaries;
- setting daily limits; and
- issuing alerts upon addition of beneficiaries.
