“Hello sir, I am Sumit Jain, calling from the ATM head office of State Bank of India, Hyderabad. Your ATM-cum-debit card has been blocked because of non-compliance of KYC. If you want to activate it, please tell me the four-digit number which will be sent to you just now through SMS.”
“But how do I know you are a genuine SBI staff?”
“Sir, I am reading out the ATM number. Please verify and confirm.”
The caller then reads out the ATM card number, which is correct. The receiver’s trust is won. He receives a four-digit number via SMS. When the caller rings again, the receiver discloses the code to him.
And then, to his dismay, the receiver gets an SMS alert that Rs 10,000 has been deducted from his account.
Welcome to the age of “online” fraudulent transactions that have become a nightmare for account holders, both in private as well as PSU banks. There has been an alarming rise in such incidents, with the victims losing out money in the range of Rs 5,000 to Rs 1 lakh, or even more. And worse, neither the bank nor the state machinery is able to curb this menace.
People across the country have had such experiences. Savita Verma (name changed) from Jamshedpur said: “I received a call on my mobile phone saying that my SBI card would be blocked if I did not spell out some details of the card. The caller said he was a State Bank of India (SBI) manager. I, in haste, cooperated with the caller and shared the card number, expiry date and the CVV number. Just after 10 minutes I received four messages saying that money had been debited from my account. The total amount debited was Rs 14,000. When I rushed to an SBI branch about it, I was told the money had been paid to mobikwik.com and payumoney.com.”
Ramesh Singh (name changed), a resident of Ghaziabad, lost Rs 4,999 recently. “I immediately informed the bank and the Indirapuram police station. Despite knowing the details of the caller, the police failed to take any action against him. The bank (SBI) has also not done anything in the case. I suspect that there is connivance of the bank staff, otherwise how would the caller know about my ATM card details and its PIN, which is a pre-requisite for any online transaction. I have been running from pillar to post, writing to the SBI chairman and to the Prime Minister,” he said.
“We are getting such complaints frequently,” said Jagat Singh, the manager at SBI’s Vasundhara branch. “In many cases, the amount ranges between Rs 50,000 and Rs 1 lakh. Though we constantly alert our customers not to share their PIN or any other information, they often fall prey to impostors. The fraudsters engage the victims in such a way that the customer begins to trust him,” he added.
According to data revealed by Union Telecom and IT Minister Ravi Shankar Prasad, as many as 37,721 cyber fraud cases involving Rs 497 crore were reported by the Reserve Bank of India and the CBI between April 2011 and December 2014. Many other cases may have gone unreported, as the victims assume it was their fault, said a lawyer. “They think it was because of their foolishness that they shared the information and lost their money. But that happens when the amount involved is small. Even when such cases are reported, the victim does not get relief. The conviction rate is poor and banks do not take up the matter from their own level,” the lawyer said.
This correspondent visited the Cybercrime Cell of Noida police only to discover hundreds of files piling up. “We are getting such complaints almost every day. In one such case, the victim lost Rs 96,000 in one fraudulent transaction. We try to crack the case but there are several handicaps. Almost all the victims are well to-do, educated persons,” said an officer.
The officer also said that many such calls have been traced to places like Darbhanga, Madhubani (Bihar), Sahebganj, Pakur, Jamtara, Dumka (Jharkhand), Balia and Gorakhpur (UP). “We get details of the caller but the state police fails to act on our tip-off and the fraudster goes scot free,” he said. Clearly, there is a lack of coordination among the state police forces.
A senior officer, who has worked with the Economic Offences Wing of the Delhi police, said that there was an alarming increase in such incidents and yet there were very few cybercrime cells across the country. “Existing cells are not advanced in terms of technology and appropriate tools to search for digital evidence. The same daroga and sipahi, who deal with other crimes like theft, loot and murder, are employed to deal with such cases. There is an acute shortage of expert professionals. The techniques of committing cybercrime are constantly innovating and thus there is a need to have trained people to combat the menace. If this is not done, people will start losing trust in net-banking and ATM/debit card transactions and even the government’s Digital India will not take off,” he said.
Noted cybercrime expert Pawan Duggal said: “There is no adequate legal framework to prevent such crime. Also there is a lack of awareness. People are gullible. They easily share information. They need to be sensitised to prevent such cases.”
“In India, cybercrime invites a maximum of three years of imprisonment but the conviction rate is very low. The legal framework needs to be strengthened so that there is harsher punishment for fraudsters. Moreover, banks are also not forthcoming in reporting such cases. It should be made mandatory for the banks to report them and penalty should be imposed if they fail to do so,” said Duggal.