Cybercrime transcends all boundaries, ignoring age, qualification, and status, impacting the poorest and the wealthiest alike. The insidious reach of cybercrime has escalated to such an extent that it can dominate an individual's psyche. This proliferation of cybercriminal activities is occurring at an unprecedented rate, yet cybersecurity in India remains grossly under-prioritized. The lure of short-term loans available with a click often leads to people being defrauded of their hard-earned money. Cyber illiteracy among citizens is exploited by criminals, and victims of cybercrime frequently face not only indifference but a complete lack of support from police and bank officials due to their lackadaisical approach. This neglect devastates victims' confidence, leaving them convinced that their money has vanished into an irretrievable abyss.
Law enforcement have remained completely recalcitrant in pursuing cybercrime investigations with the requisite urgency, diligence and sincerity. One major issue is the lack of adequate training amongst police officers in handling digital evidence and understanding the complexities of cybercrimes. Many officers do not possess the necessary technical skills or knowledge to conduct thorough investigations in the digital realm. Additionally, there exists a conservative mindset and perception that cybercrimes are difficult to investigate and the chances of recovering stolen money or assets are minimal, leading to a pessimistic outlook towards cybercrimes.
In addressing the pervasive issue of cyber fraud, it is alarming that victims frequently encounter explanations from authorities suggesting that criminals operate with impunity from remote or volatile regions of the country, where law enforcement is reluctant to intervene. This trend highlights a concerning vulnerability: even funds deposited in banks are not immune to exploitation, disproportionately affecting the economically disadvantaged. There is a pressing question of accountability in cases where funds are fraudulently siphoned from accounts and remain unrecovered. The prevailing advice for customers to enhance their vigilance overlooks the reality that many lack the education and sophistication to identify sophisticated cyber schemes, leaving them susceptible to exploitation by cunning fraudsters who capitalize on their trust. Responsibility must be clearly assigned, as this epidemic is hollowing out our nation while exacerbating poverty among the disadvantaged. Mere acknowledgment of cyber fraud without accountability falls short; attributing blame solely to victims' lack of vigilance overlooks the reality. A significant portion of our population lacks education and awareness, making them easy prey for cunning cyber criminals who exploit their trust and knowledge gaps.
THE EXISTING MECHANISM FOR REPORTING & INVESTIGATING CYBER CRIME IS INADEQUATE TO ADDRESS THE RAPIDLY EVOLVING NATURE OF CYBER SCAMS
The current framework for handling cybercrime falls short in addressing the rapidly mutating and evolving nature of cyber scams. A critical issue lies in the failure to promptly register First Information Reports (“FIRs”) for cognizable cybercrimes, which blatantly violates the guidelines set by the Hon’ble Apex Court in the case of Lalita Kumari vs. State of U.P. (2014) 2 SCC 1. Police officers, despite being well aware of the urgent nature of such offenses, often neglect to initiate cyber fraud cases, and getting an FIR lodged in such a case still remains a daunting and an uphill task for the victims.
Another pressing issue arises when individuals or complainants approach police stations seeking legal action for cybercrimes. Instead of promptly invoking provisions under the Information Technology Act, 2000 (“IT Act”), police routinely limit themselves to registering FIRs solely under the Indian Penal Code, 1860. This neglectful approach not only squanders public funds allocated for specialized cyber cell police stations but also deprives aggrieved persons of the remedies intended under the IT Act. Time sensitivity is paramount in investigating cybercrimes under the IT Act due to the rapid and global dissemination of information in the cyber realm. The IT Act was enacted by Parliament precisely to address these challenges, however, the persistent failure of police officials to implement its provisions in earnest undermines its purpose and effectiveness.
In the current landscape of escalating cyber threats, the efficacy of our cyber cells remains alarmingly inadequate in disseminating crucial awareness on prevailing cybercrimes. Instances where individuals, coerced or misled, unwittingly transfer funds underline the urgent need for immediate intervention mechanisms. Without a robust digital policing infrastructure, the swift interception and blocking of such transactions become untenable, allowing ill-gotten funds to swiftly traverse international borders, evading rightful retrieval. The exigency for a reformed policing paradigm cannot be overstated; law enforcement officers must adeptly navigate the complexities of modern computing to effectively counteract these evolving challenges.
It goes without saying that cyber law is a burgeoning domain, and investigators often lack the necessary expertise and educational credentials to effectively combat cybercrimes. It is deeply unsettling and alarming that individuals are frequently misled, enticed, and defrauded by perpetrators leveraging digital technologies and electronic devices, falling squarely within the realm of cybercrime. Furthermore, there is a glaring deficiency in adequately trained personnel and experts within Cyber Police Stations to effectively mitigate these issues.
This starkly highlights the pressing need for expertise within Cyber Police Stations to mitigate these pervasive issues. The Hon’ble High Court of Calcutta has underscored the critical necessity for comprehensive training and familiarization of the police force in the intricate processes of collecting, receiving, storing, analysing, and producing electronic evidence. The Hon’ble Court has emphasized the inherent susceptibility of electronic evidence to tampering and alteration, necessitating sensitive handling to maintain its integrity. A breach in the chain of custody or improper preservation of such evidence compromises its reliability in judicial proceedings. The Hon’ble Court issued directives to ensure the fair, impartial, and effective investigation of cybercrimes which include mandatory training for police officers in handling electronic evidence, the involvement of only trained officers in such investigations, the establishment of cyber cells in every district, the formulation of a standard operating procedure by the Director General of Police, and the creation of specialized forensic units to facilitate the examination and analysis of electronic evidence.
In cases involving the use of mobile phones for cybercrime, the foremost action for police officers should be to secure the device to prevent tampering or deletion of data. It is imperative for the police to promptly develop a comprehensive practice guide for handling digital evidence, crucial for effectively combating cybercrime. The perpetrators of cybercrime maintain a significant advantage over law enforcement, necessitating urgent measures to train officers for successful prosecution of offenders.
Cybercrime investigations present unique challenges due to the speed at which cyber criminals can operate and move funds. Time is of the essence when it comes to tracking and recovering stolen assets, and one of the most critical steps is freezing the bank accounts involved in the transactions. However, legal and procedural loopholes often hinder this process, resulting in significant delays and, ultimately, the loss of victims' funds.
Under the Code of Criminal Procedure (“CrPC”), the power to freeze bank accounts does not lie within Section 91, which is commonly invoked by police during investigations. Section 91 CrPC pertains to the power to summon documents or other things, which does not extend to freezing bank accounts. Instead, this power is explicitly provided under Section 102 CrPC.
Section 102 CrPC relates to power of police officer to seize certain property. This includes bank accounts that may have received funds derived from criminal activities. According to Section 102(3), once an account is frozen, the police are required to inform the concerned jurisdictional magistrate without delay. Despite the clear provisions under Section 102 CrPC, police often do not follow the necessary procedures to timely freeze bank accounts during cybercrime investigations. There are several reasons for this gap between law and practice, such as lack of awareness and training, bureaucratic hurdles of informing the jurisdictional magistrate and obtaining specific directions, inadequate resources, impeding the ability to quickly trace and freeze multiple accounts, lack of coordination, etc.
The failure to promptly freeze bank accounts has severe consequences for victims of cybercrime. As cyber criminals can quickly transfer and withdraw funds, any delay allows them to move the money beyond the reach of law enforcement. This not only results in financial losses for the victims but also emboldens criminals, knowing that procedural loopholes can work in their favour.
Further, banks must recognize the advanced nature of cybercrime and the sophisticated methods used by hackers. They have a duty to implement robust security measures to protect their customers' information and transactions. In the case of HDFC Bank Limited v. Jesna Jose, the NCDRC unequivocally ruled that banks cannot simply disavow responsibility by alleging card theft or customer negligence. Jesna Jose, the complainant, asserted that her credit card was with her when fraudulent transactions occurred remotely. This raised concerns about potential hacking or system vulnerabilities rather than mere theft. The bank's defense of negligence or theft lacked substantiation, highlighting the evolving complexities of digital transactions where conclusive evidence of theft is crucial. When security breaches occur, it is not enough for banks to blame customers; they must take proactive steps to identify and rectify vulnerabilities in their systems. By doing so, they not only protect their customers but also uphold their reputation and the integrity of the financial system.
DIGITAL MISSTEPS: HOW CYBERCRIME INVERTIGATIONS ENTANGLE THE INNOCENT
The Unified Payment Interface (“UPI”) has revolutionized financial transactions in India, offering a seamless and secure way for millions to transfer money. Its rapid adoption has made it one of the fastest-growing payment systems globally. However, this digital marvel has also become a double-edged sword, particularly when it comes to cybercrime.
A significant issue arises when the true perpetrators of cybercrimes cleverly transfer illicit funds into the accounts of unsuspecting individuals. These account holders, completely unaware of the malicious transactions, suddenly find themselves ensnared in a web of legal and financial turmoil. Their accounts are frozen, leaving them stranded between the devil and the deep sea. Not only do they face substantial business losses, but their reputations also suffer irreparable damage, all because someone they have never met, possibly sitting in a distant part of India or even abroad, has misused the UPI platform.
Consider the scenario of an ordinary citizen utilizing UPI for routine transactions, such as dining at a restaurant or making small retail purchases. Unbeknownst to them, their account becomes flagged in a police investigation due to the receipt of funds from a fraudulent source. Consequently, their account is frozen, crippling their business operations and disrupting their daily life. The confidence they once had in the UPI system, celebrated for its ease and security, is profoundly shaken. This was starkly highlighted in the case of Dr. Sajeer vs. RBI wherein the Hon’ble Kerela High Court directed the banks to limit account freezes strictly to the amounts specified in police orders. It directed to strike a balance between the need for thorough investigations with the rights of innocent account holders, allowing them to access their funds beyond the disputed amounts.
The predicament of these individuals underscores a critical flaw in current cybercrime investigation practices: the difficulty in pinpointing the actual perpetrators. Too often, innocent people are caught in the crossfire, their lives upended by the very systems designed to protect them. This calls for a more nuanced approach to cybercrime investigations, one that ensures justice without compromising the livelihoods of the innocent.
CONCLUSION: ENHANCING SECURITY MEASURES TO COMBAT CYBERCRIME
The pervasive threat of cybercrime has profoundly influenced societal behavior, causing individuals to hesitate in engaging with unfamiliar communications, whether through phone calls or digital transactions. This cautious approach stems from a justified fear of falling victim to cyber fraud, highlighting the delicate balance between embracing technological advancements and safeguarding personal security.
In response to these challenges, there has been a growing focus on regulating the acquisition of prepaid SIM cards. Currently, individuals and organizations can obtain multiple prepaid SIM cards with minimal oversight, despite the Aadhar Card's exclusive link to a single SIM card for OTP generation. This loophole not only facilitates potential misuse but also complicates efforts to trace and hold accountable those involved in cybercrimes. By mandating rigorous verification processes tied to Aadhar Cards or passports for foreign nationals and promoting postpaid alternatives for businesses and organizations, authorities can establish a more secure telecommunications environment. The Hon’ble High Court of Punjab & Haryana observed that restricting the possession of multiple prepaid SIM cards would not violate any fundamental or statutory rights, as individuals still have the choice to obtain verified postpaid SIM cards and landlines from authorized providers. Limiting prepaid SIM cards to one per person is expected to reduce cybercrime significantly. Therefore, if the Ministry of Telecommunication were to implement such a measure, it could effectively decrease cybercrime incidents, thereby preventing financial fraud and protecting individuals from exploitation. Additionally, the Hon’ble Court also suggested addressing the issue of call routing through international networks and the internet by proactively default blocking incoming calls with international country codes, allowing subscribers to opt in to receive relevant calls based on their geographical location.
While technological advancements drive societal progress, safeguarding against cyber threats necessitates pragmatic regulatory frameworks. Restricting prepaid SIM cards represents a crucial step toward mitigating cybercrime, bolstering consumer confidence, and protecting digital economies from exploitation. Through collaborative efforts among regulatory bodies, telecommunications providers, and the public, substantial strides can be taken to create a secure digital landscape for all stakeholders.
Kommentare