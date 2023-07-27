The committee noted that in the existing regulatory landscape for cyber security, multiple agencies and bodies are involved with distinct role and responsibilities and no central authority is solely dedicated to cyber security. The committee has flagged the rising number of cybercrimes resulting in financial frauds as a major cause of concern.

The Parliamentary Standing Committee on Finance has pitched for the need for a centralized authority Cyber Protection Authority (CPA) in ensuring cyber security, particularly for the financial services ecosystem. This has been done while stressing on need on need to curb mushrooming cybercrimes and address the challenges imposed by generative artificial intelligence (AI), chatbots and quantum computing.

In the existing regulatory landscape for cyber security, multiple agencies and bodies are involved with distinct role and responsibilities and no central authority is solely dedicated to cyber security, the committee noted. The committee has recommended formation of a centralized overarching regulatory authority which shall be responsible to safeguard India’s IT infrastructure and networks from cyber threats.

The report titled ‘Cyber Security and Rising Incidence of Cyber/White Collar Crimes’ was tabled in Lok Sabha on Thursday. The committee has flagged the rising number of cybercrimes resulting in financial frauds as a major cause of concern while stating that the volume of financial crimes which were being reported in 2020-2021 was 2.62 lakh has gone up to 6.94 lakh in 2022.

The Department of Revenue while sharing inputs, flagged four major trends in cybercrimes — use of crypto for money laundering and terror financing, use of mule accounts with false addresses, use of international online betting sites for money laundering and lending apps and apps used for investments.

“The number of frauds reported to ATMs and other frauds were about 10.80 lakh and value was Rs 1,119 crore in 2021 and the same rose up to 17.60 lakh in 2022 and amount involved is Rs 2,113 crore,” said the committee report quoting the revenue department.

The committee also highlighted the figures of fraudulent transactions that were shared by the Reserve Bank of India.

The committee said, “We have around 38 crore transactions happening every day in our payment system and UPI is the main system that accounts for almost 76 percent of the transactions. There is one fraud on 60,000 transactions but in case of UPI, there is one fraud for 1.15 lakh transactions."

Digital Lending App (DLA) frauds, a talking point few months bank because of their conning nature and fraudulent activities found its mention in the committee’s report.

“Ministry of Home Affairs in their post evidence replies, furnished that DLA frauds for year 2022 are 26,844 and for year 2023 are 9,926. There is a need on parts of banks and financial institutions to plug the gaps in their KYC mechanism and confirm to prescribe fraud prevention” the report said.

The committee recommended a few measures to control the threat of DLA frauds in the report, “There are increasing instances of illegal loan apps offering loans, micro credits especially to low-income groups at high interest rates and predatory recovery practices. The committee recommends establishment of a whitelisting framework by the Cyber Protection Authority (CPA) for DLAs and other financial intermediaries. While implementing the whitelisting framework, DLAs would undergo an evaluation process to ensure compliance with regulation and weed out fraudulent DLAs from the market.”

The parliamentary committee’s apprehension on rising cybercrimes can also be reflected from the figures provided by the cybersecurity company Sonicwall, on the basis of a study conducted by it.

The company stated that India has witnessed 133 percent increase in ransomware and 311 percent surge in Internet of Things (IoT) attacks. 2023 Mid-Year SonicWall Cyber Threat Report also adds that intrusion attempts climb 21 percent, with a record surge of 399 percent in cryptojacking volume.

SonicWall discovered 1,72,146 ‘never-before-seen’ malware variants. The study reveals that IoT malware and encrypted threats have also increased by 37 and 22 percent, respectively. While, malware and cryptojacking attacks %) have reduced in India by 7 and 73 percent, respectively.

Cybercrimes YTD 2022 YTD 2023 YOY% Malware attacks - India 197,864,854 184,023,700 -7% Intrusion attempts - India 106,723,935,479 135,003,373,009 26% Ransomware Attacks - India 1,071,767 2,496,584 133% IoT Attacks – India 4,726,930 19,422,921 311% Cryptojacking Attacks - India 3,961,776 1,064,724 -73%

Source: sonicwall

“There have been challenges in exerting sufficient control over third-party service providers including Big Tech and Telecom companies on cyber security matters. Downtime in critical payment systems is able to disrupt customer services which is not currently regulated. During the committee hearings, RBI provided evidence that Big Tech companies have refused to make various modifications to their mobile operating systems to make the OTP based two factor authentication protocol even more secure,” the report said.

“Such invaluable input from key regulators should not be disregarded by Big Tech Companies. The committee has recommended that there should be a mandate on app stores such as Apple’s App Store or Google Play Store to adhere to specific guidelines and standards. As there is no clear process to either whitelist or blacklist apps, the committee recommends the establishment of a Central Negative Registry which shall consolidate the information on fraudsters’ accounts,” the report added.

The report also highlighted the anomaly in the financial transaction system where customers are not receiving SMS notifications during transactions. The committee recommended the need for a robust SMS notification system that should be put into place by service providers.