Flipkart Success invites jealous backlash

Just at a time when Prime Minister Mr Modi is speaking of Digital India and promotion of E Commerce, vested interests have raised their ugly head in attacking the E Commerce industry.

Just as the success of Amazon as a book retailer shook up the industry more than 15 years ago, the Big Billion day sale of October 6th, successfully conducted by Flipkart  has shaken up the Brick and Mortar Retail industry. The sale is reported to have achieved a massive Rs 600 crore sale in just 10 hours. No doubt there were issues of early sell out of discounted products and disappointment to many. But at the end of the day, Flipkart managed to create a record breaking sale.

Initial objections came from physical society retailers who felt that their right to fleece the consumers was usurped by this new entrant. Objections were raised on the heavy discounts offered.

While it is natural for business competitors to raise objection, the news that the Enforcement Directorate has started an enquiry raises doubts whether the distraught retailers have used their dirty influence on the system to harass the online retailer.

In the past there have been instances of heavy discounts on Diwali or New Year sales by offline retailers. There have been massive rush and law and order problems in some such sales. At that time  there does not seem to have been any action by ED. It is surprising that regulators are now seeing some foreign exchange violation and possible violation of  multi-brand retailing regulation etc.

It is possible that ED may fish out some irregularity and justify their stand in due course. But the damage they will do and what they might have already done to E Business in India is enormous. Now Snapdeal in which Tatas have an interest as well as Amazon and others will have to re think on the future strategies of E Marketing in India.

I hope Mrs  Mrs Nirmala Seetharaman and Mr Modi will look into the issue and nip this motivated action of offline retailers in the bud.

Naavi

Share Button
Print Friendly

Will Axis Bank Explain?

Naavi.org recently was informed of a bizarre instance involving Axis bank and ATM transactions. This incident is a matter of serious concern to all Axis Bank customers and hence we would like to bring this to the notice of all including Reserve Bank of India.

I am reproducing verbatim a comment posted by one Mr Sharad Updhyay about his experience in an ATM in Gurgaon for one of our earlier articles titled “Axis Bank ATM license should be cancelled by RBI

“Recently I tried withdrawing Rs. 2000 using my IDBI Debit card from an AXIS BANK ATM based at Sahara Mall, Gurgaon. The ATM asked me if I want a receipt for the transaction. I opted yes, the transaction was automatically aborted. Wondering what happened to the ATM, I tried again and again (with option “Yes” for transaction receipt) – a total of 5 times, but encountered the same problem everytime.

Meanwhile I noticed that another person who opted “No” for printed receipt was able to withdraw money from the same machine. I followed him – went ahead for withdrawal without transaction receipt, and this time machine dispensed the desired amount i.e. Rs. 2000.

Next day I noticed that my IDBI account was debited twice: first for a sum of Rs. 10000, and once again for Rs. 2000 (which I actually withdrew there). I was wondering what made the ATM cause a debit of Rs. 10000 in a single go – while I never entered this amount at ATM console.

I raised an official complaint with my bank (IDBI), and they escalated the case on my behalf with Axis Bank, however, Axis Bank rejected my claim – stating that their ATM balancing reports, switch files, and other transaction logs show that Rs. 10000 transaction was carried out successfully, and they do not owe me anything.

At this stage my bank i.e. IDBI has been helpless, and I’m just wondering whom to report this fraudster in order to get my money back. It appears that something fishy is going on there in Axis Bank ATMs with help of CMS (the agency which replenishes cash in ATMs) and the Axis Bank staff itself. How is it possible that there was no surplus sum recovered from ATM for my failed transactions, and how is it possible that an ATM automatically converts 5 subsequent transactions of Rs. 2000 each in to a single transaction of Rs. 10000?

Please let me know what can be done in this case, and how can I get my money back. Also, isn’t there any authority to punish the bank owning such malicious ATMs and ripping off the customers like this?”

First comment I would like to make on this incident is that there is apparent fraudulent mis-management by Axis Bank. It is clear that the ATM has been deliberately tweaked to ensure that fraudulent transactions donot come to the notice of the customer when he is withdrawing the amount.

The responsibility for this fraud lies squarely on the management of Axis Bank all the way up to the Chair person.

The reported incident is a report of possible hacking of a critical computer resource belonging to the Banking system. It represents a cognizable offence under ITA 2008. Mumbai police who closely monitor even facebook “likes”  and go the extent of arresting persons, must be considered as being aware of the occurrence of this crime. They should therefore take suomotu action and register a Cyber  Crime under Section 66 of ITA 2008 making unknown Axis Bank employees as suspects. It should also investigate “Negligence” from Axis bank ATM division and the Chair person for not taking adequate information security measures to protect the ATM transactions.

The Reserve Bank of India at the same time initiate its own investigation and take penal action against the officials of the Bank.

Now coming back to the customer and what he can do.

1. Normally  money fraudulently debited to the account should have been reversed immediately on filing of a complaint with the Bank.

2. IDBI Bank cannot absolve itself of its responsibility since they have used Axis Bank as it’s agent and hence they are responsible for their client’s loss.

3. Customer need not go to the Banking Ombudsman since that is a sham run by RBI and most Ombudsman are biased in favour of the banks and simply reject the claim with a further proviso that you cannot appeal to RBI.

RBI is aware that the scheme is a sham and yet has not shown any interest in correcting the same. This is not a reflection on the Banking Ombudsman in Mumbai but a general reflection on the scheme and how it is run.

 If possible I advise the customer to personally meet Mr Raghuraman Rajan, the Governor of RBI and check why he is not considering himself responsible for running a secure banking system.

 4.The customer is fortunate to be in Mumbai where the IT Secretary is one Mr Rajesh Aggarwal. He is also the “Adjudicator” under ITA 2008. For any financial loss arising due to contravention of any of the provisions of ITA 2008, in Mumbai, he is the sole authority having judicial powers to conduct an enquiry and award a compensation.

I advise the customer to make an adjudication complaint to him immediately. If he remains in office for some more time, he will definitely give him justice.

However, since Maharashtra is likely to have a change of Government soon and it is customary to shuffle secretaries if a new Government comes, it is possible that this great officer who is upholding justice under ITA 2008 like no other IT Secretary in India may be shifted out.  Hence the customer should at least get his complaint registered before any such change occurs.

5. It would also be better if a complaint is filed with the commissioner of Police, Mumbai against the officials of IDBI Bank and Axis Bank  for running a fraudulent ATM system and causing loss to you. The customer should not fall into the trap of filing the complaint against the unknown fraudster who might have drawn the money. That person will never be traced since IDBI bank is unlikely to have maintained the CCTV footage or other evidence that may be required for this purpose. Police and Banks will try to hold that only that unknown person is responsible and no body in the Bank is responsible. This is a way of driving the complaint to a dead end. For the customer it is always a transaction with the Bank and hence should hold the Bank alone responsible.

The Police complaint should also mention that RBI has been negligent in enforcing ATM security and is also responsible for pushing customers to such frauds.

If necessary, the customer may take the assistance of a Consumer activist to pursue the complaint.

It may appear that  the money lost may not be substantial and hence may not be worthy of the trouble of complaining. It is this attitude of most of us that emboldens criminals to resort to this type of small ticket frauds which we refer to as “Salami” attacks. It is our duty to bring this to public knowledge and wake up regulators like RBI to remind them of their responsibilities.

In the meantime, I demand that Axis Bank makes an official statement about this incident.

Naavi

Share Button
Print Friendly

New Version of Android Virus hits India

It is reported that a new version of the Android virus “selfmite” has appeared in the wild. The virus sends SMS messages to all the contacts with a hyper link which if clicked will install a malicious app.

Details are available here

It appears that the virus uses shortened URL service of GoDaddy and can be re configured remotely to change the URL.

At present the virus can spread only through the clicking of the URL in an SMS.  The users should therefore be vary of clicking on any URL even if it is part of an SMS from a friend.

The threat hurts the use of a mobile for browsing internet and can seriously affect the plans unveiled recently by Face Book founder to make certain basic internet services free from the face book applications.

Industry should ensure that mobile anti virus systems are strengthened to prevent such viruses.

Naavi

Share Button
Print Friendly

Concurrent Civil and Criminal Cases

Recently, I came across an article on the web discussing how a criminal conviction or trial proceedings can produce evidence for a civil compensation. (Related Article). This was regarding a proceeding in Canada. The points raised here appeared to be relevant in India in Cyber Crime cases and hence the following comments can be made.

In many of the Cyber Crime Cases we come across a Civil and Criminal dispute being tried in different fora simultaneously. For example, the Police may pursue a bank fraud case while the victim may invoke Adjudication under ITA 2008.

Normally, a criminal case takes a longer time and a stronger evidence (Beyond Reasonable Doubt) to result in conviction. But a civil proceeding under the special provisions of adjudication and Cyber Appellate Tribunal (CAT) can be completed much quicker. Also these judicial process in adjudication being of the enquiry commission type, it is more victim friendly.

Though victim compensation can also be provided by a criminal court, traditionally the criminal courts in India are reluctant to go deep into evaluation of financial compensation which may involve opportunity loss or gain, interest and litigation expenses etc. (There could be exceptions such as the recent prevention of corruption case of J Jayalalitha where the session’s judge did take the trouble to make proper estimate of the wrongful gain the accused might have made). Also the criminal cases are pursued by the state and the public prosecutors and the victim’s interest may not always be a priority.

Hence where a civil remedy is separately available, the victim   always prefers to explore such alternate remedies. This is mostly true in Cyber Crime cases.

It may be recalled that in the land mark Umashankar Vs ICICI Bank adjudication case, the adjudicator’s verdict was that the Bank was liable for paying compensation to the victim for the fraudulent loss suffered by him. At the same time Tamil Nadu police was (and is) pursuing the criminal case against the identified ultimate fraudster. An issue was raised by the undersigned with the Tamil Nadu police that it should pursue the case of criminal negligence and complicity by ICICI Bank and its officials in the light of the positive findings of the Adjudicator.

However, TN police hesitated and did not proceeded even to conduct a proper enquiry and take up investigation against any of the officials of the Bank.

At least in future, Police should take advantage of the availability of an earlier civil compensation verdict where it is relevant.

Of course this argument would not apply to Karnataka where the IT Secretary acting as an adjudicator has actually jeopardized the system of criminal justice also by holding in effect that Section 66 of ITA 2000/8 cannot be invoked by a Corporate victim nor any person can invoke Section 66 on a Company. This can also extend to many other sections of ITA 2000/8 and make the act completely redundant in the State.

Unfortunately in the absence of an operating CAT, the decision of the Adjudicator remains a precedent since more than 2 years. It is disappointing that the judicial authorities such as the Karnataka High Court and the Administrative bodies such as the Government have not yet observed the highly undesirable criminal justice system that is now prevailing in Karnataka in the domain of Cyber Crimes on account of this decision. As otherwise they would have taken proactive steps to correct the same.

Karnataka Government now has on its hands the opinion of the Law department as well as the Cyber Crime Police that the subject decision of the Adjudicator is not correct but is yet to take a proactive action to correct the situation. Mr Siddaramaiah the honourable Chief Minister of the State is himself a law graduate and can personally appreciate the correctness or otherwise of the decision without any expert opinion but unfortunately the matter has not yet come to his attention.

The Karnataka Judiciary which covered itself with glory in the J Jayalalitha case would do well to bestow its attention on what Naavi.org has been stating time and again that in the absence of a corrective action, the said decision  has renedered Karnataka a “Cyber Crime Haven”.

Let this Diwali shed light on the situation and some positive action by the Karnataka Government and or Karnataka High Court.

(Details of the Adjudication Decision referred to here is available in several earlier discussions in this site: Plight of Cyber Crime Victims in Karnataka:: Will the CM of Karnataka respond?)

Naavi

 

Share Button
Print Friendly

Union Law Ministry remembers Cyber Appellate Tribunal

Today’s Indian Express surprisingly carried an article titled “Crash Course in Cyber Laws for Tech-Savvy Judiciary” in which the forgotten institution called “Cyber Appellate Tribunal” was remembered. The article speaks of the growing Cyber Crime risks in the country and the need to train the Judges. It indicates that the Union Law Ministry is contemplating training programs across the Country through Judicial Academies to increase awareness of Cyber Laws.

The undersigned is already involved in such programs and would welcome the move of the ministry to expand this further.

What may be noted is that so far it was the Ministry of Communications and Information Technology which was addressing the needs of Cyber Laws and the Law Ministry was not in the picture. Now that the same Minister heads both the ministries, it appears that the controls are getting passed to the Law Ministry either completely or partially.

The article made a passing mention Cyber Appellate Tribunal (CAT) acknowledging that it has remained dysfunctional for some time now. The undersigned has been on a relentless mission to get the Cyber Appellate Tribunal re-activated and has been sending representations to all the concerned executives. Even yesterday, a detailed representation has been sent to the Chief Justice of India with the hope that action would be taken up to appoint the Chair person for CAT. It is good that this article has drawn attention to the existence of this non functioning office.

It must be also mentioned that the earlier representations of the undersigned as well as the one sent yesterday have all been also referred to the Minister of Communications and IT as well as the Prime Minister and others. But so far there has been no positive response.

The Narendra Modi Government which has indicated a big push to E Governance has also failed to respond to E Mails and messages sent through PMO India website indicating that the Government is still far from being ready for E-Governance. The representation of yesterday has therefore been sent by the good old “Snail Mail” and I hope it will reach the desk of the relevant Ministers and elicit a response.

In the light of such lack of response to E Mail communications, from the Government, it was surprising that some body from the Government was speaking of Cyber Laws and need for training of the Judiciary.

I hope the winds of change will now begin to appear and congratulate the Law Ministry for taking the lead when the IT Ministry has abdicated its responsibility.

Naavi

Share Button
Print Friendly

I call for an “All India Cyber Law Awareness Movement”

In another regrettable incident, a talented young person from Patna who was earlier praised by none other than Dr Abdul Kalam for his technical skills has been arrested now for a criminal activity.

The 25 year old tech genius by name Shivendu Madhav from Bihar had reportedly earlier developed and demonstrated a search engine like Google to Dr Kalam in one of the exhibitions and   received accolades. He had also sold one of his technical blogs to an US professor for Rs 4.5 lakhs. He was therefore neither short of money nor recognition and future career prospects. Yet he decided to use his talents to develop a fake railway recruitment portal www.rrbbpl.org and duped lakhs of jobless youths promising them jobs via RRB Bhopal.

Refer Article in TOI

The youth has since been arrested and some of his accomplices are now being traced. Law will take its course and probably this young genius will be punished. As a routine we can also congratulate the police team and appreciate their work.

However, as information security professionals we need to sit back and reflect why such things happen. I am reminded of an earlier case where a youth was arrested in Bangalore for ATM frauds and it was found that he had a very lucrative employment. It appears that the traditional behavioral science theories are being over turned in the current generation where “Negative Motivation” influenced by unrealistic material expectations in the society over ride the traditional motivators such as “Security”, “Reasonable Money” and “Recognition”. People seem to be greedy for more and more money and are willing to risk their future for immediate gains.

This indicates

a) Lack of Ethical training in our IT education.

b) Lack of fear of the law.

I therefore call upon the Ministry of Information Technology to initiate an all India program of ” Creating an Ethical IT Work Force” as a part of the Cyber Security initiative. Such a program requires Cyber Law Education and  Awareness of the consequences of violation of Cyber Laws right from the XI standard when Compute science knowledge gets imparted to our students. We may call this “Cyber Ethics Education”.

Mr Modi has embarked on a “Clean India” program in memory of Mahatma Gandhi from today. I suppose what Mr Ravi Shankar Prasad has to initiate is a “Cyber Law Compliant Mindset Development Program”.

As regular followers of this site are aware, the undersigned has been pursuing “Karnataka Cyber Law Awareness Movement” or “saibar kanUnu PrajnaaMdOLana” (ಸೈಬರ್ ಕಾನೂನು ಪ್ರಜ್ಞಾಂದೋಳನ) and done several programs across Karnataka in the last decade. During the days when Mr H.K.Patil was the law minister of the state under S.M.Krishna’s regime as CM, the undersigned had also discussed several such initiatives with the then Karnataka Government authorities. KLE Society of educational institutions had provided support for the initiative in a big way. But over the years the interest appears to have waned as agencies other than Naavi’s initiatives failed to sustain the movement and Naavi’s initiatives could not sustain on their own due to lack of resources.

In fact one of the activities that these initiatives highlighted was the celebration of October 17 as the “Digital Society Day” to commemorate the notification of ITA 2000. This year this could be a day which Mr Ravi Shankar Prasad should consider to promote some positive action in improving the Cyber Law Awareness in the country.   “Bangalore Cyber Security Summits” conducted in Bangalore during the days when Mr Ashok Manoli was the IT Secretary were also part of such an effort with the participation of the local Government. They need to be revived.

Unfortunately over the next few years the movement withered out and slowly Karnataka lost the momentum it had gained as a “Cyber Law Capital of India”.

The current incident reminds me once again that the concept of “Cyber law Awareness Movement” retains its relevance and needs to be pursued. IIIT Law (International Institute of Information Technology Law), a trust based in Bangalore, Cyber Society of India (CySi) in Chennai are two surviving institutions co-promoted by the undersigned in the past to address the work related to Cyber Law Awareness in the community. Of these CySi is active and doing some good work in Chennai. IIIT Law has lost steam and efforts are being made to pull it back on rails.

I call upon the Karnataka Government as well as well private educational institutions and other related bodies with necessary resources to take up the cause of rebuilding the Karnataka Cyber Law Awareness Movement and also extend it as an “All India Cyber Law Awareness Movement”  (AICLAM).

Such a movement of this type  is an essential part of “Cyber Security” which Mr Modi stressed during his UN General Assembly address recently and therefore meets the objectives set forth by the current Government at the center.

Will Mr Ravishankar Prasad, the IT Minister in Delhi and the PMO consider this?

Naavi

(I Invite suggestions from the public in this regard. Please also spread this message widely)

Share Button
Print Friendly