A Virtual Havala Center opens up in Bangalore. Are the Police …. RBI and Arun Jaitely aware?

Last week, there was a news report  that a Bitcoin ATM has become operational in Bangalore. It was hailed as “first of its kind” in the country and will have both a “Trading” and “Exchange” platform. The purpose of the ATM is to buy and sell Bitcoins against rupees.

The proposition is,

If you deposit Rs 5,26 463/- (rate prevailing on unocoin.com as of today) and additionally,  a transaction fee  of Rs 3686.90 and service tax Rs 663.64,  one Bitcoin would be credited to the digital account of the person.

On the other hand, if you surrender one Bitcoin from your digital BTC wallet, you would get Rs 4,33,016 in cash after again deducting the transaction fee and service charges.

The difference between the basic buying and selling rate  is Rs 93,447/- per bitcoin which is 21.58% is the jobber’s margin charged by Unocoin which is running the exchange.

The Company Unocoin also separately makes a profit of Rs 7373.80 as transaction fee. When Unocoin sells Bitcoins from its own stock, it makes the additional Rs 93447/- for itself.

If the seller of Bitcoin is a different person, then he sells and realizes Rs 4,33,016. The buyer pays Rs 526 463/-. One wonders where the balance goes. Will there be negotiations between the seller and buyer to arrive at a median price? Or will Unocoin offer to buy and sell simultaneously and pocket the difference?… are questions that need to be answered.

Since in most cases the Unocoin acts as a “jobber”, it will perhaps hold the sell order in it’s control until a “Buy” order emerges and then puts through the transactions crediting the difference to its own jobbing account. It may even use a separate digital wallet which could for all practical purposes be a dummy wallet to route the transaction. It is for this reason that the ATM is called both a trading and an exchange platform. If it is an exchange, then the transaction is between the buyer or seller with a jobber. If it is a trading platform then both the transaction should be between the buyer and seller directly.

The Kiosk also allows transactions in Ethereum crypto which is bought and sold at the rate of rs 21,343 and Rs 15,314 (Spread Rs 6029/- which is 39.36% of the base price).

It is a great business model for the Company and we must appreciate the innovative structuring of the business model to offload the Bitcoins that may be in stock with the Company before the Government really bans all transactions in Bitcoins.

Since RBI does not allow linking of Bitcoin exchanges to Bank accounts, both the buying and selling has to take place in Cash only.  Hence the ATM has to accept and dispense cash only and credit or debit the digital Bitcoin wallet with the Unocoin.

People who are aware of Foreign Exchange transactions and share transactions have heard of a spread of 0.5% to 3% and not 20% plus. But people who are aware of money laundering are aware of and prepared to pay upwards of 25% for converting black money to white money. The brokerage/jobber’s commission charged by this Bitcoin ATM therefore is perfectly acceptable as the fee for conversion of Black money to white money. I am not aware of what is the “Havala” broker’s charges for such transactions. But I suppose it would not be less than 25%. It should be more than the Black money to white money conversion rate since there is an additional service of conversion to foreign exchange is involved.

According to the information available (perhaps through an official press release from the company), the ATM which is also referred to as Kiosk so that the customers and law enforcement agencies can be confused about whether Bitcoin is being traded as a currency or a commodity. The information also quotes the Finance Minister Mr Arun Jaitely as quoting that Crypto currency is “neither legal nor illegal”.  The Minister is projected as if he is recommending “Investment” in Bitcoin. Last year during this time, there was a full page Times of India advertisement urging the investors to Invest in Bitcoin during this Diwali instead of Gold”. Perhaps this ATM is being set up for the festival season trading of Bitcoins.

The transaction of conversion of Bitcoin to rupee is done on INR basis but the release says that the INR can be converted into foreign currency later. Does it mean that Unocoin also works as an “Authorized Dealer” in foreign exchange? or has roped in willing Authorized Dealers to provide the conversion of INR to foreign exchange and ViceVersa?.. More clarity is required on this aspect.

The point on which the ATM company is arguing the legality of the ATM is that the transactions are allowed only for the customers of the Unocoin and the registration is through a mobile number and an OTP. The members are expected to provide the PAN number, address and phone number. The verification would however be on the mobile and perhaps it would not be possible for Uncoin to find out if the PAN number is actually correct and whether the address and name as registered for PAN would identify with the mobile used for OTP. More clarity is required on this.

In totality, it appears that this ATM is a means of converting unaccounted cash in INR  into bitcoins and then the Bitcoins can be traded on other exchanges (including those who have fled from India to safer havens recently) to convert the Bitcoins to US dollars or other currencies and again brought back to India as INR in legit inward remittances.

Similarly, Foreign money of criminals and others can be converted into Bitcoins in foreign exchanges into bitcoins and then traded in this ATM using fake SIM card based authentication and fake accounts into INR and paid out in cash.

This ATM is therefore a Virtual Havala Center and regulatory authorities need to explain how they are allowing this to happen. How can there be a Service Tax registration for such an operation which indirectly creates a perception of  legitimacy.

The Service tax department becomes an accomplice in this Havala transaction by being a co-beneficiary of the transaction and we need the department to explain this.

The Bangalore Police also has to explain under what provisions they have ignored the potential of this service to be a havala operation and why they have allowed this ATM to be set up.

The owners of the Kemp Fort Mall have to also explain why they should not be considered as an accomplice in this potential havala operation.

I hope these agencies make a public clarification on the grounds under which this ATM has been allowed to operate or be prepared to be considered as facilitating  the operations.


Reference Articles in Naavi.org on Bitcoin

Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment

Buy from Infosys, ask Wipro to implement… damn the customer..is Corporation Bank story

About a month back we wrote an article titled “Corporation Bank Net Banking System Goes for a toss?”.

Today I had visited the local Corporation Bank to resolve one of the issues that I was facing in the migration of my account from the earlier system to the new system. But the problem could not be resolved at the branch level and has been escalated to higher levels.

In the meantime, I also received a communication from one of the readers which reads as follows:

“I have two accounts in Corporation Bank ..one a SB account and also a current account , both of which I am not able to operate since 5 September , 2018 . I have been in touch with all the Senior Officers of the bank through mails ( including Chairman’s office , GM , IT and Omundsman .) Nothing has happened so far . And so I feel that the problem is much more serious than what we are all imagining …..The more serious thing is that they don’t even formally send response to your complaint . That again makes me feel that they are in a deeper pit ….. I was wondering if there a possibility of a class suit against them for deficiency of service ..”

My experience is similar and I had recently sent an e-mail to the head office as follows:

“For quite some time, I have been pointing out that your Internet Banking system for Corporate customers was not working properly. It was never fixed.

Now I see that you have migrated to some new system. I presume you have adopted Infosys Finacle. But you have created a faulty migration system …. I wonder if any body who knows Banking from the customer’s side were involved in the testing of the process….. ….Your helpline keeps ringing and there is not body attending it it at least at this point of time. They may come perhaps at 10.30 am ? like a branch? ….. I am not sure if you will respond to this e-mail either. Let me give it a try and see if at all you respond, how much time it may take and how you will respond.”

Root Cause of the Problem

But now after some searching over Internet it appears that the situation is a result of a  management decision in the selection and implementation of the CBS system.

Initially, Corporation Bank was working with a CBS which was developed by  Laser Soft Infotech, a Company promoted by Mr Suresh Kamat. After some time this company was taken over by Polaris and perhaps the next versions of the software were developed under Polaris by Mr Suresh Kamat’s team only.

About  2 years back, there was a major migration to another system when again there were problems.  At that time, all accounts were given new numbers and for many days the RTGS/NEFT of customers got affected. Some times remittances were working only under the old number where as the cheques were to be deposited under the new number. The system could not automatically map the old number to the new number.

Now Corporation Bank has further migrated to the Finacle System of Infosys. It appears that there was a huge competition between TCS and Infosys for the contract. Then it appears that HP-Infosys combined team was leading the race. But later it appears that Corporation Bank has settled for implementation with Wipro. Hence the current Finacle implementation appears to be under Wipro’s implementation.

The perception in the public is that Infosys and Wipro are competitors and hence it appears surprising that the product division of Infosys has let bifurcation of the contract so that Wipro could  win the implementation contract separately in competition from other vendors which might have included the Service division of Infosys itself.

In the industry it may be common to separate the product and implementation to two different companies. But when the product is a complicated system such as CBS and the implementation is done by a rival company, there will be conflicts of interest and potential for intended or unintended sabotage to adversely affect the brand reputation of the product supplier.

The problems which is seen in Corporation Bank could be arising because of lack of communication between the product supplier and the implementing company and the soundness of the decision taken by Corporation Bank to split the contract appears to be doubtful.

The impact of this decision is now being faced by the customers who are facing the “Denial of Access” to their accounts. It is possible that tomorrow the same issues will surface in the security aspects of its usage and lead to frauds like what happened in PNB. Then Wipro and Infosys would be trading charges at each other and pointing fingers.

While the management may justify the decision on the basis of cost, it is necessary for IT companies not to treat the customers of Banks as guinea pigs. If Finacle wants to own the brand, it should consider itself responsible for the brand reputation that is hurt by implementation. Perhaps Corporation Bank can clarify its customers what is the managerial control to ensure that the commercial rivalry between Infosys and Wipro does not affect the customer interests  in this implementation exercise.

I wish Reserve Bank of India conducts an enquiry on the problems that are faced by Corporation Bank in its implementation and whether it is due to the lack of cooperation between the two IT giants of India.


Related Articles:

Corporation Bank makes progress with Core Banking system (2015)

Infosys, TCS in fray for Corporation Bank’s deal  (2013)

Corporation Bank selects Wipro to transform its Core Banking Solution

Ineffective Control systems helping frauds and irregularities; Corporation Bank Officers

Case Studies of Finacle

Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment

Certificate in Personal Data Protection Act

Cyber Law College, a pioneer in Cyber Law Education in  India is continuing its tradition and has launched a new Course on Personal Data Protection Act (PDPA 2018), which is the first such course in India.

In October 2000, when ITA 2000 was notified, Cyber Law College was one of the first to start an educational initiative with a Certificate Course in Cyber Laws. Subsequently, Cyber Law College has started a course on HIPAA and more recently a Course on GDPR. Presently all the above three courses are available online through www.apnacourse.com  with recorded videos from Naavi.

The PDPA 2018 is presently in the form of a Bill and has been presented in the Parliament as a recommendation from the Justice Srikrishna Committee. The Government has collected public comments on the draft Bill and is likely to proceed with the formalities in passing the Act during the winter session of the Parliament.

The Government is under an obligation to the Supreme Court to pass this Act at the earliest, though there could be some hurdles and delays in the process. Considering the pending elections to the Loksabha by  May, 2019, it is likely that the Government may push through the Act and if necessary, promulgate an ordinance. This law more or less in the current form is therefore expected to become effective shortly.

Once it becomes a law, it would be as powerful than ITA 2000/8 since the industry has a huge stake in its compliance.  All personal data user industries in India need to designate “Data Protection Officers” with relevant knowledge and skills. It will therefore open the doors for employment for Data Protection professionals who have a good knowledge of the law and an understanding of technology.

PDPA 2018 will also introduce a new set of Adjudication and Appellate Tribunal activities exclusively for contraventions of PDPA 2018. There will also be prosecutions under PDPA 2018 by the Police. Hence the knowledge of PDPA 2018 would be a key asset of any law professional.

From the Business perspective, “Persona Data” being an important ingredient of the IT industry, particularly those betting on Big Data and IoT, the incorporation of compliance of PDPA 2018 by design into the business architecture of an organization becomes a key management concern. There will be several new business opportunities that would arise out of this Act which could be harnessed by innovative entrepreneurs.

Hence from the point of view of professionals in the Technology, Law and Management, awareness of PDPA 2018 and a clarity on its provisions becomes important for professional development.

Considering the fact that Formal Academic Institutions are only now gearing up tot he teaching of ITA 2000/8 they will not be able introduce courses on PDPA 2018 for some time. Professionals therefore need to equip themselves either on their own or through courses such as what is being proposed by Cyber Law College.

PDPA 2018 is an amalgamation of some of the provisions of ITA 2000/8 and the international data protection laws such as GDPR and hence this course would provide a reasonable sensitization of the GDPR provisions also.

The course content proposed by Cyber Law College also includes another draft law called DISHA 2018 which is of interest to the Health Care industry in India and is related to HIPAA of USA. The students of this Course will therefore get sensitised to the HIPAA as well.

The Course therefore provides a good opportunity to students and professionals to understand the emerging law and be prepared when the law becomes effective and compliance becomes industry’s a concern immediately thereafter.

The enrollment for the first batch would be available for about one month and the online interactive classes would commence some time in November. (Schedule to be announced).

The Prospectus released by Cyber Law College is available here.

For more details, follow Cyber Law College


Print Friendly, PDF & Email
Posted in Cyber Law | Tagged , , , | Leave a comment

Cyber Criminals disturb the Hornet’s Nest in Bengaluru by attacking the DGP

In an interesting cyber crime reported from Bangaluru, the DGP and Chief of Internal Security Division, Mr Ashit Mohan Prasad, IPS, was defrauded by Cyber Criminals to the extent of Rs 2 lakhs. This was a typical fraud in which the victim had shared some of his debit card details to fraudsters over phone. A complaint has been lodged with the Cyber Crime wing on Monday (15th October 2018) and further developments are awaited.

We may recall that some time back one MP from Karnataka and another DGP had also fallen prey to such frauds.

Recently, the undersigned had come across another complaint with the Cyber Crime Cell which was registered on “Unknown Accused” and without including all the relevant sections of ITA 2000/8. Though a request has been made for correction to the FIR, no response has been received from the Police. Further we are not aware if the investigation is being carried out at all and if so whether the investigation is proceeding in the right direction. We need to wait for the charge sheet to be filed (if ever it would be filed) to find out the details of the case diary and whether an investigation was really conducted or not.

With this approach, there is no surprise that the first conviction in Bengaluru for Cyber Crimes came only last month despite the talents and facilities that are available to Bengaluru Cyber Crime police at the CID complex which are perhaps the best in India.

According to the report more than 3000 cases have been registered in the newly formed Cyber Crime PS and probably most of them are against “Unknown Persons” and only for the purpose of records.

Now that the complaint has been filed by the DGP himself, it would be interesting to know how the Cyber Crime wing will go about its investigation and how the relevant Bank will react under the Limited Liability obligation.

Let’s watch the developments and check of there is a common law for the ordinary citizens of Bengaluru and also the others.

I fully appreciate that the Cyber Crime wing is understaffed, over burdened with complaints and need to refer most of the complaints for guidance to the Cyber Crime division in CID office. But these are limitations about which the public are not concerned. It is the top brass of the police who need to resolve this issue.

Some time back, I had proposed that Police should register online complaints, authorize approved NGOs to vet the complaints and raise simple queries such as IP resolution to the ISPs etc so that the burden on the Police would come down.  Obviously, there was no response from the Police whether in Karnataka or elsewhere.

The T K Vishwanathan commitee had also suggested some changes to the CrPc to improve the Cyber Crime handling capability. The State Government could have taken the lead in making some of these recommendations effective. But they donot consider this a priority.

It would be repetitive if I point out the deficiencies in the system and let us not spend time on the past. Let us at least now look at what we can do in the future. I therefore request both the Police in Bengaluru and the Home department, with people like Pratap Reddy and Sanjay Sahay available as experts to focus on making Karnataka a safe state for Cyber transactions.

Hopefully Mr Ashit Mohan Prasad himself should opt to take the lead in driving the Cyber Crime wing to be more effective and useful. I am sure there are many others who can take care of VIP security whether during Dussera or at other times and capable officers who have an aptitude for Cyber Crime investigations need to be provided in sufficient numbers to the Cyber Crime wing in the Infantry road, to make it effective.

Hope my views would be taken as constructive criticism which it truly is.



Print Friendly, PDF & Email
Posted in Cyber Law | Tagged , | Leave a comment

The 18 year Journey Since the Digital Society was born in India

Information Technology Act 2000 (ITA 2000) was notified on 17th October 2000 and today is the 18th year after India legally recognized the Electronic Document as equivalent to Paper Document and Digital Signature as equivalent to physical signature leading to the possibility of a legally valid contracts being formed entirely with electronic documents. For all legal purpose, the Digital Society of India took formal birth on that day and therefore we have been recognizing this day therefore as the “Digital Society Day”.

Naavi has been tracing the developments in this field first through the domain name naavi.com and then through naavi.org.

The year that has gone by has been eventful with “Privacy” hogging the limelight. The year started in the background of the Privacy Judgement from Supreme Court holding “Privacy as a Fundamental Right”. The Justice Srikrishna Committee came up with its white paper, sought public comments and towards the end of the year came up with its report and the draft Personal Data Protection Act 2018. This is one of the biggest changes in the Cyber Law environment in India since ITA 2000 was born since PDPA 2018 is entirely about “Informational Privacy” and “Data Protection”.

The year 2019 promises to be a continuation of the Privacy and Data Protection issues and we will see many developments including the establishment of the Data Protection Authority of India. Section 43A of ITA 2000/8 would be deleted and PDPA 2018 would take over the concept of “Reasonable Security”.

The Cyber Crime scenario was dotted with two big Banking frauds namely the PNB fraud and the Cosmos Bank fraud which indicated how the digital banking system could be easily defrauded if Bankers donot manage security as is expected of them. Hopefully they would learn their lessons and fortify their defences.

The Supreme Court through its Aadhaar Judgement has given a small jolt to the industry and hopefully the situation would ease out with the use of Virtual ID as a means of e-KYC and e-Sign, once necessary formalities are completed.

During the year, the Government notified some agencies under Section 79A and activated the concept of the Digital Evidence Examiner.  However, a two member bench of the Supreme Court muddied the waters under Section 65B by trying to over turn an earlier 3 member bench decision in the Basheer case.

Technology continued to pose new challenges with Artificial Intelligence and Quantum Computing making further strides. This raises the concern that if the Indian Supreme Court cannot properly appreciate the Section 65 B concept of electronic evidence after 18 years, will it be able to tackle disputes such as the Uber Self driven car accident, or the activities of the humanoid robots like Sophia. The concepts of Super Positioning and Entanglement in Quantum Computing could be a real challenge for the Indian judiciary in the days to come.

On the home front, Naavi.org continued its fight against Bitcoin to an extent that it appears that the Government has reined in the growth of this black money instrument. We are awaiting a proper burial of the system in due course as the trend has reversed across the world in this regard disfavouring the Bitcoin recognition as an proxy for currency.

Additionally Cyber Law College conducted two offline Cyber Law Courses in Bengaluru, first in BMS Law College and then in St Joseph Law College (presently in progress). Naavi also continues to engage himself with NLSUI and NALSAR in the Cyber Law courses conducted under their banner as guest faculty.  Cyber Law College has also extended its use of the Apnacourse online platform with the introduction of a course on GDPR.

Now the biggest step of the year taken by Cyber Law College is the launch of a course on Personal Data Protection Act 2018 (PDPA 2018) to support the movement of PDPA 2018 awareness in India. The launch has just now been announced and hopefully, some professionals and students would take advantage of the opportunity to be the early learners of the emerging Privacy law in India. This course not only covers PDPA 2018 but also another emerging law called DISHA 2018 (proposed) besides discussing the impact of GDPR on Indian companies. These courses are intended to develop a truly knowledgeable Privacy professional in India who is equipped with the knowledge of laws as applicable in India.

Yet another step which is significant for Naavi personally is the promotion of a Section 8 Company namely the “Foundation of Data Protection Professionals in India” to bring together a larger section of stake holders in ensuring that Data Protection Industry in India would be represented by and managed with an Indian perspective rather than importing the perspective from the foreign markets.

The current activities of Naavi and Cyber Law College are much relevant for an organization like FDPPI and could also help  FDPPI to blossom faster than it otherwise would.  Some of the current activities of Cyber Law College could therefore be pledged and used for the benefit of  FDPPI in the coming days.



Print Friendly, PDF & Email
Posted in Cyber Law | 1 Comment

Online Course on Personal Data Protection Act 2018

Cyber Law College, which is a pioneering institution in India dedicated to Cyber Law Education is starting an online course on Personal Data Protection Act 2018.

The Course will cover the draft Act as is being discussed in the Parliament and will include the accompanying draft proposed law for Health care namely the DISHA 2018.

Details are available at Cyber Law College website.

The Course fee would be Rs 6000/- and registration would commence from 19th October 2018.

Classes would be conducted by Naavi online as per schedule to be fixed.

I look forward to the support of the community in this regard.


Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment