In the context of the Government’s push on the Digital India concept, there is an increasing apprehension that the society in India will become more and more dependent on Internet, E Commerce and E Governance. Some of this dependence comes about not out of choice but out of compulsion. An inevitable consequence of this is the risk of Cyber Frauds that hurt the citizens.
Naavi.org has been time and again pointing out that customers of Indian Banks are being short-changed for technology by Banks and whenever a fraud occurs, the customer of the Bank is made to bear the loss.
A few pockets where justice was being done are being systematically blocked. We can only conclude that this is another “Vyapam type” systemic fraud that is going unchecked.
A case that immediately reminds this has been reported today from Pune. Details are available in this article at Indian Express : Cyber Crime in Pune: Unsecured Digital India dangerous
The gist of the case is as in many other cases, the following.
1. A customer of a Bank (In this case, it is the ICICI Bank) finds that money in his account has been fraudulently withdrawn (In this case it is Rs 19 Lakhs)
2. Bank refuses to refund the amount stating that some X,Y Z has committed the fraud and the customer can file a police complaint. It also blames that their security system is perfect and the customer must have been negligent in handling his password and hence is responsible for the loss.
3.The ignorant customer believes the words of the Bank and approaches the Police . In most cases Police are unable to trace out the fraudsters and the customer is frustrated over time. If he was a farmer and commits suicide, politicians would come pouring at his house with compensation. But a Bank customer is not so lucky. He suffers the loss silently.
4. The system provides that in cases of any loss that arises out of what can be a crime under Information Technology Act 2000/8, an adjudicator (IT Secretary of the State) has the authority to adjudicate and order payment of compensation. He has the sole jurisdiction upto a claim of Rs 5 crores and hence covers most of the Bank frauds. An appeal to his award lies with a Cyber Appellate Tribunal. (Having an office in Delhi but with powers to sit anywhere in the country).
5. In the whole country where there is an adjudicator in each state and union territory, there have been only two Adjudicators (IT Secretaries) who understood their responsibilities and discharged their functions in the interest of the customers of the Bank. One was Mr PWC Davidar in Chennai and the other was Rajesh Aggarwal in Mumbai. But after about 5 decisions in Chennai which went against Banks (ICICI Bank and PNB) Mr Dawidar was transferred by Ms J.Jayalalitha to another department and since then there have been complete silence at the Adjudicator’s office in Chennai. Mr Rajesh Aggarwal decided more than 30 cases in Mumbai most of which went against Banks (SBI, ICICI Bank, Axis Bank etc). He was promptly transferred during the current regime to Delhi and since then even Mumabi Adjudication office has fallen silent.
6. At the same time, in States like Karnataka, Adjudicator went all the way as to dish out a legally untenable judgement in favour of Axis Bank and the current Adjudicators is following an aggressively anti consumer stance threatening to “teach a lesson” to any body who says Banks should compensate customers in such cases.
7. Above all this, the appellate court namely the Cyber Appellate Authority remains dysfunctional since 2011 since the successive Governments have been unable to find a Chair Person. Initially it was the fight between Kapil Sibal and the then CJI over the choice of the candidate and presently either Mr Ravi Shankar Prasad has not considered this as a priority or the same feud between the Government and CJI continues to cause problems.
8. As regards the High Courts, they seem to be un interested and pass judgements that the victims can approach the Cyber Appellate Tribunal which is of course the right forum but which is dysfunctional. Karnataka High Court assumed jurisdiction to pass a stay in favour of the Bank against the award of the Adjudicator, but did not exercise the same jurisdiction to hear the case on merits which would have benefited the consumer. There was a blatant double standard followed by the Karnataka High Court.
9. Karnataka Human Rights Commission tried to take up the issue but was silenced by the Karnataka High Court. The National Human Rights Commission refuses to assume jurisdiction.
If we see this entire scenario which has been personally brought to the notice of several Karnataka Chief Ministers, Several Chief Justices of Karnataka and Supreme Court and several IT Ministers and Prime Ministers as well as the influential persons such as Rahul Gandhi, Sonia Gandhi and others at different points of time, no body seems to consider it important to protect the interest of the common Bank customer.
The Reserve Bank of India presents again a dual face. On records it actually mandates that Banks should take the liability and cover themselves with appropriate insurance as they stated way back in June 2001 and reiterated again in 2011. But beyond issuing circulars, they are helpless under the influence wielded by powerful Banks such as ICICI Bank and SBI through the Indian Banks Association. Mr Raghuraman Rajan may be one of the best Governors of RBI because he is a good economist, but he seems to have no inclination to assume responsibility for secure Banking and welfare of Bank customers.
Some of the officials in RBI think that the so called 2-Factor authentication is a panacea for all. As we can see in the instant case in Pune, the 2-Factor authentication has been broken several times and cannot be considered as adequately protecting the interests of the customers. But technologists seem to be pushing the idea of more and more technology into Banking without corresponding improvement in security.
It is therefore clear that the legal system in India has demonstrated its inability to protect the Bank customer from the risks of E Banking and neither a Regulatory will nor a Political will to set things right is evident.
The situation is murky since law clearly states that when a customer hands over money to the Bank in the form of deposit, he ceases to be the owner of the money and becomes a “lender” to the bank. If therefore money is lost subsequently, what is lost is the money of the Banker which he has borrowed and he is accountable to the customer. This fundamental law of “Banker-Customer Relationship” is ignored by the Banks when they force the customer to file a police complaint that they have lost their money.
Banks also hide the fact that Indian laws recognize only “Digital Signatures” as valid form of authentication for Bank transactions and all other systems of authentication are unapproved systems which fall under the category of systems use of which makes it mandatory for Banks to pick up legal liability against the customer and a coverage through cyber insurance, as per the Internet Banking guidelines.
Banks also hide the fact that in most cases money gets transferred from the victim’s account to fraudster’s accounts kept in the same Bank or other Banks where there is a blatant KYC failure and apparent complicity with the fraudster. Police unfortunately fail to book the Banks as the main accused and end up chasing the elusive fraudster whose information is wrongly recorded in the Bank out of recklessness or deliberate complicity.
If our Judges, both the “Ex Officio Judicial Bodies” such as the Adjudicators as well as the honourable Judges of the High Court and Supreme Court understand and uphold the basic principles of Banking law and Information Technology law then the customers of the Bank should get justice each and every time when a cyber fraud occurs and siphons off money from their Banking account.
What is distasteful is that the same Banks are willing to compromise in many cases and pay off privileged customers including celebrities, Police officers and even large corporates. But when it comes to an ordinary individual customer, they put their best lawyers to fight the cases and frustrate them. RBI does not seem to notice this discrimination. Some of my customers have brought such discrimination to the notice of even Ravi Shankar Prasad recently but there has been no response.
I therefore appeal directly to our honourable Prime Minister, Mr Narendra Damodardas Modi, through his trusted aide Mr Amit Shah and the National Cyber Security Advisor Dr Gulshan Rai , as well as the Chief Justice of India and the Governor of RBI to take up the following actions.
1. Kindly get the Cyber Judiciary System in order by immediately appointing an appropriate Chair person to Cyber Appellate Tribunal
2. Reiterate the mandate vide RBI Circular on Internet Banking Guidelines of June 2011 that the Banks should consider that every such fraud is “Insured” . If the Bank has not obtained insurance from an insurance company, then it should be considered as Self Insurance.
3. Just as there is a talk of “Social Security” through Life and Health Insurance schemes, there is need for “Digital Security” through mandatory Cyber Insurance for all Bank Customers. Mr Narendra Damodardas Modi must ensure this before pushing the Digital India project ahead.
I invite a countrywide debate on the need for “Cyber Insurance for All”. All those media persons who are harping on Vyapam and Lalit Gate, please turn your attention on “Cyber Insurance for All”.
I would also invite readers to forward this note to the relevant persons and I would like to have a discussion on this matter directly with the relevant authorities in the Government of India.
I invite the IB which should be monitoring social media writings on political leaders to also forward this note to the relevant persons along with a note that the author is otherwise a known BJP sympathizer.
P.S: Naavi.org will be shortly announcing an All India Study on Cyber Insurance. This survey is generally aimed at capturing the current status of Cyber Insurance industry in India. A large part of the study is aimed at Company executives as respondents. However, I would like every Netizen to participate in this survey since Cyber Insurance at Corporate level is to enable the companies to protect themselves against losses arising out of all Cyber Crimes including Cyber Frauds in Banks and hence should automatically protect the end Customers.