Digital Arrest Scam… Open Letter to the Supreme Court

Posted on December 31, 2025 by Vijayashankar Na

To

The Chief Justice of India
Honourable Supreme Court
New Delhi

From:

Naavi (Na.Vijayashankar)
Cyber Law and Data Protection Consultant
Founder: www.naavi.org
31st December 2025

Dear Sir

As a person following Cyber Laws in India since 1998, I am happy that the Supreme Court of India has taken Suo-Moto Cognizance of the “Digital Arrest Scam” and is trying to develop some guidelines to mitigate the hardship of the victims. This is a great opportunity to improve the digital eco system in India and we need to make full use of this opportunity.

In this context, I would like to place before you the following suggestions  for consideration and request you to provide suitable directives to  the relevant parties.

1. We need to identify and apply corrections to the root cause.
2. Consider introduction of a new Law for Neuro Rights Protection
3. Bring changes to our Banking practices by directing RBI and the Bankers avoiding collateral damage of innocent persons.
4. Bring Technical improvements to the Telecom and Mobile service providers

I will try to elaborate each of these suggestions.

1. Root Cause and it’s Rectification

The first thought that occurs to every one of us is how is that educated and otherwise mature persons fall into the trap of the Digital Arrest scam to the extent they take out crores of rupees of their savings and hand it over to the fraudster. This is continuing even after the Prime Minister himself addressed the awareness requirement in one of his “Man Ki Baat” episodes. While “Awareness” continues to be necessary, it is obviously not sufficient.

The modus operandi indicates two reasons why people are falling into a trap which is apparently irrational. The modus operandi is to make a fake phone call, threaten action by law enforcement agencies and suggestion that certain amount may be deposited temporarily in a Government account pending enquiry.

The irrational action of the victim in this context is induced by

a) Fear that even if they are innocent, law enforcement agencies may harass them
b) A False sense of security that the Government agencies where the money is sought to be parked can be trusted to return it since they are any way innocent.

Thus the fraudsters cleverly exploit both the “Fear” and the “Trust” and mesmerizing the victims through their talking. We may recall that some times back, the “Blue Whale” game was prevalent where fraudsters drove innocent children to harm themselves through suggestions.

The psychological analysis of this situation is that the victims got into a “Hypnotic State” where they lost their rational decision making process and blindly followed the suggestions of the fraudster. This is a sophisticated “Cyber Hypnosis” strategy.

We can observe such behaviour also in situations where people “Freeze” at the sight of a real or toy gun for the fear of harm that may occur. The so called “Stockholm syndrome” is also a manifestation of a defence mechanism that follows the initial state of obedience through fear.

Law recognizes that actions taken under threat, coercion, mistaken impression and when a person is not under control of his mental faculties as “Void” under law. Hence the act of “Handing over of money voluntarily” which is used as a defence by Banks to avoid their responsibility is not legally sustainable.

Therefore, the liability for the digital arrest scam, cannot be held against the victim even if it looks foolish for the victim to act in the manner in which he did.

The solution to prevention of this “Fear” and “Blind trust” together placing the victim in a terrorized state of mind and blind compliance is to increase public knowledge on institutions like CBI, ED and RBI on what they do and what they do not do.

Also a single point PR contact should be available at all these institutions to provide clarifications when required. A direction to this effect must be issued.

Academic institutions should work on creating “Cyber De-addiction Websites” which try to remove the misconceptions about social media that whatever comes on the Internet is true and reliable. People should be made aware that after the AI based synthetic content spreading across the Internet, no information is reliable unless it is cross verified from a reliable source. Availability of public contact points with law enforcement agencies is the first step in this direction.

Government agencies such as Meity should be directed to invest in measures to publicize the lack of reliability of information on the Internet and the dangers of synthetic content. Such investments should be mandated as a security measure along with investments for technology promotion.

2. New Neuro Rights Law

If we recognize that these frauds are occurring because the mind of the victim is manipulated, we should recognize that this is an offence. This is part of “Dark Patterns” under the Consumer Protection Act. It was also a part of the earlier versions of the Data Protection Bill which was omitted in the latest version of DPDPA 2023.

“Manipulation of Human Mind” with either devices or communication should be considered as a violation of “Neuro Rights” and should be protected either as an extension of the “Right to Privacy” or “Right to Free Choice” or through a separate law.

3. Changes in Banking Policies

It is noted that in a few instances where vigilant Bankers have identified the problem and prevented the customer from going through the payment. This indicates that in other cases, Bankers have been negligent.

In all the successful digital arrest fraud instance, the Bankers both at the end of the victim and at the end of the beneficiary along with the Mobile Service Provider who issued a SIM to the fraudster should be considered as co-conspirators to the fraud and must be jointly and severally liable.

The KYC norms and the RBI instructions on adaptive authentication make it mandatory that an account is monitored and any “Unusual” transactions are flagged for elevated authentication checks. Unfortunately Banks donot follow this norm. The beneficiary Banks donot check the known sources of income of their customers with the unusually large amounts that are credited. This is a blatant omission of the RBI norms.

In the TDSAT judgement on S Umashankar Vs ICICI Bank, the Tribunal considered that not following reasonable security practices by the Banker was a violation of Section 43(g) of ITA 2000 and makes them liable directly along with criminal consequences of Section 66.

This needs to be put into a direction by the Supreme Court.

At the same time, the Banks and the Police often mis interpret the RBI guidelines and when some stray funds are found in the account of innocent account holders proceed to freeze the entire account. Law is very clear that if there is any disputed credit in the account there can be a lien only on that amount and not the entire account. However many Police personnel issue directives to freeze entire accounts and Bankers oblige them. De-freezing of such account will be delayed unless pals are greased. This obnoxious practice must be stopped.

We request Supreme Court to give a clear direction to all Banks that unless a Court has indicated an amount on which a garnishee order is issued, no amount in excess should be frozen. Also the Garnishee order should apply to money due and payable as on the date of the receipt of the garnishee order and not future receipts. Hence the practice of Banks freezing the account is completely illegal and Banks should be suitably penalized for following such practices. Police issuing notices without indicating the amount under dispute also needs to be stopped. RBI itself should modify its “Freezing” provision and adhere to the known principle of a “Garnishee Order” and not create new provisions of law expanding their powers.

Further, the Court should direct that in all instances where the Bank cannot establish a conspiracy between the victim and the beneficiary, it should be presumed that the liability for the digital arrest payment lies entirely on the Beneficiary’s Bank or jointly by the Beneficiary’s Bank and the Victim’s Bank.

Further it is noticed that when the victim reports to his bankers about any fraud the Banker does not act immediately to stop payment in transit. This is contravening the established Banking practice of “Stop Payment”. Even in the case of Credit card transactions, RBI has taken an untenable stand under which Banks prioritize payments to the acquiring Bank instead of the Credit card owner and refuse charge back requests.

Supreme Court may kindly direct the Banks to honour “Digital Sop Payment” and initiate immediate action to inform the destination Bank whenever a victim reports a fraud or the Bank observes an “Unusual Transaction” so that the destination Bank “Exercised Caution”. These established practices which were prevalent before the advent of Digital Banking have been given up in the new digital banking era and must be restored.

4. Technical Improvements

Since “Collection of Electronic Evidence” is an important requirement for any legal defence, the Telecom operators should be advised to

a) Follow the suggestion of TRAI to display the caller ID linked to the KYC in respect of all calls so that impersonation can be identified
b) Introduce a “Hot button” on the mobile where at the click of a button the screen recording can be silently activated and deposited with a repository at the end of the call so that it is available for evidence. Currently “CEAC drop box” is a service that is available for voluntary deposit of electronic documents for evidentiary purpose. A similar service can be managed either by the law enforcement/MeitY or by a consortium of approved service providers. The user may subscribe to any of the free or paid services so that the evidence can be collected without a problem.

This has no “Privacy” bar since a “Conversation” is a data that belongs jointly to the caller and the called and hence each should be considered to have the right to record particularly when it has to be presented in legal defence of one of the parties. DPDPA 2023 also exempts collection of data for self legal defence.

These technical measures can also be directed to be introduced by the Mobile Service Providers along with a strict directive to ensure KYC for SIM card issue.

Yours sincerely

Na.Vijayashankar

Naavi
(Na.Vijayashankar)

P.S: We have placed this in public domain so that any victim or member of public can respond and add his views. This can be read along with our earlier article.

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Privacy. Bookmark the permalink.