Wednesday, July 23, 2014

Information Technology Act providing much needed relief to cyber crime victims.

With thousands of confirmed data breaches last year, the security of the financial services is a topic of concern for all security professionals. Organized fraud rings are constantly coming up with imaginative new methods of stealing funds and identities and consumers are increasingly losing confidence that there is anything that can be done to reverse these trends and protect their interests. This is also evident with the increase in number of cases registered for compensation under civil remedies provided by Information Technology Act with Adjudicating Officer. The Maharashtra Adjudicating has received    11, 44 and 30cases in 2012, 2013 and 2014(till June 2014) respectively. Though very few people are aware about Civil remedies the increase in frauds are sending shivers to Banks since they are made liable to pay compensation under section 43A of Information Technology Act for failure in protecting Sensitive Personal information of the customers. As most of the victims preferring non- reporting of the incident except to their respective banker those few who report the card fraud incident to Police often believe that crime committed against them is of criminal nature only and hence they can not get their lost money back. They are thus required to be made aware about available civil remedy under Information Technology Act.
As per RBI April 2014 statistics with about 40 crore debit/credit cards issued across India and 85000 and 77500 Online and Offline ATM’s installations Indian card holders are most vulnerable to various cyber financial attacks. With 554034275 actual ATM transactions amounting Rs. 1743462.56 millions and 56266452 POS (Point of Sale) transactions amounting Rs.86847.83 millions, Indian card users are required to be taught more and more about security and protection of their sensitive personal information.
Aite Group , an independent research and advisory firm having Head office in Boston, with expertise in banking, payments, securities & investments, and insurance, delivered its comprehensive survey report titled “Global Consumers: Losing Confidence in the Battle against Fraud” regarding various categories of online frauds in June 2014.This report, based on a Q1 2014 ACI Worldwide study of 6,159 consumers in 20 countries, provides an overview of respondents' attitudes toward various types of financial fraud and discusses the actions they may take subsequent to a fraud experience.
The salient features of the findings are as below.
1)      Of all cardholders—debit, credit, and prepaid—27% have experienced card fraud in the past five years.
2)      After experiencing fraud, 63% of consumers use their card less, at least in some situations, than they used their card previously.
3)      In 2014, 14% of debit and credit card holders cite having experienced fraud multiple times during the past five years.
4)      Of cardholders who received replacement cards as a result of a data breach or fraudulent activity in the past year, 43% used the new card less than the original.
5)      Consumers who are dissatisfied with how they are treated by their financial institution after experiencing fraud sometimes change providers, resulting in a global attrition rate of 23%.
6)      Fifty-five percent of respondents are "very concerned" about reclaiming their financial identity if they become a victim of identity theft; this represents a twofold increase in consumers with this level of concern from 2011.
7)      Eighteen percent of global consumers lack confidence that their financial institution can protect them against fraud.
8)       Forty-nine percent of global consumers exhibit at least one risky behavior, which puts them at higher risk of financial fraud.

The study was conducted in a total of 20 countries in the following regions:
The Americas (North and South America): Brazil, Canada, Mexico, and the United States. MEA (Europe, the Middle East, and Africa): France, Germany, Italy, the Netherlands, Poland, Russia, South Africa, Sweden, the United Arab Emirates, and the United Kingdom. The Asia-Pacific: Australia, China, India, Indonesia, New Zealand, and Singapore.
In total, 6,159 consumers were included in the research: approximately 300 consumers, divided equally between men and women, participated in each of the 20 countries. Of the total, 6,041 own one or more type of payment card (i.e., credit card, debit card, prepaid card).
41% Indian card users have Experienced Card Fraud in the Past 5 Years, @ 10% increase over 2012. The United Arab Emirates (UAE) has the highest rate of fraud overall at 44%, followed by China at 42%, and India and the United States at 41% each.

Consumers in the UAE experience the highest rate of credit card fraud at 39%, followed by the United States at 36%. Sweden is the only country surveyed for which credit card fraud is in the single digits—8%; it is important to note that consumers in countries such as Sweden, Poland, and Germany are low users of credit cards. Consumers in the Netherlands also enjoy a low rate of credit card fraud; only one consumer in 10 experienced it in the past five years.32% Indians have experienced Credit card fraud which is @ 15% more as compared with 2012.

Consumers in China experience by far the highest debit card fraud rate at 30%, followed by India at 23%, and Mexico at 20%. The United States is in fourth place again at 18%.

The highest rate of fraud on prepaid cards is experienced by consumers in India at 18%, followed by China at 17%, Indonesia at 11%, and Italy and Singapore at 10%.

Consumer behavior in Australia and New Zealand tend to be far less risky than the rest of the Asia-Pacific. The very low percentages of consumers who carry their PIN with a card (India topping with 25%) or respond to emails and calls asking for bank account information(India topping with 22%) more closely resemble consumers in the Americas and EMEA than the other countries in the Asia-Pacific. Over 20% of consumers in all countries leave smart phones unlocked when not in use (India tops with 29%) and 28% Indian users throw documents with bank account numbers in the trash. In all countries except Australia and New Zealand, over 20% of consumer’s bank or shop online on computers without security software or on public computers but unfortunately India again tops with whopping 31% users.

This implies a lack of consumer education or a lack of belief by consumers that their behavior really has an impact on the likelihood of fraud. Educating consumers about risky behavior and the need to avoid them can help reduce fraud incidents and help consumers feel some element of control and confidence over their ability to protect themselves from becoming a victim of fraud.

High percentages of consumers were unhappy after their fraud experience: 33% were at least somewhat unhappy in Singapore, 40% in China, 50% in Indonesia, and 56% in India should be cause of concern for Indian financial institutions. In China, India, and Indonesia, between 44% and 58% of consumers switch financial institutions after their fraud experience. These very high rates of customer attrition are very costly to financial institutions.

Consumers in India have the most confidence that their financial institution can protect them against fraud—43% feel absolute confidence in such protection, and an additional 46% feel the financial institution is doing all it can to protect them. No more than 25% of consumers in other countries express absolute confidence in the financial institution's ability to protect them.

Consumers are putting their personal and financial data at risk when they act in risky ways, and they deserve better education related to protecting themselves against fraud. Encouraging consumers to work with their financial institution to protect themselves is a true win-win scenario. Financial institutions can lower customer attrition rates and back-of-wallet behavior through better consumer communication and education.
Recommendations by AITE group for financial institutions 1) Educate and engage consumers: Help consumers understand how they can help protect themselves against fraud, and work with the financial institution to combat it.2) Provide specific examples: Consumers do not understand the importance of avoiding risky behavior such as shopping online on a public computer or not securing their Smartphone or tablet when it is not in use. Public computers or those without adequate security software put consumers’ personal and financial data a high risk of being stolen. As adoption of mobile wallets and online banking increases, securing mobile devices is increasingly important. 3) Communicate more effectively: Ensure consumers understand that replacement cards are safe to use, even after a data breach. Make fraud protection protocols easy to understand and available at all customer touch points (i.e., online, contact centers, mailers, etc.).4) Improve customer service: After experiencing fraud, consumers may be traumatized or emotional. Ensure agents are sympathetic and helpful to the greatest extent possible in order to retain victimized customers.

Advocate Mahendra Limaye a noted Cyber Legal Expert opinioned that all banks must undertake Customer Awareness initiatives to educate card holders about current trends used by Cyber criminals to lure them and how to keep their personal sensitive information most secured. Cyber Awareness Organisation has launched CYBER CRIME HELPLINE to impart free advice to such cyber fraud victims.


Saturday, July 12, 2014

Brief Analysis of NCRB 2013 REPORT ON CYBER CRIMES in India.

Chapter 18 of NCRB elaborates about CYBER CRIMES in India in 2013.
Important findings about CYBER CRIMES in India in 2013 are as below.
1)      122.5 % growth in 2013 compared with 2012.Total cyber crimes in 2013, 4356 against 2876 in 2012.
2)      Andaman and Nicobar tops with 800% growth followed by Uttarakhand 475% and Assam by 450%. Maharashtra reported only 44% growth.
3)      Highest crimes in numbers i.e. 681,635,513 and 372 reported in Maharashtra, A.P., Karnataka and Uttar Pradesh respectively. Delhi alone reported 131 crimes.
4)      Tamilnadu (1700%) and Bihar (1551%) tops in registering Cyber Crimes under sections of IPC shows lack of training to Police Staff regarding Information Technology Act.
5)      Surprisingly Maharashtra also reported growth of 151% for registering Cyber Crimes in IPC sections whereas Karnataka shown negative growth of 20% but Goa was way ahead by -50% growths in wrong registering.
6)      Chandigarh U/T shown whopping -70% negative growths in cyber crimes followed by Gujarat (-10%) and Bihar (0%).
7)      Out of 52 cities whose data was publishes Bhopal shown 1800% growth (1 to 19) followed by Indore 460% (2 to 28) and Kota (1 to 5) and Vasai Virar (2 to 10) 400% respectively.
8)      Bengaluru topped with 399 Cyber crimes followed by Visakapattanam (173) and Hyderabad (159).Pune registered 97, Mumbai registered 40 and Nagpur registered 23 Cyber crimes in 2013.
9)      Nagpur reported negative 4.3% growth in registering Cyber Crimes since in 2013, 23 crimes were registered as compared to 24 in 2012.Some credit may be given to CYBER AWARENESS ORGANISATION for spreading CYBER AWARENESS among many netizens.
10)   Total 45 people below 18 were arrested for Cyber crimes whereas 1190,722,131 and 10 persons were arrested between age groups 18-30, 30-45, 45-60 and above 60 years. Almost 50% arrested persons are between age group 18-30 and 35% are between age group 30-45 making @ 85 Cyber criminals in age group 18 to 45.
11)   Out of 5693 cases registered across India in 79 cases involvement of Foreign Nationals/Foreign groups were identified whereas in 749 cases neighbors/relatives were involved and in 420 cases crackers/professionals/students involvement were identified. Surprisingly the NCRB report identifies maximum 4175 matters in others category.