970x125
India’s digital transformation — powered by affordable Internet, digital banking, and e-commerce — while enhancing convenience and inclusion has also created a fertile ground for cybercrime. Fraudsters exploit system loopholes and human psychology, using tactics such as phishing, OTP/UPI frauds, identity theft, loan scams, and increasingly, digital arrests. These frauds rely less on hacking skills and more on manipulation of fear and trust. Perils of social engineeringThe most vulnerable victims include elderly citizens, rural populations, and weaker groups such as job seekers or loan applicants. Many senior citizens remain digitally illiterate yet hold substantial savings, making them prime targets. Fraudsters often obtain leaked banking or personal data to identify such customers, tailoring scams to exploit their weaknesses. Social engineering is at the core of these crimes — manipulating fear, greed, or urgency. Even educated individuals often surrender under sustained psychological pressure, showing how deeply criminals exploit human behaviour. Two recent digital arrest cases highlight the role of fear. In the first, a 78-year-old retired banker was duped of ₹23 crore — siphoned through 21 transactions to 16 accounts. In the second, a lawmaker’s wife was defrauded of ₹14 lakh but was able to recover it as she acted swiftly. Together, these cases show a stark contrast — delay leads to irreversible losses, while swift action can save victims from ruin. These cases underline the urgent need for systemic reforms such as AI-driven monitoring to flag abnormal transactions; banks mandated to act within the 24-hour window; cyber police equipped to respond swiftly etc. Proactive detection and rapid coordination between banks and law enforcement are essential to prevent such scams from succeeding. However, institutions have failed to keep pace. Banks, entrusted with safeguarding public money, often limit their role to issuing generic advisories, while mule accounts with weak KYCs continue to thrive. Customer data — meant to be securely protected — often circulates freely across banks and even into the hands of fraudsters. Cyber police remain severely underequipped with respect to technology, training, and workforce, leaving victims trapped in bureaucratic delays and lost opportunities for recovery. Without advanced tools, specialised skills, and adequate manpower, they risk becoming symbolic entities rather than meaningful protectors in India’s fight against cybercrime. Thousands of fraud cases are reported daily, but the actual figures are far higher, as many victims avoid reporting due to stigma or lack of faith. This systemic apathy — both from banks and cyber police — has emboldened criminals and eroded trust, threatening the credibility of India’s digital economy. Increased sophistication Cyber frauds have moved far beyond the fraudulent ATM withdrawals of earlier years. Today, criminals deploy more sophisticated and targeted strategies. Phishing attacks lure users into revealing sensitive data through fake emails or SMS messages. Remote access scams trick victims into downloading malicious apps that give criminals control of their devices. Job and loan scams prey on the aspirations of youth and financially vulnerable populations, while OTP and UPI frauds manipulate users into unknowingly authorising transactions. Equally damaging is identity theft, where Aadhaar, PAN, or bank details are misused to commit further crimes. Among the most alarming trends is the rise of digital arrests, where criminals impersonate police, customs, or government agencies. Victims are kept on continuous calls, shown fake warrants, and psychologically coerced into paying large sums to avoid fabricated charges. Such frauds demonstrate how criminals adapt faster than institutions. Their reliance on social engineering and technology-enabled deception shows us how they remain several steps ahead of current safeguards. Large-scale frauds reveal recurring transaction patterns that should serve as early warning signals. First is scale. Fraudulent transfers are frequently many times larger than a customer’s normal transactions. Secondly, the frequency of transactions; multiple high-value debits executed within a short span of time. In robust monitoring systems, both should trigger critical alerts. Yet banks often fail to send SMS, email, or phone verifications. Ironically, modest credit card spends and cheque clearances routinely invite confirmation calls, while multi-crore savings account debits pass without checks. The destination of funds also exposes familiar patterns. Money is funnelled into mule accounts with incomplete or fake KYCs, often with negligible balances before suddenly receiving massive inflows. These funds are quickly dispersed across smaller or cooperative banks in a process known as layering, making recovery nearly impossible. The delay in freezing accounts compounds the problem. Victims face hurdles when reporting fraud, and the crucial 24-hour window is rarely used effectively. By the time action begins, funds are already beyond reach. These patterns are not isolated anomalies but hallmarks of organised cyber fraud. The failure to monitor them proactively reflects systemic negligence, leaving criminals ample room to thrive. Possible interventions The current institutional approach is largely reactive — fraud is addressed only after complaints are filed. Artificial Intelligence (AI) and Machine Learning (ML) can shift this model to proactive prevention through the following methods: Personalised transaction profiles: AI can map each customer’s typical transaction size, frequency, timing, and risk category (for example, senior citizens, rural users, high-net-worth individuals). Customers can be grouped into clusters to generate targeted alerts for deviations from normal activity. Unusual patterns — such as abnormally large transfers or frequent debits — can trigger alerts, require confirmation, or temporarily block the transaction until verified. Clustering algorithms and anomaly detection models can flag behaviours such as unusually large one-off transfers, multiple debits within short intervals, or mule accounts receiving sudden inflows. ML systems can also identify accounts with incomplete or fake KYCs, preventing them from becoming conduits for laundering. Cross-institutional monitoring: Banks operate in isolation without sharing information with the cyber police or telecoms. An AI-enabled fraud intelligence and early detection network could enable real-time sharing of alerts across banks, payment systems, and telecom providers. If one bank identifies a suspicious account, others could be notified instantly, preventing fraudsters from exploiting institutional gaps. Empowering the cyber police: AI offers real-time detection and automated alerts for law enforcement, allowing swift action within the crucial 24-hour window. With global data-sharing and stronger international cooperation, AI can make cyber policing faster, more agile, and citizen-friendly. Strengthening accountability of banks: Banks must adopt AI-driven monitoring, plug KYC gaps, and explore Blockchain for secure, tamper-proof customer data management. Frauds today are not invisible — they are detectable with the right tools. What is missing is not technology, but institutional will. With AI-driven monitoring, fraud detection can evolve from reactive firefighting to proactive prevention. The way forwardIndia must shift to a protection-first framework, where citizen safety and digital trust are central to financial stability. For banks, reforms should tighten KYCs, audit mule accounts, and secure customer data. Blockchain promises tamper-proof record sharing, while AI-driven monitoring and shared fraud intelligence platforms are necessities. Victims must also receive swift compensation, as mandated by the RBI, without unfair blame. For the cyber police, speed, tools, and capability are key. 24/7 rapid-response units must act within the 24-hour window, supported by stronger cross-border cooperation to address globalised fraud. If pursued sincerely, these reforms can transform India’s digital economy from vulnerable to resilient, where technology and trust work together to protect every citizen.Rajeev Kumar is a former Professor of Computer Science & Engineering at IIT Kharagpur, IIT Kanpur, BITS Pilani, and JNU, and a former scientist at DRDO and DST.
970x125
970x125
