Debit, credit card cons rise 30% in Gurugram as frauds target data

Forty-nine people lose their hard-earned money to credit card, debit card, and banking frauds every week in the city and the numbers are up by 30% in 2018 compared to the weekly average of 2017, according to Gurugram Police data accessed by Hindustan Times.

While 1,343, such complaints were received in 2016 and 1,954 in 2017, in 2018, till August 6, 1,470 such complaints were received, which is up 2017’s weekly average by 30%.

Of this, fraudsters telephoning people posing as bank officials and cheating them after asking credit or debit card details was the most common fraud with “at least 15 to 20 complaints a week”, Anand Kumar Yadav, station house officer of Cyber Police Station, said.

“They ask for your card details, then initiate an online transaction and ask for the OTP (one time password) sent to your phone by the bank. Once you give them the OTP, they transfer money online from your account,” Yadav said.

Of the total 2,482 complaints cyber fraud-related complaints received till August 6 this year, 1,470 or 59.2% were of credit, debit card and banking frauds.

On the increase in the number of such cases, Sumit Kuhar, deputy commissioner of police (DCP) (crime), said, “We have created a separate cell to investigate the banking fraud cases, but people should remember basic security tips to not fall prey to such frauds.”

How the con happens

Around 12.30pm on July 28, Ramesh Singh (45) a truck driver from Rajasthan, who lives in Pataudi, was getting ready for work when he received a phone call to activate his credit card.

“There were two-three madams. They kept asking questions and we kept giving information. They even asked for OTP sent to my phone. As soon as the phone was disconnected, I lost the money,” said Singh, who lives at a rented accommodation with his wife and two children.

At 1.05pm Singh received three messages informing transactions from his account: ₹9,785, ₹14.98 and ₹14.98.

“People should never share their card details and OTP with anyone—not even with people claiming to be bank employees. These are basic things people should remember,” Kuhar said.

Yadav said that apart from activation of credit or debit cards, other tricks fraudsters, who pretend to be bank officials, use were pretending to link bank account to Aadhaar Card, redeeming credit card points and updating of the bank account.

“They target everyone. The rich, middle class and poor, across age groups,” Yadav said.

Kuhar said that in case of banking frauds people get their money back from banks if they have not shared their OTP.

Who are fraudsters?

Yadav said the gangs operate mostly out of Jharkhand, West Bengal and Bihar. He added that the fraudsters call during official working hours of banks—between 10am and 5pm.

The SHO said that about three months back the Jharkhand government, after getting a lot of such complaints, appointed an officer of DIG rank as the nodal officer. “We can fill a form and sent it to them if we need their assistance,” he said.

Kuhar said that the police have a special division in the cyber cell to deal with banking frauds.

An investigating officer in a banking fraud case at the cyber police station said that the inquiry into such cases is not easy. “They operate on SIM cards taken on a fake identity and this makes it harder to track them. While the purchase is being done in Kerala, the phone will be operated from Jharkhand. This makes it difficult for us to trace them,” he said.

What helps the fraudsters?

Kuhar said that customers’ bank details getting leaked to fraudsters was a major concern.

“How would a fraudster know that I have an account in a particular bank and call me pretending to be officers of that bank?” he asked.

The DCP said that many times banks outsource their marketing to a third party and shares customers’ information with the third party and the data get leaked from there.

“When we arrested accused in a case we found out that they got details from websites which were selling details of bank customers. It is a major problem,” he said.

Yadav said that the fraudsters quickly transfer the money from the victim’s account to an e-wallet and account and keep transferring it or spent the money within minutes.

“So, even if a victim manages to file a complainant real fast and we are able to track the e-wallet or bank account, we would not be able to freeze it,” he said.

When asked about the increase in the number of banking fraud-related complaints, Yadav said that it has been increasing every year. “As more and more people are using internet and mobile phones, the number of cyber complaints will also keep increasing,” he said.

The Role of banks and e-wallets

In a notification in 2017, the Reserve Bank of India told banks to put in place robust and dynamic fraud detection and prevention mechanism.

“Banks must put in place mechanism to assess the risks (for example, gaps in the bank’s existing systems) resulting from unauthorised transactions and measure the liabilities arising out of such events,” RBI said.

The RBI also said banks should set up a system to continuously and repeatedly advise customers on how to protect themselves from electronic banking and payments related fraud.

A spokesperson of Axis Bank said that they engage with customers from time to time on safe banking practices. “Most of the fraudulent transactions on cards are predominantly for quick consumption goods and cash-out. Hence, the scope of recovery is intricate and the bank liaisons with the merchant bank to reverse the charges, where possible. The major problem in investigation of cases is cross-border transactions and digital trails of transactions,” he said.

“Fraudsters dupe gullible customers through ponzi schemes or lucrative offers which are ‘too good to be true’ and procure confidential card information to perpetrate frauds,” he added.

When asked about fraudsters transferring money from a victim’s account to a digital wallet, a spokesperson of PhonePe, a digital wallet, said that they cooperate with any law enforcement agency’s request without compromising on user security.

“Often the time lag for reporting of a fraud case is huge, which prevents us from holding of funds for suspected fraudulent transactions, as we do not receive any police complaint,” she said.

According to RBI, banks must ask customers to mandatorily register for SMS and e-mail alerts, for electronic banking transactions and also provide 24x7 access through multiple channels such as website, phone banking, SMS, for reporting any fraudulent transactions.

According to RBI guidelines, bank customers who are victims of fraudulent or unauthorised e-transactions will not bear any loss if the transaction is due to a fault in the bank’s security system, or a third-party breach and the customer reports it within three days.

Meanwhile, Ramesh Singh rued for not listening to his wife. “My wife had told me in between that we should not share OTP, but I did not listen to her. I earn only ₹16,000 a month, now where will I go for the money?” he said.