The refusal of the Maharashtra State Banking Ombudsman to intervene in a case of net banking fraud that left a customer poorer by nearly ten lakh rupees is bound to add to the anxiety of consumers who are afraid of falling victim to cybercrime. Much as plastic money and online commerce are convenient, they bring with them the baggage of security concerns. The banking and payment card industries, and enforcement agencies must respond to such incidents with alacrity. Reserve Bank of India statistics record a downward trend in the number of cases of credit card fraud: from 20,806 cases in 2009 involving over Rs.61 crore, to 7,305 cases in 2011, with an exposure of Rs.21.7 crore. Yet, that is cold comfort for many because the theatre of crime is often a foreign country. That point is amply borne out by the many cases of Indians preyed upon by identity thieves and financial fraudsters who skim off information from cards used abroad. While the offices of the Banking Ombudsman may not have all the resources to address the problem, the onus of security should lie with the system, and not the consumer. At the moment, the procedure for redress — especially filing a complaint of cyber fraud — is difficult, and the level of liability for misuse of the card after reporting the crime does not favour the customer.
Some of India’s online gateways do incorporate additional security components such as codes and keys, but the consumer faces an unfriendly system when he falls victim to identity theft. Although the Information Technology Act was amended to incorporate a specific section, 66C, relating to punishment for identity theft, the police are often not receptive to complaints. As a confidence-building measure, banks and the payment card industry must come up with an advisory in plain language on good practice, rights of account holders, their liabilities including insurance against theft, and the system of seeking help. The law on limited consumer liability is clear in the United States, whereas insurance compensation for fraud is often capped in India. On the technological side, the banking system, the payment card operators and the retail sector must explore ways of incorporating new technologies that can make transactions highly personalised. Generating individual digital tokens for buyers’ pre-registered mobile phones for each sale — as some online retailers do to verify the customer — may be one way to confirm identity. With smartphones and m-commerce growing in popularity, the need to strengthen systems against online fraud is even higher. Weak consumer confidence and unhelpful enforcement agencies can only deter growth.