The credit/debit/ATM card frauds as detected by some of the largest banks were waiting to happen as India has been on the radar of the global cyber criminals who hack into the computer servers using the malware, putting the entire financial structure into a big risk, an ASSOCHAM-Mahindra SSG joint study had forewarned.
“Shocked that we are by such large volume of frauds forcing most of the big banks to recall their swiping cards resulting into not only a huge financial losses but also raising a question mark on our cyber security, the ASSOCHAM has been continuously sensitising the government, RBI and the banks against the unfolding cyber risks,” the study said.
He said an ASSOCHAM-Mahindra SSG study published recently pointed out that India has become a favourite hunting ground for global hackers and criminals. In fact, according to this study, India was the third biggest target for these hackers after the US and Japan.
A rapid increase in the use of computers and the emergence of the Internet in particularly in the last few decades has led to the evolution of cyberspace. Cyberspace is borderless and anonymous due to which it becomes difficult to actually trace the origin of any kind of cyber attack. The study had further noted that mobile frauds are an area of concern for companies as 35-40% of financial transactions are done via mobile devices and this menace is expected grow to 60-65% by 2017.
Credit and debit card fraud cases top the chart of cybercrimes. There has been a sixfold increase in such cases over the past three years. According to the data, about 42% complaints of online banking related to/credit/debit card fraud followed by Facebook (31%)-related complaints (morphed pictures/cyber stalking/cyber bullying). Other major cyber complaints were cheating through mobile (12%), hacking of e-mail ID (10%), abusive/offensive/obscene calls and SMS (5%), and others.
These attacks have been observed to be originating from the cyberspace of a number of countries including the US, of Europe, Brazil, Turkey, China, Pakistan, Bangladesh, Algeria and the UAE.
Andhra Pradesh, Karnataka and Maharashtra have occupied the top three positions when it comes to cybercrimes registered under the new IT Act in India.
Phishing attacks of online banking accounts or cloning of ATM/debit cards are common occurrences. The increasing use of mobile/smartphones/tablets for online banking/financial transactions has also increased the vulnerabilities to a great extent. The maximum offenders came from the 18-30 age group, the report added.
“Internet frauds alone have cost India a whopping 4 billion $(about Rs 24,630 crore) in 2013 as cyber criminals are using more sophisticated means like ransom ware and spear-phishing,” the report said.
During the years 2011, 2012, 2013 and 2014, a total number of 21,699, 27,605, 28,481 and 36,554 Indian websites were hacked by various hacker groups spread across worldwide. In addition, during these years, a total number of 13,301, 22,060, 71,780 and 95,189 security incidents, respectively, showing a sharp increasing trend. The total number of security incidents reported to CERT-In has been on the rise.
There is urgent need for having public-private-partnership (PPP) in cyber security for protecting the critical online data and creating awareness amongst the public. Internet has many stakeholders and the government is involved in terms of making laws and the private sectors are involved in creating technologies like hardware, software and so on and this can’t be seen in an isolated manner that’s why PPP model is important. The fifth domain warfare is real and expanding at a rate which is more concerning, ISIS use cyber space for expanding its base and support is glaring example of this.
Cyberattacks around the world are occurring at a greater frequency and intensity. Operating securely in the cyber environment is among the most urgent issues facing the government, industry and individuals. It is important to take proactive measures rather than reactive methods as building safe environments will always be the best line of defence against rising cybercrime. ‘Safety first through security by design’ should be the motto. Security by design ensures reduction in overall cost to the business and increases the efficiency of the system by making it robust and secure.
The government and regulators should develop comprehensive cyber security policies and frameworks from the perspective of incentives, tax breaks and technological development. The policies should be such that they encourage private sector participation in public sector research and promote the commercialisation of research and development and intellectual property.
Effective mechanisms should be established to ensure coordination and cooperation between various countries. India should ensure active collaboration with the other countries and global cyber security agencies through international treaties, bilateral agreements and Memorandum of Understandings in order to understand the latest threats and take proactive security measures.
The government, and specifically the regulators, should look at developing sector-specific policies and frameworks tailored to meet the requirements of the particular sector in order to strengthen cyber security in that domain and ensure compliance with the defined security standards.