After prolonged delay and hesitation, financial institutions have picked up the gauntlet and decided to step in with technology tools to curb cyber fraud perpetrated by using the banking system.
The Reserve Bank of India has advised banks to implement and use robust software for real-time transaction monitoring of banking transactions so that suspicious activity can be detected and prevented on time.
Secondly, banks will use AI / ML tools in detecting such suspicious and fraudulent transaction patterns involving mule networks. Their timely identification could result in the initiation of prompt action.
Most cyber fraud cases, including the malicious and notorious “digital arrest” cases, involve the transfer of illegally obtained funds from the victim’s bank account to a mule account, and in turn, siphoned off to the perpetrator’s accounts. For long, there has been a persistent demand that banks should step up and play their due role in curbing cyber frauds. Finally, the RBI has rolled out “MuleHunter.AI”, an artificial intelligence/ machine learning-based solution for mule account detection. It is reportedly being used by 26 banks and is being scaled up further.
Moreover, RBI’s new regulations, to be effective from April 1, will go a long way in checking cyber fraud and scams. An important change in this context is the additional verification measures for the transfer of large sums of money, often running into several lakhs of Rs. The banks may seek Aadhaar linking, fingerprint authentication, and facial recognition, and this could draw attention to the nature of the transaction and dubious recipients, if any.
Secondly, the OTP or One Time Password through SMS has been previously thought of as a safety feature, but of late, cyber criminals have found ways of undermining it. So, banks will not be content with OTP through SMS alone and will insist on two-factor authentication using PIN, password, biometrics or tokens. This will make transactions relatively safe and secure them from certain kinds of cyber fraud.
The new rules make banks somewhat accountable for allowing the system to allow fraud. For instance, if the banks fail to be diligent or if their security systems fail, they may be directed to compensate users in case of small value fraudulent electronic banking transactions. It is a small beginning, and this measure will definitely make banks play their due role in prevention.
The European Union and the UK have been proactive in cyber fraud prevention through a host of pioneering measures. The EU has been able to deploy multi-factor authentication and AI-powered Know Your Customer or KYC solutions, which help in the reduction of online fraud.
Secondly, the banks’ liability in the event of fraud will be increased substantially, especially in cases of impersonation (by fraudsters as a bank or government employee) or when criminals deceive victims into willingly transferring money from their bank account to an account controlled by the fraudster, often via real-time payment systems. Most cyber fraud cases in India fall under this category. And, India has clearly been lagging behind, and much more needs to be done and swiftly with regard to citizen-centric outreach campaigns, and the further strengthening of detection mechanisms and recovery of funds siphoned off and payment of adequate compensation to victims who suffer loss of hard-earned money and often lifetime savings.