In this article, Aditi Katyan pursuing Diploma in Entrepreneurship Administration and Business Laws from NUJS, Kolkata, discusses Where to file a complaint regarding E-wallet Fraud in India.

Technology is a gift, that does not only make functioning of our day to day activities easier, but has also become a pertinent factor in determining the economic growth of any nation. With the declaration of demonetization in order to create a cashless economy and tackle the problem of corruption, the trend of e-wallets has increased in India.

E-wallet or digital wallet is an online platform that allows users to conduct the electronic transfer of finances. The users can also store their card number and other shopping details which provides them with a hassle free procedure to complete any transaction.[1]

The prominent e-wallets that are used in India include, Airtel Money, Citi MasterPass, Freecharge, Paytm etc. Although the e-wallets claim to provide the users with complete protection of their private information through encryptions and passwords, the increase in e-wallet platforms post demonetization has also lead to increase in the number of fraud cases regarding the same.[2]  Also, many a time there have been cases where certain e-wallet service providers are using software systems that are only password protected, which can be easily hacked into or stolen online.

There are various types of online frauds and theft related to e-wallets, namely

1. Identity theft – Since it is not possible to know if the person whose name is mentioned is actually using the ID also, many fraudsters obtain the banking information illegally so as to gain access to the account. Hacking into the personal accounts of individuals has also become easier because of availability of open Wi-Fi networks, and lack of awareness among individuals regarding mails containing virus software.
2. SIM Swap – Many times the imposter either poses as a representative from the e-wallet company or somehow gets access to the individual’s credentials, in order  to purchase a duplicate SIM  with a fake ID. The fraudster then blocks the current SIM of the person concerned and conducts financial transactions with the owner’s SIM by generating one time passwords.
3. Phishing attacks– The hoaxer makes the owner of the SIM use the personal banking information by sending fake emails, or using corrupted websites.
4. Brute Force – The owners using public Wi-Fi or having weak passwords fall under this trap, as the hacker cracks into the system using various permutations and combinations.
5. Malware– These are specifically designed mobile applications or programmes used by the cyber criminals to gain access to sensitive information either when the user downloads some unauthorized application or is sent to him/her via fraudulent attachment through e-mails.
6. Vulnerable payment technology– Even tough it is little difficult to detect the vulnerability in the online payment gateways, using advanced hacking and security systems cybercriminals use look up for any such risk and use it for their advantage.
7. Ransomware- This is one of the typical actions used by he hackers. After the hackers manage to gain remote access to all the important credentials of the victim, along with the device, the block the access to the device for the victim unless they are paid for it.[3]

When any individual is faced with any such situation where they are defrauded, the first and the foremost step for them is to inform the concerned bank through which their e-wallet account is linked. All the credentials should be changed and the cards should be hotlisted.[4] A detailed complaint should be filed with the banking fraud and online fraud cells that are run by the cyber crime unit. Furthermore, a written complaint needs to be filed with the bank, mobile service provider, the e-wallet company, and any such third party vendor who may be the source of any such fraud. A regular follow up with the complaint filed is required. In case the banks fail to redress to the complaint, legal route should be taken in order to avail appropriate judicial recourse. If the complaint is dismissed within 30 days, help from an ombudsman should be sought. As a last resort, in situations when the ombudsman also fails to provide appropriate relief, an appeal can be made to the RBI Deputy Governor.[5]

Apart from the complaint filing mechanism, the RBI has also issued updated and new guidelines ensuring strict regulations, customer security and access to interoperability. The e-wallets are controlled by the RBI through the Master Circulation published on online payment instruments. This circular enlists the protective measures for the e-wallet customers. These guidelines not only provide rules regarding minimum capital requirement or deployment of money collected but also rules for the e-wallet companies to establish grievance redressal cells.[6] In order to ensure safety, the RBI has also made rules for the service providers to submit their yearly annual reports that covers technology, hardware and compliance systems. These companies will also have to make sure that a separate log-in ID is provided for the pre payment instrument (PPI) account. This PPI should not be made part of any other services that are provided by the companies.[7]  All these online applications are also asked by the RBI to guarantee that their app is not allowed on rooted device and conduct a pre-check regarding any other embedded malicious codes on their applications before launching, so as to maintain proper security. [8]

However, even though the RBI has mentioned guidelines to protect the customers from e-wallet frauds, it fails to guarantee complete protection of the information as the issued circular merely asks the e-wallet service provider to take “adequate” measures for data security and prevention of frauds. There is no minimum standard provided by the RBI that is required to be maintained by these companies, nor has any appropriate liability been established in case any fraud occurs due to lack of security measures.

In situations when the RBI guidelines fail to provide proper recourse to the online fraud, the liability is imposed on the e-wallet company under Section 43A of the Information Technology Act, 2000,  that deals with the security of the information held by the private companies. But again these statutes only provide clauses that mention that the e-wallet service providers are required to maintain reasonable measures to ensure data protection of the customers.[9] Also, if the private corporation has proved that they have maintained reasonable standard for data protection, their liability is quashed despite the loss incurred by the customer.

In view of the fast shift in the payment methods from using hard cash to digital money, there is an urgent need to increase and establish necessary measures to ensure protection of sensitive information. Along with protecting the software programmes the security can also be increased by introducing hardware level security where protection is provided in the chip or the processor,  as the processed data is encrypted, tightly bound to the chip or processor.[10]

Along with the measures taken by the RBI and the efforts of  the service providers to increase their level of data protection, it is also required for the customers to exercise due diligence and caution during transactions using the e-wallets, such as: [11]

• Regularly monitoring their bank accounts and keeping a check on unusual activity.
• Refrain from sharing their data, credentials and sensitive information with anyone else.
• Transfer money into their e-wallets rather then link it directly to their bank accounts as it requires storage of personal information which makes it easier for the hackers to gain access
• Change passwords on a regular basis and ensure that the card number is not visible to the retailers during the payment.
• Exercise caution while downloading mobile applications, to prevent corruption from malwares.
• If possible, maintain separate email Ids for e-wallet transactions so as to maintain a distance from malicious spam and junk mails.
• Prioritise data protection over convenience and make sure to log out their e-wallets after use, this reduces the chances of fraudulent transactions in case of loss of mobile phones, etc. to a small extent.

Even though RBI measures and individual precautions will help in improving the protection status regarding e-wallets complaint, since most of the e-wallet owners are private in nature, it is necessary for them to provide better recourse to such situations as well. There are a number if instances reported regularly, where the victim is not only suffering because of loss of data, but also because the e-wallet company fails to recognize his/her grievance as well. The customer service is still not provided in the best possible way. The period after the announcement of demonetization was one of the most crucial time period for these service providers.[12] The number of people resorting to online payments mechanisms were increasing, and not most of them were fully aware of the functioning of the system, hence, it is very important for the private companies to own up to their duty as service providers as well.

The online payment gateway is a tripartite system, the banks, the users, and the service providers work hand in hand. The safety of his data is in the hands of the individual, hence, it is necessary to exercise due caution. The users should read the terms and conditions properly and thoroughly before signing up for the services of the e-wallets in order to ensure that the e-wallets have not shed their responsibility of customer protection in case of third party frauds. Also, proper rights and liabilities of the users need to be established in order to ensure faster and appropriate redressal mechanism in situations of fraud.[13]

REFERENCES

[1] http://economictimes.indiatimes.com/definition/e-wallets

[2] https://www.sumhr.com/digital-wallets-india-list-online-payment-gateway/

[3] http://www.businesstoday.in/magazine/money-today/investment/web-of-frauds/story/243774.html

[4]http://indianexpress.com/article/technology/tech-news-technology/what-to-do-if-you-are-a-victim-digital-banking-fraud-4425316/

[5] http://www.bgr.in/news/rbis-new-guidelines-for-wallet-services-strict-regulations-customer-security-access-to-interoperability-and-more/

[6] https://rbi.org.in/scripts/NotificationUser.aspx?Id=8993&Mode=0

[7] http://www.bgr.in/news/rbis-new-guidelines-for-wallet-services-strict-regulations-customer-security-access-to-interoperability-and-more/

[8] http://www.bgr.in/news/rbis-new-guidelines-for-wallet-services-strict-regulations-customer-security-access-to-interoperability-and-more/

[9] http://tech.firstpost.com/news-analysis/e-wallets-no-prescribed-security-standards-under-indian-e-wallet-laws-puts-your-financial-data-at-risk-351209.html

[10] http://www.indjst.org/index.php/indjst/article/view/111087/78779

[11] http://indianexpress.com/article/technology/tech-news-technology/what-to-do-if-you-are-a-victim-digital-banking-fraud-4425316/

[12] http://economictimes.indiatimes.com/magazines/brand-equity/why-is-customer-service-still-so-terrible-in-an-age-of-wallets-and-mobile-banking/articleshow/58802868.cms

[13] http://www.business-standard.com/article/pf/wallet-frauds-on-the-rise-116012400764_1.html