Friday, June 3, 2011

Techno-Legal Measures To Prevent ATM Frauds In India

Reserve Bank of India (RBI) has recently released the report of its working group on securing card present transaction that covers ATM security as well. RBI has also prescribed cyber security due diligence for banks of India. Despites these pro active steps, ATM frauds are increasing in India.

ATM frauds are executed by techniques like wire tapping, replicating the digital signature of the card, getting authentic personal data at fake data call centres, tampering ATM slots by rigging, phishing through e-mail accounts and fixing hidden cameras at vantage points inside ATM installations to steal the secret PIN number of the customers. Fraudsters use special devices like skimmers, duplicate ATMs, to withdraw stacks of money from ATMs.

In this interview of Praveen Dalal, Managing Partner of New Delhi based ICT Law Firm Perry4Law and leading Techno Legal Expert of India, he has shared the techno legal methods to prevent ATM Frauds in India. ATM frauds can be tackled by using techno legal measures alone.

Q-1 Apart from the spamming and phishing, what are the various kinds of ATM frauds? Please specify the ones that take place at the ATM machine or at the counter.

A.1 ATM frauds happen when someone leaves his/her credit card unattended in a vehicle or changing room or allows anyone else to use the card or looses the card that is misused by others or discloses the Personal Identification Number (PIN) to others, etc. These mistakes allow the offender to withdraw money by using the stolen information. Fraudsters are using special devices, skimmers, duplicate ATMs, etc to withdraw money from ATMs. Sometimes such frauds are an insider job with the collusion of the employees of the company issuing those cards.

Q-2 Out of all the techniques, which one is the most common?

A.2 The misuse of disclosed PIN for withdrawing money is the most common techniques used for committing ATM Frauds.

Q. 3 What the individual can do to avoid their money from being siphoned off due to ATM fraud?

A.3 Some basic precautions by the card holders can be very effective in preventing ATM frauds. For instance, never leave your credit card unattended in a vehicle or changing room, never allow anyone else to use your card, always retain sales/charge slips to compare with the amount specified on the billing statement, do not disclose your PIN to anyone, etc.

Q. 4 Is any new technology available to handle ATM frauds? If yes, please elaborate.

A.4 The technological mechanisms like Designated time, Microchip technology, Biometric tokens, Enhanced security, ATM Monitoring, Customised softwares, Customer motivation, Alerts, etc can be used to minimise and prevent ATM frauds in India.

Q.5 What is the scenario abroad? Are ATM frauds more rampant outside?

A.5 The culture of e-banking is more prevalent in foreign countries. Obviously, the menace of ATM frauds is more in those countries. However the problem of ATM frauds is global in nature and its ramifications have been felt in India as well. Information and Communication Technology (ICT) is forcing Indian legal system to adapt itself as per its requirements. Presently, there is a lack of legal enablement of ICT systems in India and we need good laws in this regard.

Q. 6 What does IT Act 2000 say about ATM frauds?

A.6 The IT Act, 2000 does not contain any specific provisions regarding the same and the traditional law of IPC, 1860 also cannot be relied solely and independently to tackle this problem. We need a better law for this purpose and Perry4Law has already provided its suggestions and recommendations in this regard and other ICT related matters to the Government of India, Department of Information Technology, Department of Science and Technology, Prime Minister’s Office, etc. Till we have suitable and apt laws, we must apply existing laws in a purposive and updating manner.