Cyber scams are thriving because multiple frauds and systemic lapses preceding them go unchecked, say experts.

On an average, individuals in Karnataka lost Rs 1 crore every day in 2022 and the police could recover only 12% of the amount, the state home department revealed recently. Citizens were robbed of Rs 722 crore by cybercrooks between 2019 and January 2023.

Time factor

Reporting the scam immediately, within ‘the golden hour’, increases the chances of money recovery. “We need 15 to 12 minutes to complete the procedure and act,” says S D Sharanappa, joint commissioner of police (crime), Bengaluru. Dial 112 or 100 without delay, he advises.

In the online world, a few minutes are equal to an eternity, comments Pankit Desai of cybersecurity startup, Sequretek, on how quickly the swindled money moves through the cyber crime network, crossing states, countries, and cryptocurrency corridors.

With borderless scams comes the challenge of territorial jurisdiction. “Low-tech scams are committed outside the state where the victim resides. It is time-consuming to chase such cases and they are overwhelmingly high in number. Perhaps the reason for police chasing only big scams,” says security researcher, Somdev Sangwan.

If the sum lost is not much, customers give up easily, says a banker.

Detection is low

Cyber crime consultant Mukesh Choudhary from Rajasthan explains why “detection is low” with a typical case study.

Scammers use pre-activated SIM cards of unsuspecting people, second-hand phones and impersonated bank accounts, and discard them soon after the money is debited and/or move to another location.

The police end up apprehending innocent people whose photos, ID and address proofs have been stolen or
duplicated. And if scammers operate via private VPNs, tracking is impossible.

What needs to be plugged first is the identity theft happening at general stores, mobile phone shops, photocopying facilities and banks, feels Mukesh.

“Catching one scammer is not the end of the case because invariably a syndicate is involved,” points out Santosh.

On the police front

Mukesh, who conducts training at the National Police Academy, points to systemic challenges: Daily allowance given to officers to pursue outstation cases is “very less”; cops nearing retirement don’t feel the need to upskill; often non-performing officers are sent for trainings and outstation investigations so others can focus on local cases; the force is understaffed.

“We face a language barrier when we go to states like Rajasthan and Bihar, and we don’t receive much assistance from the local police,” says Santosh.

Stronger laws needed

Counting the reasons for low convictions, Santosh says almost all online crimes are bailable, and out of court settlements are common. Moreover, the maximum punishment is either 3 years in jail or Rs 5 lakh in fine.

“The nature and modus operandi of cyber crimes have multiplied since the Information Technology (IT) Act was last amended in 2008. Stricter punishment, and more powers for the police are needed,” he says.

Mukesh adds, “Currently, the IT Act allows a police officer at least of the rank of inspector to investigate cyber crimes. But today, the caseload is high and every crime has a component of cyber crime. So everybody down to the constable should be permitted to handle cyber crimes.”

The legal framework for cryptocurrency and crypto frauds is also missing, he notes.

Lawyer Sudha Samyeeksha concurs that the IT Act doesn’t yet offer stringent penalties, effective remedies and enough powers to the police to investigate cybercrimes outside their jurisdiction. She hopes the upcoming Digital India Act will address these issues.