BQ Learning: Victim Of A Cyber Crime? Here’s What You Can Do
BQ Learning is a special show that seeks to demystify financial markets, economic theories, legal processes and political structures. In this series, we discuss citizens’ rights when interacting with the police in various circumstances—from reporting a crime to being investigated. The first part on the relationship between the police and people can be found here; second one on road crimes here; and third on serious crimes here.
In this episode, we explain what kind of offences amount to cybercrime and what to do if you’re a victim of one.
A cybercrime is a criminal activity that’s committed using a computer, a networked device or the internet. Cybercrimes can be broadly divided into three categories, says criminal lawyer Omkar Mulekar. First, virus attacks, hacking data, malwares like trojan horse; second, publishing illegal material and obscene data like pornography and third: financial crimes which are committed with malicious intent like impersonation and misusing credit or debit cards. The crime is profit-driven, may include theft and resale of personal information, says Mulekar.
Social Media Activity
Section 66A of the Information Technology Act (IT Act) continues to be used by police to arrest people for their comments on social media. This is in spite of the Supreme Court’s 2015 ruling that had struck down this section as unconstitutional. This section
allowed people to be jailed for online posts which could be considered offensive.
Of late, section 67A of the IT Act which deals with obscenity has been used to prosecute individuals, Mulekar pointed out.
Financial Frauds: Liability
Although the Reserve Bank of India has certain protective measures in place, a customer can be held liable if personal information is shared by him on fraudulent websites, underlines advocate Mulekar. One cannot hold the bank or the financial entity accountable until a complaint of financial fraud has been filed with the bank.
Misuse of credit and debit cards amounts to cybercrime, says Mulekar. There have been cases, he adds, where credit cards have been cloned and funds withdrawn by entities located abroad, making it an international crime. The investigation and apprehension in such a case, therefore, becomes difficult, he explains.
A customer, holding a basic savings bank deposit account, has to pay Rs 5,000 as maximum liability if the bank was notified by him about an unauthorized transaction with a delay of four to seven days. The liability in case of savings account is Rs 10,000; for credit card holders with limit up to Rs 5 lakh, it is Rs 10,000; and for limit above Rs 5 lakh, it is Rs 25,000. The remaining liability lies with the bank or the credit card issuer.
In case of a further delay in reporting to the financial entity—or beyond seven working days—the customer’s liability shall be determined as per the bank’s board-approved policy. Any loss that occurs after the reporting of fraudulent transactions will be borne by the bank.
In cases where the bank loses data, the accountability lies with the bank. And if financial transfers happen after the bank has been alerted, then the customer is not liable, says Mulekar.
As first step, the bank or financial entity must be immediately informed to freeze the customer account from which malicious fund transfers have been made. One must then go to the police station in person and register an FIR. The local police station will then transfer the case to the cybercell department to take over the investigation. Involving the cops as step one could be time-consuming and it’s wise to alert the bank first, points out Mulekar.
Impersonation is the most common type of identity theft. Once a complaint is filed with the police, the law enforcement body usually reaches out to the entity or platform on which the incident of hacking has taken place. The internet protocol address of the hacker is traceable—the police then takes the investigation forward based on the cybercell’s report.
Watch the full interview here: