The road ahead for e-transactions is pot-holed as the country is little prepared for the many threats lurking in this space 

~By Neeraj Aarora

Despite Indians being exhorted to adopt e-platforms at a fast pace, there is inadequate digital literacy in all spheres, making it attractive for cyber criminals. Not only are these threats at a micro level but also at an international level. There are more credit card, e-banking and mobile frauds in Europe and the US despite people there being more e-savvy, e-banking being more matured and investigation agencies having better training to handle digital crimes. The digital battlefield is now a cold war and cyber attacks are now being treated as military attacks in China, Russia and the US. India, however, still has to wake up to this immense threat.

Digitisation impacts individual and small businesses too as they don’t have the time, budget and expertise to coordinate an effective security solution. They are, therefore, easy targets of cyber criminals. Moreover, they may take comfort in the illusion that their operations are too inconsequential to attract the attention of international cyber criminals, who instead target global banks, internet retailers and government entities to harvest their databases of credit card numbers, client passwords and accounts. But this is not true. Cyber criminals may prefer to target small businesses particularly as the risk of a counter-action is relatively less.

In India, this risk has grown. The recent spurt in the use of applications, mobile wallets and online transactions has exposed users to various risks which may have a cascading effect. The market is flooded with various applications for money transfer and after the launch of Bhim, a digital payments solution app, their number has gone up.

Though phishing has emerged as one of the biggest cyber crime threats, those from these applications are more. They provide a tunnel from the server of the service provider to the individual mobile, whereby the application provider can access all the data in the mobile and even the communication on it in real time.

However, most of these money transfer applications are not complying with Section 43A of the Information Technology Act, 2000, and are putting the Indian consumer to great risk whereby their personal data can be misused for committing various offences on the internet. The Act and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, provide for reasonable security practices to protect the personal information of users.

Investigating agencies inherently lack skills in probing cyber crimes and use traditional approaches to handle them. Most law enforcement agencies don’t have standard operating procedures or manuals on how to handle these crimes, collect digital evidence and present them in court. Most of the existing procedures have either become obsolete or redundant. Forensic support in cyber crime is limited to the forensic tool and most of these experts are tool experts or tool monkeys as referred to in the forensic community. They lack the knowledge required to meet the challenges in a court of law.

The recent spurt in the use of applications, mobile wallets and online transactions has exposed users to various risks which may have a cascading effect. The market is flooded with various applications for money transfer and after the launch of Bhim, a digital payments solution app, their number has gone up.

The admissibility of digital evidence in courts has become a big hazard. The fact that e-evidence can be fabricated or falsified creates a hurdle to admissibility.

In the Anwar PV vs PK Bashir and Ors, the Supreme Court interpreted Section 22A, 45A, 59, 65A and 65B of the Evidence Act and held that secondary data in a CD/DVD/pen drive was not admissible without a certificate U/s 65 B(4) of the Evidence Act.

Another impediment in the investigation of cyber crime is that these offences are bailable under the IT Act. These include cheating through impersonation, identity theft, theft of data, hacking and password theft which are applicable to online transactions. Custodial investigation is essential in the investigation of cyber crime as compared to traditional crimes as it’s easy to spoof identity and hide electronic evidence in the digital medium. But the absence of custodial interrogation is a stumbling block in such cases.

Investigating agencies have been invoking the IT Act and the IPC to secure custodial interrogation. But this would not be permissible in view of a recent apex court pronouncement in the judgment of Sharat Babu Digumarti vs. Govt. of NCT of Delhi. It was held there that if an offence specifically falls within the ambit of the IT Act, recourse to similar provisions under the IPC are not permissible.

Another boon for cyber criminals is that for cloud computing and emerging encrypting technologies, hardly any remedies are available under Indian laws. India is also not a signatory to the Council of Europe’s Cyber Crime Treaty which provides for sharing information for investigation and detection of cyber crimes. This risk was evident from the recent allegation of rigging of the US presidential election by Russia.

In the absence of any concerted approach, requisite infrastructure and preparedness to tackle cyber crime, the way forward seems paved with hurdles for the government, industry and people of India.

—The writer is an Advocate-On-Record, Supreme Court
and a cyber lawyer and International Arbitrator

Lead picture: People are increasingly looking for cashless options to make payments. Photo: UNI