The digitisation of banking and other financial transactions has opened up huge new opportunities for fraud. Not big name fraud where businessmen take large loans and never return them, but ordinary small ticket fraud whereby older and non-tech savvy people are being robbed off their savings by criminals using mobile phones, internet banking and digital transactions.
Last week, while talking to a TV journalist who was doing a story on one such gang that had been caught by Delhi Police, I was shocked to discover that these crimes are taking place by the hundreds in Delhi alone. And yet, it is not being treated as a crisis by the industries which are providing the tools for this fraud, nor are their regulators doing anything beyond pro forma warnings.
In the case that the police had cracked, the starting point was when an old man received a phone call from someone who claimed to be an insurance company telemarketer. This caller already had absolutely accurate details of the insurance products already held by the old man and said that he could help him redeem those and switch to other products which had much higher returns. The redemption happened as promised but then the money went away somewhere and disappeared. According to the police, databases of correct details of insurance policies already held--which is what establishes trust to begin with--are available to criminals at 20 paise per record. The criminals turned out to be former employees of insurance sales call centers so there was no problem with their approach being realistic.
In other cases, where criminals had convinced their victims to transfer funds from their bank accounts, they had found it easy to extract the one-time SMS password by spinning some story about authentication. Clearly, the banking industry’s chosen authentication tool is not working. In the insurance case, the key flaw in the system is that it’s possible to buy a product with a payment from one bank account but redeem it with a payment to some other bank account.
Each story shows patterns that can be used to block such frauds. The only thing that is needed is for banks and insurance companies to be actually interested in doing so.