Dos and don’ts: To prevent digital arrest, ‘firewall has to be in your head’

🔴 Consider taking cyber insurance against online fraud for money in the bank or invested in fixed deposits or mutual funds.

🔴 If you receive a request from a relative over the phone for money, even if there is a call with a similar voice, always disconnect and contact the person separately.

These are some of the key suggestions from cyber security  experts to protect those vulnerable from online scams, such as digital arrest.

According to Sundareshwar Krishnamurthy, Partner-Cybersecurity, PwC India, several other measures are needed, too, to strengthen systemic defences. “Banks have already implemented safeguards, such as setting third-party transfer limits and requiring out-of-band or multi-factor authentication for transactions. These steps introduce an additional lawyer of control by involving a pre-authorised third party,” he said.

“Looking ahead, we hope tools like MuleHunter.AI will enable banks to offer customers a ‘kill switch’ — a dedicated number they can dial if a transaction is flagged as suspicious. Additionally, there is an urgent need for seamless coordination among law enforcement agencies across states to effectively respond to crimes such as digital arrests,” he said.

Krishnamurthy described recent measures, such as spam alerts rolled out by telecom operators and the introduction of MuleHunter.AI developed by Reserve Bank Innovation Hub to detect mule accounts, as steps in the right direction. The MuleHunter.AI tool was created after analysing 19 distinct mule account behaviour patterns observed across banks, and pilot testing is currently underway with two major public sector banks.

According to Ranjeeth Bellary, Partner, EY India Forensic and Integrity Services-Cyber Forensics, steps such as blocking and reporting unknown numbers, and using caller ID apps, are among the “simple precautions” that bank customers and citizens can “easily take” on their own.

“For a few thousand rupees per year, there are insurance covers for protecting your money lying in the bank as well as money invested in fixed deposits or mutual funds from cyber frauds. Plus, there are some good initiatives that have been taken and more and more firewalls are being introduced. AI initiatives launched by the Government are getting a fairly positive response and AI will play a much bigger role in curbing cyber fraud in future,” Bellary said.

Lt General Rajesh Pant (retd), who was till recently posted at the National Security Council Secretariat as National Cyber Security Coordinator, points to the handbook of “Do’s and Dont’s’’ issued by Indian Cyber Crime Coordination Centre (I4C), the Union Home Ministry’s cyber fraud unit, for preventing digital arrest.

In the handbook, he points out, the key things ‘to do’ include: knowing that a digital arrest process does not exist in India; interrogations are never conducted via video calls; and all such calls should be reported via the “Report Suspect Tab” of cybercrime.gov.in. On top of the ‘not to do’ list , according to the I4C, is: do not engage for long with scammers.

The Union Home Ministry and I4C did not respond to requests of comment from The Indian Express.

Pant, meanwhile, adds another layer of caution: never believe a request over phone from a relative for sending money even if there is a call with a similar voice; disconnect the phone and call back on their number; never send money to avoid loss of reputation. “Cyber criminals are not hacking computer systems, they are hacking the human brain. They are taking advantage of our fear of reputational loss or police action, especially among the aged. So, the firewall has to be inside your brain,” he said.

“All transactions in a bank that are more than a pre-decided amount should be executed only after confirmation from the account holder and that amount should be decided at the time of opening the account. However, if the individual is under the spell of digital arrest, he will still authorise the same. That’s why I say the firewall has to be in your head,” he said.

Govt needs to step up, too

It’s not just bank customers but the Government, too, needs to shore up its defences further, say cyber experts.

Speaking to The Indian Express, cyber crime investigator, Amit Dubey, who is a member of the Union Home Ministry’s Police Technology Mission, said digital arrest and other cyber scams cannot happen without “engagement” and “data breach’’ within banks.

“The UK recently enacted a law, which makes banks at both ends of the transaction liable to provide compensation to customers who have been cheated. A similar legislation must be introduced in India. As of now, banks are using the fact that victims voluntarily transfer their assets and admit their mistakes as a tool to wash their hands of any liability,” Dubey said.

The UK law was announced by the Payments System Regulator (PSR) on October 7, 2024, wherein it is mandatory to compensate customers who have been tricked into sending money to scammers within five days for defrauded amounts upto 85,000 pounds (about Rs 85 lakh). Besides, the refunds to victims are to be split 50-50 between the sending and receiving firms or financial institutions.

In India, the Government tabled the Digital Personal Data Protection (DPDP) Act in Parliament in August 2023 to address the spike in cyber crimes. The law aims to protect personal data, including personal banking data, from theft. But the administrative rules for DPDP have yet not been notified with consultations still being held over the draft.