Karnataka Police recommend unified national platform for efficient cybercrime probes

The Karnataka State Police have recommended the establishment of a unified national platform to share information between law enforcement agencies, banks, non-banking financial institutions and payment gateways, which they say is “crucial for efficient cybercrime investigations.”

This platform would also enable regulators to monitor bank compliance and response times to law enforcement agency requests, argued the report titled “A study on the use of money mules in cyber crimes”, prepared by the Cyber Crime Investigation Training and Research Centre (CCITR) of the Criminal Investigation Department (CID), released on Friday. 

An expert committee anchored by CCITR to study and recommend ways to plug gaps in the financial services to stop the menace of using mule accounts (accounts hired for use by a third person) in cybercrimes has also recommended several measures to be implemented at the bank’s end as well. This includes fixing appropriate transaction limits for current accounts and generating Suspicious Transaction Reports (STRs) based on the verified business capacity, to prevent accounts being misused as mules.

“Using technical methods for identification and monitoring is crucial for combating mule accounts. AI/ML should be employed to detect mule accounts, and alerts should be generated based on fraud risk assessments and the use of a suspect repository,” the report said.

“To counter the change of phone number linked to bank accounts, banks should enforce stringent verification protocols, requiring that linked phone numbers are either registered under the account holder’s name or directly linked to the Aadhaar number provided during account opening. This measure would effectively prevent unauthorized phone number modifications and disrupt the fraudulent transfer of account control,” the report said. It also recommended that the Government of India issue a direction to this effect, which would “effectively prevent remote account takeover by cybercriminals.”

Further the report said, “To counter the acquisition of fake SIM cards used in operating mule accounts and committing other cybercrimes, measures such as implementing of geo-tagged SIM activation and making biometric based Aadhaar verification mandatory for all SIM card activations would prevent fraudulent practices at the point of sale. Telecom service providers must introduce further stringent actions against agents involved in issuance of fake SIM cards.”

Due diligence

The report further recommended that regulators should impose penalties or fines on banks, payment gateways, and other financial institutions for failing to conduct due diligence in fraud prevention, as well as for non-responsiveness, delayed responses, or non-cooperation with Law Enforcement Agencies (LEAs) during cybercrime investigations.