Curbing Cyber Frauds in Digital India

Context

India’s rapid digital expansion, driven by initiatives such as Digital India, mobile penetration, and UPI, has transformed governance and commerce. However, it has also widened the attack surface, leading to a sharp rise in cyber frauds that threaten financial security, public trust, and national safety.

Understanding Cyber Frauds and Emerging Threats

What are Cyber Frauds?

Cyber frauds involve deceptive digital practices aimed at causing financial loss, stealing data, or misusing identities. They exploit vulnerabilities in networks, human behavior, and digital ecosystems.

Emerging Types of Cyber Threats

• Phishing and Spoofing: Fraudsters impersonate legitimate entities (banks, government portals) to steal credentials.
• Deepfakes and AI Manipulation: AI-generated videos or voices used for blackmail, misinformation, or fraudulent transactions.
• UPI and Payment Frauds: Scams using compromised mobile numbers and fake payment links; addressed through DoT’s Financial Fraud Risk Indicator (FRI) system.
• Online Gaming and Betting Scams:
  • Illegal betting apps lure users with fake returns; over ₹400 crore generated in criminal proceeds.
  • The Promotion and Regulation of Online Gaming Bill, 2025 bans money gaming and advertisements.
• Ransomware and Malware Attacks: Target businesses, hospitals, and government servers, demanding payments to restore access.
• Social Engineering and OTP Theft: Manipulation of users into revealing sensitive information or authorizing fraudulent transactions.

Legal and Regulatory Framework

• Information Technology Act, 2000: 
  • Foundation of India’s cyber law.
  • Defines offences like identity theft, impersonation, cheating via computer resources.
  • Empowers authorities to block malicious sites and prosecute cybercriminals.
• IT (Intermediary Guidelines & Digital Media Ethics Code) Rules, 2021:
  • Imposes accountability on intermediaries like social media and digital platforms.
  • Mandates the removal of unlawful content and prompt cooperation with law enforcement.
• Digital Personal Data Protection Act, 2023:
  • Regulates lawful processing and protection of personal data.
  • Strengthens users’ consent-based rights and mandates strong security safeguards.
• Promotion & Regulation of Online Gaming Bill, 2025: Encourages e-sports and social games but bans online money gaming and related advertising or payments.

Institutional Mechanisms for Cybersecurity

• CERT-In (Indian Computer Emergency Response Team): Nodal agency for cybersecurity incident response, Issues threat advisories, conducts mock drills (109 drills engaging 1,438 organisations). 
• NCIIPC (National Critical Information Infrastructure Protection Centre): Protects critical infrastructure in banking, telecom, power, transport sectors.
• I4C (Indian Cybercrime Coordination Centre) – Ministry of Home Affairs: Coordinates cybercrime investigations across states. Develops analytical tools, supports training, and information sharing.
• NCCC (National Cyber Coordination Centre): Generates real-time situational awareness of cyber threats.
• CCMP (Cyber Crisis Management Plan): Framework for coordinated national recovery during cyber crises.

Challenges That Still Persist

• Rising Scale and Sophistication: 
  • AI, deepfakes, and cross-border fraud factories increase detection difficulty.
  • Cybercrime syndicates operate transnationally, evading Indian jurisdiction.
• Limited Cyber Literacy: Many citizens lack awareness of safe digital practices, making them easy targets.
• Fragmented Institutional Coordination: Overlaps between agencies (CERT-In, NCIIPC, I4C, State police) sometimes slow response.
• Capacity Gaps in States: Uneven digital forensics and investigation skills across state police forces.
• Technological Dependence: Reliance on imported cybersecurity solutions limits sovereignty and innovation.
• International Cooperation: Inadequate data-sharing agreements hamper pursuit of cybercriminals abroad.

Way Forward

• Integrated Cybersecurity Governance: Establish a National Cybersecurity Coordination Council for seamless collaboration among CERT-In, I4C, NCIIPC, RBI, SEBI, and telecom regulators.
• Boost Cyber Awareness: Launch nationwide “Cyber Suraksha Jan Andolan” – awareness campaigns through schools, banks, and digital literacy missions.
• Capacity Building: Expand CyTrain and CCPWC models; train district-level investigators and judicial officers.
• Promote Indigenous R&D: Encourage startups and academia under NM-ICPS to develop home-grown encryption, AI-based fraud detection, and forensic tools.
• International Cooperation: Strengthen cyber diplomacy through Bilateral Cybersecurity Agreements with ASEAN, EU, and QUAD partners for intelligence and data sharing.
• Financial Sector Vigilance: Enforce FRI (Fraud Risk Indicator) and tighter KYC norms for UPI, e-wallets, and fintech platforms.

Sharing is caring!