Apple, Google should share apps’ origin, developers’ identity with Centre: House panel

The committee also revealed that the Reserve Bank of India has informed them that Big Tech companies have refused to make modifications to their operating systems to make the OTP based two-factor authentication for banking services more secure.

Noting that cyber crimes are mushrooming across the country, the committee said that according to information shared with it by the Indian Computer Emergency Response Team (CERT-In), more than 13 million cybersecurity incidents were tracked in 2022 alone. As per the Union Home Ministry, the volume of financial crimes which were reported in the financial year 2020-21 was 2.62 lakhs, going up to 6.94 lakhs in 2022, it added.

Citing data it received from the supervised entities of the RBI, the committee said that payment-related frauds are on the rise in India — In FY21, the volume of such frauds was a little over 700,000, which, by FY23, had increased to close to 20 million.

However, due to limited awareness about cyber frauds, a significant number of people do not report them to authorities, the committee said. As per information submitted to it by the Indian Cybercrime Coordination Centre, out of 6,94,424 complaints related to financial frauds in 2022, an FIR was issued only in 2.6 per cent of the cases.

‘Set up central agency to tackle cybercrime’

To tackle the problem effectively, the panel recommended setting up a central agency, called the Cyber Protection Authority (CPA), to tackle financial cyber crimes in India, especially since the current framework to tackle such crimes involves a number of agencies.

“…existing regulatory landscape for cyber security in India involves multiple agencies and bodies, each with distinct roles and responsibilities. This necessitates a high level of inter-ministerial coordination to effectively address the challenges and ensure a comprehensive approach to cyber security,” it said.

“The Committee feels that the existing decentralised approach disperses regulation and control and thus hinders unified direction and a proactive approach to combating cyber threats. The Committee, therefore, strongly recommends establishment of a centralised overarching regulatory authority specifically focused on cyber security,” it added.

One of the tasks of the CPA, per the committee, should be to create and maintain a

Central Negative Registry, which would include information on fraudsters’ accounts and the official documents they have utilised. “The committee strongly believes that by making the registry accessible to all ecosystem participants, it would empower them to proactively deter and prevent the opening of accounts associated with fraudulent activities,” it said.

The committee also found that there is a major disparity in the cyber-resilience of commercial banks, cooperative banks and non-banking financial institutions. It said that while all commercial banks have completed cyber security related audits, only a small percentage of cooperative banks, approximately 10.92 per cent – 206 out of 1886 entities – have undertaken such audits.

Cryptocurrency-related issues were also brought to the committee’s notice, it said. The Financial Intelligence Unit (FIU) under the Revenue Department told the committee that “in a recent act of terrorism, the main accused was found to have been funded through cryptocurrency. He received crypto currency in his wallet account with Indian crypto currency exchange from multiple wallets held with foreign crypto currency exchange. This implied that he did not buy any crypto currency. Crypto currency was transferred to his account from other accounts, and he merely sold it in the exchange and redeemed the money in his bank account and another mule account controlled by him”.