The report of a surge in Aadhaar Enabled Payment System (AePS) fraud suggests that it mostly occurred after demonetisation and is also linked to the increased outsourcing activities adopted by banks post-2016. The outsourcing of tasks such as documentation, technology management, and personnel has led to a reliance on contract employees, who frequently change like daily wagers, yet possess full access to the banking system.
About 29,000 incidents of Aadhaar Enabled Payment System (AePS) fraud have been reported on the National Cyber Crime Reporting Portal (NCRP), as revealed by the Minister of State for Home Affairs, Bandi Sanjay Kumar, in a recent session of the Rajya Sabha. This alarming rise in cyber fraud, particularly linked to AePS, has been attributed to systemic vulnerabilities within the banking sector, particularly following the demonetisation period.
Launched in 2020, the NCRP is part of the Indian Cyber Crime Coordination Centre (I4C) initiative, designed to facilitate public reporting of cybercrimes, with a particular focus on offences against women and children. The incidents logged on the portal are converted into First Information Reports (FIRs) and pursued by the respective State or Union Territory law enforcement agencies in accordance with legal provisions.
Industry experts believe that contract employees, often under pressure to meet strict targets, may resort to unethical methods, including the misuse of sensitive customer information. The Mumbai Police have uncovered multiple cases in which bank employees were implicated in facilitating illegal transactions, although the masterminds behind these operations remain elusive.
The Reserve Bank of India (RBI), while endorsing outsourcing within the banking sector, has stipulated guidelines aimed at ensuring customer security, particularly through the regular auditing of outsourcing firms. However, lapses in these audits have allowed vulnerabilities to persist, enabling the exploitation of the banking system for cybercrime.
The Mumbai Police have called for stricter regulations and more rigorous scrutiny of the banking sector to mitigate the growing threat of cyber fraud. They emphasize the crucial role banks play in either enabling or preventing such crimes, noting the ease with which cybercriminals can misuse sensitive information.
In response to the escalating situation, the Union government has been proactive under the ‘Citizen Financial Cyber Fraud Reporting and Management System’ (I4C), which aims to prevent financial fraud through immediate reporting and intervention. The initiative has successfully recovered over ₹2,400 crores from more than 7.6 lakh complaints. Additionally, the toll-free helpline number 1930 has been established to assist citizens in reporting cyber fraud.
Furthermore, over 5.8 lakh SIM cards and 1,08,000 IMEIs have been blocked based on police reports, in an effort to curb the spread of such activities.