Credits: Hindustan Times
It is too easy to obtain and breach KYC data collected from customers by banks, mobile phone companies and other organisations, Jyotipriya Singh, deputy commissioner of police, cyber crime and economic offences wing, Pune, has said.
KYC or know your customer data relates to highly sensitive information such as a person’s Aadhar Card number, PAN number issued by the Income Tax department, date of birth, address proof, driving licence number, all of which which is required to establish a person’s identity.
However, there are numerous instances across the country where this data has been misused by criminals to create false identities and commit financial frauds.
DCP Singh, who has now been deputed to the National Investigation Agency (NIA), added, “The KYC policy has to be stronger. It is too easy to get (and misuse) a KYC. It misleads the investigation when the KYCs are misused.”
During her tenure of six months in Pune, DCP Singh has investigated the Cosmos bank hacking and fraud case worth Rs 94 crore.
The cyber crime police in most places have a record of areas where people have made a living out of lending their KYC details in exchange of money.
The money, both police officials agree, invariably ends up going from one place to another within minutes regardless of the distance between the fraudsters and the victims.
“The only way to avoid losing citizens’ hard earned money is to ask for stronger policies and self-awareness among citizens,” said Singh.
One modus operandi detected by the police relates to bank accounts registered in the name of a person in remote areas. While investigating frauds, the police have been stumped after discovering that the KYC data was fictitious and the identity checks done by the banks and
KYC by mobile service providers and banks is undertaken to ascertain identities of the service users. However, lack of credibility of KYCs done by phone, internet providers and banks makes investigation of cyber crimes difficult for the police, according to Singh.
In the past one year, the cyber crime cell of Pune Police has busted at least five fraud call centres in the past year engaged in various kinds of fraud. In most cases, availability of data – details like phone numbers, name, address – of a group of people, potential victims, is one of the crucial requirements.
The data can be obtained through various modes including hacking into a website, buying the data illegally, or gaining access through a former or a current employee.
In some cases, the data has been obtained from outside the country, said Vivek Jadhav, a consultant working with Pune police cyber crime cell. ”While we cannot pinpoint the source, the format is that of Excel sheets which has basic details like name, phone number, email address and address of people. There are sheets of 1,000, 5,000 and such contacts available for sale,” he said.
Operators at such fraud centres have been found to have decent communication and language skills; mostly fresh graduates or people with a call centre experience, said police inspector Santosh Barge of Pune police cyber crime cell.
“They know how much money to ask for and what to say in order to sound convincing. The script and training is provided to the callers,” he added.
Barge said call centres engaged in fraudulent activities can be as small as a room or a large hall and don’t have any permit or anything of that sought,” said Barge.