The Reserve Bank of India (RBI) on August 29 announced that it is considering setting up a database of websites, phone numbers and various other instruments used for digital fraud. However, it has not been clarified by when the registry will be launched.
1 What is the purpose of the fraud registry?
It is aimed at ensuring that fraudulent activities in the banking sector are minimised by blacklisting identified websites or phone numbers, RBI executive director Anil Kumar Sharma said on September 12.
Payments system participants will be provided access to this registry for near-real-time fraud monitoring. The aggregated fraud data will be published to educate customers on emerging risks.
“Protection of customer and business data has always been a crucial enabler to the smooth functioning of the online ecosystem. This is especially true in light of the evolving trends in cybercrime. As we accelerate towards a digital economy, data breaches have also increased manifold, especially since the onset of Covid-19. Hence, a robust data protection framework is critical in promoting integrity and fostering user confidence,” said Ranjan R Reddy, founder and CEO of Bureau, an organisation working against cyber fraud in the digital economy.
The bigger part of the argument is that the reporting of frauds is not as standardised as it should be like others, including credit reporting or loan default reporting.
2 What are the challenges?
According to various cybersecurity experts and bankers, the reason the RBI has not specified a time frame to implement the registry is that the central bank has to address several challenges first.
“The challenges would be tracking down fraudulent activities in all the banks. Alongside this, the data would need constant updates as frauds can continue to happen with different phone numbers and websites. On some occasions, the RBI comes to know about frauds involving large amounts only through press reports,” said Avinash Godkhindi, MD and CEO, Zaggle, a fintech that deals primarily in digitizing business spends of corporates.
According to experts, banks should need to ensure that the reporting system is suitably streamlined so that scams are reported without any delay. Banks must fix staff accountability in respect of delays in reporting fraud cases to the RBI to ensure the database is kept up to date.
“The most challenging part is the consistency and standardisation of the information the RBI will be publishing. Source of the frauds can be anything, be it a payment gateway, individual, instrument, account, anything,” said Amit Das, founder, Think360.ai, a fintech company working on the implementation of AI-driven services in banking.
3 What kind of infrastructure is needed?
To create and maintain the database, both at the local and central levels of banking, some infrastructural changes in terms of technology need to be implemented, according to experts.
“The use of AI and machine learning should be taken into consideration to identify and track the phone numbers and email IDs that are routinely used to commit online fraud,” said Godkhindi.
Experts add that there needs to be a dedicated data analytics team that can use big data and software to track fraud.
“The database will capture details of individuals who have some criminal records, or a wilful defaulter, or if any bank or financial institution has ever reported anything against someone, the details of that individual will be updated in the list,” added Das.
4 Mandates needed before the implementation
According to experts, for creating the fraud registry, there needs to be a fraud and risk management system (FRMS) that will have a set of mandates. That system becomes the store of information that the RBI has to take up.
“The technical and data standards, the encryption standard, the cybersecurity standards, all need to be defined in detail for this to work. There has to be an aggregation of fraudulent agents across the ecosystem,” said Das.
The government needs to consider the views of all stakeholders once the consultation on the framework begins and there will likely be a new bill that will include all the amendments and recommendations to protect customers’ and businesses’ data.
“Besides monetary and operational discipline, it'll aid in building customers’ confidence within the digital payment ecosystem, increase their temperament to explore newer avenues, and ultimately power the larger goal of financial inclusivity for all,” added Reddy
5 What’s the next step?
As mentioned by RBI, they are still in talks with different stakeholders, including departments like those concerning payments, settlement and supervision. All banks and other lenders need to come together to find solutions to speed up the process, said the central bank.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
