Governance of online fraud: Under the ambit of IT law In earlier times the transactions were very simple. With the dawn of civilization humans realized the need of sharing goods and services with each other and then the barter system came into place. In that, the people requiring services had instant control over the nature of goods or services and there were very few, if any, chances if one could get scammed in the process. With the advent of currency, the situation changed completely. And the invention of internet was a major game changer, now the currencies didn’t need to exchange hands, the transactions could be completed more smoothly. But with this new invention came along new scam artists who developed very suave and elaborated ways to commit frauds, with the newfound internet as the common denominator. These scams are global in nature and are committed all around the world on unsuspecting users of the internet. Online world is a viable and easy option for the investors to sift through and actually put their money into something worthwhile but that makes them very easy target for fraudsters as well. Before analyzing the Indian law on the subject we have to understand what kind of scams actually take place in the domain of internet. These scams are ranging from online intellectual property theft, identity theft, phishing, pagejacking, advance fee scams, bad check scams, fake money orders, wire transfer fraud, credit card fraud, internet auction fraud with non-delivery of merchandise etc. to many other hidden methods which are being invented on a regular basis. Many of these scams have a clear geographic origin and geographic targets as well. The common source of these scams are in third world countries where it becomes next to impossible to catch hold of the offender and the targets are mostly set in the first world countries but again, this scenario has changed over the years and third world countries face this issue as well. It has become very difficult to put a monetary figure on these of scams as it becomes very difficult to assess the damage which is done because of them. The cyber law that governs the legal aspect of cyber world can be found in The Information Technology Act, 20001. The IT Act was based on U NCITRAL Model Law on E-Commerce which in essence was the basis for the IT bill of 1999. The IT law provided the legal infrastructure for e-commerce transactions gives legal recognition to the electronic documents and creates specific provisions for a cybercrimes per se. But as soon as it was created, after just two years in 2002, it was realized that the IT Act should be amended 1
Information Technology Act, 2000, No. 21 of 2000 (hereinafter “IT Act”)
in order to incorporate and address the more relevant and current issues which had propped up. To accomplish the same The Inter-Ministerial Working Group on Cyber-law and Cyberforensics was established and the changes suggested by them came out in the form of IT (Amendment) Bill of 2006 which were then incorporated by 2008. But even after all these changes there are few issues like jurisdiction of courts, admissibility of evidence and applicability of IT laws in general. In India, the prosecution in many cases starts with lower courts which are reluctant and hesitant to apply the domain specific laws for the lack of understanding of the law and the offence itself and therefore rely on more traditional laws to come to an understanding of the same. Online frauds would come under the domain of cybercrimes. Cybercrimes although are not defined in the IT Act or in any other legislation but a simpler explanation of the same would be an offence which involves the use of a computer to commit the crime. These frauds at times are ones where the identity of a person has been stolen to commit an illegal act online or a person has not been supplied the commodity once he has made the payment. The nature of online frauds as has been observed over the years has a very common denominator i.e., money. A huge amount of money is transacted through the commission of these frauds. The one which has been vogue from the last decade is termed as Banking Fraud by the means of internet. The fraudsters over the years have come up with many diverse methods and the IT Law to a certain extent has tried to impose a liability on the provider of services to ensure that the consumer/customer doesn’t have to suffer for the lack of security in the system as provided by the provider. The IT Act confers an obligation over the body corporate which deals with sensitive date in the form of this particular provision: 43A. Compensation for failure to protect data2 - Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation, to the person so affected. Further, the IT Act has made an effort to take strong measures against the perpetrators of online fraud. The act criminalizes these acts as follows:
2
Inserted by The Information Technology (Amendment) Act, 2008 (10 of 2009) w.e.f 27.10.2009.
Section 66-C: Punishment for identity theft. -Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine with may extend to rupees one lakh. 66-D: Punishment for cheating by personation by using computer resource. -Whoever, by means for any communication device or computer resource cheats by personating, shall be punished with imprisonment of either description for a term which ma y extend to three years and shall also be liable to fine which may extend to one lakh rupees. Even after the minimal vigilance which has been shown by the government to deal with issues of these kinds, the next issue which arises is one of the jurisdictions. The internet doesn’t have boundaries like countries around the world and therefore the victim might be in one country whereas the perpetrator might be sitting in another altogether. Before analyzing the same let us see what the legal provisions in the IT Act are there to deal with the same. IT Act, 2000 Section 1(2) mentions the jurisdiction of the Indian Courts in cyber-crimes only and not the crimes of civil nature: Section- 1(2): It shall extend to the whole of India and, save as otherwise provided in this Act, it applies also to any offence or contravention thereunder committed outside India by any person. Section- 75(2): For the purposes of sub-section (1), this Act shall apply to an offence or contravention committed outside India by any person if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India. According to a survey3, conducted by accounting firm PricewaterhouseCoopers earlier this month, cyber-crime came third in the list of common economic crimes in the country, following asset misappropriation and corruption. After the USA and China, India positions third regarding pervasiveness of web clients over the world. This, while a sign of the developing technological headway of the nation, is additionally a sign of the hazards that join such headway when we
3
Global Economic Crime Survey, 201.
represent the way that India is likewise among the best 10 spam-sending nations of the world4. India was positioned among the best five nations to be influenced by digital wrongdoings according to the Internet Security Threat Report 2014 by Symantec5. According to the NCRB6 2013 Report a sum of 5,370 cases were enlisted under the IT Act also, IPC amid 2013 when contrasted with 3,405 cases amid the earlier year (2012), subsequently demonstrating an expansion of 57.7 in 2013 more than 2012. According to accessible information, India position third after the USA and Japan when represented the danger of being influenced by on the web managing an account malware, with dominant part of the examples being ascribed to phishing and debit/credit card frauds7. This is really in accordance with the worldwide insights - according to 2014 World Economic Forum Report, 'Digital Crime' has been distinguished as among the main ten hazards that effect the globe. As per the Internet Security Threat Report 2014 by Symantec worldwide study of end-clients, 38% of versatile clients had officially experienced mobile digital wrongdoing. It is wrong to accept that data breaches and digital attacks just influence the person. From an authoritative point of view, it looks to make a whole restrictive data base defenseless and records for misfortune both as far as cash and immaterial assets. Besides, on the national front, the progression in innovation makes the risk of such assaults depend intensely on the guard and security point and warrants most extreme alert and vigil. Remembering the same, the Indian police have built up uncommon cyber-crime units what's more, Government has likewise set up digital legal labs the nation over. The Government of India uncovered the National Cyber Security Policy 2013 on second July 2013. Aside from the above enactments, the IPC looks to cover the offenses with respect to cybercrimes that request an seriousness of culpability. Lately the Information Technology Act 2000 (amended in 2008), intends to check digital wrongdoings and give a lawful system for online business exchanges. The connection between a client and a business association can stand just on the mainstays of confide in, confidence, reasonable managing and shared desire. Expel any column and the business will fall yet in the immense Internet misrepresentation plant these columns are non existent. Only a simple Google search for internet fraud can help one to comprehend the 4
As per the 2014 report released by Microsoft - http://gadgets.ndtv.com/internet/news/india-ranked-fourthin-list-ofspam-sending-nations-microsoft-497048. 5 http://www.itu.int/en/ITU-D/Cybersecurity/Documents/Symantec_annual_internet_threat_report_ITU2014 .pdf. 6 National Crime Reports Bureau. 7 Trend Micro’s 2014 Threat Round Up Report - http://gadgets.ndtv.com/internet/news/india-third-mostaffected-byonline-banking-malware-report-543205.
tremendous danger the worldwide organized world is confronting, it's an endless loop of ravenousness, obliviousness and quick cash, which goads the casualties to put stock in these strange tricks, they contribute their well-deserved cash and time. The fraudsters turn their web of falsehoods also, double dealing, dangling the bait of income sans work and false responsibilities they hold up to eat up their casualty of their confidence and trust, mercilessly savaging their confidence in the web, most noticeably awful still in greater part of cases the casualties have no redressal system in their nation as where to go since these fraudsters leave no physical and legitimate impressions .The onus no uncertainty lies with the clueless casualties yet its likewise up to the different nations to make their legitimate IT Laws stringent and strong so that these fraudsters are dealt with as worldwide frauds and be entirely managed. Government associations and NGO's ought to teach the netizens on the human trust traps laid for them on the data superhighway.