Banks have suggested integrating their systems with the National Cybercrime Reporting Portal (NCRP), a division of the Ministry of Home Affairs, to enable quicker freezing of fraudsters’ accounts in the event of a cyberattack. The goal is to prevent digital criminals and phishing attackers from rapidly transferring funds from a victim’s bank account to multiple bank accounts before the money is withdrawn or spent, a tactic used by cyber criminals to make it more difficult for banks and law enforcement to recover the funds.
An ET report quoted a banker saying, “Banks, in consultation with cybercrime experts, have recommended API integration with the NCRP to reduce the average response time and quick updation of cases. So, the idea is to mark a lien and freeze a bank account automatically without manual intervention.”
The suggestion was made to I4C, the Indian Cybercrime Coordination Centre, an MHA initiative that focuses on addressing cybercrime issues and enhancing coordination between law enforcement agencies and institutions such as banks. NCRP operates under I4C.
API, or ‘application programming interface’, enables two applications or systems to communicate without human intervention. In the case of a cybercrime, such as a hacked internet banking account, API integration would allow instant sharing of fraud information with a central system or other banks.
Another banker explained, “Typically, money from the account where the fraud happens is moved to accounts with several banks. There is a far better chance of retrieving the amount if the information is available with the entire industry instantaneously. The time spent by Bank A awaiting an instruction from a LEA, then sending emails to bank B, C and D, or calling them up, to request a lien on the accounts where funds have gone, can be saved.”
Also Read | Iris scan for senior citizens soon? Banks look at options for verifying transactions
The group has also suggested that data on accounts marked under lien and freeze should be provided to banks daily to facilitate record reconciliation. In this regard, it has been noted that I4C should provide a general standard operating procedure advising banks on holding, freezing, or de-freezing bank accounts and releasing funds to victims’ bank accounts for cases reported on NCRP.
Additionally, the nodal body should establish guidelines for sharing ‘negative account or KYC details’ to prevent accounts from being opened with the same demographics or KYC details at other banks.
