Technology-related frauds: What you need to know

Dhruv Chawla, Partner, Forensic Services, PwC India

Over the last few years, the battle between netizens and fraudsters has been getting progressively vigorous. With fraudsters becoming more brazen, the quantum of fraud loss in just public sector banks in India touched 1.69 billion USD (11,000 crore INR) between April and December 2014 (The Economic Times, 2015) and the number of cybercrime cases rose by over 350% from 2010–2013 (Hindustan Times, 2015).

What cautions do people need to take under the circumstances, and what exactly is causing these huge fraud losses? What is it about cyber frauds that is so alarming?

Credit/debit card data theft is one of the prime sources of financial fraud. It began with high-tech devices that could replicate data stored on the magnetic strip of credit/debit cards and reproduce the same onto a cloned card. Although this vulnerability was addressed with the release of ‘chip and PIN’ cards, e-wallets (such as Paytm and Citrus Pay) and near field communication enabled cards, fraudsters have evolved as well. They have become more sophisticated and innovative in the means they use to obtain sensitive/confidential information. Fake panels or skimmers that are installed at ATMs to gather card details and drone-based surveillance cameras hovering above ATM kiosks are among the common new cyber theft technologies.

Nigerian scams still account for the highest share of online scams in India. What prompts a person to believe he or she has been lucky enough to win 750,000 USD (4.8 crore INR) in a random international lottery in which he or she didn’t even participate? Scammers have started to develop more enticing sales pitches, luring us into paying them ‘service fees’ in order to facilitate the processing of our fantastic lottery winnings.

Phishing is the next most rampant form of fraud in India. Contemporary phishing via emails has advanced to a form of tele-phishing called vishing. People are coaxed into divulging their credit card details over the phone, mistakenly believing that caller ID protects them against malicious callers.

Content and software piracy is another common form of cyber fraud. In 2014, India made it to an International Piracy Watch List, highlighting the need for efforts to curb piracy in India (TheHindu, 2014). The value of unlicensed software (resulting in massive losses for American developers) being circulated soared to nearly 2.9 billion USD (18,000 crore INR) (BSA, 2014).

And these statistics are just the tip of the iceberg! If research is to be trusted, the imminent advancements in cybercrime are nothing short of terrifying!

Net extortion by anonymous groups, for example, has now become a common follow-up to intellectual property theft. Also known as cyber blackmail, in such cases, hackers threaten to expose intellectual property (e.g. the case of Sony Pictures Entertainment in November 2014) or private images/videos (e.g. the iCloud hack in August 2014 wherein data of high-profile celebrities was leaked) to the public unless certain demands (usually financial) are met. Denial of service attacks that cripple cyber systems seem passé in comparison with ransomware which encrypts intellectual property until ransoms are paid out.

Very recently, the ‘Amazon of insider trading’ was created to sell trade secrets and market-sensitive information to the highest bidders. Although there were no ransom demands from hackers who illicitly obtained this information, the ramifications for information security were immense and authorities were left mind-boggled (Sydney Morning Herald, 2015).

Further, with the surge in black hat hackers and dark web networks indulging in gambling, black market activity, drug trafficking, counterfeiting, and distribution of weapons and pornographic content, the social and economic ripples are enormous.

But what does this mean for netizens?

It is now essential for us to ‘think before typing’ and invest in perimeter protection (at an individual and corporate level). It is not only imperative for businesses and people to protect their assets (intellectual property and physical resources) but also to encrypt data to whatever extent possible. Periodic information security audits and near real-time threat and vulnerability monitoring are a good form of defence for big firms. Additionally, encrypted private cloud-based storage can be developed to promote off-site data housing.

The repercussions of being too trusting of online enchanters are too severe to ignore. Cyber fraud is now ubiquitous—laptops, tablets and mobile phones are all vulnerable. Although the propagation of bring your own device (BYOD) in firms across the world makes employees’ data as susceptible to cyber fraud as that of the employer, it indirectly provides an incentive to employees to safeguard against fraud. Needless to say, awareness is key.

With contributions from Sachin Yadav, Associate Director, Forensic Services, and Rahul Vallicha, Consultant, Forensic Services

Securities frauds: Recent trends

Rahul Sogani, Partner, Forensic Services, PwC India 

A recent press release by the US Securities Exchange Commission (SEC) revealed the value of unpublished price sensitive information in today’s world of securities. A group of hackers used to steal corporate information from newswire services and sell it to traders, at times even on profit-sharing basis. One such trade, as quoted in the press release, helped them profit close to 0.5 million USD in a matter of just 36 minutes.

Now, imagine a situation where the information was not stolen but was available to the individual in the normal course of business, say, a CEO. Knowing that the security prices may increase post the release of the results; if the CEO were to buy the securities in anticipation of the increase and make profits, it is likely to be categorised as illegal in most of the countries worldwide, including India. In legal terms, this is called insider trading and is one of the most common types of securities frauds.

Simply put, insider trading means trading in certain security on the basis of unpublished, price sensitive information—that information which will materially impact the price of the security when published.

New insider trading regulations and its challenges

The Securities and Exchange Board of India (SEBI), through the recently notified regulations—SEBI (Prohibition of Insider Trading) Regulations, 2015—has significantly widened the definition of ‘insider’ to include even immediate relatives of professionals providing their services to the company in question in the last six months. It does, however, recognise the challenges it can face in the court of law as highlighted in the note to the definition of ‘connected person’ which states, ‘…such a presumption is a deeming legal fiction and is rebuttable.’

Trading data recently compiled for a single day shows an approximate turnover of 2,00,000 crore INR across all segments in NSE and BSE, a figure which is set to grow. On its part, SEBI has been constantly introducing enhancements through law and through their surveillance tools and investigation systems (the DWBIS system) to deal with the growing data and to identify the complex and innovative types of market malpractices.

There are various challenges that need to be tackled to effectively identify, prosecute and minimise instances of insider trading in India. A case in point is the US court’s decision to overturn a conviction based on two facts with regard to insider trading:

  • There was insufficient evidence to show that the company insider had received any personal benefit in exchange of the information he leaked.

  • It was also not clear whether the actual traders were trading on the information obtained from the company insider.

There is no doubt that SEBI is also going to face similar challenges when it tries to go through the legal tangles. To add to this, Indian complexities such as dabba trading, benami accounts and layering of exchange of information will make the investigations even more challenging. While SEBI may be able to enhance its analysis, capabilities and upgrade its systems to identify and unravel complex trade patterns, trying to link it to an insider and establishing possession of information is going to be a tough nut to crack.

SEBI is still not allowed to use wiretaps which have been crucial in exposing insider trading in other countries. While call detail records (CDRs) have been allowed, they only provide circumstantial evidence. With the evolving forms of communication hiding behind proxy servers, self-destructing chat apps, Fort Knox level encrypted communication apps; it is going to be an uphill task to establish a connection between the insider and the trader.

With contributions from Suresh Nayak, Associate Director, Forensic Services, and Prateek Surana, Manager, Forensic Services


Winds of change: FCPA in a new world

Gaganpreet Singh Puri, Partner, Forensic Services, PwC India

The dawn raids carried out by the Swiss authorities to arrest FIFA officials on corruption charges and the impending move to extradite them to the US signals the arrival of a new era. The way in which this extraordinary operation was conducted in Switzerland brings into focus the seriousness of the US Justice Department in enforcing anti-corruption laws and the emerging trend of international cooperation amongst regulators.

If one were to crystal gaze the actions of the US and Swiss authorities and put them in perspective, a couple of issues emerge and provide a glimpse into the future of enforcement around anti-corruption laws.

International cooperation

Such stringent actions, as seen in the FIFA case, are not decided overnight. They are based on strong leads and evidence collected by law enforcement and other agencies over long periods of time.

Given that the arrests were made by authorities in Zurich pertaining to a case in violation of the US law implies that the evidence collected must have been detailed and convincing to a level that secured international cooperation. This also shows the meticulous planning and coordination which can only result from intensive government-to-government contact and seamless international cooperation. This clearly seems to be an evolving trend in the global fight against bribery and corruption.


The FIFA case shows that the US will continue to invest in identifying cases and develop leads when it sees unethical conduct related to the violation of the US law, even though the offences may be global in nature.

Many high profile cases reported in recent times are related to potential bribes made in foreign jurisdictions. These crimes were potentially agreed to and planned in the US and payments are carried out via US banks. This signals an important trend on how the US government views jurisdiction. The fact that the transaction may have a US footprint can trigger US anti-corruption laws.

Personal liberties

The history of enforcement of the Foreign Corrupt Practices Act of 1977 (FCPA) shows that bribery and corruption charges can and will be brought against individuals. Actions have been taken in the past not only against individuals directly involved in bribery but also against people charged with governance and control.

As seen in a number of cases, US regulators are not going to hesitate to charge individuals and enforce laws strictly when the situation demands action. Criminal charges have resulted in significant fines, penalties and jail terms, in many cases; and some of these individuals are not US citizens. Clearly, a lot is at stake—personally and professionally—for individuals who can be charged with bribery and corruption.

Lessons for India

The US-Swiss cooperation in this endeavour signals the advent of an era where it will become even more important for Indian companies with a US footprint to be on the right track of US laws on anti-corruption. The fact that detentions or arrests are being made during the visits of executives abroad signifies the seriousness around enforcement.

In the light of what is happening in the global space today, Indian companies and nationals need to be extremely vigilant. The need of the hour is to not only have a state-of-the-art anti-bribery and anti-corruption compliance programme but also to undertake a comprehensive assessment of when and where obligations and liabilities under the FCPA get triggered and what needs to be done to effectively comply with them.

Excerpts of this blogpost were published in the Hindu Business Line article Penalty kick.

Building a better, more inclusive India


PwC’s Urban Child Project, in collaboration with Save the Children and its associated NGOs, is an attempt to make the voices of the marginalised urban poor heard. Children from Delhi, Mumbai, Pune and Srinagar have contributed to our report 'Forgotten voices: The world of urban children in India'.


The other side of the urban story


PwC’s Urban Child Project, in collaboration with Save the Children and its associated NGOs, is an attempt to make the voices of the marginalised urban poor heard. Children from Delhi, Mumbai, Pune and Srinagar have contributed to our report 'Forgotten voices: The world of urban children in India'.

The digital edge in retail

Sudipta Ghosh, Analytics Leader, PwC India

Retailing in Digital-Era

For the second year in a row, PwC India, in collaboration with the Retailers’ Association of India (RAI) launched a retail report on technological implementation titled Retailing in the digital era. It was launched at the Retail Technology Conclave on 18 June 2015 at the Renaissance Convention Centre, Mumbai.

For retail organisations, business challenges usually revolve around important questions such as, who are the most valuable customers and how can they be retained? How must offerings be priced in order to maximise profits? Which customers should be targeted during the next marketing campaign? Which products should be recommended to customers? What should the inventory level be in order for the business to neither go out-of-stock, nor have excess?

Retailers are under increasing pressure due to the ongoing economic uncertainty as well as greater competition and are required to be more responsive to the increasingly demanding customers, suppliers as well as other stakeholders. Our latest report discusses various analytical models that can help them improve business results, increase revenue, lower costs, and improve customer satisfaction while effectively enhancing performance at all levels. Experience and intuition as well as data and analytics need to not only co-exist, but reinforce each other.

The use of analytics has been highly disruptive across retail globally, affecting not only the revenue and cost structures but also shaking up core business and operating models. Our report explores the various analytics practices in retail, demonstrating their major applications through nine frequently used solutions across three different categories- customer experience, marketing and supply chain management.

Join the discussion on my blogpost on LinkedIn.

For detailed insights, please read our report: Retailing in the digital era

A digital blitzkrieg for the banking sector

Vivek Belgavi, Leader, Financial Technology Services, PwC India

The digital battleground has presented banks with a huge opportunity to attract new customers, lower costs, develop new propositions and business models, as also explore customer value to its maximum. To create a digital environment is now a priority for all banks and they need to undergo considerable investment for complete transformation. Leading the bank towards digital transformation implies enhanced user experience through interactive interfaces, advancement in mobile technology, improved digital security, collaborating through social media, channel integration and gaining insights into customer behaviour through digital analytics. Furthermore, fintech companies are setting new standards in innovation, time to market, and customer experience which traditional banks are forced to measure up to.

Digital channels provide banks with a unique opportunity to deliver highly-customised propositions and services to their potential as well as existing customers at relatively lower costs. While these channels provide access to larger public social platforms, the inherent nature of the platform makes communication through these channels personalised and intimate.

It has been observed that digital brings with it the unique opportunity to capture enormous volumes of data in a faster and more efficient manner. The challenge however is to be able to draw timely insights from this data. Banks need to ensure that their data set-up and technology architecture are optimally designed to meet the volume, velocity and variety of data at their disposal. With the proliferation of mobile-based services and the reducing median price of smartphones, the payment industry is on an exponential growth trajectory, further aided by policy, frameworks and guidelines being formalised by the regulator. Innovative and disruptive solutions have made this volume-intensive and low-margin industry a lucrative one. For example, M-Swipe has given an alternative solution to POS machines given by banks, thus increasing the reach of digital payment to traditionally cash only transaction-based services (such as barber shops, kirana stores, etc) in a cost-effective manner. 

The challenges for the industry are also increasing with the proliferation of information, digital transactions and smart devices at an extraordinary rate. This opens up potential loopholes that can be exploited for various kinds of fraud. While certain incidents can be an area of concern, others can destroy key elements of a business and in turn, the brand. While looking beyond enterprise boundaries, there is a need to protect what matters most and ensure that investment is allocated correctly. Moreover, multiple regulations, both global as well as regional, have forced banks to look at increasing their resilience around data management. Regulators are moving from standardised reports-based supervision to seeking access to granular underlying data for assessment of the bank’s risk positions.

The financial services sector is also facing the omnipresent risk of disruptive innovation. The groundbreaking redefinition of the payments space, explosion of technology-driven wealth management or strong emergence of online peer-to-peer lending solutions are all breaching areas which were formerly banking strongholds. Non-bank attackers, ranging from large telecommunications companies to small and nimble technology players, are defining the standards for digital banking. Generally, these non-bankers have a small role in the overall ecosystem of the banking industry and therefore have far lesser overheads while innovating new solutions. Therefore, they have a high pace of innovation and pose a unique question to banks to innovate at lightning speed while meeting regulatory norms.

For detailed insights, download our report here: Banks taking a quantum leap through digital

One year of India's transport

Nitin Gadkari, Transport Minister of India


Nitin Gadkari chronicles his tenure as the Transport Minister so far. 

Joining hands to build a better India

Nitin Gadkari, Transport Minister of India


Nitin Gadkari speaks about how the government and private investment can together turn the infra picture around.

Making India future-ready


Watch leaders from across the world discuss infrastructure and future investments in India.

The opinions expressed in the blogs are personal.


Related Posts Plugin for WordPress, Blogger...