In fight against online frauds, banks moot syncing systems with MHA’s cybercrime portal

Mumbai: In what could pave the way for a faster freeze on fraudsters’ accounts in case of a cyberattack, banks have proposed an integration of their systems with the National Cybercrime Reporting Portal (NCRP), an arm of the ministry of home affairs.

This is aimed at restraining perpetrators of digital crimes and phishing attacks from quickly moving money from a target’s bank account to accounts with multiple banks before it’s withdrawn or spent — a ploy used by cyber shysters and voice phishers to make it tougher for banks and cops to salvage the funds.

“Banks, in consultation with cybercrime experts, have recommended API integration with the NCRP to reduce the average response time and quick updation of cases. So, the idea is to mark a lien and freeze a bank account automatically without manual intervention,” said a banker. “An industry sub-group has suggested this to I4C,” said the person.

I4C, or Indian Cybercrime Coordination Centre, an MHA initiative, focuses on tackling issues related to cybercrime and improving coordination between law enforcement agencies (LEAs) and institutions like banks. NCRP is a vertical under I4C.

API, or ‘application programming interface’ allows two applications or systems to talk to each other without human intervention. If there is an API between a system that has certain data and another system that requires reporting, the two can communicate without anyone manually feeding the data. In case of a cybercrime, where say an internet banking account is hacked, API integration would mean that it would be possible to instantly populate the information of the fraud to a central system or to other banks.

“Typically, money from the account where the fraud happens is moved to accounts with several banks. There is a far better chance of retrieving the amount if the information is available with the entire industry instantaneously. The time spent by Bank A awaiting an instruction from a LEA, then sending emails to bank B, C and D, or calling them up, to request a lien on the accounts where funds have gone, can be saved,” said another banker.

The group has also recommended that the data on accounts marked under lien and freeze should be made available on a daily basis to the banks to enable the latter to reconcile their records.

In this context, it has been observed that I4C may share a broad standard operating procedure advising banks for putting on hold, freezing or de-freezing of bank accounts and for releasing funds to victims’ bank accounts for cases reported on NCRP. Also, the nodal body, it’s felt should frame instructions towards sharing of 'negative account or KYC details’ so that the accounts are “not opened with the same demographics or KYC details with other banks”.