With the Reserve Bank of India's decision to set up a Central Payment Fraud Registry (CPFR), all stakeholders -- from banks, technology service providers and fintechs -- will get access to the registry for near real-time fraud monitoring, and the data is to be published to educate customers on the emerging risks, report Dev Chatterjee and Raghu Mohan.
Illustration: Uttam Ghosh/Rediff.com
In late July, Preneet Kaur -- a member of Parliament from Punjab -- fell prey to a payment fraud.
Posing as a State Bank of India manager, a scamster obtained her bank details over the phone from Jamtara in Jharkhand to swindle her of Rs 23 lakh.
Given her high profile, the Punjab police swung into action and arrested the perpetrator and recovered the money.
Scores -- from senior citizens to the uneducated -- are not so lucky.
They have to run from pillar to post to get a police complaint registered and later get hold of their hard-earned money.
Such frauds are also a big let-down for the digital payment ecosystem as it becomes all the more tough to on-board customers and get them to trust these channels.
Help is on hand with the Reserve Bank of India's (RBI) decision to set up a Central Payment Fraud Registry (CPFR).
All stakeholders -- from banks, technology service providers and fintechs -- will get access to the registry for near real-time fraud monitoring, and the data is to be published to educate customers on the emerging risks.
As on date, banks report banking frauds to the RBI's Central Fraud Monitoring Cell.
"While there is a Central Fraud Registry (CFR) in effect from January 20, 2016, this largely covers corporates and some aspects of retail.
"What you will now have is one dedicated to all kinds of payments," says Rajesh Mirjankar, managing director (MD) and chief executive officer (CEO) of Infrasoft Technologies.
The CFR has played its part.
On March 9, 2018, Shiv Pratap Shukla, then minister of state for finance, informed the Lok Sabha that according to CFR data 13,083, 16,468 and 13,653 cases of frauds of Rs 1 lakh and above on automated teller machines, debit card and internet banking platforms were reported by banks in FY15, FY16 and FY17.
While private credit bureaus (in effect, registries) -- Credit Information Bureau (India), Equifax, Experian, and CRIF Highmark -- have been operational in the country under the Credit Information Companies (Regulation) Act of 2005, which focuses on data analytics to provide credit scores, allied reports and services, there has been little to show by way of a big step when it came to registry of frauds.
Part of the problem is the manner in which ecosystem participants on-board and service customers.
While know-your-customer norms (KYC) may be strict, to the extent, the touch-points now include banks, fintechs, and e-commerce firms, you have many more soft spots to guard against.
Again, in the digital world, frauds happen real-time; and you have no "blood-trail" as such to follow; and participants basically chase phantoms.
"A big spinoff is that new entrants (say fintechs) need not wait to get a sense of the vulnerable areas through trial and error.
"Many use the information they have in a proprietary manner.
"Co-operative banks can also gain from the move to set up the CPFR", says Mandar Agashe, founder and vice-chairman, Sarvatra Technologies.
A detailed framework for setting up the CPFR is to be put in place by the end of October 2019.
The move is in line with the central bank's 'Payment System Vision 2021' which envisages a framework for collecting data on frauds in the payment systems.
It said that such data can be used analytically for differentiating fraudulent and legitimate transactions; oversight and supervision, and also for providing guidelines to entities for minimising risks of similar frauds.
The Nandan Nilekani report also made a case for the setting up of a central fraud registry.
'This registry should be accessible to all payment system participants on a near real-time basis.
'They may use it to evaluate the fraud risk for all users, and transactions (dynamically).
'This risk rating may be used to provide additional protections to the user', the report observed.
Despite frauds, we love digital
While risks have increased with the spawning of digital payments, the '2019 Experian Identity and Fraud Report' (for the Asia-Pacific region) notes that 42 per cent of customers indicate that they have complete or very high confidence.
Customers in India are the most confident (64 per cent) with those in Hong Kong (21 per cent) and Japan (13 per cent) expressing the least confidence.
Incidentally, 50 per cent of the businesses surveyed in the region have seen an increase in fraud losses over the past year from account originations and account takeovers -- both potentially damaging to brand reputation.
This is slightly lower than the global average of 55 per cent.
Fraud losses were particularly prominent in India at a reported 65 per cent and lowest in Hong Kong at 34 per cent.
Despite fraud losses being among the lowest worldwide (the US has the highest incidence at 80 per cent), businesses across all markets in the Asia-Pacific region agree on one thing - fraud is a major concern.
More than two-thirds of businesses reported an increased concern for fraud losses since last year.
As for the CPFR, "it is not clear at this point in time whether it will be part of the existing CFR as a sub-registry of it or an altogether new one as it is open to all participants", points out Mirjankar.
It may be recalled that as part of the quarterly meetings the central bank is to hold with bank auditors from FY20, robustness of the processes and early warning systems to identify frauds, and adherence to guidelines on information security (InfoSec) have been stressed.