While cybercrime is increasing at an alarming rate, the number of first information reports (FIRs) registered and, thus, the rate of conviction, remains relatively low. In December last year, the Union government told the Lok Sabha that since 1 January 2020, 1.6mn (million) cybercrime incidents have been reported and more than 32,000 (FIRs) have been registered. However, conviction rates in these cases remain very low, at less than 1%, while the conviction rate of persons arrested is less than 3%.
A significant issue faced by victims trying to report a cybercrime is the inability to connect to 1930, the toll-free number of the National Cybercrime Reporting Portal (NCRP). This often leaves them frustrated.
Speaking at a webinar organised by Moneylife Foundation on 'How to Stay Safe from Cyber Crime & How the Police Can Help', Balkrishna Wagh, retired assistant police commissioner (ACP) of Maharashtra police, who also handled cybercrime as part of his work, tells people to find other ways to reach the cops. He suggests tagging the @mumbaipolice on X (formerly Twitter) as a quick way to report the crime.
He also suggested that the incident could be registered on the NCR portal, https://cybercrime.gov.in/ , or by rushing to the nearest police station to file an FIR. Not many victims are aware of this. They lose precious time and fail to report a cybercrime in the crucial 'golden hour' period.
The 'golden hour' is critical to accident victims who are bleeding out. Mr Wagh pointed out that it is just as critical to cybercrime since fraudsters quickly transfer the money through a series of accounts within this time, making it more difficult to trace. He says, "Victims of cybercrimes must report the incident within the golden hour period or at least within four hours to NCRP, either by making a call to 1930 or reporting on the website. This helps law enforcement agencies and financial institutes registered with NCRP to trace and block the proceeds of the crime."
Mr Wagh shared several real-life cases related to cybercrime that he had personally handled. He also explained how to use different modes of filing cyber fraud complaints, how to monitor its progress and how police go about investigating such crimes. Cybercrimes are not only getting more effective but, besides the infamous Jamtara, fraudsters are building expertise in specific new places such as Bharatpur and Alwar in Rajasthan, Mathura district in Uttar Pradesh (UP) and Nuh in Haryana, he says.
The need to stay updated about new tricks and scams such as phishing, identity theft and online scams is inescapable in today's world; it is just as important to understand who to approach for redressal and what kind of assistance they can expect.
First, we must understand that NCRP is not a law enforcement agency (LEA). NCRP and its 1930 toll-free number are the initiatives of the Union government to facilitate victims and complainants to report online cybercrime complaints such as mobile crimes, online and social media crimes, online financial frauds, ransomware, hacking, cryptocurrency crimes and online cyber trafficking. Police and public order are state subjects. The states and Union Territories (UTs) are primarily responsible for the prevention, detection, investigation and prosecution of crimes, including cybercrime, through their law enforcement agencies -LEAs.
NCRP uses the Citizen Financial Cyber Frauds Reporting and Management System (CFCFRMS) platform for quick reporting of financial cyber frauds and monetary losses suffered due to the use of digital banking, credit or debit cards, payment intermediaries and unified payments interface (UPI). At present, 85 banks, payment intermediaries and e-wallets are connected with CFCFRMS.
"When a victim reports a cybercrime incident within four hours to NCRP, the CFCFRMS platform works in tandem with LEAs, Reserve Bank of India (RBI), National Payments Corporation of India (NPCI), banks, and financial intermediaries to ensure that quick, decisive and system-based effective action is taken to prevent the flow of money siphoned off from the victim to the fraudsters," Mr Wagh says.
How NCRP or CFCFRMS Platform Work?
1. Victims of cybercrimes can use the 1930 helpline, operated by concerned state police or register the incident on the NCR portal, https://cybercrime.gov.in/. To file an online complaint through NCRP, the victim needs to register using her name and a valid Indian mobile number to receive a one-time passcode (OTP). Once the OTP is verified, the victim can report the incident by selecting the appropriate category and sub-category.
2. For calls made on 1930, the police operator notes the details and basic personal information of the caller and submits it on the CFCFRMS platform to raise a ticket. When the victim reports the incident on the NCR portal, a ticket is generated after successful filing.
3. The ticket is escalated to the concerned bank(s), e-wallet(s), merchants and other relevant parties, depending on their involvement in the incident.
4. After calling and registering the incident on the 1930 number, an SMS is sent to the victim with an acknowledgement number of the complaint. The victim then has to visit the NCR portal and submit all details and documents using the acknowledgement number. An SMS regarding the complaint is also sent to the nodal officer of the concerned financial institution(s)- FI.
5. The concerned financial institution(s) can see and check details of the incident on its dashboard on the reporting portal.
6. If the defrauded money is still available, the FI or bank puts it on hold, thus blocking the fraudster from withdrawing it. If the proceeds of the crime have moved out of the concerned bank, then the ticket gets escalated to the next FI, which puts a hold on the money. This process is repeated until the proceeds of the crime are saved from reaching the fraudster. The FIs involved in this process then inform the concerned state police about the action taken and the amount blocked.
Points To Remember while Using NCRP
There are two options for reporting cybercrimes on the portal:
1. Report crime related to women/ children – Under this section, one can report complaints about online child pornography (CP), child sexual abuse material (CSAM) or sexually explicit content such as rape/gang rape (CP/RGR) content.
2. Report other cybercrimes – Under this option, one can report complaints about cybercrimes such as mobile crimes, online and social media crimes, online financial frauds, ransomware, hacking, cryptocurrency crimes and online cyber trafficking.
While reporting other cybercrimes, note that fields marked with a red asterisk (*) are mandatory. It is vital that the police authorities receive accurate and complete information related to the complaint. Therefore, the victim needs to provide the required information, such as name, phone number, email address, details and necessary information supporting the complaint.
Similar to other crimes, in the case of cybercrime, the victim needs to have the necessary evidence to support the complaint. For example, credit card receipt, bank statement, envelope (if received a letter or item through mail or courier), brochure or pamphlet, online money transfer receipt, copy of email(s), URL of webpage(s), chat transcripts, suspect mobile number screenshot, videos, images and any other kind of document related to the crime.
While filing the complaint, use the 'report and track' option to receive an SMS and an email with a complaint reference number on the registered mobile number and email ID. The acknowledgement number can be used to track the progress of the complaint by logging on to the NCR portal and clicking on the check status option.
Talking about the role of the local police, Mr Wagh, the retired ACP of Maharashtra police, says, "After receiving information from the NCPR, local police will connect with the victim, record all relevant details and obtain documentary evidence. They may also call the victim to the police station to record a statement and register an FIR. Police will then investigate the incident and may take help from the cyber cell if required."
One of the issues faced by complainants or victims is the lack of information from the police about the progress of the investigation.
"While there are no fixed timeframes to complete the investigation, especially for cybercrimes, I would suggest the complainant to remain in touch with the investigating officer (IO) and check the progress of the case," he added.
Mr Wagh also suggested using social media, like X (erstwhile Twitter), Facebook and Instagram, to raise the issue with the concerned police. For example, a complainant from Mumbai can tag Mumbai police's X handle (@MumbaiPolice) for seeking updates or progress of the investigation. But do keep in mind that the complainant is not required to share personal details on the public platforms and raise basic questions, after which the concerned team (for example, Mumbai police) will ask you to share details through direct message (on X).
In Mumbai, every Saturday, between 9am and 11.30am, senior officials, including the zonal deputy commissioner of police (DCP) and divisional ACP, are present to meet complainants on the grievance redressal day. If the complainant wants to know the progress of her case or escalate the matter, she can visit the local police station on the grievance redressal day.
Also, remember, if the fraud is related to your bank account, you need to immediately send an email to the official email ID of your branch (you can find it on the bank's website or your passbook) with a copy to the bank's customer care. Even if you have called the official number for customer care, you must still send an email describing your conversation with the bank executive, along with the time, date, and duration of the call. This will be helpful if you face a liability issue with the bank.
Here is the recording of Mr Wagh's webinar organised by Moneylife Foundation, in case you could not attend it…