As cybercrime losses grow exponentially, Karnataka cops work to curb misuse of banking system

“The police department is in constant touch with the Reserve Bank of India (RBI) and all other banking and financial institutions to get information about bank accounts involved in cybercrimes, and action is being taken,” Karnataka Home Minister G Parameshwara told the state legislature this week.

The RBI recently issued advertisements in newspapers warning the public against facilitating the creation of “mule accounts” in their names.

“The entire gamut of cybercrime offenses occurs in the country’s white money economy. Mechanisms introduced for financial inclusion, like bank accounts and net banking, are being misused for cybercrime. It involves the theft of white money through regular banking channels and not unknown networks,” a cybercrime official said.

According to senior police officers involved in tackling cybercrime in Karnataka, the amount of money lost to such cases in Karnataka in 2024 was around Rs 2,600 crore – three times the amount of Rs 700 crore lost in 2023.

“Nearly 50 per cent of the amount lost is in investment frauds. Fedex scam or digital arrest type of cases involve losses in the range of Rs 200 crore,” a senior police official said.

Data presented by the home minister in the legislature on December 18 reveals that 20,875 cybercrime cases had been registered in 2024 (till November 30) in the state compared to 22,194 cases in 2023 and 12,879 cases in 2022. Nearly 80 per cent of the cases from 2024 are still under investigation.

In Bengaluru, the IT capital of India, the number of cybercrimes increased from 9,938 cases in 2022 to 17,632 cases in 2023 and 16,357 cases in 2024 (till November 30), according to official data from the city police.

However, there has been a six-fold increase in the amounts lost by people in 2024 compared to 2022, and a three-fold rise from 2023. In the last five years, the amount of money lost by the public to cybercrimes increased 25 times, according to the Bengaluru data.

In 2024, the amount of money reported to have been lost to cybercrimes in Bengaluru (till November 30) is Rs 1,806 crore compared to Rs 673 crore in 2023 and Rs 271 crore in 2022. The amount lost to cybercrime in 2019 was Rs 70 crore.

According to the Bengaluru data, investment frauds account for 5,707 of the 16,357 cybercrime cases in 2024 compared to 3,754 in 2023 and 411 cases in 2022. The number of Fedex or digital arrest frauds has risen from zero in 2022 to 403 in 2023 and is now at 1,417 in 2024 (till November 30). Frauds linked to loan apps have reduced from 473 in 2023 to 252 in 2024.

“One of the primary ways to control cybercrimes is through the regulation of bank accounts. We are trying to help banks in this regard. At present there are different KYC standards for opening accounts in different banks which leave a lot of loopholes for exploitation,” a senior cybercrime official working with banks in Karnataka said.

New ways of opening bank accounts – which do not require customers to be physically present at banks – have allowed the proliferation of mule accounts, said the police.

“In the eKYC system, the bank does not verify the credentials of a person opening a new account but the verification is outsourced to third parties who may be compromised,” a cybercrime official said. Banks allowing persons other than those for whom KYC norms are cleared to operate accounts is also a major factor.

“Some of the top banks have managed to weed out fake accounts to a large extent and have put in place automated systems to alert when there is suspicion of accounts being used for fraud. There is still a lot of ground to be covered in small banks. Cooperative banks are the most susceptible to facilitating mule accounts,” the official said.

With banks refusing liability for the theft of funds through their accounts, most victims of cybercrimes are left high and dry when they are robbed by cyber criminals who often use the same set of bank accounts to dupe multiple people.

Hundreds of victims in Bengaluru have seen hopes of getting back their money vanish after banks — into whose accounts the stolen funds were initially transferred — have argued in the Karnataka High Court that there were no funds in the frozen accounts and that the same accounts were used in multiple crimes, resulting in claims from across India.

Axis Bank alone filed over 200 petitions in the Karnataka High Court in 2024 to oppose orders of lower courts to refund money lost by victims of cyber fraud.

“We are seeing that Current Accounts are being opened in the names of random individuals without proper verifications. Current Accounts are meant to be for businesses. There are hundreds of crores of suspicious transactions but authorities are not informed,” Bengaluru Police Commissioner B Dayananda said recently while calling for more accountability from banks in controlling cyber frauds.

“The key to controlling cyber fraud is through a system of checks on the bank accounts opened to carry out fraud,” said Director General of Police Pronab Mohanty who heads the cybercrime wing of the Karnataka Police’s Criminal Investigation Department.

Another key aspect that the police are grappling with is the proliferation of fake identities in the form of PAN and Aadhaar numbers that are used to open the bank accounts.

“Cyber criminals know which banks have weak systems. We are trying to get banks to have systems that will prevent cybercrime and allow the recovery of stolen funds,” the cybercrime official said.

Cybercrime cases

Funds lost to cybercrime (in crore Rupees)