© The Indian Express Pvt Ltd
Tags:
Journalism of Courage
The National Crime Records Bureau released the Crime in India report for 2023 last week, which provides crucial data on crimes ranging from violent crime and caste-based offences to economic frauds.
India recorded 27,721 cases of murder in 2023, a dip of 2.8% from 2022, while cybercrimes saw a 31.2% increase, with 86,420 cases reported.
The latest report has once again thrust the state of Karnataka and the city of Bengaluru into the spotlight for burgeoning cyber crimes.
The report reveals a 74 percent increase in cyber crimes registered in Karnataka in the year 2023 at 21,889 crimes when compared to 2022 when 12,556 crimes were reported. Bengaluru alone recorded 80 percent (17,631) of the total cyber crimes reported in Karnataka, and a 77 per cent increase from 9,940 in 2022.
A cursory look at the number of cyber crimes reported in Karnataka in the year 2024 (from official government records) indicates that there has been a 137 percent increase from the 21,889 crimes reported in the NCRB report for 2023 to 52,000 cyber crimes in 2024.
The cyber crimes reported in Karnataka in 2023 as per the NCRB data is 25 percent of the 86,420 cyber crimes reported in India and the cyber crimes in Bengaluru is 51 percent of the 33,955 crimes reported across 19 metropolitan cities in the country.
The amount of money lost in cyber crimes in Karnataka in 2024 is reported to be Rs. 2,915 crore with Bengaluru making up over Rs. 1,806 crore of the losses, as per Karnataka police data. The losses in Bengaluru city increased by 167 percent between 2023 and 2024 from Rs. 673 crore to Rs. 1,806 crore. The Bengaluru losses in 2024 was a five fold increase from Rs. 271 crore in 2022 and a 25 fold increase from Rs. 70 crore losses in 2019.
Nearly 70 percent of the cyber crime cases in Bengaluru involve investments frauds and 15 percent courier frauds (digital arrests), according to data collated by the Centre for Cyber Crime Training and Research of the Karnataka police Criminal Investigation Department (CID).
Cyber crimes make up 32 percent of the total crimes in Karnataka but the detection rate is at a low 18 percent as per the 2023 NCRB data.
Amid a booming fintech industry in India which is currently valued at $111 billion and projected to reach Rs. 421 billion by 2029, the glitches in the fintech ecosystem in the form of cyber crimes have become a source of concern for law enforcement agencies.
One of the key weak links identified by law enforcement agencies in tackling cyber crime is the banking system in the country. Law enforcement agencies have been working continuously with the banking sector to plug loopholes that allow cyber crooks to siphon away funds from unsuspecting victims in the wink of an eye through fraudulent means.
Money mules who facilitate the transfer of stolen funds through hundreds of bank accounts created with fictitious, stolen or borrowed identities are considered a key loophole in efforts to control cyber crimes in India.
A ‘Study on the use of money mules in Cyber Crimes’ conducted by the Centre for Cybercrime Investigation Training and Research of the CID police in Karnataka which was released in June 2025 reported that money mules are key to the eventual transfer of stolen funds to operators of cyber crime networks.
The cyber crimes study report has called for better monitoring of accounts by the banking sector to identify the creation and usage of mule accounts which tend to be dormant accounts or new accounts opened with fictitious details of identity and location.
“Cybercriminals are exploiting the online account opening facilities offered by numerous banks to open mule accounts using fake and nonlocal addresses. For instance, an individual located in Rajasthan may open an online account while providing a Bengaluru address. In one of the cases investigated at CID Bengaluru, up to 125 mule accounts have been opened in a private bank through online channels, where only basic KYC is required, and no physical verification is conducted by the banks,” states the cyber crime study.
While the RBI has mandated the generation of ‘Suspicious Transaction Reports’ to the centralised Financial Intelligence Unit India (FIU-IND) with warnings against non-compliance as part of efforts to regulate cyber crimes, banks tend to default on STRs, says the report.
“Investigations have revealed that banks sometimes fail to flag transactions as suspicious when large volumes occur. This failure is often attributed to negligence on the part of the banks, and in some rare cases, insiders in the bank colluding,” says the cyber crime report.
While many of the many bigger banks have worked with law enforcement agencies to put in place cyber crime safeguards – like the new two factor authentication system introduced for online banking by the RBI – many of the smaller banks are lagging, say cyber crime experts.
Last year, out of the total of Rs. 2,915 crores that was lost in cyber crimes in Karnataka – Rs. 1860 crore was lost from private banks and Rs. 948 crore from public sector banks.
The RBI issued advertisements in newspapers late last year warning the public against facilitating the creation of “mule accounts” in their names.
Where does the money from cyber crimes travel?
The Karnataka CID study of money mules in cyber crimes has reported that the tracking of the conversion of money stolen in a cyber crime is “a significant challenge for law enforcement agencies”.
Apart from cash withdrawals at overseas ATMs using Indian debit cards in locations such as Dubai, Hong Kong, and Bangkok, as well as ATMs in remote areas across India, crypto currency conversions of stolen funds have been flagged as a key challenge.
The report says that “recent observations indicate that at the integration stage (the final stage when the cyber crime operators cash in) the money is often converted into crypto currencies, primarily USDT, for final delivery of crime proceeds to foreign based syndicates commonly based in the Gulf, south east Asia and China.”
“The unregulated cryptocurrency market is exacerbating the issue of money muling. Recent cases have revealed that laundered money is either converted into cryptocurrency using a money mule or transacted through P2P transactions with genuine crypto traders,” says the study report authored by cyber crime police experts and the Data Security Council of India.
The laundering of cyber crime proceeds through cryptos “is further complicated by certain gaming platforms, such as casinos, that allow cryptocurrency deposits. Many cryptocurrency exchanges either do not require KYC or are based in foreign countries with lenient regulatory frameworks, both of which pose challenges for investigators,” says the study.
“Gaming and other platforms that receive direct cryptocurrency payments need to be regulated, requiring registration and mandatory KYC verification for customers. The government may consider banning non-compliant platforms and prohibiting Indian residents from transacting on cryptocurrency platforms not registered with the GoI,” says the report released at a conference of senior Karnataka police officers in Bengaluru on June 27.
The GoI incidentally passed a bill in the monsoon session of parliament to curb real money gaming in the country.
The RBI in October 2023 revised the KYC master directions with an amendment on Operation of Bank Accounts and Money Mules which prescribes strict guidelines for opening of bank accounts and reporting of suspicious transactions to the Financial Intelligence Unit-India.
The RBI has also mandated reporting of Suspicious Transaction Reports for suspected mule accounts. The RBI has also developed an inhouse Artificial Intelligence/Machine Learning based solution called Mulehunter.AI “to detect suspected mule accounts”.
In the case of law enforcement agencies, the Citizen Financial Cyber Fraud Reporting and Management System has been integrated with the National Cybercrime Reporting Portal (NCRP) to keep a track of mule accounts.
A pilot platform called Cybersafe has been developed for information sharing between law enforcement agencies and fintech entities.
The platform has a “central repository of fraudsters mobile numbers and bank accounts, accessible in real time and updated with each registered fraud”.
“There is a pressing need to regulate the cryptocurrency market in India. This regulation should not only require cryptocurrency exchanges to follow specific norms for collecting and verifying user details but also include penal provisions for money laundering and other illegal activities,” says the Karnataka CID study on money mules in cyber crimes.
