How India strengthens its digital-fraud resilience

Cybercrimes like Digital arrest involve scammers impersonating law enforcement officials from agencies like the Central Bureau of Investigation (CBI), the Enforcement Directorate (ED) or police through video calls and falsely accusing victims of involvement in grave crimes such as drug trafficking, money laundering or terrorism. 

By claiming that their Aadhaar, bank account, or courier parcels are linked to the crime, victims are placed under fictitious “digital custody” through prolonged video calls lasting hours or even days. They are forced into transferring large sums under threat of arrest, asset seizure, legal prosecution or public shaming. These scams imitate bureaucratic practices, badges, “case numbers”, fake warrants, spoofed official numbers, and deepfake videos to scam professionals, retirees, students and even MPs.

Ambiguity around the definition of ‘digital arrest’

Notably, “digital arrest” has not been explicitly defined in any law. Although fraudulent online activities are addressed under the Information Technology Act, 2000 and organised criminal activity under the Bharatiya Nyaya Sanhita (BNS), 2023, neither law explicitly defines “cybercrimes”, causing ambiguity in the enforcement of regulatory response.

As per Section 63 of the Bharatiya Nagarik Suraksha Sanhita (BNSS) 2023, summons may be served electronically, but only if the communication is encrypted and carries the court’s seal, image, and authorised digital signature. While such digitisation streamlines procedural delivery, the BNSS retains a clear emphasis on embodied due process that all forms of arrest require physical custody, the arresting officer must display proper identification, and an arrest memo must be prepared contemporaneously. 

As per section 35(3), only when the conditions for compulsory arrest under Section 35(1) don’t materialise, the police could follow traditional procedures and issue a notice asking the individual suspected of a cognizable offence to appear for questioning. 

Factors contributing to ‘digital arrests’ scams

However, India’s legal system equips enforcement agencies with multiple implicit avenues to tackle ‘digital arrest’ scams. The IT Act, 2000 (with later amendments) criminalises unauthorised access, identity theft, and other forms of online fraud. There are provisions in the BNS on cheating, intimidation, extortion, impersonation, and criminal conspiracy that can be applied in conjunction with the relevant sections of the IT Act in such cases. 

The Digital Personal Data Protection Act, 2023 further seeks to strengthen data privacy by including the aspects of consent and data minimisation. It mandates an individual’s consent before processing their personal data, and requires entities to collect and retain the amount of data necessary for legitimate use. Such provisions make the misuse or leaking of personal data a clear violation, even though the Act’s ‘enforcement architecture’ is still being built. 

Concurrently, India has also developed a multi-layered cyber-fraud response system. The Indian Cyber Crime Coordination Centre (I4C), dedicated state cyber police stations, the National Cyber Crime Reporting Portal, the 1930 fraud helpline, and the Citizen Financial Cyber Fraud Reporting and Management System can collectively create a national cyber-fraud response grid capable of rapidly flagging transactions and freezing funds. 

Hence, it may be argued that the persistence of digital arrest scams does not emanate from a legislative void, but rather from gaps in capacity, coordination, and system design. For instance, uneven digital literacy among citizens, varying policing capabilities across states, and fragmented integration between digital platforms and enforcement agencies are among some of the factors that do not stem from the absence of legal provisions on the statute book.

Building multi-layered defence

Indian Cyber Crime Coordination Centre (I4C) has been instituted as an attached office to the Ministry of Home Affairs, so as to coordinate a comprehensive, national response to all cybercrime complaints. With respect to matters of digital arrest complaints, it has blocked over 1,700 Skype IDs, 59,000 WhatsApp accounts, 6.69 lakh SIM cards, and 1,32,000 IMEIs in 2024 alone. 

The Central Government and telecom service providers also devised systems to identify and block incoming international spoofed calls displaying Indian mobile numbers. The Citizen Financial Cyber Fraud Reporting and Management System has saved over ₹3,431 crore from fraudulent attempts. 

These efforts are further complemented by public awareness campaigns, including newspaper advertisements, announcements in Delhi Metro, social media influencer campaigns, Prasar Bharti programming, All India Radio broadcasts, and digital displays at railway stations and airports. Prime Minister Narendra Modi has also used the “Mann ki Baat” platform to urge people to “Stop, Think, and Act” before responding to suspicious calls that could potentially lead to situations of digital arrest. 

Efforts are also underway to move beyond SMS-based OTP authentication for digital payments. The RBI released a draft framework in July 2024, proposing alternative authentication mechanisms, and its Innovation Hub has also developed an AI-powered system – MuleHunter.AI – for analysing transaction patterns, predicting and flagging mule accounts.

Digital arrest scam strikes at public trust 

But the unparalleled pace with which India has advanced its digitisation trajectory has not just eased access to services for millions, but also inadvertently caused what is called “cyber fraud epidemic”. It has apparently undermined public trust in the digital system. Digital arrest scams cause immediate, tangible harm while quietly eroding confidence in India’s digital ecosystem in the long run. 

The victims are hit with sudden and often devastating financial losses, driving some households into debt, apart from leaving lasting psychological scars marked by fear, shame, and confusion. Many victims delay or avoid reporting the crime, allowing fraudsters to rapidly launder stolen funds through multiple accounts. 

Moreover, these scams also expose a critical deficit in digital literacy, especially in semi-urban and rural areas, underscoring a broader societal unpreparedness for rapid digital transformation. It has reportedly created confusion, particularly among the elderly citizens and less informed public, on what constitutes legitimate communication from the state and how it could be differentiated from forged orders. 

The circulation of fabricated judicial orders bearing forged Supreme Court seals prompted the court to remark that digital arrest scam “strikes at the very foundation of public trust in the judicial system, besides the rule of law”. 

The apex court takes note of digital arrests 

The Supreme Court asked the RBI to assist the court on whether artificial intelligence (AI) or machine learning could be implemented to identify such suspicious accounts and freeze the proceeds of crime. The bench of Chief Justice Surya Kant and Justice Joymalya Bagchi also noted that the matter of digital arrests “requires immediate attention” of the CBI, adding that the premier investigating agency “shall firstly investigate cases on digital arrests scam.” 

Given the role of mule accounts in perpetrating the scam, the court said the CBI shall have a free hand to probe the role of bankers under the Prevention of Corruption Act, where bank accounts are opened for the purpose of digital arrest scams. 

The apex court instructed the CBI to seek assistance from Interpol to trace cybercriminals operating from offshore tax havens. It also directed telecom providers to tighten regulatory oversight by curbing the issuance of multiple SIMs without due procedural diligence. This approach has enabled systemic capacity-building, where states are held directly accountable for delays in matters of mandated preservation of seized digital evidence and in fast-tracking the creation of cybercrime coordination centres.

While such judicial interventions are timely and signal a decisive shift from reactive policing to systemic deterrence, the eradication of these scams will depend on aligning technological capability, regulatory accountability, and public confidence. Digital arrest scams threaten the trust and reliance of ordinary citizens in digitisation that anchors our e-governance. If handled with adequate gravity, the fight against cybercrime also presents an opportunity to rebuild India’s digital ecosystem on firmer foundations tied to the rule of law.

Insights from some initiatives across the world

Given the transnational nature of cybercrime, it may be argued that active and efficient global cooperation is required to effectively contain it. While the Council of Europe’s Budapest Convention on Cybercrime (2001) provides the primary international legal framework, the United Nations Convention against Cybercrime represents a significant multilateral effort to address cybercrimes. 

Long-standing cooperation channels like INTERPOL and Europol emphasise combined investigative credentials and joint disruption operations, as seen in actions such as Operation Serengeti in Africa and the takedown of LabHost by the UK.   

Similarly, the European Union Digital Services Act has established mandatory systems for reporting illegal content, transparency obligations, structured risk assessments, and independent audits for large digital platforms. In high-risk areas like fraudulent advertising, deepfake calls, and scam apps, this approach treats platforms as actors with systemic influence and corresponding accountability. 

A parallel development in the European Union’s payment-services reforms shifts liability towards banks and payment intermediaries, requiring them to freeze suspicious transactions and reimburse consumers where preventive systems fail. This points to a shift from user-centric liability to ‘platform and provider responsibility’ approach – a move India may consider to strengthen its digital-fraud resilience.

Post read questions

Discuss how “digital arrest” scams undermine due process, public trust in institutions, and the legitimacy of digital governance in India.

Evaluate whether India’s existing legal framework (IT Act, BNSS, BNS, DPDP Act) is sufficient to deal with emerging forms of cyber fraud such as “digital arrest”. Suggest reforms.

What are “mule accounts”? Why do they pose a serious challenge to India’s cybersecurity ecosystem?

Discuss the role of artificial intelligence and real-time financial surveillance systems in combating cyber fraud in India. What are the risks involved?

Examine the institutional response to cyber fraud in India, including the role of I4C, RBI, telecom regulators, and the judiciary. What more needs to be done?

(Shamna Thacham Poyil is a Doctoral Research Scholar in the Department of Political Science, University of Delhi.)

Share your thoughts and ideas on UPSC Special articles with ashiya.parveen@indianexpress.com.

Click Here to read the UPSC Essentials magazine for January 2026. Subscribe to our UPSC newsletter and stay updated with the news cues from the past week.

Stay updated with the latest UPSC articles by joining our Telegram channel – IndianExpress UPSC Hub, and follow us on Instagram and X.