As India embraces and marches forward in its Digital journey at breakneck speed with wholehearted participation and innovation led by its people, startups, businesses, and the government, there is also a critical need for a security check.
While Urban and Rural India continues to transact digitally, leveraging affordable connectivity and smartphone penetration, there is an opportunity for India to focus on strengthening and building its critical infrastructure protection and also offer solutions to the world.
Increasing digitization has led to increasing Cyber-attacks on India by State-Sponsored actors to even rogue elements globally and locally. Presently, India faces relentless cyber attacks each day, targeting its critical infrastructure such as banks, power grids, telecommunications, internet services, hospitals, defense facilities, as well as governmental and corporate entities.
Instances of phishing scams, ransomware assaults, data breaches, and cyber-industrial espionage appear to be increasing steadily, with India’s financial sector encountering over a million incidents. According to a Reserve Bank of India report, India’s financial sector encountered over a million cyber intrusions during the initial ten months of 2023, equating to approximately 4,500 cyber assaults per day directed solely at this sector. With points of access and transactions happening through phones and work-from-home models and cloud dependencies increasing, conventional security structures are becoming increasingly less relevant and effective.
There are even cyber-attacks mounted today on the 3rd tier of government viz Municipalities and Nagarpalikas. The recent attacks on various institutions including key hospitals in India have been a wake-up call as these have brought out the need to immediately put in place a strong cybersecurity measure backed by serious audits every year to ensure safeguards and counter the ever-evolving threats.
According to CERT-In, the number of cybersecurity incidents has been tripling rapidly over the past few years. The Indian Government is undertaking various efforts to strengthen its cybersecurity capabilities through initiatives such as the National Cyber Security Policy, National Critical Information Infrastructure Protection Centre (NCIIPC), etc. The government of India has also formulated the National Cyber Security Reference Framework (NCRF) 2023 to provide strategic guidance, revised structure, and offer a proactive approach to cybersecurity to organisations. The NCRF aims to be the guiding document for organisations operating in critical sectors to develop their architecture, governance, and management frameworks with an ever-evolving approach to take on emerging threats.
The Ministry of Electronics and Information Technology also launched a nationwide $85 million Information Security Education and Awareness program to spread cybersecurity awareness and education at schools, colleges, and government and private sector organizations.
In addition to cyber-attacks, another emerging challenge is “Synthetic Fraud” the most recent Cybercriminal Activity that has become the fastest-growing financial crime across the world.
There is an increase in people creating artificial identities what we can term as “Frankenstein Identities”, created with the primary purposes of stealing, defrauding, and even money laundering.
Synthetic Fraud, fueled by “Frankenstein Identities” is the hardest to detect and is quickly accounting for the highest percentage of fraud losses primarily involving credit cards and banks. Synthetic Fraud is different from traditional identity fraud as scammers create a new fake identity using a real and/or unused identity or number, combining it with a fictitious name, identity document, and physical address to form the “Frankenstein Identities”.
Synthetic identity fraud begins with the theft of identification numbers such as Aadhaar, PAN, or license numbers, which perpetrators may acquire through various means such as hacking into databases, storing them, or obtaining them from the darknet. Such Frankenstein Identities then apply for loans, credit cards and operate until detected, but keep multiplying rapidly thereby landing heavy damage to the financial system besides laundering the money.
Synthetic Fraud scammers usually play the long game, investing time in constructing a credit history with the credit bureaus. After establishing a credit profile, they proceed to apply for credit across multiple financial institutions until they secure approval.
Approvals may start with a secured credit card or a product designed for high-risk borrowers. Over time, the scammers establish creditworthiness by acquiring multiple credit cards and small loans. Scammers max out all credit and disappear, forcing financial institutions to write off significant losses. Consequently, there emerges a necessity for financial institutions to reassess their fraud prevention tactics, especially concerning digital onboarding and lending transactions, without imposing additional obstacles for legitimate customers.
Emerging technologies like Artificial Intelligence and Machine Learning, combined with Big Data Analytics and High-Performance Computing applications can process large volumes of data from various sources and data sets (Structured, Unstructured, and Semi-structured). Such technologies can achieve higher scalability by processing large-scale data types containing media data, image data, and object data to spot trends and patterns across disparate data sets.
Artificial Intelligence and Machine Learning technology can effectively ascertain Data Depth and Consistency matches with the applicant’s data, evaluate usage/payment patterns, and find anomalies.
Financial Institutions can predict and capture “Synthetic Fraud” applicants early in the process by applying accelerated deep learning and statistical machine learning technologies.
There is a need to engage startups and emerging technology companies working on Artificial Intelligence and Machine Learning to work on cracking down on the big emerging risk of cyber-attacks and Synthetic fraud for the country to continue its safe and secure journey towards Digital India.
The Authors are CEO, Indiatech.org and Founder and CEO, Data Safeguard respectively