Will the Minister of Electronics & Information Technology be pleased to state:-
(a) whether there are growing incidents of cyber crimes, including financial frauds, using bank cards and e-wallets;
(b) if so, the details thereof; and
(c) the measures taken by the Government to deal with such cyber crimes?
(a): As per the data maintained by National Crime Records Bureau (NCRB), a total of 9622, 11592 and 12,317 cyber crime cases were registered during the years 2014, 2015 and 2016 respectively. This includes cases registered under the Information Technology (IT) Act, 2000 and related sections of Indian Penal Code and Special & Local Laws involving computer as medium/ target. As per information reported to Indian Computer Emergency response Team (CERT-In), a total of 3, 14 and 6 financial fraud incidents affecting ATMs, cards, Point of sale (PoS) systems and Unified Payment Interface (UPI) have been reported during the year 2016, 2017 and 2018 (upto November) respectively. Further, Reserve Bank of India (RBI) has registered a total of 1191, 1372, 2059 and 921 cases of frauds involving ATM/Debit Cards, Credit Cards and Internet Banking Frauds reported (amount involved Rs 1 lakh and above) during the year 2015-16, 2016-17, 2017-18 and 2018-19 (Upto 30 Sept 2018) respectively.
(b) and (c) : Government has taken following measures to enhance the cyber security of digital payment systems and prevent cyber attacks:
i. The Indian Computer Emergency Response Team (CERT-In) issues alerts and advisories regarding latest cyber threats and countermeasures on regular basis to ensure safe usage of digital technologies. Regarding securing digital payments, 28 advisories have been issued for users and institutions.
ii. All authorised entities/ banks issuing PPIs in the country have been advised by CERT-In through Reserve bank of India to carry out special audit by empanelled auditors of CERT-In on a priority basis and to take immediate steps thereafter to comply with the findings of the audit report and ensure implementation of security best practices.
iii. All the new government websites and applications are to be audited with respect to cyber security prior to their hosting. The auditing of the websites and applications is to be conducted on a regular basis after hosting.
iv. Government has empanelled 76 security auditing organisations to support and audit implementation of Information Security Best Practices.
v. Government has issued guidelines for Chief Information Security Officers (CISOs) regarding their key roles and responsibilities for securing applications / infrastructure and compliance.
vi. All organizations providing digital services have been mandated to report cyber security incidents to CERT-In expeditiously.
vii. Government has formulated Crisis Management Plan for countering cyber attacks and cyber terrorism for implementation by all Ministries/ Departments of Central Government, State Governments and their organizations and critical sectors.
viii. Cyber security mock drills and exercises are being conducted regularly to enable assessment of cyber security posture and preparedness of organizations in Government and critical sectors. 38such exercises have so far been conducted by CERT-In whereorganisations from different sectors such as Finance, Defence, Power, Telecom, Transport, Energy, Space, IT/ITeSetc participated. 3 exercises were conducted in coordination with Reserve bank of India in November 2018 for senior management and Chief Information Security Officers (CISOs) of banks.
ix. CERT-In conducts regular training programmes for network / system administrators and Chief Information Security Officers (CISOs) of Government and critical sector organisations regarding securing the IT infrastructure and mitigating cyber attacks. 22 trainings covering 746 participants conducted in the year 2018 (till November).
x. Government has launched the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre). The centre is providing detection of malicious programs and free tools to remove the same.
*******