Prosecution Of Cyber Theft Targeting Online Payment Wallets
πΉ INTRODUCTION
Cyber theft targeting online payment wallets involves unauthorized access, hacking, or manipulation of digital wallets (like Paytm, PhonePe, Google Pay, etc.) to steal funds. This is a form of cybercrime and falls under both criminal and cyber laws.
Common Forms of Cyber Theft in Wallets:
Phishing attacks to obtain OTPs or login credentials
SIM swapping to intercept verification codes
Malware or spyware on mobile devices
Fake apps or fraudulent merchants
Internal collusion with wallet employees
Legal Framework in India:
Information Technology Act, 2000 (IT Act)
Section 66 β Computer-related offences (hacking, fraud)
Section 66C β Identity theft
Section 66D β Cheating using communication devices
Indian Penal Code (IPC)
Section 420 β Cheating
Section 403 β Dishonest misappropriation
Section 406 β Criminal breach of trust
Payment and Settlement Laws
RBI guidelines for digital wallets and fraud monitoring
Prosecution typically involves cybercrime cells, local police, and investigative agencies like CBI.
ποΈ 1. Paytm Wallet Cyber Theft Case (2017, Delhi)
Facts:
A fraudster accessed multiple Paytm accounts using phished OTPs and transferred balances to bank accounts.
Victims reported unauthorized deductions ranging from βΉ5,000 to βΉ50,000.
Legal Provisions:
IT Act Section 66C, 66D β identity theft and cheating
IPC Sections 420, 406 β cheating and criminal breach of trust
Prosecution:
Delhi Cyber Crime Cell filed FIRs against the accused.
The fraudster was traced using IP logs and transaction audits.
Conviction included imprisonment and recovery of stolen funds.
Significance:
Highlighted the importance of two-factor authentication and secure OTP practices.
Led to Paytm strengthening fraud detection algorithms.
ποΈ 2. PhonePe Wallet Hacking Case (2018, Karnataka)
Facts:
Hackers exploited a vulnerability in the PhonePe app to transfer wallet balances to fake accounts.
Victims reported losses totaling over βΉ10 lakh collectively.
Legal Provisions:
IT Act Section 66 β Hacking and computer-related fraud
IPC Sections 420, 403
Prosecution:
Cyber Crime Cell of Karnataka Police registered FIRs; accused arrested through forensic analysis and KYC records.
Digital evidence (app logs, transaction records) was crucial in prosecution.
Significance:
Led to mandatory app updates and enhanced security protocols.
Emphasized the importance of cyber forensic readiness in fintech frauds.
ποΈ 3. Google Pay Wallet Fraud Case (2019, Mumbai)
Facts:
A gang created fake merchant accounts on Google Pay and induced users to make payments, claiming cashback offers.
Amount siphoned from usersβ wallets exceeded βΉ15 lakh.
Legal Provisions:
IPC Sections 420, 406 β cheating and breach of trust
IT Act Section 66D β cheating using communication devices
Prosecution:
Mumbai Police Cyber Cell filed FIRs; coordinated with Google Pay to freeze accounts and track UPI transactions.
Conviction involved imprisonment for 3β5 years and confiscation of assets.
Significance:
Exposed risks of fake merchant accounts and phishing promotions.
Resulted in RBI and NPCI issuing guidelines for merchant verification.
ποΈ 4. BHIM-UPI Wallet Fraud Case (2020, Uttar Pradesh)
Facts:
Fraudsters used SIM swapping and OTP interception to divert funds from BHIM-linked wallets.
Multiple complaints filed by users in Lucknow and Kanpur.
Legal Provisions:
IT Act Section 66C β identity theft
IPC Sections 420, 403 β cheating and misappropriation
Prosecution:
FIRs registered; attackers traced using SIM registration records and UPI logs.
Cyber forensic evidence used in trial; accused convicted and fines imposed.
Significance:
Highlighted SIM swapping vulnerabilities and necessity of linking multiple authentication layers.
Led RBI to enforce additional security measures for UPI transactions.
ποΈ 5. Axis Bank Wallet and Fake KYC Case (2021, Hyderabad)
Facts:
Fraudsters opened wallets in Axis Bank using fake KYC documents and siphoned funds using mobile banking.
Customers reported unauthorized withdrawals; losses exceeded βΉ20 lakh.
Legal Provisions:
IPC Sections 420, 467, 468, 471 β cheating, forgery, and falsification
IT Act Sections 66C, 66D
Prosecution:
Cybercrime police arrested a group running the scam; bank helped track transactions and freeze accounts.
Courts imposed imprisonment ranging 3β7 years and recovery orders.
Significance:
Emphasized the importance of strong KYC verification and fraud monitoring in digital wallets.
Banks implemented AI-based anomaly detection for wallet transactions.
πΉ KEY TAKEAWAYS
Criminal liability exists for hackers, intermediaries, and anyone involved in unauthorized wallet transactions.
IT Act + IPC form the backbone of prosecution for cyber wallet theft.
Digital evidence (logs, transaction records, KYC data) is crucial for convictions.
Preventive measures like OTP security, SIM registration safeguards, app updates, and AI fraud detection are essential.
Courts increasingly hold both the fraudsters and colluding insiders accountable for cyber thefts.
RELATED Blog
comments