In a recent case, the cyber cops of the IT capital of India, Bengaluru, decided that for an alleged fraud committed by some citizen, wherein QR code was allegedly used to dupe another person, it deemed it right to surreptitiously freeze the nodal account of a Fintech startup, without informing either the startup or the branch where the account was held. This led to thousands of merchants who were using the fintech startup platform, not get their settlements from this fintech startup, and the fintech startup and the bank branch where it was doing its banking, scratching their heads for five days as to why the payouts to the merchants were being rejected by the bank.
It was a case of massive overreach by cyber cops.
What was the outcome? Thousands of merchants that the fintech startup served, dropped off the platform, as they did not get their payouts in time. The merchants, who recycle their payments to fund their operations of the next day, got badly impacted. The money burnt by the startup to acquire the merchants, also went down the drain as the merchants left the platform. The valuation of the startup tanked. Overall, there was value destruction in the economy. People lost their livelihood.
Did this happen because of any fault of the startup which merely operated as an intermediary? The answer is a resounding no. After navigating through all the regulatory hoops thrown at a fintech startup, and after navigating through all the compliances of the government, a startup burns very considerable entrepreneurial energy and capital into setting up a platform that provides value to the economy. If someone uses its services to commit fraud, should the platform be frozen (and consequently burnt down)? Is it the fault of the platform that some citizen allowed himself or herself to be defrauded by scanning a QR code and willingly make a payment? It is akin to saying that Paytm should be blocked because of conmen using its QR codes to defraud other gullible people. Or that RBI should be frozen as conmen have used money printed by RBI to defraud other people.
A fintech is an intermediary, and like all intermediaries, it should be provided with safe-harbor through regulation so that trigger-happy ill-trained rookie cybercops do not smash through such platforms and burn them down in their misplaced sense of doing their duty. By the time the cyber-cell rectifies their misstep, it is too late, and the damage is done. Will they be able to provide financial compensation to such fintech startups and their investors for the millions of dollars worth of damage?
What is even more infuriating is that a nodal account (and for that matter all bank accounts) has undergone a process of KYC (Know Your Customer) by which the details of the owner of the bank account are well known. All that a cybercop investigating a cybercrime has to do, is ask the banks for the details of the owner of the nodal account and pose the right questions to the owner of the bank account. It is absolutely difficult to understand the logic that by freezing all debits to the account and watching who will use the account to withdraw the amount, they can catch the wrongdoer. This is not a scenario of a predator waiting at a watering hole in a jungle to catch prey. All information of the account holder is available. One has to seek that and reach out to the account owner. How could the cybercops not do that and pass specific instructions to the bank to freeze the account without informing the owner of the account or informing even the relevant bank branch officials?
Cyber officers are poorly trained in understanding cybercrime and the world of finance, albeit one still wonders if common sense also needs to be part of training. If we want a thriving fintech ecosystem in the country, we need to urgently increase the quality of our cyber-cell infrastructure and improve the training of men and women who run the cells. As cybercrimes go up, increasingly the victims are not getting any relief, the bystanders such as the fintech companies are getting hit, and the perpetrators are going scot-free. This state of affairs needs to change urgently.
And most importantly, the fledgling fintech startups need to be given safe-harbour protection from arbitrary action by cyber cops.