Credit Card Fraud and Relevant Legal Provisions in India

Today plastic is the convenient, easy and fashionable alternative to wads of paper. With one swipe, credit cards have changed the way we live. Unfortunately, along with the convenience has come related crime. Thus, the primary objective of this article is analysing this problem in a global as well as Indian perspective. An attempt has also been made to enlist the various legal provisions available as remedies if a person suffers from such fraud.

 Credit card fraud involves withdrawal of funds and obtaining of goods and services by using an unauthorized account. Otherwise inaccessible personal information stored on computers is stolen in order to use a card. Due to the virtual explosion of credit card business throughout the world, security has become critical in the entire process. There were about 60 million credit card holders in the sixties and according to an estimate, the number has gone up to more than a trillion now.

In India, credit card companies make a provision in their contract with the client that they, the company, would not be liable for the fraudulent transaction unless the client loses his/her card and reports the loss immediately. Sometimes the banks and credit card companies try to save their skin by inserting a clause in the relevant contract. This is purported to absolve the company in case a fraud occurs on the stolen card and the client fails to notify the loss in time. This unilateral provision however has not stood the test of legal scrutiny. The courts have placed the burden of loss on the issuers.

In India, the Mail Order Telephone Order (MOTO) type account for the bulk of credit card frauds. This occurs when the card is not actually presented, but the details are given on the application form to buy goods or services or when the transaction is done on the telephone.

Fraud through fake cards is not as rampant in India as in the USA. Techniques have been developed whereby the number and other information on the magnetic strip is erased and a new number is embossed. When the card does not work on the swiping machine, the merchant manually processes the details of the card to complete the sale. This procedure is called skimming of the cards.

In the USA, identity theft is also quite prevalent and is supposed to be one of the fastest growing offences in America. The fraudsters adopt another person’s identity to gain access to their monetary sources. In the case of online transactions, ‘site cloning’ is resorted to where the site clone created is made to look like the original site in order to obtain the credit card details of unsuspecting customers. Similarly, false merchant sites are also created where cheap goods lure customers into giving their card details.

Scared by the ever increasing cases of credit card fraud, the affected companies and banks have taken various steps to minimize it. Manual reviews of the transactions on the card are undertaken, but this requires a high level of human intervention and increases costs. In the USA, Address Verification System (AVS) has been developed for use in the ‘card not present’ scenario. The system is designed to check whether the address given by the buyer matches with the one on record.

Visa has devised a Payer Authentication System based on PIN similar to the system used on ATM cards. This is a channel between the bank and the customer used to authorize online transactions. With the increase in cross border ecommerce the issuers in India will have to update their arsenal to combat the forgers on the same lines as their Western counterparts. The Information Technology Act and Rules, passed in 2000, provide penalties for the tampering of computer source documents and hacking of computer systems. No specific mention has, however, been made of Credit cards or financial transactions. The RBI has formed the Credit Information Bureau of India (CIBIL) in collaboration with Dun and Bradstreet who will maintain the records of all individuals who want to avail of finance from banks and credit card companies in India.

The Indian Penal Code contains provisions to check economic crimes such as Bank Fraud, Insurance fraud, Credit card fraud, stock market manipulation, etc. The local police deal with the IPC crimes falling under the broad categories of ‘Cheating’ (Section 415-424), ‘Counterfeiting’ (Coins & Stamps Section 230-263A and Currency Section 489A-489E) and ‘Criminal Breach of Trust’ (Section 405-409).

Online Credit Card Offence & Indian Law:

So far as Indian legal position is concerned, any offence pertaining to online payment through credit cads will come within the purview of Information Technology Act, 2000 read with relevant provisions of Indian Penal Code, 1860. Section 378 of the Code defines the term “theft” as follows:

“Whoever intends to take dishonestly, any property, out of the possession of any person without the consent of that person moves the property in order to such taking, is said to commit theft.”

In order to commit theft following elements are required to be satisfied:

(a) The intention must be dishonest.

(b) Such property must be movable in nature.

(c) Such property must be taken out of the possession of its owner.

(d) Such property must be taken without the consent of the owner.

(e) Such property must be removed from its original place to another.

Now we have to examine whether online credit card theft satisfies the abovementioned requirements in order to book the offender to justice. This definition, if interpreted in strict sense, does not include the online theft of credit card information. But, if a merchant dishonestly obtains the blank purchase slip and forges the signature of the cardholder’s signatures on it and thereafter obtains the payment from bank, he can be booked under the offence of forgery.

Hacking has become an important tool in the hand of cyber criminals to take away the confidential information relating to credit cards and use it illegally for their personal advantage i.e. purchasing goods or online transaction of money etc.

To deal with this menace, our Parliament has been enacted the Information Technology in the year 2000. Following penal provisions of this statute are relevant to mention here.

Section 66– This section provides the following penalties for hacking with computer systems:

(1) Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hack.

(2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.

The offence under this Section is cognizable and non-bailable.

Section 43– Clauses (a), (b) and (g) of Section 43 state that if a person has unauthorized access or secures access to computer, computer system, computer network or downloads copies or extracts any data from such computer, computer system, computer network or even assists another person to facilitate access in the aforesaid manner respectively, he shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected.

It is quite apparent from the above that besides legal protection it is necessary to carefully examine the technological and contractual protection existing within the system because law is not an alternative to other security measures required to be taken by the cardholder while making online payment.


In India, credit card fraud is mostly limited to the physical space. Online con jobs make up just about 1% of the total numbers here, unlike 40% in the developed world.

But, as consumers graduate to the shop-easy internet and pay with their cards, instances of fraud are bound to rise. While we don’t have statistics, as access to the web increases, reported cases of card fraud are estimated to  rise at 20-30 % every year. In online transactions, contracts are one-sided and the customer is always held responsible in case of fraud.

Phishing, where a consumer gets a fictitious email from a fake site or blog seeking sensitive card information, is a commonly-used defrauding mechanism. To top it, people are careless in offering their card details.

Almost all the banks issuing credit cards issue various guidelines and suggestions to the customers from time to time in order to cut short the rate of credit card frauds and misuse to a minimum possible level.

Thus, we can conclude that with the help of the legal remedies available as cited earlier in the Article, penal action can be brought against the offenders who are held liable for credit card frauds and misuse.

Leave a Reply