Cyber criminals use multiple approaches to hide their proceeds of crime, including using of money mules, money tumbling & rotation, consume the procced of crime to get legitimate services or goods, use rented accounts or use poor people accounts misusing their trust/ abuse by bank employees. Let’s understand these approaches (it is not an exhaustive list):

• Money Mule: In this approach cybercrime proceeds are sent to an innocent person who perceives that he's doing a legitimate work and being paid for the same. Therefore, the first person to receive the proceeds of cybercrime is this generally an innocent person, who in cybercrime terminology is called money mule. He keeps his margin and transfer the remaining amount to the accounts as directed by the cyber criminals. Withdrawal of cash to obliterate the money trail is common. Or the money mule may be directed to some buy goods or services for third party through the money so received by him. In such a case money mule as well as the good for services provider our generally innocent and not aware of existence of cybercrime.

Money tumbling & rotation. Cyber criminals use hacked or cracked or compromised multiple bank accounts to out mix the proceeds of cybercrime with the objective extending the chain of money trail, thereby hindering the investigation. As the money's moved to multiple banks and in varying amount, it becomes difficult for investigating agencies to establish complete and full track and movement of the proceeds of cybercrime.

• Use of proceeds of crime to get legitimate services or goods: This methodology is used generally by not so organised cyber criminals. They as early as possible, use the proceeds of cybercrime for paying for purchase of goods and/or services. It is possible that the goods and/or services provider me not be aware that the money being transferred to him, even using unified payment interface (UPI), is sourced illegitimately or is part of proceeds of crime.

• Rented bank accounts: Most of the banks provide special services to the students who have come from different cities or states to study in universities and institutions. These accounts generally have upper limit of rupees 10,000. but this value of 10,000 is calculated as on end of the day. Hence cyber criminals induce these students to open student accounts with these banks and hand over control of online transactions to the representatives of cyber criminals. Thus, the organised criminals have thousands of such accounts which are used for channelling and tumbling of proceeds of cybercrime. In most cases students are unaware of the reality that their account is being used for criminal purpose.

• Misuse of poor people accounts. Under the great initiative of the government and guidance of the Prime Minister, bank accounts of poor people with zero balance and debit card are opened under the Prime Minister Jan Dhan Yojana PMJDY. Cybercriminals hire the local youth along with some corrupt bank employees to get the debit cards of these PMJDY accounts. The proceeds of cybercrime then transfer to many such poor people accounts and withdrawn in cash using debit cards without the knowledge of such poor and generally illiterate people.

Therefore, it is noticeable that in most cases if proceeds of cybercrime is not using any foreign partner and activities are within India, then they culminate in withdrawal of cash or procurement of goods and/or services. In most of the cases the last account holder is unaware about the source of such money.

If one looks at the issue from the banks and investigators perspective, it is nearly impossible without investigation to find out who has the knowledge of crime and who does not have such knowledge, while the money is being transferred to the various accounts. Therefore, the easiest approach adopted by banks and investigators is to freeze all accounts where the proceeds of cybercrime have been transferred including the last mile account. At the initial stage of investigation, at least on paper, it is difficult to state whether a person or the goods or services provider is the part of cybercrime syndicate or an innocent person.

On 25th September 2023, in response to 13 civil petitions, the Kerala High Court, Ernakulam Branch have ordered the banks to defreeze the account of goods and/or services providers except for the amount specifically mentioned by the police. The police have been given time of eight months to tell the banks, weather to freeze only the relevant amount of money or complete account to be seized.

The court was conscious of the fact that the UPI has transformed the financial spectrum in India and in particular, the way people transact money. It is easy to use and a preferred way of making payments. The technology makes India proud. However, the cyber criminals abuse the ease of transaction of money and create maze of accounts, through which ill-gotten wealth is moved, parked and consumed. Mr Justice Deven Ramachandran lauded the efforts of National cybercrime portal under the aegis of Indian Cyber Crime Coordination Centre (i4c) to track the cyber criminals and money flow.

However, court took notice of the fact that the goods and service providers may not be aware of the fact that money being transferred to them through UPI is dirty money of cybercrime proceeds. It will be the matter of investigation which may require coordination by the police not only within the state but across the country and therefore may consume finite time. Without interfering too much into the present state of investigation, the court ordered the banks to defreeze the accounts of all the petitioners except the specified amount which is mentioned by the police to the bank. Police was still given the permission to freeze the complete account if that is necessary. The petitioners were permitted to approach the court again after eight months in case they are still aggrieved by the orders of police and banks.

This particular order is extremely interesting, and a case study achieve the balance between identifying the proceeds of cybercrimes and its active actors versus victims at both ends of the crime. One victim is from whom the money is defrauded, and another victim is where this money is finally consumed for entertaining goods or services or/and encashing it without the knowledge of owner of the account. The Court pondered, if persons can even be listed as accused or amount can be recovered from them, for doing legitimate business.

The complexities of cybercrime are going to increase day by day and as court get involved, cyber criminals may use such orders to shield themselves. India now has highest turnover of digital payment in the world. Unless, always proactive stance is taken, backed by solid legislation, rule and regulations the cases may bog down in long legal battles and government may not win the cases. The government and courts should be ready for exponential increase in cybercrime cases landing up in the court. The situation may be far worse in overwhelming the courts and number of cases may be more than Negotiable Instruments Act cases. This can clog the judiciary function, which is already facing backlog challenge.

It is therefore recommended that Cyber Security Act (CSA) be enacted. Special courts may soon be constituted for quick disposal of cybercrime cases. It must be comprehended that such frozen monies cannot be returned to the victim without the court “orders”, and it will be useless money which cannot be circulated and will get impacted by half-life-period losses. RBI may direct to return small amounts to the victims and frozen account be taken charge by the banks. but as the number of cases rise and time passes without court orders such funds may be locked-in for very long time. This may cause great dissatisfaction among citizens and may become cause of the sentiment against the digital transaction. Therefore, it will be interest of the government, courts, banks as well as the people of India that a legislation- the Cyber Security Act be prepared and passed without delays.

Reference: The Kerala High Court Orders dated 25th Sept 2023 in case of WP(C) No, 12960 of 2023.