I. Introduction:
In this digital age, it can be said with some surety that readers of this article would have faced some form of cybercrime attempts, wherein the fraudsters misuse the name of a legit business. Infact, atleast half of the readers of this article would have received the infamous “FedEx courier call” wherein a fake FedEx representative informs a person of her parcel being held at airport customs due to it containing either narcotics or fake passports. The call is then supposedly transferred to “law enforcement officials” (obviously the fake ones) who threaten the call recipient with arrest and imprisonment. These fraudsters then influence/ coerce individuals into paying huge sums of money as the “the only way” to avoid such arrest or imprisonment. Shockingly, as per a news report published by The Hindu, within the span of six months only, seventy people in Coimbatore alone lost a total of INR 5.67 crores to the “FedEx courier call” scam.
This is just one example of the many digital scams prevalent today. The National Cyber Crime Portal lists twenty-four distinct types of cybercrimes, ranging from cyberbullying, cyberstalking, and online job fraud to more sophisticated threats such as phishing (i.e., where one tricks a person into sharing personal information), voice phishing (i.e., tricking the call recipient into sharing personal data), smishing/ SMS Phishing (i.e., tricking an SMS recipient into sharing personal information), SIM swap scams, identity theft, and cyber espionage. The sheer variety and frequency of these crimes indicate that cybercrime has become an unavoidable and unfortunate reality in our daily lives.
The fact that cybercrime requires nothing more than a device with internet connection or a SIM card, and a well-thought-out plan which can be executed from virtually anywhere in the world is a cherry on top.
Understandably so, the primary victim of such fraud is the person suffering the financial losses. However, businesses whose names are used to orchestrate these frauds also suffer reputational harm. Additionally, these companies find themselves at the centre of a storm, with victims seeking compensation and demanding accountability. Often, these organizations also face the daunting task of distinguishing legitimate claims from possible fraud. The aftermath of such impersonation scams is a complex web of trust issues, and legal headaches that no one is truly prepared to handle.
On the remedy front, individuals who suffer such losses have the option of registering a formal complaint on the National Cybercrime Reporting Portal and to report such transactions to their banks. However, this article is focused on highlighting remedies available to the businesses whose names are being tarnished due to such fraudulent activities despite of them not being involved.
II. Legal Remedies:
The answer to the question “What remedies are available to businesses to combat digital fraud?” are as follows:
(a) Criminal laws:
In India, cybercrime is primarily regulated by the Information Technology Act, 2000 (“IT Act”), which addresses fraudulent activities undertaken via digital means. In this, Section 66D of the IT Act specifically prescribes imprisonment of upto 3 years and a maximum fine one lakh rupees against a person who uses digital resources to cheat by personation. In addition to this, the complainant can place reliance on The Bharatiya Nyaya Sanhita, 2023 (“BNS”) which supports businesses vide sections such as:
I. Section 319 - which criminalizes cheating by personation and prescribes a maximum imprisonment of five years or fine or both;
II. Section 356 – which criminalizes defamation either through spoken or written word or signs intends to harm the reputation of a person and prescribes a maximum imprisonment of two years or fine or both or with community service;
III. Section 61 – which allows charges of criminal conspiracy to be brought against the fraudsters.
Any company subjected to a cybercrime in a fashion similar to that of FedEx, can use the provisions under the IT Act and the BMS to file a police complaint at a police station having requisite jurisdiction.
(b) Civil Laws:
Alternatively, businesses may opt for civil proceedings by filing a civil suit claiming trademark infringement, passing off and disparagement claim under the Trademark Act, 1999. This statute permits businesses to take legal action against misuse of their brand name in a manner that harms their reputation. For instance, in cases where fraudsters falsely use the FedEx name to mislead customers, such unauthorized use constitutes trademark infringement and disparagement. This is because the fraudsters unlawfully exploit a registered trademark while engaging in deceptive activities that tarnish the brand’s reputation. By falsely associating their fraudulent schemes with a well-established company, the fraudsters create a misleading impression among customers leading to reputational harm to a legitimate business. Accordingly, FedEx had the option to seek injunctive relief to cease the misuse of their trademark and brand name.
One foreseeable issue with this course of action is the fact that defendants in these situations are unknown and untraceable by the general public. To counter this, the businesses may adopt the “John Doe” defendant approach. This approach allows a party to act against unknown person and allows the court to pass an ex-parte order.
Notably, very recently the Hon’ble High Court of Delhi vide its order dated 11th July 2024 in the matter titled Asian Paints Limited vs. John Doe and Ors. CS(COMM) 563/2024 dealt with a matter wherein the unknown defendants were misrepresenting themselves to be affiliated with Asian Paints. These unknown defendants misrepresented themselves to be representatives of Asian Paints and were offering franchises/ distributorships of Asian Paints, while blatantly misusing the “Asian Paints” trademarks and tarnishing the company’s image. The defendants in this case had registered several websites with the domain names implying an association with Asian Paints’. Additionally, the defendants had two email addresses with the words “asian-paints” in it which was further aimed at misleading the public. Aggrieved, Asian Paints sought an interim injunction against the infringement of its mark and also prayed for a notification to the Internet Service Providers to suspend the impugned websites and domains of the unknown defendants. The Hon’ble Court noted that “The aforesaid, at this prima facie stage, establishes that the defendant no.1 is guilty of defrauding the members of general public by slavishly misusing the APT of the plaintiff by illegally duping them of their monies. If the said defendant no.1 is/are allowed to continue, such acts will spread like wild fire with no checks and balances with a cascading effect. Moreover, since the defendant no.1 is/are unknown persons involved in such large-scale activities of defrauding and duping the unwary persons as also other members of the general public, injunction against them is called for.” Not only this, the Court directed the Internet Service Providers to suspend the domain names of the unknown defendants. Businesses suffering from such trademark infringement, passing off or disparagement may seek such directions against the internet service providers or telecom service providers.
As is evident from the above, businesses have both, the civil and criminal remedies available under law. However, the selection of such remedy is dependent on motivation of businesses which may differ. For instance, some businesses may not want to spend money on court fees and other legal expenses and as such the criminal remedy route are best suited to them. On the other hand, some businesses may need intermediate relief such as injunction or directions to be issued to ISPs and may accordingly choose the civil remedy right. In doing so, businesses will have to set their own priorities and carry out their own cost benefit analysis which would help them in reaching a conclusion best suited to their needs.
Regardless of the process adopted, the businesses will have to provide evidence to substantiate their claims. Owing to the fact that these frauds are targeted at the individuals and not the business, the business will face the herculean task of collecting evidence which would involve:
I. Identifying impacted individuals; and
II. Obtaining call recordings, emails, messages, screenshots evidencing the fraudulent attempt and the misuse of the businesses brand name.
Moreover, considering the digital nature of such scams, the evidence in such instances are most likely to be call recordings, emails, messages, screenshots, which require that the complainant/ plaintiff submit such evidences along with the evidence as per the mandate under The Bharatiya Sakshya Adhiniyam, 2023 (“BSA”) which establishes the rule to be followed while tendering evidence. Out of all the provision, the one of most significant provision is Section 63 of the BSA which provides admissibility of electronic records (e.g., photographs, screenshots etc.) provided a certificate stipulating to the authenticity and veracity of the electronic document is also submitted at each instance an electronic record is submitted.
III. Steps for businesses to prevent digital frauds:
While the remedies may help businesses deal with the aftermath of a fraud, it is critical that businesses take proactive steps to safeguard their operations and customers. To do so businesses can take the following key actions:
I. Businesses should regularly notify customers via SMS, emails, and website updates about common scams and should suggest steps on how to verify communications.
II. Businesses should provide a dedicated helpline wherein customers may call to verify the origin of communication received by them.
III. Businesses should send periodic alerts reminding customers with disclaimers such as, “The company does not request personal or financial information from customers.”
IV. Businesses may generate and assign an OTP or random identification number, valid for a limited duration, which shall be known only to the service provider and the customer.
V. Businesses can inform users that if they encounter or suspect fraudulent activities, they should immediately report the incident to the company and the Indian Cybercrime Coordination Centre’s (“I4C”) at their toll-free helpline at 1930.
By implementing these steps, businesses can significantly reduce their user/ customers’ exposure to digital fraud, protect their customers, and maintain a strong reputation in an increasingly digital world.
IV. Conclusion:
As is known, every business operates on a consumer trust factor. Owing to the rise in digital frauds, it is likely that the trust factor may get hurt. In light of this, it is crucial for both the legal and business sectors collaborate in order to protect this consumer trust. India's legal framework does provide the tools to combat the threat of digital frauds. However, their selection is mostly dependent on the business’s objectives. Businesses also play a vital role in mitigating digital fraud through prompt action, and ongoing customer/ user education. In today’s digital era and considering the ease with which digital frauds can be executed, it is now a necessity that businesses put on their thinking cap and establish a procedure for communication with the customer which also includes verification aspects. Doing so will not only strengthen the consumer/ user’s trust in a brand but also safeguard the businesses from the ill effects of disparagement.