The secretary of information technology (IT) in Gujarat issued an important order directing Vodafone Idea Ltd to pay a penalty of Rs. 20 lakh lost by its customer due to a fraudulent SIM switching.
Vijay Nehra, the IT secretary and the AO for cyber fraud cases under the IT Act, wrote in an order last week that “…in this case, gross negligence on the part of the service provider and failure or lapses in know-your-customer (KYC) verifications enabled the fraudster to access the mobile number and, as a result, other financial institutions attached to the number. The telecom service provider helped the wrongdoer get access to a computer, computer system, or computer network without authorization, which violated Section 43 (g) and Section 43 A and unlawful loss or damage to the person affected.”
“In my opinion, a reasonable fine under Section 43A of the IT Act or Rs 20 lakh against Vodafone Idea would be right and proper. As a result, Vodafone Idea is required to give the complaint a penalty of Rs 20 lakh within 30 days, according to the IT secretary’s order.
Rajkot-based The case was made against Vodafone Idea, Dena Bank (now Bank of Baroda), Allahabad Bank, Federal Bank, Anita group, and Gobinda Biswas. It was submitted by Jaydeep Vrujlal Depani, Manish Jamnadas Depani, and Vrujlal Haribhai Depani. In this instance, the fraudsters switched the SIM for the mobile number that the Depanis had associated with their Dena Bank account.
Jaydeep Depani discovered that the phone was not functioning and was displaying a no-network message on February 17, 2018, about 6 o’clock. He thought about going to Vodafone Idea as he left the office because he was occupied with finishing his workday. But he was unable to go to the service provider on that day or the following day, which was a Sunday. On February 19, 2018, he went to the Vodafone Idea office and requested a new SIM card.
A fresh SIM was given to him. However, it was malfunctioning, and Mr. Depani was limited to making outbound calls. On the new SIM, he did not get any incoming calls or messages. He inquired with Vodafone Idea once more, and was given assurances that the problem would be fixed.
He repeatedly called the Vodafone Idea agent the following day, but he always got the same response: “The problem will be resolved shortly.” He began getting incoming calls and messages on the evening of February 21, 2018.
He discovered that the password had been changed the following day when he attempted to access his bank account with Dena Bank. He got in touch with the bank and had the login password reset. After entering the new password, he saw that between February 18 and February 21, 2018, Rs. 20 lakh was removed from the account in four transactions totaling Rs. 5 lakh each.
All banks argued that they had taken all essential steps during the hearing. The fraudulent transfer of funds from the Depanis’ account was completely the result of mistakes made by Vodafone Idea when they gave the fraudster a duplicate SIM without taking the proper KYC steps.
On the other hand, Vodafone Idea argued that it was unaware of the Depanis’ use of a mobile phone to manage their bank accounts. The statement reads, “We are not involved in the fraudulent money withdrawal from the Depanis’ account and issued the duplicate SIM card to an impostor in good faith after meeting all requirements for the issuance of another SIM card when it is reported to be lost.
The complainant’s SIM card was deactivated, and a duplicate card was created, allowing the fraudster to bypass the second tier of two-factor authentication (2FA), as Mr. Nehra, the IT secretary, pointed out as an AO. Additionally, he indicated that other consumers may have experienced similar circumstances as well, but they decided not to present their cases to the AO.
However, he added, “given the seriousness of the current case’s complaint and the feedback regarding other instances in which a Vodafone Idea SIM was either cloned or a duplicate SIM was issued, I feel it necessary to instruct Vodafone Idea to strengthen its internal processes in relation to the issuance of duplicate SIMs.
The telecom services provider or its representative never makes an attempt to contact the original subscriber on the original SIM or the alternate contact number(s) between deactivating the original SIM and activating a duplicate SIM, according to the AO, if only to gauge the other party’s reaction.
In the case of Depanis, Mr. Nehra stated unequivocally that “No expert is required to compare and come to the conclusion that the applicant for the duplicate SIM was not the subscriber and such a claim was entirely bogus and fraudulent.” Both the original KYC form and documents submitted by the fraudster show that the subscriber’s photographs, date of birth, and PAN card are quite different. It seems evident that Vodafone Idea that the details were verified and checked is incorrect and unacceptable.”
The AO found Vodafone Idea responsible for violating Sections 43(g) and 43A and fined the telco Rs. 20 lakh for issuing a duplicate SIM card without verifying or examining the KYC documents provided by the fraudster.
