Digital India fact check: Online communities thriving on unethical and illegal means

KUNAL GAURAV

April 11, 2019

Digital India campaign of the current Modi-led government has been a talking point for quite some time.
It was launched in 2015 to ensure the reach of government’s services to every citizen through high-
speed internet network. But the results of the campaign saw a meteoric rise, especially in terms of
online transactions, after the demonetization of 2016.

India’s biggest fintech company, Paytm, almost doubled its user base from 140 million to 270 million
within a year after the demonetization. Swiggy, an online food delivery startup, recently raised $1 billion
in funding and became the fifth most valuable startup in India at a valuation of $3.3 billion.

Some of these companies grew exponentially and joined the league of ‘unicorn’ startups, but the rest of
them simply collapsed. Apart from the problems of a feasible business model, a startup depends heavily
on online transaction which leads to the problem of cybersecurity. According to a report, released by
Comparitech, India is among the least cyber-secure countries of the world which makes the startups
vulnerable to cyber-attacks.

While India have laws vis-à-vis cybersecurity, some aspects are outside the scope of law which are used
frequently by people for their personal benefit. An online Facebook community called ‘free Recharge
BOX’, with more than 1.25 lakh members, offer deals and share tricks to get discounts on various
services.

Facebook groups for offers and deals

Ankur Sharma, who has been a member of such Facebook communities for a year, said that there are
secret WhatsApp groups as well which he can’t disclose. “I generally use it for flight bookings through
Goibibo, MakeMyTrip, because it makes a huge difference on the pocket but sometimes, I also use it for
cab and food aggregators like Ola, Uber, Swiggy, Zomato,” said Ankur.

Ankur said that at the very basic level, they share their premium accounts like Zomato gold. “It runs on
the trust factor within the community. If I am throwing a party to 20 people, I can easily manage 10
Zomato gold accounts on one request which cuts my expense by half,” he added.

The savings on such deals differ according to the need but smaller transactions on food and cab are
almost constant. Ankur explained, “If it’s a holiday season, I book flights, hotels and cab rides where I
save a lot through such deals but rest of the year it’s mostly about Swiggy, Zomato, Ola and Uber. The
savings are directly proportional to the expenditure.”

The member said he doesn’t know any of them personally in the group except some of his friends who
introduced him to such groups. “There is no particular reason for not knowing other members because
they arrange meetups and donation campaigns in different cities every winter. I, personally, have never
been in any of the meetups,” said Ankur.

According to Ankur, the possibility of legal repercussions to a member is also minimal. “Suppose I book
an Oyo room, then the booking is made through somebody else’s account. The only fear is that
sometimes the booking has not been made and you are left there to hang out dry,” he added.

It’s not always the deals that are being offered but some of the technical loopholes are also shared
within the group. Recently, Swiggy introduced chatbots to solve customers' issues with some pre-coded
questions and solutions. The loophole let the customers get the whole amount refunded within a
minute without even talking to any customer care executive.

Figure Swiggy chatbot refund process within a minute

Brian Ammanna, GM Corporate Communications at Swiggy, acknowledged these issues but didn’t seem
to be bothered about the technical loopholes. “It’s not that we were completely unaware of this but I
have to figure out how serious this issue is for us to even comment on it. It’s an organizational
procedure and I’m not sure if I am allowed to comment. Honestly, we do millions of transactions every
month, so these are negligible amounts compared to what we are investing in promotions currently,”
said Brian.

These companies have their artificial intelligence in place to track the activities of the customer, and
accordingly, the company can block such accounts.
K Karthikeyan, a Chennai-based cybercrime advocate said, “At the end of the day it’s all about
customers’ satisfaction and they want a greater number of customers. They usually ignore such
activities and avoids prosecuting those customers even if they have to bore the brunt of such
loopholes.”

“These activities are basically cheating the company and can be prosecuted under Indian Penal Code,
there is no use of cybercrime laws,” Karthikeyan added.

Brian’s claim about the huge investment in promotions were not unfounded. According to several media
reports, in January, The National Restaurant Association of India (NRAI) raised concerns if the food
delivery startups are making customers ‘discount addicts’. They filed a complaint with the Competition
Commission of India (CCI) against the food aggregators like Swiggy and Zomato, stating that they are
using their dominant positions to push deep discounts and data masking.

Notwithstanding these startup unicorns, small startups are more vulnerable to these loopholes and it
can have a huge impact on their business. A group admin, on the condition of anonymity, explained one
such incident, “A company called Pepperfry used to sell groceries online and had a provision of ₹250 per
referral but there was a loophole in the validation of an account. Customers generated hundreds of
email id through ‘Mailinator’ (a website that creates email-id automatically after the email arrives) and
bought groceries without paying a dime.”

Customers exploited this glitch to the maximum, and when the funding dried up, the company had to
shut its business.

Facebook has its community standards in place but it does not restrict the groups from offering such
deals or take any action against it. “There was an incident when Facebook suspended our group because
of mass reporting by some people and not because we offer deals. We got it up and running after some
days but they didn’t give any specific reason for the suspension,” said the group admin.

The group administrators also try to make sure that the deals being offered in the group are authentic.
These groups also have mediators, who facilitate the deal between two people, and they are trusted
members of the group, personally verified by group administrators.

“When the buyer and seller don’t know each other and are completely new in a community of more
than one lakh members, they need someone whom they can trust. In such cases, the mediator receives
the money from the buyer, and transfers the money to the seller only when the deal is authenticated by
the buyer,” explained the group admin.

Carding is one of the most common online fraud, where credit card details are misused for online
transactions and it directly harms an individual’s finances. These exchanges occur in close-knit
WhatsApp groups. People generally sell user-id of online streaming channels such as Netflix and Amazon
Prime, which deducts the monthly charge from an international credit card. International credit cards do
not require OTP (One-Time Password) which makes it easier to commit fraud.
Figure Deals and BINs in WhatsApp groups

The facebook group admin explained the process of carding but denied the promotion of carding within
the group. “People steal the details of International credit cards and attach it to various online services.
They sell BINs, which technically means Bank Identification Number, but in carding language it is set of
credit cards with all the details and one of the cards works,” he said.

“We completely condemn the use of carding and we have clearly mentioned in the set of rules that any
misuse of credit card details will not be tolerated,” he added.

K Karthikeyan said that earlier the liability was not on the banks for credit card frauds but in July 2017,
RBI issued a circular known as ‘limited liability of customers in unauthorized electronic banking
transactions’.

“According to this circular, if any customer loses his/her money from e-wallet or ATM or credit card
without their knowledge and involvement, they can file a complaint with the concerned bank within
three days of transaction. Accordingly, the bank has to reimburse the lost amount and the bank can
claim that amount through insurance. But most of the banks are not aware of this, so even in case of a
complaint, banks do not respond,” said Karthikeyan.