Investigating the wine shop credit card fraud 2

Investigating the wine shop credit card fraud

On the 4th of April, a family member received a wine shop’s number from a trusted friend, who said they home delivered during the lockdown. “Give my husband’s reference”, she said. The confidence with which she said it made us put our guard down and ignore all subsequent red flags. The gullible family member called this “wine shop” and gave out my ICICI bank visa credit card details for a “delivery charge”, with second level authentication et al. The fraudsters siphoned Rs. 60,009 from the card to a MobiKwik wallet.

It turns out I was not the only victim. A Facebook search shows they have been openly advertising and conning people.

Investigating the wine shop credit card fraud 3
Investigating the wine shop credit card fraud 4

First Action:

Within minutes, I called the ICICI helpline, raised a dispute for the fraudulent transaction and got the card blocked. I rushed to the nearest police station (Gamdevi, Mumbai) and lodged an FIR.

I kept calling the fraudster’s cell number from different phones, and I could hear others in the background coaxing card details out of other hapless victims. Clearly this was a call-center scale operation. My kin called that friend who provided the fraudster’s contact and landed us in this mess. She backtracked saying her husband had not used the service, and it was merely a forwarded message. Predictable.

Following the Money Trail:

I contacted MobiKwik support on Twitter that very night. They asked me for the FIR copies and my ID proof. Within a few hours they sent me the fraudster’s wallet details and the fraudulent transactions, with a cell number and IP address. MobiKwik’s support team is by far the most efficient and proactive in this sordid saga.

Investigating the wine shop credit card fraud 5

I traced the static IP address of the fraudsters to Bhilwara Rajasthan. They were operating from a Reliance Jio Broadband connection.

Investigating the wine shop credit card fraud 6
Investigating the wine shop credit card fraud 7

The fraudsters had transferred the money from MobiKwik to PayTM. I tried to get PayTM’s attention on multiple social media platforms for three days. They finally replied and began corresponding via email. They took their time, but came back with 7 excel sheets of data on the fraudster’s PayTM wallets, registered mobile numbers and transactions. The fraudsters had transferred the money from PayTM to the following three bank accounts:

– India Post A/c 044810038102 IFSC Code IPOS0000001 Name: Hari (Bharatpur, Rajasthan).

– SBI A/c: 37103490904 IFSC Code SBIN0031068 Name: Prasant (SBI Branch – Kaman, Dist. Bharatpur, Rajasthan)

– SBI a/c: 38468506036 IFSC Code SBIN0031068 Name: Ravi (SBI Branch – Kaman, District Bharatpur, Rajasthan).

I contacted India Post’s Bharatpur Branch and provided them all the evidence along with FIR copies. I was pleasantly surprised to receive an email from the branch manager within 24 hours, informing me that they have debit-freezed the account. 

Investigating the wine shop credit card fraud 8

I did not receive any reply from SBI’s grievance redressal team.

I summarized all this evidence in an email and sent it to the cops, as well as ICICI’s back-end team that handles disputes. They closed my case and refused to forego the charges. I have now raised a complaint with RBI’s ombudsman website.

The cops extracted the information on the cell numbers which were used to make the calls as well as the one on which the wallet was registered. The numbers were registered in Odisha, although it is evident that the scam was orchestrated from Rajasthan. There is no way to know if the people in who’s name the cell numbers are registered are indeed the fraudsters.

My takeaway from this ordeal:

  • Some service providers such as MobiKwik have extremely efficient and prompt Cyber fraud support teams. Even government Banks such as India Post can be extremely prompt and proactive. Which only shows that it is possible to solve such cases if the people in these institutions choose to do so. While I unearthed all this information on the fraudsters – from geolocation to mobile numbers and their financial details – with my very modest tech skills, the Mumbai Police investigating the case were still a few steps behind. Of course they are bound by procedural red tape, and are still waiting for MobiKwik and PayTM’s cyber cells to reply to them via official channels. Meanwhile they started the investigation using the data I provided, even though it cannot be entered as evidence until the payment companies send it to them officially.
  • The wallet providers are more than eager to assist with the investigation. However my local police station is using a gmail ID, while the wallet’s cyber cell wants them to send a request via a .gov or .nic ID. So the information that I obtained within hours is taking weeks to come via official channels.
  • The young police personnel doing the legwork on the case seemed determined to catch the culprits. However I do not know how far he will get given the limited resources and training. They seemed unaware of how one could trace a static IP address using the several websites available through a simple google search, and then tracking the geolocation using google maps, by entering the LatLong coordinates obtained from the IP tracking website. 
  • The national cybercrime portal (cybercrime.gov.in) has an excellent reporting format with very specific and detailed data collection, but it does little else besides forwarding the complaint to the local police station. As far as I can tell from my own experience of filing the complaint on the website, there isn’t a dedicated centralized department with cyber crime expertise to look into these cases.
  • It is not very hard to track down the money trail. But getting the powers-that-be to initiate the process of recovery is the hard part.
  • Your card issuing bank will be the least helpful. They will merely attempt a reversal at the first point of transfer (the merchant, or as in my case MobiKwik). Don’t expect them to help you any further than that. I provided the entire money trail and the frozen wallets and account details to ICICI’s dispute team. All I got was a standard reply saying the transaction was 2nd level authenticated and hence the entire liability is on me.

The government may well want to push digitization and cashless payment on its citizens, but without investigative agencies upgrading their infrastructure and training, millions of less sophisticated and technically inept citizens will continue to be victims of fraudsters who are openly operating with impunity.