Right to Information Act enacted by the Indian Parliament in the year 2005 advocates transparency in administration. Any information sought for by any general public must be provided by the public authorities. The public who seek information under this Act for the purpose of public good are called activists of RTI Act. But, many misuse the information so obtained under the Act about an individual official to black mail the concerned official and practice extortion. On one hand existence of an Act has lead to publication of information while on the other absence of an Act has lead to credit card fraud thrive in India.

India does not have an effective legislation for protection of data deposited in faith by gullible public with Call Centre while making purchases on line using their credit cards. While transacting, payments are usually made by credit and debit cards. Certain information like card number, access code etc., have to be furnished while making payment through credit cards. This information if passed on to criminals can cause extensive loss to the credit card holder. The criminals use this information to make payment for their purchases unlawfully or even withdraw money from the bank.

I narrate a recent incident of credit card fraud in India. BBC reporters posing as fraudsters from London bought names, addresses and valid credit card details of UK customers from New Delhi-based person who acted as a broker to arrange the sale. The BBC team went to India on a tip off after being put in touch with a man offering to sell stolen credit and debit card details. Two undercover reporters met the broker in a Delhi coffee shop for an encounter that was filmed secretly. He said he could supply them with hundreds of credit and debit card details each week at a cost of US$ 10 a card. After the reporters agreed to initially buy the details of 50 cards, the man handed over a list of 14. That person said the remainder would be sent later by e-mail and claimed some of the numbers had been obtained from call centres handling mobile phone sales or payments for phone bills. After the British Broadcasting Corporation team returned to United Kingdom the person continued to supply card details to one of the reporters by email.

Nearly all the names, addresses and post codes sold were found valid but most of the numbers attached to them were invalid – often out by a single digit. However, about one in seven of the numbers purchased were active cards still in use by UK customers and their owners could have been subjected to fraud if these cards had fallen into the hands of criminals.

The team of reporters contacted the owners of these cards and warned them that their details were now being bought and sold in India. Three of the customers had bought a computer software package by giving their credit card details to a call centre over the phone.

Similar cases of money being illegally withdrawn in India using details of UK customers, who use their cards while making purchases when physically here or through the phone and online have come to light earlier.

Unless there is a tough law to deal with criminals who sell confidential information to the detriment of the legitimate credit or debit card holder, such incidents are bound to repeat without any fear. Is possessing information about a man’s credit card an offence? Is parting with such information an offence? If it is so, under what law? India can boast of passing legislation on cyber crimes in Information Technology Act, 2000. But, it has not done anything to legally protect private data.