The government of India is rooting for digitisation and financial transparency. Both are laudable objectives. Almost every government department has been exhorted to enable online payments.
That helps the government entity immediate feedback on the amounts received. It cuts down paperwork, cash receiving clerks at payment windows, serpentine queues, and a great deal of heartburn.
Prima facie, there is no reason why anyone should be against epayments. But it is quite possible that the government has not reckoned with clever people within the government itself who have learnt ways to turn epayments into a gigantic scam. The amounts look small. The fact that this is being done through banks gives the modus operandi a great deal of respectability. But the fact remains – this could be a scam involving thousands of crores of rupees.
This correspondent may have discovered just the tip of the iceberg. And even as we speak, both HDFC Bank and the Municipal Corporation of Great Mumbai (MCGM) have launched their own investigations into one such operation.
Part of the blame should fall at the government’s doorstep. It has rushed India into digitisation without first comprehending the issues involved. It has looked at what is possible, without looking into what can go wrong, and how the system can be subverted.
And, most important, the government has failed to put in place a regulator for epayments. It has also failed to put into place the penalties that must be levied on fraudulent transactions. Ideally the penalty should be (at the very least) a multiple of the amounts skimmed. This is because unless the cost of compliance must be made to look cheaper than the cost of non-compliance, the incentive to defraud the system will always be there.
The modus operandi
So what exactly is the modus operandi that was adopted by MCGM’s finance and information technology departments? Take the story of 28 December 28. This correspondent wanted to pay his water bill – a similar story may be relevant for property tax payments, for vendor payments and for all other payments – which together account for thousands of crores of rupees.
First, you cannot enter the payment portal till you submit your bill’s consumer number, and must have a pending bill to pay. Thus, once you have paid, you cannot revisit the website to see how it works, unless of course you have another pending bill to work with. Hence the chances of detection are quite remote.
In December 2016, the only credit card company promoted on the MCGM website was American Express. There was no mention of RuPay, Mastercard or VISA or any of the nationalised banks. A few private sector banks were listed. Yet completing the transaction was difficult, and the process got aborted a couple of times. Finally, the attempt to epay succeeded. And this is where the first inkling of a scam came to light.
The MCGM bill was for Rs.737. That was the amount authorised to be paid. The receipt issued by the MCGM was also for Rs 737. But when the bank confirmation came through, you found that the payment debited to your account was for Rs 745.11. Someone has skimmed off Rs.8.11 on this transaction. Even more interesting was the notation from the bank. It stated that the payment had been made to : INB/461776876/PAYU.IN/”.
So who is payU.in? This is a private player whose ownership details are not given on its website, though details of its management team can be found at https://corporate.payu.com/leadership-team). According to informed sources, it is owned by a South African conglomerate, which also owns several other companies in the country. It is not known if there is a political godfather behind this group. What is known is that PayU.in has similar arrangements with other government establishments and municipalities, and is a big player in the financial intermediary segment.
Now compare this to a transaction made to pay MTNL through its website. The bill was for Rs. 1,735, the receipt was for Rs 1,735 and the amount debited to the account was also Rs 1,735.
The MCGM website appears to have changed since December 2016. Rupay is now shown. And so are other banks. But one does not know how payments through Rupay work, because this correspondent does not have a Rupay card. Nor can one re-visit the website a second time, unless one has a second bill which has to be paid. Hence, getting screen snapshots of all the banks and the permutations and combinations offered by the website become quite difficult.
Like last time, this correspondent opted for the HDFC gateway. This time the transaction was smoother. The bill was for Rs 111, and the receipt too was for Rs 111. But the debit to the bank was for Rs 116.75. And this time the confirmation from the bank mentioned that the money had been paid to PUR/TimesOfMoney/SBIPG/TimesOfMoney/Seq No 706912041079. Nobody seems to know who TimesOfMoney is.
The MCGM was duly alerted, and an enquiry is underway. HDFC Bank was approached, and its people have denied involvement stating that the payment was not done through its gateway.
This raises several questions:
1. Could it be possible that the web-designers of the page have put in HDFC’s name, but have directed the payment to another party? In that case, is this not fraudulent practice?
2. Normally, merchant discount rates are paid by the merchant, not by the customer. Remember how petrol pumps went on the warpath when MDR was to applied to them after demonetisation was announced? Finally, the petroleum ministry asked the oil marketing companies to pay the MDR instead of the petrol pumps. So why is the MCGM portal charging customers?
3. But a bigger problem exists. Even if the MDR is charged to customers, shouldn’t it be shown on the receipt? The law requires every item of billing to be shown on the vendor’s receipt. Why has the MCGM receipt been issued without the debit charges?
This leads one to the conclusion that the perpetrators of the scam did not want the debit entries to come on the MCGM entries. If it had, the audit team of the MCGM would have to enquire about who was taking the money and who was being paid for services. By keeping the amount off the receipt, the amount is kept out of the purview of MCGM’s auditors.
This means that there is a collusive arrangement between the financial intermediary (in this case “TimesOfMoney”). MCGM’s money managers must have agreed to give business to “TimesOfMoney” only if the amount were shared with someone else. If this is indeed the case, a full fledged police investigation is called for. Both the web-site designer, the person who wrote the script authorising payments, and “TimesOfMoney” should be hauled up for questioning.
This also raises a bigger question – why is the government going ahead with epayments without first putting a regulator in place, and ensuring that any such attempt to defraud customers invites severe penalties? Surely if the MCGM scam could amount to a few hundred crore of rupees, at the state level the scam could be a few thousand crores. At the national level, the scam could be monumental. Not many know how to interpret bank debits, or scripting on web-pages.
Why has the government ignored the Watal committee report on epayments?
Is the government abetting frauds?
(Part II of the article will be on the Watal Committee. In December 2016, the Finance Ministry of the Union government appointed Committee on Digital Payments submitted its report on Digital payments and made its medium term recommendations for strengthening trhe Digital Payments Ecosystem. The Committee was known as the Rajan P. Watal committee. Why have its recommendations not been implementeds? Firstpost investigates.)
Updated Date: Apr 28, 2017 15:27 PM