Online car portals : Beware...!!! You may be the Next Victim

The unprecedented growth of technology and the movement of digital transformation has now made the life of common citizens simple and convenient. One of the vertical which has seen a huge spurge is the online purchase and selling of cars and two wheelers. Hundreds of online portals advertise the best brands for buy and sale. These portals claim that they give a wide variety and choice to the buyers to buy the best pick and also to the sellers to get an optimum and favourable cost with maximum ease and comfort. Digital commerce works on a concept of SMART (Simple, Manageable, Accountable, Responsive and Transparent). These features now make the young and old Indians to glue to their mobile and laptops for making online purchase and selling at their fingertips.

Online portals also carry out their own set of risks and the buyers have to be selective while they purchase or bid for a vehicle online. In one of the incident a prosperous car dealer in Maharashtra opted to go online for purchase of a car. He bounced upon an AD advertising on a famous online car portal costing about 90 lakhs for as low as 36 lakhs. The listing of the AD showed that the car belonged to an Ambassador of a foreign country who now shall be permanently migrating to his own country and hence would like to sell his car. Upon going through the AD, the buyer quickly responded to the request posted by the seller.

Series of communication started between the prospective buyer and the seller. The communication mode was through email and mobile. After developing confidence with the buyer the seller set a honey trap and asked the buyer to deposit 26 lakhs as an advance payment. After the transfer of funds, the communication from the seller stopped. The buyer got in touch with the car portal but no significant lead he could get into.

The buyer had no option but to register an FIR. The investigation revealed that the bank account numbers, SIM numbers and the advertisement on the car portal were not verified by the service providers. After 3 months of investigation the police filed a closure report stating that the culprits were not traceable as all records were fudged and incorrect.

The complainant now is looming towards a loss of Rs 26 lakhs and also waste of time and effort in going through the legal proceedings. The whole episode of online purchase and buying of cars through online portals has got few lessons to be learnt.

The online car portal was once again approached by the buyer to seek any information about the seller as a last and final remedy. Very interesting facts came into light. The online car portal stated that “It is not their responsibility to verify the credentials of the buyer and seller”. The liability is solely depended on the users. This is very ridiculous. Section 79 of the Information Technology Act 2000 states that “Service providers not to be liable in certain cases”. The online car portals are taking advantage of this provision, but it is their folly. The Information Technology (Intermediaries guidelines) Rules 2011 has put the burden on the service providers regarding the KYC to be done before the buyer / seller has subscribed to their services.

The online car portal on one side has put the liability of KYC on the buyer and seller but at the same time has displayed in their terms and conditions that “Material that is knowingly false is objectionable or in violation of any applicable law, rule or regulation shall be removed”. In this scenario why did the online car portal did not remove the AD posted on their website? What procedures have been followed by the online car portal for getting the subscribers details? What type of information is collected and whether the data is being sold to the third party? What type of cookies are stored on the subscriber’s machine and whether the surfing habits of the subscribers are misused?

The whole episode has given rise to serious offence in which the online car portals can be used as a vehicle to cheat the innocent buyers. It is time that strict data privacy and KYC policies have to be implemented and the service providers have to be made liable. A mere disclaimer policy by the service provider that they are not responsible for any fraud taking place through their website is a purposeful shortcoming from the service provider.

Dr. Harold D'Costa
Cyber Security Expert & Sr. Consultant (Law Enforcement Agencies & Judicial Officers)