the unauthorised online withdrawal of money from the accounts of customers of local banks, he will, for the…
(No. B/1124) Dr. F. Aumeer (Third Member for Port-Louis South & Port-Louis Central) asked the Prime Minister, Minister of Defence, Home Affairs and External Communications, Minister of Finance, Minister for Rodrigues and Outer Islands whether, in regard to the unauthorised online withdrawal of money from the accounts of customers of local banks, he will, for the benefit of the House, obtain from the Cybercrime Unit of the Mauritius Police Force, information as to the reported number of cases thereof over the past three years, indicating the – (a) banks concerned therewith; (b) outcome of inquiries carried out in relation to the responsibility of the banks pursuant to section 51 of the Banking Act, and (c) number of prosecutions carried out and convictions secured, if any.
Reply: I am informed by the Commissioner of Police that reported cases of unauthorised withdrawal of money from the bank accounts of customers through online banking are dealt with as an offence of electronic fraud under Section 14 of the Cybersecurity and Cybercrime Act 2021. Since January 2023 to 27 November 2025, 48 cases of such
122 electronic fraud have been referred to the Cybercrime Unit of the Police. Out of the 48 cases referred to the Police, 4 have been classified and enquiry into the remaining 44 cases are ongoing. Furthermore, for the same period, eight other cases of electronic fraud have been reported at the Crime Investigation Team Unit of the Police. Out of the eight cases, one has been classified and enquiry into the remaining seven cases are ongoing. In regard to parts (a) and (b) of the question, I am informed that it would not be proper to reveal the names of the banks concerned due to confidentiality reasons. However, this problem affects all major banks. I am further informed that pursuant to Section 51 of the Banking Act, any bank may provide to its customers remote access to their accounts through computers using propriety software or the Internet. These authorised banks should provide adequate security for their Internet or proprietary platforms. The security features in such systems should include customer authentication, appropriate documentation and for physical and logical protection against unauthorised external access in any form, whether by individual penetration attempts, computer viruses, denial of service, and other forms of electronic access. When the occurrence of an incident is reported, the concerned bank has to conduct a root cause analysis and submit a report thereon to the Bank of Mauritius within 20 days of the incident reporting. The Bank of Mauritius may require banks to enhance their controls or security measures, from a supervisory point of view, based on the root cause analysis. Furthermore, the Bank of Mauritius has issued a guideline on Cyber and Technology Risk Management in 2023 with a view to addressing the increasing cyber threat landscape arising from the accelerated digital transformation of the financial sector. The guideline sets out the minimum requirements which banks and payment service providers are expected to implement with respect to cyber and technology risk management to ensure that the risks are well understood and managed appropriately. I am further informed that banks are required to report all unauthorised withdrawal of funds to the Bank of Mauritius. Enquiry has revealed that in most cases, they refer to scams where the customers themselves have provided details of their accounts to scammers, including their One-Time Password.
123 The banks, therefore, cannot be held responsible in these cases. Banks should continue sensitising their customers not to provide their bank details to third parties to avoid such frauds. SSR AIRPORT – PASSENGER HANDLING ENHANCEMENT