The bait

I love watches – and who wouldn’t like to own a beauty like this? I was completely stunned when I saw an ad offering Rolex watches at 70,000 to 1.5 lakh rupees (Rolex normally cost upwards of four lakh rupees MRP as of 2014) on swisswatchcompany.in. You can’t get a Rolex for Rs. 5000 – 10,000 rupees, and all Rolexes available at this price are replicas, but when you are getting something around the 70k – 150k price range, it is plausible that there’s a genuine deal out there to grab. Even official dealers of luxury watches offer discounts ranging between 20 to 40 percent quite often.

I decided to give these guys a call and probe to see if there is any genuine deal in there. They told me a fabulous story – these are pre-2011 models, purchased from US retailers and sold online because they cannot be sold in physical stores. The watch manufacturers impose minimum price conditions on retailers, and require them to sell only the latest models. Old stock therefore needs to be cleared out, which is why the discount.

I was myself suspicious of this deal (some of the classic models never go out of vogue), but I still decided to give it a shot, because of an option to return the watch if I didn’t like it after receiving it. The company was offering a 100 percent original guarantee and a 30-day exchange policy / or refund guarantee (images below). They also had a real landline number and an address displayed on their website.

This seemed to be interesting and safe enough – I decided to try it out. I also planned out how I would handle the situation if the watch turned out to be a fake.

The order

Unfortunately, credit limit on my own card was exhausted, so I purchased through my father’s credit card.

The watch arrived on time, and it was quite beautiful. It looked really good, but as per the suggestion of my colleague, I took it to a couple of retailers and one watch service center, all of whom said it was a replica within a split-second’s glance. I was shocked, because it did not look like any of the 5000 – 10,000 rupee copies. I went through all the tests provided on the internet to determine whether it was a fake and realized they were not helpful enough – the watch passed all tests I could use in the comfort of my home. The 3D hologram, and a warranty card in international languages and English looked really genuine. I didn’t believe it was a fake initially, until I reconfirmed it with an internationally renowned watch expert, who had almost single-handedly built the Christie’s auction business for watches – he had verified the authenticity of a countless number of vintage and pre-owned watches. I researched some more and found articles about how high quality Swiss fakes were being manufactured these days. I was one of the people to have landed up with such a fake Rolex.

I had to act fast if I didn’t want to waste my money. I called the company immediately, demanding a refund. The representative spoke politely, and assured they would mail their ‘US parent company’, and that they would get the watch collected through a delivery boy. It sounded comforting initially, but after a few days I realized that these were empty assurances. The seller had no system to collect the watch and the Indian arm never forwarded me an answer from the US parent. In fact, I was never copied on any email to the ‘US’ parent either, and it was very likely that no Swiss parent existed with respect to this company. I realized after repeated follow-ups and notice of legal action that they had a standard formula for any customer grievance – listen to it for the first time when the customer calls, give an assurance and then stop reverting on calls. They would never take any action. They made sure they gave names of the executives on the phone line (whether they were real or not I am not aware), so that customers did not suspect any deception. This was a smart process to buy time, but someone had to eventually figure out. The only question was whether someone would have the willingness and ability to pursue the matter against them persistently after they figured what this was. After a month, I realized this was hi-tech internet fraud, coming alive in India.

Step 1: Cardholder Dispute Form and a setback

I decided to proceed further. The simplest thing would have to use the ‘cardholder dispute form’ and claim a chargeback. All credit card companies and banks allow customers to raise a dispute and reverse a transaction under certain conditions. Banks don’t have to face losses on chargebacks as they have insurance. Indian payment gateways also include terms which pass risk on to the seller if a customer initiates a refund request through a bank on grounds of the product being different from what was promised – for example see Clause 8 of the CC Avenue payment gateway agreement here). I had used the chargeback procedure earlier when my HDFC credit card was hacked, so I reassured myself in light of my past experience that this would be a quick and effective procedure.

When I was going to submit the form, I realized my father was not interested in taking legal action. He was concerned that the amount will get blocked until the matter is resolved and he will have to answer a barrage of calls from the credit card company. He was also not willing to participate in any legal proceedings that will take any of his time.

This made my work more difficult as I needed to find out alternate mechanisms and also pursue the matter in my own name, which would be procedurally more intricate (as the watch had been purchased in his name and through his credit card).

I was in a fix. INR 70,000 is not a huge sum. Should I just cut losses here instead of investing more money and time? As a startup founder working overtime, is it worth my time to chase these fraudsters until they cough up the money?

My co-founder at iPleaders, Ramanuj Mukherjee, had an irrefutable argument. Our startup iPleaders builds practical law courses for entrepreneurs, managers and other businessmen. We also write for common people on how they can use law to protect their interests on our blog frequently. Apart from the moral responsibility of not allowing fraudsters to thrive in India, if we went through the whole process and documented every step – it will make a great case study from which others can learn. We even considered that we can use this as a case study on product liability for e-commerce businesses in India in our course on cyber law.

We decided to go on a full scale legal attack on swisswatchcompany.in.

Step 2: A Massive Legal Avalanche

As I mentioned, the other methods would be longer and not as convenient, but I would have to proceed with them. Here are the reliefs I was looking for:

Refund – Getting my money back was really my first concern. I had names of customer support staff and persons who claimed to be ‘sales managers’, the bill, saved copies of the refund policies on their website (these turned out to be handy as they took their website down), telephonic conversations and addresses. However, I did not know whether the names given by the people who had interacted with me were genuine. I also did not have information about the identity of the real owners behind the business.

I could have approached a consumer court, but what use would it be if I couldn’t identify who these people were? What if these people gave me only fraudulent identity? Consumer proceedings would also take their own time, and I needed to think of other ways to simultaneously exert pressure, apart from merely initiating legal proceedings. These would largely going to function as threats / business risks/ personal risks for the owners and were going to expedite the return of my money.

Booster dose 1 – Shutting down their website and payment gateway – If these people were interested in conducting business and were not merely fly-by-night operators, they wouldn’t want their website to be shut down. Also the domain should be quite valuable. I thought of what I could do to shut down their operations (even if temporarily):

I could approach the Reserve Bank of India because they were using an offshore payment gateway although they were selling an Indian product in India representing it to be an Indian business operating from Bangalore. There was no 2-step verification as mandated by RBI which all Indian businesses have to follow. This is a credit card security issue and is against payment-gateway regulations (see the report on RBI’s statement vis-à-vis Uber here). Violating these laws can lead to criminal charges against the directors of the business.

I could approach the .in registry, requiring them to take down the site. As a top level domain name registry, they qualified as ‘intermediaries’ (broadly, an intermediary is anyone whose service is required to access content on a website. Since this was the TLD registry, it played an important role in enabling access to the website). Under the Information Technology Act and its rules, intermediaries are required to take down any content that violates a law or infringes IP rights of third parties (see the guidelines here) within 36 hours of being intimated.

I could have also informed the .in registry to take action against the registrant for violating the terms and conditions of the registry itself, as they prohibit ‘wilfully providing false information’ (they falsely claimed that their watches were genuine and prepared creative stories to make inquiring customers genuinely believe this), ‘using the domain name for an unlawful purpose’ (sales based on false claims of genuineness were fraudulent and amounted to cheating under Indian law) and ‘violating third-party rights’ (fake watches violated the intellectual property of the original manufacturer, which in this case was Rolex and the commercial rights of their authorized distributors in India).

Booster dose 2 – Criminal remedies against them for fraud

I am not a vindictive person and wasn’t really interested in the seller being behind bars, as long as my money was returned. Although the evidence I had (invoices, email communications, recorded phone calls, refund policies and guarantee on the website, Whois search records) was enough to shut them down, but if they were fly-by-night operators they could have gone underground with my money (and that of several other customers). The address of the entity and the names of the persons involved (as available from the website and the Whois search) were not verified either, so I would not be able to trace them out.

(The company had itself briefly taken its website down at a later point and put in an automated voice response stating that they were down ‘for maintenance purposes’, which somewhat indicated their indication to go underground.)

I needed a strategy to trace their identity if they were fly-by-night operators and tried to escape – therefore, the final leg would have been to nab them through the police.

I decided to approach the cyber-cell, since this was an internet- related crime and ordinary police would not be equipped to investigate it.

Preparing my FIR

In most FIRs (especially for fraud cases), facts that establish criminal intention are not properly explained, which makes it easy for the police to defer investigation or make excuses for not lodging the FIR, on the ground that it looks like an ordinary civil or consumer dispute and no offence is disclosed. If your FIR does not disclose an ‘offence’, it will be difficult to get the police to investigate.

Let me explain through an example – would you file a fraud case against a shop owner if a product he sold to you stopped working? If there was a breach of contract or non-payment, would you file a case for enforcement (and damages) or for fraud?

In a fraud case, it is important to establish that the other party intended to defraud from the very beginning, then a fraud case is made out. I had to clearly indicate in the FIR that there was a fraudulent intention from the very beginning of the transaction on part of the other side and provide supporting facts.

Secondly, I had to provide details of all the invoices, warranties and documentation. Thirdly, the names of the real people behind the business and the address were not clear – so I provided the phone number, the credit card statement (which indicated the merchant name) and the address, to facilitate identification of the real owners and their addresses by the police. Identification was possible through the merchant name and the telephone number.

Knockout blow – The Power of Many and the Internet

I asked a lawyer friend to help with actual filing of documents. Having regard to how slowly law enforcement agencies may respond sometimes, she knew it would give my case a boost and make police act faster if they received similar complaints from others – before filing the FIR, she wrote about the company on an online forum and received emails from 5 angry customers.

We realized that this was industrial scale fraud – her comment led to responses from many prior customers, who supplied any information they had about this company. We gained more ammunition with every day – this would be difficult for any law enforcement agency to ignore. The seller even tried to plant positive feedback from ghost customers, but it was already too late.

I was about to file the FIR, when I received a call from them, informing me about the refund. However, I was not sure of whether they would actually refund the money in light of their past behaviour, which was mostly evasive. Their website down was still down and calls were unanswered because they were ‘undergoing maintenance’. I felt they had a last minute back-out strategy too – they called me stating the account number was incorrect and their transfer failed. One more trick to buy time, or it could have just been another clerical error. I sent a couple of stern email follow-ups. Finally, the money was back in my account, in full.

While my objective of getting a refund was met, I had discovered a never-ending fraud. Their website came back up (without so many warranties of genuineness and money-back claims). While I can’t realistically help all those who have been defrauded personally, at the moment I am talking to national watch distributors of luxury watches (such as Ethos watches) to establish ways to detect and prevent sale of fake watches and use law enforcement mechanisms effectively. I also decided to prepare this case study which can be used by any lay person.

What actions can you take if you face an online fraud?

Use the cardholder dispute form: If you face an online fraud, the first thing you should look at is getting your money back. The simplest way to do this is through raising a cardholder dispute with your bank if you bought the product using a debit or credit card (unfortunately I could not use this strategy). All banks have a chargeback or a cardholder dispute form which allows you to dispute credit card transactions under certain conditions – say, if the wrong product is subscribed, if you have been overcharged, etc. If your dispute is successful, the bank itself refunds you the money.

Get the website taken down: The next thing you should focus on is getting the website down. The fastest way is to identify intermediaries. Intermediaries are all the entities who are involved in the chain that connects you with the website – internet service providers, domain name registries, domain name registrars, social media sites, etc. Identify about two intermediaries which have the broadest reach so that you can shut down the site with limited attempts. For example, if I send a takedown notice to Hathway (a cable internet service provider) requesting it to block access to a website, only users who use Hathway’s services will be unable to access it, but those who use Reliance or Airtel internet can still access it. How can I remove the site from access completely? In this case, approaching the .in registry directly may be a better idea.

Approach other regulators to apply pressure

If it is in respect of an online or financial transaction, looking at RBI regulations (e.g. the regulations applicable to payment gateways) is a good idea. Similarly, public search function on the Ministry of Corporate Affairs website to find out ownership and address details of a business (if the business is a company or a partnership). These regulators also have powers to impose penalty or start a criminal prosecution if they are intimated of a violation. One should ideally approach them along with claims of others who have faced similar problems – that helps in gathering credibility and in highlighting the urgency of the problem.

Prepare a consumer complaint and FIR

An effective FIR can work magic. You can also provide a copy of the FIR and the FIR no. to add more weight to your claims above.

To ensure your FIR is effective, certain steps must be followed:

Describe facts in sufficient detail. Write the story coherently and provide clear indication of the other side’s conduct, which clearly establishes to any reader that there was a fraudulent intention from the beginning.

Provide all the evidence you can collect to the police (emails, invoices, telephonic communication, screenshots of website claims, terms and conditions) to establish that your complaint is genuine and that there is sufficient evidence to back your accusations.

Give enough clues to the police to enable them to investigate and trace out the offender– give them all details you can, especially the address, telephone number, records of a ‘Whois’ search, merchant name.

If you can, try to find others who have faced a similar issue with the same seller. It adds an incredible level of genuineness and authenticity to your claim.

You can also consider filing a consumer complaint. The amount you claim should be higher than what you paid for the product – your costs will typically include reasonable monetary compensation for the time lost in getting the product you wanted, follow-up and legal costs.

Drafting pointers for your complaint

It is not essential to engage a lawyer, but it is important that you get the facts right and employ basic writing skills.

The main facts for many of the actions above will be common – but in each case the focus will be on a different aspect. For example, in the consumer complaint the focus will be on what was the difference between the product that was promised and the product that was delivered. In the FIR, you will also focus on the fact that this deviation was already pre-planned by the seller, to establish a fraudulent intention. If you are reporting a matter to the RBI, you may state whether the website, for example, had a two-step credit card verification mechanism in place.

What should you preserve in case of an online or e-commerce fraud?

Invoices – Keep the invoice, your delivery address and courier delivery-slip. This will contain both the ‘From’ address and the ‘To’ address. Many people throw away the courier slip – it is a key document that establishes jurisdiction of a nearby court. It is impractical if you have to travel to far-flung jurisdictions to fight your case, so this will help you in filing the case at the nearest appropriate court. It also contains the Sender’s address and can be very important to identify the seller as well.

– Keep the invoice, your delivery address and courier delivery-slip. This will contain both the ‘From’ address and the ‘To’ address. Many people throw away the courier slip – it is a key document that establishes jurisdiction of a nearby court. It is impractical if you have to travel to far-flung jurisdictions to fight your case, so this will help you in filing the case at the nearest appropriate court. It also contains the Sender’s address and can be very important to identify the seller as well. Seller’s identity and address – Try to obtain information about the origin or identity of the seller from different sources. You can perform a ‘Whois’ search – if it is an Indian company or LLP, you can search its public documents (to find out registered office and shareholders / partners) on the Ministry of Corporate Affairs website here. You will have to pay INR 50 per company to obtain these.

– Try to obtain information about the origin or identity of the seller from different sources. You can perform a ‘Whois’ search – if it is an Indian company or LLP, you can search its public documents (to find out registered office and shareholders / partners) on the Ministry of Corporate Affairs website here. You will have to pay INR 50 per company to obtain these. Credit card statement – Your credit card statement reflecting the transaction will give you information about the ‘merchant name’ of the seller – if nothing else, this can be used to locate the seller’s bank account and trace their identity.

– Your credit card statement reflecting the transaction will give you information about the ‘merchant name’ of the seller – if nothing else, this can be used to locate the seller’s bank account and trace their identity. Any documents or claims about the quality of the product – Save screenshots of the website or any email communication assuring you about the product’s quality at the earliest stage possible, so that you can use them even if they are taken down or modified later on.

Save screenshots of the website or any email communication assuring you about the product’s quality at the earliest stage possible, so that you can use them even if they are taken down or modified later on. Records of written and oral communication – Record all telephonic communication and preserve an email trail of all communication. Recording phone conversations is not difficult – there are plenty of apps available for call recording. Just ensure they record both sides’ voice loud and clear. If you use an Android phone, try Automatic Call Recorder.

Does this increase your confidence in handling internet-based consumer fraud? You can write to me at [email protected] if you have any questions.

(Abhyudaya Agarwal is a founder of iPleaders. a legal education startup which helps universities and industry-bodies to launch online courses, such as this course, which focusses on essential legal and strategic skillsets for entrepreneurs. Special thanks to Esha Shekhar, the Delhi-based litigator referred to above. She was extremely helpful in planning and executing the legal strategy and also mobilized opinion of other defrauded customers by writing online, due to which this exercise picked up momentum and concluded favourably much faster.)

LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join:

https://t.me/joinchat/J_ 0YrBa4IBSHdpuTfQO_sA