Get in Touch
September 10, 2025

E- Commerce’s Privacy Hurdles: From Fraud to Trust Deficit

INTRODUCTION

India’s e-commerce industry is undergoing rapid and significant expansion. With widespread internet access and the normalisation of digital payments, online retail has evolved from a mere convenience to an essential service. The sector is expected to cross USD 350 billion by 2030, establishing it as a central pillar of the nation’s digital economy. However, this great growth is shadowed by huge challenges relating to data privacy and online fraud.

The Economic Survey 2023-24 warned that these are not isolated nuisances but systemic threats capable of slowing growth. Breaches at BigBasket and Zomato, on the other hand, phishing websites pretending to be Amazon and Flipkart took millions of consumers on identity theft and financial losses. Each one of these incidents unnerves the very critical trust that digital commerce stands on.

India has enacted protective legislation such as the Information Technology Act, 2000 (“IT Act, 2000”) and the Digital Personal Data Protection Act, 2023 (“DPDP Act, 2023”), but enforcement gaps and issues of awareness still stand as stumbling blocks. The long-term growth agenda will revolve around ensuring that powerful regulation and transparency in business practices, along with consumer education, come together to rebuild faith in digital marketplaces.

 

KEY PRIVACY AND FRAUD CHALLENGES IN E-COMMERCE

Data Breaches: The more data platforms collect, the more valuable and vulnerable they become. Major Indian players, like BigBasket, Zomato, and Flipkart, have suffered breaches exposing the personal details of millions. On the one side, such leaks endanger affected persons; on the other, such events erode consumer confidence in online platforms.

Online Payment Frauds: India’s digital payment boom comes with its own downside: fraud is rising at a worrying pace. The Home Ministry reports that UPI-related frauds nearly doubled in 2023–24, jumping from 7.25 lakh to 13.42 lakh incidents, resulting in a staggering Rs. 1,087 crore in losses. A recent survey revealed that 1 in 5 Indian households with a UPI user experienced fraud, yet over half of the victims didn’t report it. These are not just numbers; they reflect widening vulnerabilities in everyday tools.

Counterfeit Products and Fake Platforms: Nearly 20% of online shoppers said they received counterfeit products in the past year, with the worst offenders being shoes, cosmetics, and other lifestyle items. Add to this the surge in complaints over 17,500 about fake or duplicate goods between 2022 and mid-2025, and it is clear this problem is widespread. These incidents erode user faith, especially when claims are hard to resolve.

Trust Deficit: All of the above breaches, payment scams, and fake products erode consumer trust. If users worry that their data isn’t safe, payments can be hijacked, or orders may turn out fraudulent, many will prefer cash-on-delivery or offline channels alone. That hesitation slows the digital shift and places a cap on e-commerce’s potential.

 

LEGAL AND REGULATORY FRAMEWORK IN INDIA

The regulation of e-commerce in India rests on a blend of consumer protection, data security, and financial safeguards. The Consumer Protection Act, 2019, intervened into the online space through dedicated e-commerce rules mandating disclosure of seller details by platforms, pricing transparency, and effective grievance redressal mechanisms for consumers, recognising that online consumers face vulnerabilities differing from traditional retail.

The IT Act, 2000, remains the basic law relating to cyber law in India. The Act stipulates offences relating to unauthorised access of computer systems, identity theft and fraud, and also lays down certain rules for intermediaries so as to exercise due diligence in handling user data. Further, the DPDPA, 2023, demands that personal data be collected with explicit consent, limited to certain specified purposes and subject to violations. For e-commerce platforms that rely heavily upon data-driven models, being compatible with this law is the very core of their operation.

On the financial side, the Reserve Bank of India (“RBI”) issues directives to secure digital payments, including two-factor authentication, tokenisation of card details, and periodic monitoring of fraud incidents. In cases where consumers were duped by fake sellers or digital fraud, courts have emphasised that platforms cannot wash their hands of responsibility. Judicial interpretations increasingly lean towards greater accountability of e-commerce intermediaries, especially when negligence in verification or redressal is proven.

 

GAPS IN ENFORCEMENT

While India takes a reasonably well-structured approach to lawmaking, the enforcement tactics in various e-commerce spheres continue to remain a fraction of the scale of the problem. One foremost challenge lies in cross-border fraud, where counterfeit goods or phishing operations are run from outside India, rendering investigation and prosecution uphill battles. Conversely, even within the confines of the country, consumer awareness remains low; survey results bear this out. For example, the majority of UPI fraud victims do not lodge reports of the incident, thus leaving recording and accountability in limbo.

For smaller e-commerce players, the compliance burden engendered by data protection and grievance redressal rules is often overwhelming, such that adherence is often minimal or delayed. On the other hand, long regulatory timelines for redressal for consumers who seek remedies serve further to erode trust. These issues are certainly not just theoretical. The market has witnessed an increased number of phishing scams pretending to be major marketplaces and payment gateways, thereby unmasking the gaps in user protection.

 

BUILDING CONSUMER TRUST

Rebuilding faith in India’s e-commerce isn’t just about stronger rules embedded into every interaction. Here are some ways platforms and policymakers can cement trust:

Strengthening Compliance and Enforcement Mechanisms: An important step towards honest design is r for platforms to self-audit and cleanse their sites of deceptive ‘dark patterns.’ Making self-auditing and public reporting standards every year would hold companies accountable and reassure frustrated users.

Embedding Privacy-by-Design in E-Commerce Platforms: The DPDP Act and its Draft Rules promote privacy-by-design: minimisation of data collection, deletion in a timely manner, tracking of consents, and strong encryption. It is not optional; it forms the basis.

Enhancing Consumer Education and Awareness: Meaningful awareness campaigns on recognising phishing, securing UPI transactions, or checking for legitimacy would empower a passive user base into active partners in protecting one another.

Ensuring Transparency in Data Practices: Transparency builds trust. Offering clear privacy notices, facilitating easy opt-outs, and providing prompt and easy access to consent logs would be far better than lengthy, esoteric policies. The DPDP Act, 2023, also empowers users to discover how their personal data is collected, shared, and deleted. Making these processes simple not only fulfils legal obligations but also reassures consumers that their choices are respected, reducing anxiety and fostering long-term trust.

Encouraging Progressive Legal Reforms and Judicial Precedents: Promote government initiatives like the IT ministry’s “Code for Consent” challenge, which verifies consent management systems in the real world. Applications that embed these features early on position themselves as frontrunners in the data ethics space.

 

AMLEGALS REMARKS

The Indian e-commerce industry seems to be at the juncture; its growth potential is humongous, just as are the dangers posed by data breaches, cyber fraud, and rising trust deficits. The Consumer Protection Act, IT Act, and the more recent DPDP Act have set the basis to protect the consumer and ensure accountability. However, the gap remains in enforcement, which, coupled with low consumer awareness and compliance issues of smaller players, remains an impediment to the effectiveness of the safeguards provided.

For the sector to sustain its momentum, privacy and trust must be treated as cornerstones of digital commerce. Stronger regulatory oversight, proactive adoption of privacy-by-design, transparent data practices, and consumer education constitute some of the amendments that need to be put on. In the end, it is going to be how law, technology, and responsible business practices work toward creating a safe and trustworthy digital marketplace that will tell the story of the implementation of e-commerce in India.

For any queries or feedback, feel free to connect with mridusha.guha@amlegals.com or rohit.lalwani@amlegals.com

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

 

Disclaimer & Confirmation

As per the rules of the Bar Council of India, law firms are not permitted to solicit work and advertise. By clicking on the “I AGREE” button below, user acknowledges the following:

    • there has been no advertisements, personal communication, solicitation, invitation or inducement of any sort whatsoever from us or any of our members to solicit any work through this website;
    • user wishes to gain more information about AMLEGALS and its attorneys for his/her own information and use;
  • the information about us is provided to the user on his/her specific request and any information obtained or materials downloaded from this website is completely at their own volition and any transmission, receipt or use of this site does not create any lawyer-client relationship; and that
  • We are not responsible for any reliance that a user places on such information and shall not be liable for any loss or damage caused due to any inaccuracy in or exclusion of any information, or its interpretation thereof.

However, the user is advised to confirm the veracity of the same from independent and expert sources.

I Agree I Disagree