This document discusses cyber crimes and economic offenses related to online banking. It begins with an introduction describing the growth of online banking and associated risks of cyber crimes. The objective is to understand types of cyber crimes impacting online banking and prevention measures. The methodology involves analyzing secondary data sources like legal documents, cases, and literature. The main body then discusses general ideas on cyber crimes and various types like hacking, cyber stalking, and online frauds impacting banking. It also examines cyber crimes related to ATMs, credit cards, and money laundering. The document concludes by proposing awareness initiatives, legal reforms, administrative measures, and technological solutions to prevent cyber crimes and protect online banking.
PowerPoint - Legal Citation Form 1 - Case Law.pptx
Cyber Crimes and other Economic Offences
1. The phenomenon
of
Cyber Crimes and other Economic
Offences
in relation to Online Banking
Rupak Ghosh .
Enrollment Number: PGDBL/ON/11-12/008
Number of words .
Introduction: 285, Objective: 139, Methodology:64, Main body 7350, Conclusion: 99
Total: 7937
2. A
--
PH
Acknowl
It
a
A
N
R
I
J
R
-----------------
HENOMENON OF C
ledgeme
t would not
ssistance o
Assistant Pr
National Uni
Rainmaker f
I am extrem
uridical Sci
Rupak Ghos
----------------
CYBER CRIMES AN
ents
t have been
of Rainma
rofessor an
iversity of J
for their kin
mely gratef
iences for d
sh
----------------
ND OTHER ECONOM
.
n possible f
aker. I owe
nd Mr Sh
Juridical Sc
d assistanc
for me to c
e a large m
ouvik Kr.
ciences. I am
ce and guid
carry out th
measure o
Guha, Re
m thankful
dance.
his study wi
of gratitude
esearch As
to Aparna
ithout the e
to Profes
ssociate, of
Das and S
encouragem
sor Shame
f the Wes
Sankalp Sh
ment and
eek Sen,
t Bengal
harma of
ful to every
designing th
yone from R
his nice cou
Rainmaker
urse.
and West Bengal Naational Univ
-----------------
MIC OFFENCES IN
----------------
RELATION TO ONL
-----------------
LINE BANKING
-----------------
versity of
-------------------
i
3. ---------------------------------------------------------------------------------------------------------------------------------
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING ii
Preface .
The revolutionary progresses in information technology have a deep rooted impact
in global communication and that’s also having a great impact in the national as
well as the global business environment.
Online Banking is gaining importance day by day as its easy, quick and cost
effective. Along with all benefits, it has also brought about a new orientation to
risks and even new forms of risks, the risk of Cyber Crime.
Crime in cyber space is multidimensional. So the ways to prevention have various
aspects like legal, administrative, technological and awareness. Proper
implementation of preventive strategies will make online banking more secure in
future.
4. ---------------------------------------------------------------------------------------------------------------------------------
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING iii
Content .
Page number
Acknowledgements i
Preface ii
Content iii
Details of Word Count iii
Page number
Introduction 1
Objective 1
Methodology 1
Main body 2 - 21
General Idea on Cyber Crime 2
Types of Cyber Crime
Hacking
Cyber Stalking, Child Pornography, Denial of
Service
Online Fraud
Software Piracy,Spoofing, Usenet
Newsgroup, Credit Card, Debit Card, ATM
Fraud , Virus Dissemination
Cyber Crime for Financial Gain
Cyber Crime for Revenge
Recreational Cyber Crime
2 - 6
3
4
4-5
5
5
5-6
6
Cyber crimes, Economic offences and Online banking
Distinctive features of i-banking/ Online Banking
Various Issues
Set of risks
Cyber Crime Related to Automated Teller Machine
Credit Card fraud
Money laundering and cybercrime
Online Frauds
6 – 16
8
8 - 9
9 - 10
10 - 12
12 - 14
14
15 - 16
Preventive Measures
Awareness initiatives among users
Legal Issues involved
Administrative Measures
Technological Measures
16 – 20
16
17 - 19
19
19 -20
Recommendations 20 - 21
Conclusion 21
5. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING 1
Introduction:
Now we’re in the age of information technology, it connected the whole world. The revolutionary
progresses in information technology have a deep rooted impact in global communication and
that’s also having a great impact in the business environment. Business communities are
providing various information technologies enables services to their customers. This way of
business is getting stronger day by day. Banks have traditionally been in the forefront of
harnessing technology to improve their products, services and efficiency. Internet banking; both
as a medium of delivery of banking services and as a strategic tool for business development,
has gained wide acceptance internationally and is fast catching up in India with more and more
banks entering the fray. India can be said to be on the threshold of a major banking revolution
with net banking having already been unveiled.
Along with all benefits, it has also brought about a new orientation to risks and even new forms
of risks. Money is the most common motive behind all crime. So this medium attracts criminal
activities i.e. Cyber Crime. This medium is based on logical computer languages so some of
those criminal activities are high-tech in nature. Sometime those activities are done by making
the user fool.
Preventive measures are required in order to make the platform sustainable. Due to the
complexity and specialty nature of such crimes it requires special legislations, administrative
measures in dealing with such crime. India enacted its first law on Information Technology
namely, the Information Technology Act, 2000. Later Information Technology (Amendment) Act,
2008 was made effective from 27 October 2009. Technological progress, Users awareness,
effective legal and administrative measures will make the dimension secure and effective tools
for progress of our civilization.
Objective:
The revolutionary progresses in information technology have a deep rooted impact in global
communication and that’s also having a great impact in the national as well as the global
business environment. Online banking is one of the most important aspects of it. It is becoming
popular day by day as it is easier, cheaper faster than traditional banking. However it also has
some risk due to crimes in cyber space. Cyber crimes are some time very complicated from
technical point of view, some time they are simple tricks. Prevention of those crimes is essential
in order to make online banking safe and secure. This research will enlighten me regarding
various types of Cyber Crime especially economic offences in relation to online banking and
their prevention. Involvements of various technological, legal, social aspects make this topic
interesting for me.
Research Methodology:
The study has been conducted mainly through secondary data analysis. Sources are mainly
legal documents like judgments of some cases, legislations and various other literatures. The
analyses of various websites give an idea regarding the processes of Cyber crime especially in
online banking, and prevention of such crimes. The analysis of legislations and some cases are
the main backbone of this research.
6. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING 2
Main Body
General Idea on Cyber Crime
What is cyber-crime? Law enforcement experts and legal commentators are divided. Some
experts believe that computer crime is nothing more than ordinary crime committed by high-tech
computers and that current criminal laws on the books should be applied to the various laws
broken, such as trespass, larceny, and conspiracy. Others view cyber- crime as a new category
of crime requiring a comprehensive new legal framework to address the unique set of
challenges that traditional crime does not deal with; such as jurisdiction, international
cooperation, intent, and the difficulty of identifying the perpetrator. The term ‘cyber crime’ has
not been defined in any Statute or Act.
The Oxford Reference Online defines cyber crime as crime committed over the Internet. The
Encyclopedia Britannica defines cyber crime as any crime that is committed by means of special
knowledge or expert use of computer technology. So what exactly is Cyber Crime? Cyber crime
could reasonably include a wide variety of criminal offences and activities. The Internet – or
Cyber Space as it’s sometimes called, is a borderless environment unlike a brick and mortar
world. Even though it is indispensable as a knowledge bank, it is an ideal tool for someone with
a criminal bent of mind, who can use this environment to his/ her maximum advantage. It is not
a surprise that Cyber Crimes like money cyber stalking, denial of service, e-mail abuse, chat
abuse and other crimes are on the rise. Cyber Terrorist and cyber mafia are emerging with
great force, whose activities are going to threaten the sovereignty of nations and world order.
CBI Manual defines cyber crime as:
(i) Crimes committed by using computers as a means, including conventional crimes.
(ii)Crimes in which computers are targets.1
A generalized definition of cyber crime may be “unlawful acts where in the computer is either a
tool or target or both”.2
In India, The Information Technology act, 2000 is the mother legislation
that deals with issues related to use of computer, computer systems, computer networks and
the internet, but the act does not define the term cyber crime. Cyber crime can generally be
defined as a criminal activity in which information technology systems are the means used for
the commission of the crime.
Types of Cyber Crime
The revolutionary progress in information technology made the cyber space wide. The
cyberspace is basically a Virtual Reality developed by logic based computer software and
hardware languages. Technical developments are making it easier, faster and smarter. That’s
why it’s becoming more and more popular. Firstly increasing number people are becoming
dependent on it for their economic, social and personal life. Like all segment of society cyber
space couldn’t be independent from crime. Due to its complex architecture, criminal activities by
utilizing it are also multi dimensional. From technical perspective some important types of cyber
crimes are as follows:
1
Cyber crimes, CBI (crime) manual 2005, chapter 18,
2
Nagpal R. – What is Cyber Crime?
7. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING 3
(A) Hacking: Hacking in simple terms means an illegal intrusion into a computer system
and/or network. There is an equivalent term to hacking i.e. cracking, but from Indian Laws
perspective there is no difference between the term hacking and cracking. Every act committed
towards breaking into a computer and/or network is hacking. Hackers write or use ready-made
computer programs to attack the target computer. They possess the desire to destruct and they
get the kick out of such destruction. Some hackers hack for personal monetary gains, such as to
stealing the credit card information, transferring money from various bank accounts to their own
account followed by withdrawal of money. They extort money from some corporate giant
threatening him to publish the stolen information which is critical in nature.
Government websites are the hot targets of the hackers due to the press coverage, it receives.
Hackers enjoy the media coverage. A total of 112 government websites in India were hacked
from December to February, a federal minister said on March 13th, reflecting India's continuing
problem with online security.
CBI website hacked by 'Pak Cyber Army'3
IMD-Kolkata's webpage, which has been hacked4
3
http://ibnlive.in.com (Dec 04, 2010)
4
The Hindu (October 27, 2011)
8. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING 4
(B) Cyber Stalking: Cyber Stalking can be defined as the repeated acts harassment or
threatening behavior of the cyber criminal towards the victim by using internet services. Stalking
in General terms can be referred to as the repeated acts of harassment targeting the victim such
as following the victim, making harassing phone calls, killing the victims pet, vandalizing victims
property, leaving written messages or objects.
Both kind of Stalkers, Online & Offline – have desire to control the victims life. Majority of the
stalkers are the dejected lovers or ex-lovers, who then want to harass the victim because they
failed to satisfy their secret desires. Most of the stalkers are men and victim female.
(C) Child Pornography: The Internet is being highly used by its abusers to reach and
abuse children sexually, worldwide. The internet is very fast becoming a household commodity
in India. Its explosion has made the children a viable victim to the cyber crime. As more homes
have access to internet, more children would be using the internet and more are the chances of
falling victim to the aggression of pedophiles.
(D) Denial of Service: This is an act by a criminal, who floods the bandwidth of the victim’s
network or fills his e-mail box with spam mail depriving him of the services he is entitled to
access or provide. This act is committed by a technique called spoofing and buffer overflow.
The criminal spoofs the IP address and flood the network of the victim with repeated requests.
Since the IP address is fake, the victim machine keeps waiting for response from the criminal’s
machine for each request. This consumes the bandwidth of the network which then fails to serve
the legitimate requests and ultimately breaks down
(E) Online Fraud: The net is a boon for people to conduct business effectively, very quickly.
It saves businesses a lot of time, money and resources. Unfortunately, the net is also an open
invitation to scams and fraudsters and online frauds are becoming increasingly rampant
Spoof websites and email security alerts: Fraudsters create authentic looking websites that are
actually nothing but a spoof. The purpose of these websites is to make the user enter personal
information. This information is then used to access business and bank accounts. Fraudsters
are increasingly turning to email to generate traffic to these websites. A lot of customers of
financial institutions recently received such emails. Such emails usually contain a link to a spoof
website and mislead users to enter User ids and passwords on the pretence that security details
can be updated, or passwords changed.
Virus hoax emails: It is a sad fact of life that there are those who enjoy exploiting the concerns
of others. Many emailed warnings about viruses are hoaxes, designed purely to cause concern
and disrupt businesses.
Lottery Frauds: These are letters or emails, which inform the recipient that he/ she has won a
prize in a lottery. To get the money, the recipient has to reply. After which another mail is
received asking for bank details so that the money can be directly transferred. The email also
asks for a processing fee/ handling fee. Of course, the money is never transferred in this case,
the processing fee is swindled and the banking details are used for other frauds and scams.
9. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING 5
Spoofing: Spoofing means illegal intrusion, posing as a genuine user. A hacker logs-in to a
computer illegally, using a different identity than his own. He is able to do this by having
previously obtained actual password. He creates a new identity by fooling the computer into
thinking he is the genuine system operator. The hacker then takes control of the system. He can
commit innumerable number of frauds using this false identity.
(F) Software Piracy: Theft of software through the illegal copying of genuine programs or
the counterfeiting and distribution of products intended to pass for the original is termed as
termed as software piracy.
(G) Spoofing: Spoofing means a hacker logs-in to a computer illegally using a different
identity than his own.
(H) Usenet Newsgroup: Usenet is a popular means of sharing and distributing information
on the web with respect to specific topic or subjects
(I) Credit Card, Debit Card, ATM Fraud: The unauthorized and illegal use of a credit card,
Debit Card to purchase property. This type of cyber crime is done by utilizing technological
competency and by social engineering. Social engineering is simply making the people fool.
(J) Virus Dissemination: A computer virus is a program that can ‘infect’ other legitimate
programs by modifying them to include a possibly ‘evolved’ copy of it. Viruses can spread
themselves, without the knowledge or permission of the users, to potentially large numbers of
programs on many machines. A computer virus passes from computer to computer like a
biological virus passes from person to person.
Cyber Crime can be divided into three different categories on the basis of reason behind it. They
are:
(A) Cyber Crime for Financial Gain: Money is the most common motive behind all crime.
The same is also true for cyber crime. Globally it is being observed that more and more cyber
crimes are being committed for financial motives rather than for "revenge" or for "fun".
With the tremendous increase in the use of internet and mobile banking, online share trading,
dematerialization of shares and securities, this trend is likely to increase unabated. Financial
crimes include cyber cheating, credit card frauds, money laundering, hacking, accounting scams
etc., into bank servers, computer manipulation5
.
Illegal activities like shelling of illegal material like prohibited drugs, pornographic contend, sex
rackets are some time operated by using web space, social networks.
(B) Cyber Crime for Revenge: Revenge is an important motivator behind cyber crime. The
crime can be done against Person, Company or Country. Victims generally face losses in term
of financial or public image.
5
cyberlawconsulting.com
10. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING 6
Hactivists launch politically motivated attacks on public web pages or e-mail servers. The
hacking groups and individuals, or Hacktivists, overload e-mail servers by sending massive
amounts of e-mail to one address and hack into web sites to send a political message.
Employees that steal confidential information and trade secrets account for thirty-five
percent of the theft of proprietary information.6
In fact, data suggests that serious economic
losses linked to computer abuse have been and continue to be attributed to current and former
employees of the victimized organization rather than to outside hackers with modems.7
(C) Recreational Cyber Crime: “Recreational hackers” break into computer networks for the
thrill of the challenge or for bragging rights in the hacking community.8
While hacking once
required a fair amount of skill or computer knowledge, the recreational hacker today can now
download attack scripts and protocols from the Internet and launch them against victim sites
with little knowledge of the systems they are attacking.9
There are countless web sites on the
Internet that provide “newbies” (inexperienced hackers, or “wannabes”) with detailed instructions
on hacking techniques and downloadable, do-it-yourself hacking tools.10
Cyber crimes, Economic offences and Online banking
Money is the most common motive behind all crime. The same is also true for cyber crime. In
terms of financial value it is as big as illegal drugs trade. In 2011 USD $388 Billion lost due to
Cyber Crime. For India Cash Costs of it is $4 bn and Time Costs, $3.6 bn11
In 2011
USD
$388
Billion12
Lost
Victims Valued
the Time they lost to
Cyber Crime
$274 bn
AS BIG A CRIME AS...
$288bn
The illegal trade in
Marijuana, Cocaine & Heroin
BETTER WAYS TO SPEND
$388BN…
100
TIMES MORE CARE
FOR KIDS - The 2011
bill for cybercrime is
more than 100 times the
global annual
expenditure of UNICEF
($3.65bn)14
90
YEARS FIGHTING
MALARIA
would plug the annual
funding gap to fight
malaria for the next 90
6
David Noack, Employees, Not Hackers, Greatest Computer Threat
7
Richard C. Hollinger & Lonn Lanza-Kaduce, The Process of Criminalizaton: The Case of Computer Crime Laws
8
See Cyberattack Investigation, supra note 26.
9
See Internet Security Systems, <http://www.iss.net/customer_care/resource_center/whitepapers>
10
Hackers learn hacking techniques from a variety of sources, hacking web sites such as <http://www.flashback.se> and
<http://www.lopht.com/>; as well as hacking search engines, such as <http://astalavista.box.sk/>.
11
Norton cybercrime report 2011
12
Norton cybercrime report 2011
11. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING 7
The direct cash costs of cyber
crime – (money stolen)
$114bn $411bn
The entire illegal drugs
trade13
years15
38
YEARS DOUBLING
EDUCATION - $10bn a
year would be enough to
double university
education in sub-
Saharan Africa16
Major parts of Cyber Crime motivated by Financial Gain are related to internet banking.
Banks have traditionally been in the forefront of harnessing technology to improve their
products, services and efficiency. They have, over a long time, been using electronic and
telecommunication networks for delivering a wide range of value added products and services.
The delivery channels include direct dial - up connections, private networks; public networks etc
and the devices include telephone, Personal Computers including the Automated Teller
Machines, etc. With the popularity of PCs, easy access to Internet and World Wide Web
(WWW), Internet is increasingly used by banks as a channel for receiving instructions and
delivering their products and services to their customers. This form of banking is generally
referred to as Internet Banking, although the range of products and services offered by different
banks vary widely both in their content and sophistication.
Broadly, the levels of banking services offered through INTERNET can be categorized in to
three types:
(i) The Basic Level Service is the banks' websites which disseminate information on
different products and services offered to customers and members of public in general. It may
receive and reply to customers' queries through e-mail,
(ii) In the next level are Simple Transactional Websites which allow customers to submit their
instructions, applications for different services, queries on their account balances, etc, but do not
permit any fund-based transactions on their accounts,
(iii) The third level of Internet banking services are offered by Fully Transactional Websites
which allow the customers to operate on their accounts for transfer of funds, payment of
different bills, subscribing to other products of the bank and to transact purchase and sale of
securities, etc. The above forms of Internet banking services are offered by traditional banks, as
an additional method of serving the customer or by new banks, who deliver banking services
primarily through Internet or other electronic delivery channels as the value added services.
Some of these banks are known as `virtual' banks or `Internet only' banks and may not have any
physical presence in a country despite offering different banking services.
From the perspective of banking products and services being offered through Internet, Internet
banking is nothing more than traditional banking services delivered through an electronic
communication backbone, viz, Internet. But, in the process it has thrown open issues which
14
http://www.unicef.org Annual report of the Executive Director, Apr 2011
13
Source: www.havocscope.com
15
http://www.rollbackmalaria.org/keyfacts.html
16
http://www.arp.harvard.edu/AfricaHigherEducation/Economics2.html
12. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING 8
have ramifications beyond what a new delivery channel would normally envisage and, hence,
has compelled regulators world over to take note of this emerging channel. Some of the
distinctive features of i-banking/ online banking are:
(i) It removes the traditional geographical barriers as it could reach out to customers of
different countries / legal jurisdiction. This has raised the question of jurisdiction of law /
supervisory system to which such transactions should be subjected,
(ii) It has added a new dimension to different kinds of risks traditionally associated with
banking, heightening some of them and throwing new risk control challenges,
(iii) Security of banking transactions, validity of electronic contract, customers' privacy, etc.,
which have all along been concerns of both bankers and supervisors have assumed different
dimensions given that Internet is a public domain, not subject to control by any single authority
or group of users,
(iv) It poses a strategic risk of loss of business to those banks who do not respond in time, to
this new technology, being the efficient and cost effective delivery mechanism of banking
services,
(v) A new form of competition has emerged both from the existing players and new players
of the market who are not strictly banks.
The Regulatory and Supervisory concerns in i-banking arise mainly out of the distinctive
features outlined above. These concerns can be broadly addressed under three broad
categories, viz,
(i) Legal and regulatory issues: Legal issues cover those relating to the jurisdiction of law,
validity of electronic contract including the question of repudiation, gaps in the legal / regulatory
environment for electronic commerce. On the question of jurisdiction the issue is whether to
apply the law of the area where access to Internet has been made or where the transaction has
finally taken place. Allied to this is the question where the income has been generated and who
should tax such income. There are still no definite answers to these issues.
(ii) Security and technology issues: Security of i-banking transactions is one of the most
important areas of concerns to the regulators. Security issues include questions of adopting
internationally accepted state of-the art minimum technology standards for access control,
encryption / decryption (minimum key length etc), firewalls, verification of digital signature,
Public Key Infrastructure (PKI) etc. The regulator is equally concerned about the security policy
for the banking industry, security awareness and education.
(iii) Supervisory and operational issues: The supervisory and operational issues include risk
control measures, advance warning system, Information technology audit and re-engineering of
operational procedures. The regulator would also be concerned with whether the nature of
products and services offered are within the regulatory framework and whether the transactions
do not camouflage money-laundering operations.
A major driving force behind the rapid spread of i-banking all over the world is its acceptance as
an extremely cost effective delivery channel of banking services as compared to other existing
13. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING 9
channels. However, Internet is not an unmixed blessing to the banking sector. However, Internet
is not an unmixed blessing to the banking sector. Along with reduction in cost of transactions, it
has also brought about a new orientation to risks and even new forms of risks to which banks
conducting i-banking expose themselves.
In the following paragraphs a generic set of risks are discussed.
(i) Operational risk: Operational risk, also referred to as transactional risk is the most common
form of risk associated with i-banking. It takes the form of inaccurate processing of transactions,
non enforceability of contracts, compromises in data integrity, data privacy and confidentiality,
unauthorized access / intrusion to bank's systems and transactions etc. Such risks can arise out
of weaknesses in design, implementation and monitoring of banks' information system. Besides
inadequacies in technology, human factors like negligence by customers and employees,
fraudulent activity of employees and crackers / hackers etc. can become potential source of
operational risk.
(ii) Security risk: Security risk arises on account of unauthorized access to a bank's critical
information stores like accounting system, risk management system, portfolio management
system, etc. A breach of security could result in direct financial loss to the bank. For example,
hackers operating via the Internet could access, retrieve and use confidential customer
information and also can implant virus. This may result in loss of data, theft of or tampering with
customer information, disabling of a significant portion of bank's internal computer system thus
denying service, cost of repairing these etc. Other related risks are loss of reputation, infringing
customers' privacy and its legal implications etc.
(iii) Reputational risk: Reputational risk is the risk of getting significant negative public
opinion, which may result in a critical loss of funding or customers. Such risks arise from actions
which cause major loss of the public confidence in the banks' ability to perform critical functions
or impair bank-customer relationship.
The main reasons for this risk may be system or product not working to the expectations of the
customers, significant system deficiencies, significant security breach (both due to internal and
external attack), inadequate information to customers about product use and problem resolution
procedures, significant problems with communication networks that impair customers' access to
their funds or account information especially if there are no alternative means of account
access. Such situation may cause customer-discontinuing use of product or the service.
(iv) Legal risk: Legal risk arises from violation of, or non-conformance with laws, rules,
regulations, or prescribed practices, or when the legal rights and obligations of parties to a
transaction are not well established. Given the relatively new nature of Internet banking, rights
and obligations in some cases are uncertain and applicability of laws and rules is uncertain or
ambiguous, thus causing legal risk.
(v) Money laundering risk: As Internet banking transactions are conducted remotely banks
may find it difficult to apply traditional method for detecting and preventing undesirable criminal
activities. Application of money laundering rules may also be inappropriate for some forms of
electronic payments. Thus banks expose themselves to the money laundering risk. This may
result in legal sanctions for non-compliance with "know your customer" laws.
14. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING 10
(vi) Cross border risks: Internet banking is based on technology that, by its very nature, is
designed to extend the geographic reach of banks and customers. Such market expansion can
extend beyond national borders. This causes various risks. It includes legal and regulatory risks,
as there may be uncertainty about legal requirements in some countries and jurisdiction
ambiguities with respect to the responsibilities of different national authorities.
(vii) Strategic Risk: This risk is associated with the introduction of a new product or service.
Degree of this risk depends upon how well the institution has addressed the various issues
related to development of a business plan, availability of sufficient resources to support this
plan, credibility of the vendor (if outsourced) and level of the technology used in comparison to
the available technology etc.
(viii) Other risks: Traditional banking risks such as credit risk, liquidity risk, interest rate risk
and market risk are also present in Internet banking.
a) Credit risk is the risk that a counter party will not settle an obligation for full value, either
when due or at any time thereafter. Banks may not be able to properly evaluate the credit
worthiness of the customer while extending credit through remote banking procedures,
which could enhance the credit risk.
b) Liquidity Risk arises out of a bank's inability to meet its obligations when they become
due without incurring unacceptable losses, even though the bank may ultimately be able to
meet its obligations.
Some Common types of cyber crime discussed below:
Cyber Crime Related to Automated Teller Machine:
An automated teller machine or automatic teller machine (ATM), also known as an automated
banking machine (ABM) in Canada, and a Cash point (which is a trademark of Lloyds TSB),
cash machine or sometimes a hole in the wall in British English, is a computerized
telecommunications device that provides the clients of a financial institution with access to
financial transactions in a public space without the need for a cashier, human clerk or bank
teller. ATMs are known by various other names including ATM machine, automated banking
machine, and various regional variants derived from trademarks on ATM systems held by
particular banks.
The total number of ATMs under the National Financial Switch (NFS) now stands at 75,178. SBI
and associate banks own the largest number of ATMs at 25,060 followed by Axis Bank (6,270),
ICICI Bank (6,104), HDFC Bank (5,471) and Punjab National Bank (5,050).Nearly 19,000 ATMs
were added last fiscal to the National Financial Switch.17
Due to rapid increase in number and use Cyber Crime related to it also increased. Some of the
popular techniques used to carry out ATM crime are:
I. The Lebanese Loop: Many thieves are using external devices to confiscate your card. In this
scam, a blocking device (which can be as simple as some film glued to trap ATM cards), is
17
Economic Times (Apr 8, 2011)
15. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING 11
inserted into the card slot of the ATM machine. Unwittingly, you place your card into the
machine and enter your PIN. All the while, someone nearby may be watching you enter your
PIN number.
II. Card Skimming: Skimmers are devices added to ATM machines to capture your card's
information, including your account number, balance, and PIN number. These devices often
mounted alongside a machine and labeled 'card cleaners,' are difficult to notice unless you're
looking for them.
III. Shoulder Surfing, Fake PIN Pads, and Even Fake Machines: Another way to glean your
ATM PIN number is for thieves to mount a wireless video camera inside the ATM area. It can
look as harmless as a brochure holder. Once the scammers have your number, magnetic strips
are easy to make and thieves are able to easily reproduce ATM cards.
IV. Cash Trapping: Similar to the Lebanese Loop where a thin sleeve traps your card, this time
your cash is trapped by a sleeve or device slipped inside the cash dispenser. Your transaction
will operate normally, but you won't receive the cash you've withdrawn.
V. Phishing: We mentioned above how easy it is for thieves to replicate ATM cards. All they
need is a magnetic strip and a plastic card. Armed with an ATM card, all a would-be thief needs
is a PIN number. Some email phishing scams have been designed to find out just that.
Representing your bank, a scammer can send you an email with a notice on it saying something
about incomplete account information or that you need to update your account information. You
click on the link and follow the directions but you're not at your bank, you're at a site designed to
look like your bank by thieves. They collect your information and are free to replicate your ATM
card or simply withdraw your money from your account via online banking.
Three persons were arrested today for allegedly conning people
and stealing money from their bank accounts through an ATM
kiosk.
Police said the trio used to stand in the ATM queue and target
customers who looked old and not accustomed to using debit
cards. Though their modus operandi is not clear yet, police suspect
the three used to shout and make new ATM card users nervous
and then trick them into leaving the ATM kiosk hurriedly without
cancelling their transaction. In the old ATM machines, it generally
takes at least 30 seconds for a transaction to end.
“The failure of the card user to press the ‘cancel’ button before
leaving the ATM kiosk acted as a boon for the fraudsters.
Interrogations are on to find out exactly how the three took out the
money from others’ accounts,” superintendent of police (SP) Kim
said.
The trio were arrested outside an ATM kiosk of State Bank of India at the Sichai Bhawan building on Bailey Road
under Sachivalaya police station.
18
18
The Telegraph (January 8 , 2012)
16. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING 12
Another instance of fraudulent withdrawal of money from an ATM was reported on Sunday when Dr Sangeeta Arora, a
professor in the Department of Statistics at Panjab University learnt in the morning that Rs 80,000 has been withdrawn
from her bank account without her knowledge.
19
Credit Card Fraud:
Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any
similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may
be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card
fraud is also an adjunct to identity theft. According to the Federal Trade Commission, while
identity theft had been holding steady for the last few years, it saw a 21 percent increase in
2008. However, credit card fraud, that crime which most people associate with ID theft,
decreased as a percentage of all ID theft complaints for the sixth year in a row.
In yet another case of international
bank cards fraud, customers at a petrol
pump in the city of Leicester last week
found that their card details were used
to withdraw money from various places
across the world, including India. 20
19
THE INDIAN EXPRESS (Mon Aug 23 2010)
20
The Indian Express (London, Thu May 14 2009)
17. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING 13
There are several ways of this type of cyber crime, like:
I. Stolen cards: When a credit card is lost or stolen, it remains usable until the holder
notifies the issuer that the card is lost.
II. Compromised accounts: Card account information is stored in a number of formats.
Account numbers – formally the Primary Account Number (PAN) – are often embossed or
imprinted on the card, and a magnetic stripe on the back contains the data in machine readable
format. Fields can vary, but the most common include: Name of card holder, Account number,
Expiration date, Verification/CVV code
III. Card not present transaction: The mail and the Internet are major routes for fraud
against merchants who sell and ship products, and affects legitimate mail-order and Internet
merchants. If the card is not physically present (called CNP, card not present) the merchant
must rely on the holder (or someone purporting to be so) presenting the information indirectly,
whether by mail, telephone or over the Internet. While there are safeguards to this,21
it is still
more risky than presenting in person, and indeed card issuers tend to charge a greater
transaction rate for CNP, because of the greater risk.
i. Identity theft: Identity theft can be divided into two broad categories: Application fraud
and account takeover.
Application fraud: Application fraud happens when a criminal uses stolen or fake
documents to open an account in someone else's name. Criminals may try to steal documents
such as utility bills and bank statements to build up useful personal information. Or they may
create counterfeit documents.
Account takeover: Account takeover happens when a criminal tries to take over another
person's account, first by gathering information about the intended victim, and then contacting
their card issuer while impersonating the genuine cardholder, and asking for mail to be
redirected to a new address. The criminal then reports the card lost and asks for a replacement
to be sent.
ii. Skimming: Skimming is the theft of credit card information used in an otherwise
legitimate transaction. The thief can procure a victim's credit card number using basic methods
such as photocopying receipts or more advanced methods such as using a small electronic
device (skimmer) to swipe and store hundreds of victims’ credit card numbers. Common
scenarios for skimming are restaurants or bars where the skimmer has possession of the
victim's credit card out of their immediate view.22
The thief may also use a small keypad to
unobtrusively transcribe the 3 or 4 digits Card Security Code which is not present on the
magnetic strip. Call centers are another area where skimming can easily occur.23
Skimming can
also occur at merchants such as gas stations when a third-party card-reading device is installed
either out-side or inside a fuel dispenser or other card-swiping terminal. This device allows a
21
Adsit, Dennis (February 21, 2011). "Error-proofing strategies for managing call center fraud"
22
Inside Job/Restaurant card skimming. Journal Register
23
"Overseas credit card scam exposed". bbc.co.uk.com. March 19, 2009
18. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING 14
thief to capture a customer’s cred-it and debit card information, including their PIN, with each
card swipe.24
iii. Carding: Carding is a term used for a process to verify the validity of stolen card data.
The thief presents the card information on a website that has real-time transaction processing.
iv. BIN attack: Credit cards are produced in BIN ranges. Where an issuer does not use
random generation of the card number, it is possible for an attacker to obtain one good card
number and generate valid card numbers by changing the last four numbers using a generator.
The expiry date of these cards would most likely be the same as the good card.
Money laundering and cyber crime:
Money laundering is going to be another future thrust area. The impact of this illegal activity on
the economy of the country is profound. If the economy of the country is to move to a higher
growth path, strong curbs on hawala operations and money laundering will become essential.25
The emergence of electronic money and global systems of electronic payments formed a
parallel banking system. It has the entire network of semi-legal financial institutions. The unique
opportunities of quickly shaped infrastructure drew attention of criminal groups at once. It
allowed anyone to rapidly transfer monetary fund’s to any country, anonymously, through
tangled routes. Heretofore, electronic transfers interested criminals as the efficient tool to
conceal sources of money intakes, to launder illegally earned money and to conceal their
incomes to evade taxes.
Here's one of the criminal schemes of payment operations. There operations can be hardly
tracked by law enforcement: upon receipt of merchandise, let's say drugs, the buyer
electronically transfers money to the credit card of the supplier. The last at one stroke transfers
this money through the system of electronic payments to his bank account in the country with
Strong bank secrecy laws. Then the supplier can simply transfer his money to the card account
in parts and can easily use this money.
In Russia, one of the registered forms of computer crimes purposing to evade taxes is the use of
computers to interfere with pool memory of electronic cashier registers installed at shops. As a
result of such interference, the registry of payments is modified or deleted. It allows hiding real
incomes from tax administrations.26
Money laundering is normally accomplished by using a three-stage process. The three steps
involved are Placement, Layering and Integration. E-money and cyber payment systems come
in handy in all the three stages of the process.
24
NACS Magazine | Skimmming
25
Cyber crimes, CBI (crime) manual 2005
26
http://www.crime-research.org
19. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING 15
Online Frauds:
It includes Phishing attacks, Lottery Scams, Tax Rebate Scam etc. Basic aim of such attack is
to make victims fool so that they discloses their vital information including passwords, or to
compel them to pay some amount by showing false greater opportunity.
Tax Rebate Scam
“CLICK HERE” opened the Phishing web page of sbi online: the attached link on that page directs to a
phishing site http://forum-numismatica.com/develop/sbi/login.php
27
which has an interface same to
https://www.onlinesbi.com/. Simple Awareness can prevent it
27
Currently the link has been removed
20. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING 16
Email Scam.
Online
Preventive Measures:
In order to make the modernist way of business stable, secure and sustainable prevention of
Cybercrime is essential. Awareness among users, necessary continues development in security
systems, Legal and administrative measures are important in order to prevent Cyber Crime.
Awareness initiatives among users:
A large number of cybercrime happens due to ignorance or lack of awareness of users.
Attackers make their victim fool and get password and other necessary details. Those things
can easily be prevented by making the user aware, like:
• Following appropriate security steps when using ATM, like entering personal identity
number (PIN) in private, pressing clear buttons when leaving ATM, don’t taking help from any
strangers.
• Remain aware about payment gateway address or web addresses when doing online
transactions or entering important personal information.
• Using updated antivirus in PC or laptop. etc
Government, financial organizations or companies using online system should take
responsibility to make their user aware regarding cyber crime and its preventive measures.
21. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING 17
Legal Issues involved
Government of India has enacted The Information Technology Act, 2000, in order to provide
legal recognition for transactions carried out by means of electronic data interchange and other
means of electronic communication, commonly referred to as 'electronic commerce'...The Act,
which has also drawn upon the Model Law, came into force with effect from October 17, 2000.
The Act has also amended certain provisions of the Indian Penal Code, the Indian Evidence Act,
1872, The Bankers Book of Evidence Act, 1891 and Reserve Bank of India Act 1934 in order to
facilitate e- commerce in India.
Some important Provisions of Information technology Act 2000
• Section 44 - Penalty for failure to furnish information, return, etc. - If any person who is
required under the Act or any rules or regulations made there under.
• Section 45 (Residuary penalty) further covers all other offences that may possibly arise
under the act.
• Section 46 (Power to adjudicate - Adjudicating Officer)
• Section 47 prescribes the factors to be taken into account by the adjudicating officer
while adjudging the quantum of compensation
• Section 65 - Tampering with computer source documents - Tampering with computer
source documents was discussed in Syed Asifuddin and Ors. v. The State of Andhra Pradesh
and Anr., 2005 Cri L J 4314, Jigar Mayurbhai Shah v. State of Gujarat, (2008)2GLR1134,
Pootholi Damodaran Nair v. Babu, 2005(2)KLT707, and Ravi Shankar Srivastava v. State of
Rajasthan, 2005(2)WLC612.28
• Section 66 (Computer related offences)- This Section deals with hacking the Computer
The case of Nirav Navinbhai Shah v. State of Gujarat and Anr., MANU/GI/8458/2006 involved
Section 66.
• Section 67 - Punishment for publishing or transmitting obscene material in electronic form
: This Section was in question in Dr. Prakash v. State of Tamil Nadu and Ors., AIR 2002 SC
3533, Fatima Riswana v. State Rep. by A.C.P., Chennai and Ors., (2005) 1 SCC 582, Assistant
Commissioner of Police, Crime Record Bureau, Inspector of Police v. Saravanan and others,
MANU/TN/1776/2003, Avnish Bajaj v. State (N.C.T.) of Delhi, (2005) 3 Comp L J 364(Del),
M.Saravanan v. State of Tamilnadu, MANU/TN/8296/2006, and Maqbool Fida Husain v. Raj
Kumar Pandey, MANU/DE/0757/2008
• Sections 76, 68(2), 69 and 70 have been amended by the Information Technology
Amendment Act 2008, Also See Firos v. State of Kerala, AIR 2006 Ker 279.
• Section 71 (Penalty for misrepresentation) This Section prescribes a penalty for any
misrepresentation or suppression of any material fact
• Section 72 (Penalty for breach of confidentiality and privacy)
• Section 73 (Penalty for publishing (Electronic Signature) Certificate false in certain
particulars) Section 74 (Publication for fraudulent purpose). Such unlawful purpose shall be
punished with imprisonment for a term which may extend to two years, or with fine which may
extend to one lakh rupees, or with both.
• Section 75 (Act to apply for offences or contravention committed outside India).
• Section 77 (Compensation, penalties or confiscation not to interfere with other
punishment). Section 79 (Exemption from liability of intermediary in certain cases)- This issue
28
http://www.indiankanoon.org
22. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING 18
was also discussed in the case of Sanjay Kumar Kedia v. Narcotics Control Bureau and Anr.,
(2008)2 SCC 294.
• The Amendments brought about by the Information technology Act in the Indian Penal
Code, 1860 and the Indian Evidence Act, 1872 came up for consideration in State of Punjab and
Ors. v. Amritsar Beverages Ltd. and Ors, (2006) (7) SCC 7, In Re: Sr. Abaya 2006 Cri.L.J. 3843,
SICOM Ltd v. Harjindersingh and Ors., AIR 2004 Bom 337, Vishal Paper Tech India Ltd. and
Ors. v. State of A.P. and Anr., 2005Cri L J 1838, Sri. P. Padmanabh v. Syndicate Bank Limited,
AIR 2008 Kant 42, Steel Tubes of India v. Steel Authority of India, 2006 Cri L J 1988, V.K.
Soman Achari v.: Sabu Jacob and Anr., 2007 Cri L J 1042, Indira Priyadarshini Forum v. State
of Kerala, 2001 Cri L J 2652, etc.29
Some important sections of information Technology Amendment Act 2008 and Indian Penal
Code dealing with Cyber Crime are given in a table.
Cyber Crime ITAA2008 Act Section's IPC Section's
Email spoofing 66D 416,417,463,465,419
Hacking 66 ,43 378,379,405,406
Web-jacking 65 383
Online sale of narcotics - NDPS Act
Virus attacks 43, 66 -
Logic bombs 43, 66 -
Salami attacks 66 -
Denial of Service attacks 43 -
Email bombing 66 -
Pornography & Child
Pornography
67 , 67B 292,293,294
Online sale of weapons - Arms Act
Bogus websites, cyber
frauds
- 420
Forgery of electronic
records
- 463, 465, 470, 471
Sending defamatory
messages by email
66A 499, 500
29
Detection of Cyber Crime and Investigation by Justice K.N.BASHA, Judge, Madras High Court
23. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING 19
Sending threatening
messages by email
66A 503, 506
Financial Crime - 415,384,506,511
Cyber Terrorism 66F 153A, UAPA 15-22
Identity Theft 66C 417A, 419A
Website Defacement 65 463,464,468,469
Data Diddling 65, 43 -
Administrative Measures:
Law is enforced by administration, so proper administrative instruments are essential in order to
prevent Cyber Crimes, online banking crimes. Police departments, investigation agencies
should have proper infrastructures and Cyber Crime Investigation Cell to deal with cyber crime.
Cyber Crime Investigation Cell should be well equipped by technology and human resource.
Some important Cyber Crime Investigation Cells are Cyber Crime Investigation Cell of CBI30
,
Cyber Crime Police Station, Bangalore31
, Cyber Crime Investigation Cell, Mumbai32
, Cyber
Crime Cell, CID, West Bengal33
etc.
Technological Measures:
Cyber crime is highly technological in neature so technological measures are very essential.
Some Technological measures are:
a) Physical security: Physical security is most sensitive component, as prevention from
cyber crime Computer network should be protected from the access of unauthorized
persons.
b) Access Control34
: Access Control system is generally implemented using firewalls,
which provide a centralized point from which to permit or allow access. Firewalls allow
only authorized communications between the internal and external network.
c) Password: Proof of identity is an essential component to identify intruder.
d) Finding the hole in Network: System managers should track down the holes before the
intruders do.
e) Using Network Scanning Programs: There is a security administration’s tool called
UNIX, which is freely available on Internet.
30
cbi.nic.in/
31
http://www.cyberpolicebangalore.nic.in/
32
http://cybercellmumbai.gov.in
33
http://cidwestbengal.gov.in/special-units-cyber-crime-cell.php
34
http://norton.com
24. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING 20
f) Using Intrusion Alert Programs: As it is important to identify and close existing security
holes, you also need to put some watchdogs into service.
g) Using Encryption35
: Encryption is able to transform data into a form that makes it
almost impossible to read it without the right key. This key is used to allow controlled access to
the information to selected people.
Recommendations
Keeping in view the terms of reference, the Group has made a number of recommendations in
preceding chapters. A summary of these recommendations is given below.
Technology and Security Standards: The role of the network and database administrator is
pivotal in securing the information system of any organization. Some of the important functions
of the administrator via-a-vis system security are to ensure that only the latest versions of the
licensed software with latest patches are installed in the system. Several steps like, Access
Control, Firewalls, Isolation of Dial Up Services, Security Infrastructure Development, Isolation
of Application Servers, Security Log (audit Trail), Penetration Testing, Physical Access Controls,
Back up & Recovery, Monitoring against threats, Education & Review, Log of Messages,
Certified Products, Maintenance of Infrastructure, should be taken to make the system secure.
Legal Issues
Section 40A(3) of the Income Tax Act, 1961 recognizes only payments through a crossed
cheque or crossed bank draft, where such payment exceeds Rs. 20000/-, such transfers
through internet banking should also be recognized under the above provision. The Income Tax
Act, 1961 should be amended suitably.
In Internet banking scenario there is very little scope for the banks to act on stop- payment
instructions from the customers. Hence, banks should clearly notify to the customers the
timeframe and the circumstances in which any stop-payment instructions could be accepted.
Even though, The Information Technology Act, 2000 has provided for penalty for denial of
access to a computer system (Section-43) and hacking (Section - 66), the liability of banks in
such situations is not clear. The banks providing Internet banking may assess the risk and
insure themselves against such risks.
The Information Technology Act, 2000, in Section 72 has provided for penalty for breach of
privacy and confidentiality. Further, Section 79 of the Act has also provided for exclusion of
liability of a network service provider for data traveling through their network subject to certain
conditions. Thus, the liability of banks for breach of privacy when data is traveling through
network is not clear. This aspect needs detailed legal examination.
Consumer Awareness Initiatives:
Most of the cases of Cyber Crime happen due to ignorance or lack of awareness. In most of the
cases the victim become fool and discloses their details, like Phishing attacks, ATM Frauds can
35
http://norton.com
25. ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
PHENOMENON OF CYBER CRIMES AND OTHER ECONOMIC OFFENCES IN RELATION TO ONLINE BANKING 21
easily prevented if the user become aware. Banking organizations should take awareness
initiatives to make their consumer aware regarding cyber crime.
Conclusion:
Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the
cyber space. It is quite possible to check them. Online Banking is gaining importance day by day
as its easy, quick and cost effective. Involvement of monetary transactions attracts criminal
activity, i.e. Cyber Crime. Special preventive measures are required in order to check those
crimes by legislative measure, administrative measures, technological development and
awareness among its users. Proper preventive measures will make the platform of modern
business safe and secure and it will have a great impact in development of our civilization.