Cyber Crimes in Banking Sector

CYBER CRIMES IN BANKS

CHAPTER – 1

INTRODUCTION TO CYBER CRIME

Meaning of Cyber Crime.

Definition of Cyber crimes.

CYBER CRIME

1

CYBER CRIMES IN BANKSThe usage of internet services in India is growing rapidly. It has given rise to new opportunities

in every field we can think of – be it entertainment, business, sports or education. There are

many pros and cons of some new types of technology which are been invented or discovered.

Similarly the new & profound technology i.e. using of INTERNET Service, has also got some

pros & cons. These cons are named CYBER CRIME, the major disadvantages, illegal activity

committed on the internet by certain individuals because of certain loop-holes. The internet,

along with its advantages, has also exposed us to security risks that come with connecting to a

large network.

Computers today are being misused for illegal activities like e-mail espionage, credit card

fraud, spam, and software piracy and so on, which invade our Privacy and offend our senses.

Criminal activities in the cyberspace are on the rise. Computer crimes are criminal activities,

which involve the use of information technology to gain an illegal or an unauthorized access to

a computer system with intent of damaging, deleting or altering computer data. Computer

crimes also include the activities such as electronic frauds, misuse of devices, identity theft and

data as well as system interference.

Computer crimes may not necessarily involve damage to physical property. They rather includ

e the manipulation of confidential data and critical information. Computer crimes involve

activities of software theft, wherein the privacy of the users is hampered. Today, a large

number of rural areas in India and a couple of other nations in there go

on have increasing access to the internet,

particularly broadband. The challenges of information security have also grown manifold.

MEANING OF COMPUTER CRIME : -

Criminals can operate anonymously over the Computer Networks.

Hackers Invade Privacy.

Hackers Destroy “Property” in the Form of Computer Files or Records.

Hackers injure other computer Users by Destroying Information system.

DEFINITION OF CYBER CRIME :-

2

CYBER CRIMES IN BANKSDefining cyber crimes, as “acts that are punishable by the Information technology Act”

would be unsuitable as the Indian panel code also covers many cyber crimes, such as email

spoofing and cyber defamation, sending threatening emails etc. A simple yet sturdy definition

of cyber crime would be ‘unlawful acts wherein the computers Is either a tool or a target or

both”.

CHAPTER -2


3


Banks Frauds

Computer Fraud

Banks are the most Favorite’s destination of hackers. As AN Roy, commissioner of police,

Mumbai, avers, ‘Hacking a website or writing a programmed that will spread virus on

computer will not earn money. By hacking website of a bank or stealing a credit card Pin, a

street – smart program can, besides enfettering himself, cause a lot of dangerous to banks and

their customers alike.

BANK FRAUDS :

4


“Lapses in system make easy the job of offender to dupe banks”.

Fraud is any dishonest acts ends behavior by which one person gains or intends to gain

advantages over another person. Fraud causes loss to the victim directly or indirectly. Fraud

has not been described or discussed clearly in the Indian penal code but sections dealing with

cheating. Concealment, forgery counterfeiting and breach of trust have been discussed with

leads to the act of Fraud.

In the contractual term as described in the Indian Contract act, sec 17 suggest that a Fraud

means and includes any of the acts by a party to a counter with his convenience or by his

agents with the intention to deceive another party or his agent or to include him to Banking

frauds is a federal crime in many countries, define as planning to obtain property of money

from any federally financial institution. It is sometimes considered a white collar crime.

The number of bank frauds in India is substantial. It is increasing with the passage of time. All

the major operational areas in baking represent a good opportunity for fraudsters with growing

incidence being reported under deposit, loan and inter-branch accounting transactions,

including remittances.

Thus banking Fraud can be Classified as :

Fraud by Insiders.

Fraud by Others.

FRAUD BY INSIDERS

Rough trader

Fraudulent loans

Wire transfer fraud

5


Forged or fraudulent documents

Uninsured deposits

Theft of identity

Demand draft fraud

1. Rogue traders

A rogue trader is a trader at a financial institution who engages in unauthorized trading to

recoup the loss he incurred in earlier trades. Out of fear and desperation, he manipulates the

internal controls to circumvent detection to buy more time.

Unfortunately, unauthorized trading activities invariably produce more losses due to time

constraints; most rogue traders are discovered at an early stage with losses ranging from $1

million to $100 million, but a very few working out of institutions with extremely lax

controls were not discovered until the loss had reached well over a billion dollars. The size of

the loss is a reflection of the laxity in controls instituted at the firm and not the trader's greed.

Contrary to the public perception, rogue traders do not have criminal intent to defraud his

employer to enrich himself; he is merely trying to recoup the loss to make his firm whole and

salvage his employment.

2. Fraudulent loans

One way to remove money from a bank is to take out a loan, a practice bankers would be

more than willing to encourage if they knew that the money will be repaid in full with

interest. A fraudulent loan, however, is one in which the borrower is a business entity

controlled by a dishonest bank officer or an accomplice; the "borrower" then declares

bankruptcy or vanishes and the money is gone. The borrower may even be a non-existent

entity and the loan merely an artifice to conceal a theft of a large sum of money from the

bank. This can also seen as a component within mortgage fraud (Bell, 2010)

3. Wire transfer fraud

Wire transfer networks such as the international SWIFT interbank fund transfer system are

tempting as targets as a transfer, once made, is difficult or impossible to reverse. As these

networks are used by banks to settle accounts with each other, rapid or overnight wire

6

CYBER CRIMES IN BANKStransfer of large amounts of money are commonplace; while banks have put checks and

balances in place, there is the risk that insiders may attempt to use fraudulent or forged

documents which claim to request a bank depositor's money be wired to another bank, often

an offshore account in some distant foreign country.

There is a very high risk of fraud when dealing with unknown or uninsured institutions. Also,

a person may send a wire transfer from country to country. Since this takes a few days for the

transfer to "clear" and be available to withdraw, the other person may still be able to

withdraw the money from the other bank. A new teller or corrupt officer may approve the

withdraw since it is in pending status which then the other person cancels the wire transfer

and the bank institution takes a monetary loss.

4. Forged or fraudulent documents

Forged documents are often used to conceal other thefts; banks tend to count their money

meticulously so every penny must be accounted for. A document claiming that a sum of

money has been borrowed as a loan, withdrawn by an individual depositor or transferred or

invested can therefore be valuable to someone who wishes to conceal the minor detail that the

bank's money has in fact been stolen and is now gone.

5. Uninsured deposits

A bank soliciting public deposits may be uninsured or not licensed to operate at all. The

objective is usually to solicit for deposits to this uninsured "bank", although some may also

sell stock representing ownership of the "bank". Sometimes the names appear very official or

very similar to those of legitimate banks.

6. Demand draft fraud

Demand draft (DD) fraud typically involves one or more corrupt bank employees. Firstly,

such employees remove a few DD leaves or DD books from stock and write them like a

Regular DD. Since they are insiders, they know the coding and punching of a demand draft.

Such fraudulent demand drafts are usually drawn payable at a distant city without debiting an

7

CYBER CRIMES IN BANKSAccount. The draft is cashed at the payable branch. The fraud is discovered only when the

bank's head office does the branch-wise reconciliation, which normally take six months, by

which time the money is gone.

FRAUDS BY OUTSIDERS

Forgery and altered cheques

Stolen cheques

Accounting fraud

Forged currency notes

Money laundering

Bill discounting fraud

Cheque kiting

Credit card fraud

Booster cheques

Duplication or skimming of card information

Fraudulent loan applications

Phishing and Internet fraud.

1. Stolen cheques:

Fraudsters may seek access to facilities such as mailrooms, post offices, offices of a tax

authority, a corporate payroll or a social or veterans' benefit office, which process cheques in

large numbers. The fraudsters then may open bank accounts under assumed names and

Deposit the cheques, which they may first alter in order to appear legitimate, so that they can

subsequently withdraw unauthorized funds.

2. Cheque kiting :

8

CYBER CRIMES IN BANKSCheque kiting exploits a system in which, when a cheque is deposited to a bank account, the

money is made available immediately even though it is not removed from the account on

which the cheque is drawn until the cheque actually clears.

3. Forgery and altered cheques :

Fraudsters have altered cheques to change the name (in order to deposit cheques intended for

payment to someone else) or the amount on the face of cheques, simple altering can change

$100.00 into $100,000.00, although transactions of this value are subject to investigation as a

precaution to prevent fraud as policy.

Instead of tampering with a real cheque, fraudsters may alternatively attempt to forge a

depositor's signature on a blank cheque or even print their own cheques drawn on accounts

owned by others, non-existent accounts, etc. They would subsequently cash the fraudulent

cheque through another bank and withdraw the money before the banks realize that the

cheque was a fraud.

4. Accounting frauds :

In order to hide serious financial problems, some businesses have been known to use

fraudulent bookkeeping to overstate sales and income, inflate the worth of the company's

assets, or state a profit when the company is operating at a loss. These tampered records are

then used to seek investment in the company's bond or security issues or to make fraudulent

loan applications in a final attempt to obtain more money to delay the inevitable

collapse .Examples of accounting frauds: Enron and worldcom and Ocala Funding. These

companies "cooked the books" in order to appear as though they had profits each quarter,

when in fact they were deeply in debt.

5. Bill discounting fraudEssentially a confidence trick, a fraudster uses a company at their disposal to gain confidence

with a bank, by appearing as a genuine, profitable customer. To give the illusion of being a

desired customer, the company regularly and repeatedly uses the bank to get payment from

one or more of its customers. These payments are always made, as the customers in question

are part of the fraud, actively paying any and all bills raised by the bank. After time, after the

bank is happy with the company, the company requests that the bank settles its balance with

9

CYBER CRIMES IN BANKSthe company before billing the customer. Again, business continues as normal for the

fraudulent company, its fraudulent customers, and the unwitting bank.

6. Booster cheques

A booster cheque is a fraudulent or bad cheque used to make a payment to a credit card

account in order to "bust out" or raise the amount of available credit on otherwise-legitimate

credit cards. The amount of the cheque is credited to the card account by the bank as soon as

the payment is made, even though the cheque has not yet cleared. Before the bad cheque is

discovered, the perpetrator goes on a spending spree or obtains cash advances until the

newly-"raised" available limit on the card is reached. The original cheque then bounces, but

by then it is already too late.

10


CHAPTER- 3

REASONS OF CYBER CRIMES

REASONS FOR CYBER CRIME:

Hart in his work "The Concept of Law" said that 'human beings are vulnerable so rule of law

is required to protect them'. By applying this to the cyberspace we may say that computers

are vulnerable so rule of law is required to protect and safeguard them against cyber crime.

The reasons for the vulnerability of computers may be said to be:

11


1. Capacity to store data in comparatively small space:-

The computer has a unique characteristic of storing data in a very small space. This allows

for much easier access or removal of information through either physical or virtual media.

2. Easy to access:-

The problems encountered in guarding a computer system from unauthorized access are that

there is every possibility of unauthorized access not due to human error but due to the

complex technology. By secretly implanted a logic bomb, key loggers that can steal access

codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and

bypass firewalls can be utilized to get past many security systems.

3. Complex-

The computers work on operating systems and these operating systems in turn are composed

of millions of lines of code. The human mind is fallible and it is not possible that there might

not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate

into the computer system using often more sophisticated means than originally anticipated by

the systems engineers.

4. Negligence:-

Â Negligence is very closely connected with human conduct. It is therefore very probable

that while protecting the computer system there might be any negligence, which in turn

provides a cyber criminal to gain access and control over the computer system. This

negligence is usually a property of under resourced IT security provisions and the

improvement of security barriers within software packages and network structures could lead

to improved security. Banks should work on improving awareness of the different threats that

currently exist, including e-mail fraud, phishing and malware.

12


CYBER CRIMINALS

Any person who commits an illegal act with a guilty intention or commits a crime is called an

offender or a criminal. In this context, any person who commits a cyber crime is known as a

Cyber criminal. The cyber criminals may be children an adolescent aged b/w 6-18 years, they

may be organized hackers, may be professional hackers or crackers, discounted employees,

cheaters or even psychic persons. This division may be justified on the basis of the object that

they have in their mind. The following are the category of Cyber Criminals.

13


1. Children and adolescents between the age group of 6-18 years

This is really difficult to believe but it is true. Most amateur hackers and cyber criminals are

teenagers. To them, who have just begun to understand what appears to be a lot about

computers, it is a matter of pride to have hacked into a computer system or a website. There is

also that little issue of appearing really smart among friends. These young rebels may also

commit cyber crimes without really knowing that they are doing anything Wrong. The simple

reason for this type of delinquent behavior pattern in children is seen mostly due to the

inquisitiveness to know and explore the things.

2. Organized hackers

These kinds of hackers are mostly Organized together to fulfill certain objective. The reason

may be to fulfill their political bias, fundamentalism, etc. The Pakistanis are said to be one of

the best quality hackers in the world. They mainly target the Indian government sites with the

purpose to fulfill their political objectives. Further the NASA as well as the Microsoft sites is

always under attack by the hackers.

3. Professional hackers / crackers

Their work is motivated by the colour of money. These kinds of hackers are mostly employed

to hack the site of the rivals and get credible, reliable and valuable information.\Further they

are vein employed to crack the system of the employer basically as a measures to make it

safer by detecting the loopholes.

4. Discontented employees

This group include those people who have been either sacked by their employer or are

dissatisfied with their employer. To avenge they normally hack the system of their employee.

14


CHAPTER – 4

TYPES OF CYBER CRIME

ATM Frauds

Credit card Frauds

Phishing

Identity Theft

Hacking

Electronic Fund Transfer Fraud.

15


ATM frauds

The traditional and ancient society was devoid of any monetary instruments and the entire

exchange of goods and merchandise was managed by the “barter system”. The use of monetary

instruments as a unit of exchange replaced the barter system and money in various

denominations was used as the sole purchasing power.

The traditional monetary instruments from a paper and metal based currency to“plastic money”

are in the form of credit cards, debit cards, etc. This has resulted in the increasing use of ATM

all over the world. The use of ATM is not only safe but is also convenient. This safety and

convenience, unfortunately, has an evil side as well that do not originate from the use of plastic

money rather by the misuse of the same. This evil side is reflected in the form of

That is a global problem. The use of plastic money is increasing day by day for payment of

shopping bills, electricity bills, school fees, phone bills, insurance premium, travelling bills

and even petrol bills. The world at large is struggling to increase the convenience and safety

on the one hand and to reduce it misuse.

16


ATM and Debit Card Fraud

ATM fraud is on the rise, Law enforcement officials say, because thrives are becoming more

and more sophisticated. Criminal have become virus clever a finding new ways to access

your funds so consumer needs to pay careful attention to their bank statements in ceases

there’re an authorized withdrawals because it’s more likely that someone has access to your

bank account information.

Criminals Steel Your Money

Methods used by criminals to gain entry to your money accounts include hacking into bank

database, phishing scams and unsolicited email the birching of retailer computer system And

card skimming device placemen ATM machines and gas pupas. There isn’t a lot you can do

About thieves gaining illegal entry into computer system and data base containing your

Financial information besides vigilance and reporting unusual activity but some odd the

methods criminals use of Greek into your bank account are directed right at the customer. I

many cases people are handling crook the keys to their accounts. Knowing something about

the methods used might save consume millions of dollar a year.

17


Magnetic Card Skimmers steal your data

Some tech savvy thieves are placing ATM card skimming devices over the real card readers.

They will also place a tiny camera somewhere on the ATM machine so that the information

of the screen is recorded as well as your hand punching in your PIN numbers. All of this is

often transmitted to the thieves who are often sitting in a nearby car. They now have

everything they need to empty your account of its fraud. This kind of scam has been reported

18

CYBER CRIMES IN BANKSin just about every major city in the world and people lose millions of dollars a year this way.

Some of the card skimmers and cameras may be easy to detect but some of them take a

trained eye and are only discovered when the ATM’s is serviced by a professional. If you

notice anything out of the ordinary when using an ATM to withdraw funds you might

consider trying another machine and report your suspicions to the authorities.

Hacking ATM PIN

A personal identification number (PIN, pronounced "pin"; often redundantly PIN number) is

a numeric password shared between a user and a system that can be used to authenticate the

user to the system. Typically, the user is required to provide a non-confidential user identifier

Or token (the user ID) and a confidential PIN to gain access to the system. Upon receiving

the user ID and PIN, the system looks up the PIN based upon the user ID and compares the

looked-up PIN with the received PIN. The user is granted access only when the number

entered matches with the number stored in the system.

Researchers say they have discovered a fundamental weakness in the system that banks use to

keep debit card pin codes undermine the entire debit card system. Using the methods outlined

19

CYBER CRIMES IN BANKSby the researchers, a hacker could siphon of Thousands of PIN codes and compromises

hundred of banks. Criminals could them print phony debit cards and simultaneously

withdraw vast amounts of cash using ATM’s around the world.

Rarely does the transmission go directly to a customer bank. Instead, it is handed off several

times on a banking network run by several third parties. Each time a Bank passes the data along, it goes through a switch that contains the hardware. Security modules and the PIN

block is unscrambled and then descrambled. It is at these intermediate points where hackers

could trick the machines into sensational PINs.

CASE STUDYIndia's first Atm card fraud

20


The Chennai City Police have busted a global posse included in cyber crime, with the capture

of Deepak Prem Manwani (22), who was discovered in the act while softening into an ATM

up the city in June last, it is dependably learnt. The measurements of the city cops'

accomplishment can be gagged from the way that they have netted a man who is on the

needed rundown of the imposing FBI of the United States. At the time of his confinement, he

had with him Rs 7.5 lakh knocked off from two Atm’s in T Nagar and A biramipuram in the

city. Before that, he had strolled away with Rs 50,000 from an ATM in Mumbai.

While researching Manwani's case, the police discovered a cyber crime including scores of

persons over the globe. Manwani is a MBA drop-out from a Pune school and served as an

advertising official in a Chennai-based firm for quite a while. Interestingly, his brassy crime

vocation began in an Internet bistro. While browsing the Net one day, he got pulled in to a

site which offered him support in breaking into the Atm’s. His contacts, sitting some place in

Europe, were prepared to provide for him MasterCard quantities of a couple of American

banks for $5 for every card. The site additionally offered the attractive codes of those cards,

yet charged $200 for every code. The administrators of the site had conceived an entrancing

thought to get the individual ID number (PIN) of the card clients. They glided another site

which looked like that of presumed telecom organizations. That organization has a large

number of endorsers. The fake site offered the guests to return$11.75 for every head which,

the site promoters said, had been gathered in overabundance by oversight from them.

Accepting that it was a veritable offer from the telecom organization being referred to, a few

lakh endorsers logged on to the site to get back that minimal expenditure, however

simultaneously separated with their Pins. Equipped with all imperative information to hack

21

CYBER CRIMES IN BANKSThe bank Atms, the posse started its deliberate plundering. Clearly, Manwani and numerous

others of his kind entered into an arrangement with the posse behind the site and could buy

any measure of information, obviously on specific terms, or just enter into an arrangement on

a goods imparting premise. In the mean time, Manwani additionally figured out how to create

30 plastic cards that contained fundamental information to empower him to break into

ATMS. He was enterprising to the point that he found himself able to offer away a couple of

such cards to his contacts in Mumbai. The police are on the lookout for those persons as well.

On receipt of vast scale grievances from the charged charge card clients and banks in the

United States, the FBI began an examination concerning the undertaking furthermore alarmed

the CBI in New Delhi that the worldwide posse had created a few connections in India as

well. Manwani has since been developed safeguard after session by the CBI. At the same

time the city police accept that this is the start of the end of a significant cyber crime.

22


Credit Card Fraud

There are many online credit card fraud are made when a customer use their credit

card or debit card for any online payment, a person who had a mala fide intention use

such cards detail and password by hacking and make misuse of it for online purchase

for which the customers card used or hacked is suffered for such kind of attract or

action of a fraud made by and evil. If electronic transactions are not secured the

credit card numbers can be stolen by the hackers who can misuse this card by

impersonating the credit card owner.

23


DEFINITION of 'Credit Card'

A card issued by a financial company giving the holder an option to borrow funds, usually

at point of sale. Credit cards charge interest and are primarily used for short-term financing.

Interest usually begins one month after a purchase is made and borrowing limits are pre-set

according to the individual's credit rating. Credit Card are convenient payment method,

although they do carry risks fraud with the use of stolen credit cards is committed for the

purpose of the obtaining goods without Paying.

Types of credit card fraud:

Lost and Stolen Credit Cards

24


Identity Theft

Application Fraud

Account take – over

Counterfeit Credit cards

Credit Card Skimming

Mail/Internet Order Fraud

Lost and Stolen Credit CardsIn 2001 thieves stole £114m in the UK in 2001 through the use of lost and stolen credit cards.

Most fraud on lost and stolen credit cards will take place at commercial outlets or Internet

and telephone shops prior to the genuine card holder reporting its’ loss. Cards are often stolen

during burglaries or pick pocketing in the street and then used almost instantaneously. Unlike

counterfeit or card-not-present forms of fraud the victim will usually notice fairly quickly

enabling the card to be blocked and hopefully limiting the damage.

Identity theftIdentity theft can be divided into two broad categories: application fraud and account takeover.

Application fraudApplication fraud takes place when a person uses stolen or fake documents to open an

account in another person's name. Criminals may steal documents such as utility bills and

bank statements to build up useful personal information. Alternatively, they may create fake

documents. With this information, they could open a credit card account or Loan account in

the victim's name, and then fully draw it.

Account takeoverAccount takeover takes place when a person takes over another person's account, first by

gathering personal information about the intended victim, and then contacting their card

issuer while impersonating the genuine cardholder, and asking for mail to be redirected to a

new address. The criminal then reports the card lost and asks for a replacement card to be

25

CYBER CRIMES IN BANKSsent. They may then set up a new PIN. They are then free to use the card until the rightful

cardholder discovers the deception when he or she tries to use their own card, by which time

the account would be drained.

CounterfeitingMost cases of counterfeiting involve a process known as ‘skimming’ or cloning, where

legitimate data from the magnetic stripe on a card is electronically copied on to another one

without the knowledge of the rightful card holder. This is a particularly common problem

when it comes to areas of commerce such as restaurants or bars where the cardholders will

likely lose sight of their cards when it is swiped to pay for their drinks or meals. Here, corrupt

waiters and waitresses are then able to sell on or use the details of the cardholder that they

have acquired for fraudulent purposes. This will involve the creation of a duplicate

counterfeited card which can then be signed on the back by the fraudster and then used as

they please. The legitimate cardholder is unlikely to realize until they next receive

information on their balance showing purchases that they did not make due to them thinking

that their card and personal details were safe in their wallet.

Skimming: Skimming is the theft of payment card information used in an otherwise legitimate

transaction. The thief can procure a victim's card number using basic methods such as

Photocopying receipts or more advanced methods such as using a small electronic device

(skimmer) to swipe and store hundreds of victims’ card numbers. Common scenarios for

skimming are restaurants or bars where the skimmer has possession of the victim's

payment card out of their immediate view. The thief may also use a small keypad to

unobtrusively transcribe the 3 or 4 digits Card Security Code, which is not present on the

magnetic strip. Call centers are another area where skimming can easily occur. Skimming

can also occur at merchants such as gas stations when a third-party card-reading device is

installed either outside or inside a fuel dispenser or other card-swiping terminal. This

device allows a thief to capture a customer’s card information, including their PIN, with

each card swipe.

26


PREVENTION FOR CREDIT CARD FRAUD

Credit card fraud is bad business. In 2004, credit card fraud cost US merchants 2,664.9

million dollars (Celent Communications). Credit card fraud is a significant problem in

Canada, too. The credit card loss total for 2007 was $304,255,215, according to the RCMP.

And while 'no-card' fraud is growing, most credit card frauds are still being committed using

lost, stolen or counterfeit cards. Whether you have a brick-and-mortar business or an online

one, credit card fraud is costing you money.

Credit card fraud prevention when dealing with credit card customers

face-to-face

Ask for and check other identification, such as a driver’s license or other photo ID.

Check to see if the ID has been altered in any way as a person trying to use a

stolen credit card may also have stolen or fake ID.

Examine the signature on the card. If the signature on the credit card is smeared, it

could be that the credit card is stolen and the person has changed the signature to his

or her own.

Compare signatures. Besides comparing the signature on the credit card with the

person’s signature on the credit card slip, compare the signatures as well to those on

any other ID presented.

Have another look at the card’s signature panel. It should show a repetitive colour

design of the MasterCard or Visa name. Altered signature panels (those that are

discolored, glued, painted, erased, or covered with white tape) are an indication of

credit card fraud.

Check the credit card’s embossing. “Ghost images” of other numbers behind theembo

ssing are a tip-off that the card has been re-embossed. The hologram may be

27

CYBER CRIMES IN BANKSdamaged. (The holograms on credit cards that have not been tampered with will show

clear, three-dimensional images that appear to move when the card is tilted.)

Check the presented card with recent lists of stolen and invalid credit card numbers.

Call for authorization of the credit card – remembering to take both the credit card

and the sales draft with you. That way if the customer runs away while you’re making

the call, you still have the credit card. Ask for a “Code 10” if you have reason to

suspect a possible credit card fraud, such as a possible counterfeit or stolen card.

Destroy all carbon copies of the credit card transaction, to ensure that no one can steal

the credit card information and help prevent future credit card fraud. It’s also very

important to be sure that your staff is educated about credit card fraud.

PHISHING

28


Meaning of Phishing :

Phishing is the attempt to acquire sensitive information such as usernames, passwords,

and credit card details (and sometimes, indirectly, money), often for malicious reasons, by

masquerading as a trustworthy entity in an electronic communication. The word is a

neologism created as a homophone of phishing due to the similarity of using fake bait in an

attempt to catch a victim. Communications purporting to be from popular social web sites,

auction sites, banks, online payment processors or IT administrators are commonly used to lure

unsuspecting victims. Phishing emails may contain links to websites that are infected

with malware. Phishing is typically carried out by email spoofing or instant messaging and it

often directs users to enter details at a fake website whose look and feel are almost identical

To the legitimate one. Phishing is an example of social engineering techniques used to

deceive users, and exploits the poor usability of current web security technologies. Attempts

29

CYBER CRIMES IN BANKSto deal with the growing number of reported phishing incidents include legislation, user

training, public awareness, and technical security measures.

30


31


Tips to avoiding phishing scams

Don’t click on any links in e-mails, and if you do end up clicking, don’t enter any

sensitive information. If you get an e-mail from a person or institution you trust

seeking information, call up the helpline or any number that you know belongs to that

institution and verify.

Don’t be taken in by e-mails that threaten to shut down your account if you do not

supply the information or promises of lottery winnings. These are usually faked.

Genuine sites use encryption to transfer your sensitive information securely. So

always check for the symbol of a lock on the bottom right of your browser and

http; // instead of http;// in the address bar. To make doubly sure, click on the lock

and check to whom the certificate is used.

If you are not sure about the site, try entering the wrong password. A fraudulent site

on the other hand will accept it.

If you think have fallen victim to a phishing attack immediately contact your

financial institution over the phone.

A good practice is to have different user names and passwords for different sites.

If you suspect a mail to be suspicious, forward it to the customer service E-mail for

the bank or institution in question.

Avoid filling out forms in e-mail message that ask for personal/financial privacy act

protected information.

Consider installing a web browser tool bar to help protect you from unknown

phishing fraud websites.

32

CYBER CRIMES IN BANKSRegularly log into your online accounts.

Regularly check your bank, credit and debit card statement to ensure that all

transaction is legitimate.

Ensure that your browser is up to date and security patches applied.

IDENTITY THEFT AND IDENTITY FRAUDS

33


Identity theft is no longer an unusual occurrence. It is rapidly evolving and is quickly

becoming a socio economic inevitability. Identity theft is the fastest growing white-collar

crime. It is a crime in which an impostor obtains key pieces of your personal identifying

information such as your social security number or driver’s license number and uses them for

their own personal gain. Identity pirates can gather all sorts of confidential information about

you by prowling the Web.

An identity thief can take your personal information from your mail box or your home. Identity

theft is bad enough but right now it is also pretty much of a cottage industry relying primarily

on techniques like dumpster diving. Identity theft laws and crack downs, while improving are

definitely not where they should be. It’s hard to pin down, because each law enforcement

agency may classify ID theft differently – it can involve credit card fraud, internet fraud or

mail theft among other crimes.

34


Signs of Identity Theft

Watch for signs of identity theft. The quicker you catch it, the less likely you’ll incur a major

hassle or expense. Follow up with creditors if any of the following occur:

Your bills don’t arrive on time. This could mean an identity thief has taken over your

credit card account and changed your billing address

You receive unexpected credit cards or account statements

35

CYBER CRIMES IN BANKSYou receive calls or letters about purchases you did not make

You notice charges on your financial account or billing statement that you did not make

You may also receive a call from your credit card company asking if you made any

outstanding charges or large purchases at an unusual location. This would be a tip-off

that your information has been taken even though your physical card wasn’t.

HACKING"Hacking" is a crime, which means an unauthorized access made by a person to cracking the

systems or an attempt to bypass the security mechanisms, by hacking the banking sites or

accounts of the customers.

If such crime is proved then for such hacking offence the accuse is punished under IT Act, for

imprisonment, which may extend to three years or with fine, which may be extended to five

lakh rupees or both. Hacking offence is considered as a cognizable offence, it also a bail able

offence.

36


Types of HACKERS

Hackers can be broken down in several ways. You can classify hackers based on their skills,

on their chosen specialty or a combination of both. This section described the various types of

hackers and provides an indication of classification by reviewing guppta, Laliberqate &

Klevisky’s (2000) three tired system. Each new technology that is developed generates a new

specialization and new terms are created to describe these individuals.

Some of them term that is most common are:

1. CrackerEric S. Raymond, author of The New Hacker's Dictionary, advocates that members of the

computer underground should be called crackers.

According to Ralph D. Clifford, a cracker or cracking is to "gain unauthorized access to a

computer in order to commit another crime such as destroying information contained in that

system". These subgroups may also be defined by the legal status of their activities.

37


2. PhreakerPhreaking is a slang term coined to describe the activity of a culture of people who study,

experiment with, or explore telecommunication systems, such as equipment and systems

connected to public telephone networks. The term phreak is a sensational spelling of the

word freak with the ph- from phone, and may also refer to the use of various

audio frequencies to manipulate a phone system. Phreak, phreaker, or phone phreak are

names used for and by individuals who participate in phreaking. Phreaking consisted of

techniques to evade the long-distance charges. This evasion was illegal; the crime was called

"toll fraud.

3. Script kiddiesA script kiddies is basically an amateur or non-expert hacker wannabe who breaks into

people's computer systems not through his knowledge in IT security and the ins and outs of a

given website, but through the prepackaged automated scripts (hence the name), tools, and

software written by people who are real hackers, unlike him. He usually has little to know

Knowledge of the underlying concept behind how those scripts he has on hand works.

Script kiddies have at their disposal a large number of effective, easily downloadable

programs capable of breaching computers and networks.

These are a number of reasons why a hacker would want to break into your computer. He

may use your computer and ISP account for illegal activity, like disturbing child,

pornography. One of the most recent uses of Trojan is to causes does (distributive denial of

services) attacks. In a this attacks, the client comments all of the “servers” located on

individuals PC to attack a single website. Thousands of individuals PCs can be command to

access a web site like eBay or yahoo at the same time, clogging the sites bandwidth and

causing and interruption of services.

SOME OTHER TYPES OF CYBER CRIMES -

1. Denial Of Service Attack

38

CYBER CRIMES IN BANKSThis is an act by the criminal, who floods the bandwidth of the victim’s network or fills his

email box with spam mail depriving him of the services he is entitled to access or provide.

2. Software Piracy

Theft of software through the illegal copying of genuine programs or the counterfeiting and

distribution of products intended to pass for the original. Retail revenue losses worldwide are

ever increasing due to this crime. It can be done in various ways- End user copying, hard disk

loading, Counterfeiting, Illegal downloads from the internet etc

3. Spoofing

Getting one computer on a network to pretend to have the identity of another computer,

usually one with special access privileges, so as to obtain access to the other computers on

the network is called spoofing.

CHAPTER -6

PREVENTION OF CYBER CRIME.

39


Fraud is a billion-dollar business and it is increasing every year. The PwC global economic

crime survey of 2009 suggests that close to 30 percent of companies worldwide have reported

being victims of fraud in the past year. Fraud involves one or more persons who intentionally

Act secretly to deprive another of something of value, for their own benefit. Fraud is as old as

humanity itself and can take an unlimited variety of different forms. However, in recent

years, the development of new technologies has also provided further ways in which

criminals may commit fraud. In addition to that, business reengineering, reorganization or

downsizing may weaken or eliminate control, while new information systems may present

additional

40

CYBER CRIMES IN BANKSTraditional methods of data analysis have long been used to detect fraud. They require

complex and time-consuming investigations that deal with different domains of knowledge

like financial, economics, business practices and law. Fraud often consists of many instances

or incidents involving repeated transgressions using the same method. Fraud instances can be

similar in content and appearance but usually are not identical.

The first industries to use data analysis techniques to prevent fraud were the telephone

companies, the insurance companies and the banks (Decker 1998). One early example of

successful implementation of data analysis techniques in the banking industry is the FICO

Falcon fraud assessment system, which is based on a neural network shell.

Retail industries also suffer from fraud at POS. Some supermarkets have started to make use

of digitized closed-circuit television (CCTV) together with POS data of most susceptible

transactions to fraud.

Internet transactions have recently raised big concerns, with some research showing that

internet transaction fraud is 12 times higher than in-store fraud.

Fraud that involves cell phones, insurance claims, tax return claims, credit card transactions

etc. represent significant problems for governments and businesses, but yet detecting and

preventing fraud is not a simple task.

Fraud is an adaptive crime, so it needs special methods of intelligent data analysis to detect

and prevent it. These methods exist in the areas of Knowledge Discovery in Databases

(KDD), Data Mining, Machine Learning and Statistics. They offer applicable and successful

solutions in different areas of fraud crimes.

41


Cyber prevention Act 2012

The Cybercrime Prevention Act of 2012 is the first law in the Philippines which specifically

criminalizes computer crime, which prior to the passage of the law had no strong legal

precedent in Philippine jurisprudence. While laws such as the Electronic Commerce Act of

2000 (Republic Act No. 8792[6]) regulated certain computer-related activities, these laws did

not provide a legal basis for criminalizing crimes committed on

42

CYBER CRIMES IN BANKSa computer in general: for example, One l de Guzman, the computer programmer charged

with purportedly writing the I LOVE YOU computer worm, was ultimately not

prosecuted by Philippine authorities due to a lack of legal basis for him to be charged

under existing Philippine laws at the time of his arrest.

The initial draft of the law started in 2002 from the former Information Technology and e

Commerce Council (ITECC) Legal and Regulatory Committee chaired by Atty.

Reactions

The new Act received mixed reactions from several sectors upon its enactment,

particularly with how its provisions could potentially affect freedom of

expression, freedom of speech and data security in the Philippines.

The local business process outsourcing industry has received the new law well, citing an

increase in the confidence of investors due to measures for the protection of electronic

devices and online data. Media organizations and legal institutions though have criticized

the Act for extending the definition of libel as defined in the Revised Penal Code of the

Philippines, which has been criticized by international organizations as being

outdated: the United Nations for one has remarked that the current definition of libel as

defined in the Revised Penal Code is inconsistent with the International Covenant on

Civil and Political Rights, and therefore violates the respect of freedom of expression.

Local media and journalist groups which are opposed to it. The Centre for Law and

Democracy also published a detailed analysis criticizing the law from a freedom of

expression perspective.

Steps for prevention of Cyber Crime

Prevention is always better than cure. It is always better to take certain precaution while

operating the net. Never disclose your personal information publicly on websites. This is as

43

CYBER CRIMES IN BANKSGood as disclosing your identity to strangers in public place.

Always avoid sending any photograph online particularly to strangers and chat friends

as there have been incidents of misuse of the photographs.

Never enter your credit card number to any site that is not secured, to prevent its

misuse.

Always keep a watch on the sites that your children are accessing to prevent any

kind of harassment or depravation in children

Always use latest and updated Antivirus software to guard against virus attacks.

To prevent loss of data due to virus attacks, always keep back up of your data.

It is advisable to use a security program that gives control over the cookies and send

information back to the site, as leaving the cookies unguarded might prove fatal.

Use of firewalls proves beneficial.

Website owners should watch traffic and check any irregularity on the site. Putting host-

based intrusion detection devices on servers will serve the purpose. Capacity of human mind

is profound. It is not possible to eliminate cyber crime from the cyber space. It is quite

possible to check them. History is the witness that no legislation has

Succeeded in totally eliminating crime from the globe. The only possible step is to make

people aware of their rights and duties and to guard ourselves so that crime has no effect on

us.

44


CHAPTER -6

CYBER LAWS IN INDIA

INTRODUCTION

In Simple way we can say that cyber crime is unlawful acts wherein the computer is either a

tool or a target or both Cyber crimes can involve criminal activities that are traditional in

nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the

Indian Penal Code. The abuse of computers has also given birth to a gamut of new age crimes

45


That is addressed by the Information Technology Act, 2000.

Cyber law (also referred to as cyber law) is a term used to describe the legal issues related to

use of communications technology, particularly "cyberspace", i.e. the Internet. It is less a

distinct fielding of law in the way that property or contracts are as it is an intersection of

many legal fields, including intellectual property, privacy, freedom of expression, and

jurisdiction. In essence, cyber law is an attempt to integrate the challenges presented by

human activity on the Internet with legacy system of laws applicable to the physical world.

Advantages of Cyber Laws

The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber

crimes. We need such laws so that people can perform purchase transactions over the Net

through credit cards without fear of misuse. The Act offers the much-needed legal framework

so that information is not denied legal effect, validity or enforceability, solely on the ground

that it is in the form of electronic records.

In view of the growth in transactions and communications carried out through electronic

records, the Act seeks to empower government departments to accept filing, creating and

retention of official documents in the digital format. The Act has also proposed a legal

framework for the authentication and origin of electronic records / communications through

digital signature.

From the perspective of e-commerce in India, the IT Act 2000 and its provisions

contain many positive aspects. Firstly, the implications of these provisions for the e-

businesses would be that email would now be a valid and legal form of

communication in our country that can be duly produced and approved in a court of

law.

Companies shall now be able to carry out electronic commerce using the legal

infrastructure provided by the Act.

Digital signatures have been given legal validity and sanction in the Act.

46


The Act throws open the doors for the entry of corporate companies in the business of

being Certifying Authorities for issuing Digital Signatures Certificates.

The Act now allows Government to issue notification on the web thus heralding e-

governance.

The Act enables the companies to file any form, application or any other document

with any office, authority, body or agency owned or controlled by the appropriate

Government in electronic form by means of such electronic form as may be

prescribed by the appropriate Government.

The IT Act also addresses the important issues of security, which are so critical to the

success of electronic transactions.

The Act has given a legal definition to the concept of secure digital signatures that

would be required to have been passed through a system of a security procedure, as

stipulated by the Government at a later date.

Under the IT Act, 2000, it shall now be possible for corporate to have a statutory remedy in

case if anyone breaks into their computer systems or network and causes damages or copies

data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs.

1 Crore.

IT Act of India 2000

In May 2000, both the houses of the Indian Parliament passed the Information Technology

Bill. The Bill received the assent of the President in August 2000 and came to be known as

The Information Technology Act, 2000. Cyber laws are contained in the IT Act, 2000.

47

CYBER CRIMES IN BANKSThis Act aims to provide the legal infrastructure for e-commerce in India. And the

cyber laws have a major impact for e-businesses and the new economy in India. So, it

is important to understand what are the various perspectives of the IT Act, 2000 and

what it offers.

The Information Technology Act, 2000 also aims to provide for the legal framework

so that legal sanctity is accorded to all electronic records and other activities carried

out by electronic means. The Act states that unless otherwise agreed, an acceptance of

contract may be expressed by electronic means of communication and the same shall

have legal validity and enforceability.

Some highlights of the Act are listed below:

Chapter-II of the Act specifically stipulates that any subscriber may authenticate an

electronic record by affixing his digital signature. It further states that any person can

verify an electronic record by use of a public key of the subscriber.

Chapter-III of the Act details about Electronic Governance and provides inter alia

amongst others that where any law provides that information or any other matter shall

be in writing or in the typewritten or printed form, then, notwithstanding anything

contained in such law, such requirement shall be deemed to have been satisfied if

such information or matter is rendered or made available in an electronic form; and

accessible so as to be usable for a subsequent reference. The said chapter also details

the legal recognition of Digital Signatures.

Chapter-IV of the said Act gives a scheme for Regulation of Certifying Authorities.

The Act envisages a Controller of Certifying Authorities who shall perform the

function of exercising supervision over the activities of the Certifying Authorities as

also laying down standards and conditions governing the Certifying Authorities as

also specifying the various forms and content of Digital Signature Certificates.

48

CYBER CRIMES IN BANKSThe Act recognizes the need for recognizing foreign Certifying Authorities and it

further details the various provisions for the issue of license to issue Digital Signature

Certificates.

Chapter-VII of the Act details about the scheme of things relating to Digital Signature

Certificates. The duties of subscribers are also enshrined in the said Act.

Chapter-IX of the said Act talks about penalties and adjudication for various offences.

The penalties for damage to computer, computer systems etc. has been fixed as

damages by way of compensation not exceeding Rs. 1,00,00,000 to affected persons.

The Act talks of appointment of any officers not below the rank of a Director to the

Government of India or an equivalent officer of state government as an Adjudicating

Officer who shall adjudicate whether any person has made a contravention of any of

the provisions of the said Act or rules framed there under. The said Adjudicating

Officer has been given the powers of a Civil Court.

Chapter-X of the Act talks of the establishment of the Cyber Regulations Appellate

Tribunal, which shall be an appellate body where appeals against the orders passed by

the Adjudicating Officers, shall be preferred.

Chapter-XI of the Act talks about various offences and the said offences shall be

investigated only by a Police Officer not below the rank of the Deputy Superintendent

of Police. These offences include tampering with computer source documents,

publishing of information, which is obscene in electronic form, and hacking.

The Act also provides for the constitution of the Cyber Regulations Advisory

Committee, which shall advice the government as regards any rules, or for any other

purpose connected with the said act. The said Act also proposes to amend the Indian

Penal Code, 1860, the Indian Evidence Act, 1872, The Bankers' Books Evidence Act,

1891, The Reserve Bank of India Act, 1934 to make them in tune with the provisions

of the IT Act.

49


CONCLUSION

Lastly I conclude by saying that “Thieves are not born, but made out of opportunities.” This

quote exactly reflects the present environment related to technology, where it is

changing very fast.

By the time regulators come up with preventive measures to protectcustomers from

innovative frauds, either the environment itself changes or new technology emerges. This

helps criminals to find new areas to commit the fraud. Computer forensics has developed as

an indispensable tool for law enforcement. But in the digital world, as in the physical world

the goals of law enforcement are balanced with the goals of maintaining personal liberty and

privacy.

Jurisdiction over cyber crimes should be standardized around the globe to make swift action

possible against terrorist whose activities are endearing security worldwide. The National

Institute of justice, technical working group digital evidence are some of the key organization

involved in research. The ATM fraud is not the sole problem of banks alone. It is a big threat

and it requires a

co-ordinated and cooperative action on the part of the bank, customers and the law

enforcement machinery. The ATM frauds not only cause financial loss to banks but they also

undermine customers' confidence in the use of ATMs. This would deter a greater use of ATM

for monetary transactions. It is therefore in the interest of banks to prevent ATM frauds.

There is thus a

needto take precautionary and insurance measures that give greater "protection" to the ATMs,

particularly those located in less secure areas.

Traditional systems like credit cards had some security features built into them to prevent

such crime but issue of e-money by unregulated institutions may have one. Preventing cyber

money laundering is an uphill task which needs to be tackled at different levels. This has

to be fought on three planes, first by banks/ financial institutions, second by

nation states and finally through international efforts. The regulatory framework must also

take into account all the related issues like development of e-money, right to

50

CYBER CRIMES IN BANKSprivacy of individual. International law and international co-operation will go a long way

in this regard. Capacity of human mind is unfathomable. It is not possible to eliminate cyber

crime from the cyber space. It is quite possible to check them. History is the witness that no

Legislation has succeeded in totally eliminating crime from the globe. The only possible step

is to make people aware of their rights and duties (to report crime as a collective

duty towards the society) and further making the application of the laws more stringent

to check crime. Undoubtedly the Act is a historical step in the cyber world. Further I all

together do not deny that there is a need to bring changes in the Information Technology

Act to make it more effective to combat cyber crimes

51


BIBLIOGRAPHY

NAME OF BOOKS AUTHOR’S NAME

WHAT IS CYBER CRIME NAGPAL R.

CYBER CRIME DUGGAL PAWAN

KUMAR VINOD- WINNING

THE BATTLE AGAINST

CYBER CRIME

PARTHASARTHI PATI

52


WIBLIOGRAPHY

53


http;//www.hdfcbank.com/abouts/security/emeal_security.htm.

http;//www.navi.org/pati/pati_cybercrime-dce.03htm.

http;//www.legalserviceindia.com/article/1262-cyber-crimes-&generalprincipals.html

http;//www.mouthshut.com/review/avoiding_credit-card_fraud-20736-1.html

54

CYBER CRIMES IN BANKShttps://en.wikipedia.org/wiki/Bank_fraud

www.silverinnings.in/docs/Finance/Frauds/Types of Internet Fraud.

www.crossdomainsolutions.com/cyber-crime/

www.infosecawareness.in/cyber-laws/it-act-of-india-2000

55


ANNEXUREAbbreviation

PIN Personal Identification Number

ATM Automated Teller Machine

CVV Card Verification Value

IFCC Internet Fraud Complaint Center

HSM Hardware Security Module

EFT Electronic Fund Transfer

ERP Enterprise Resource Planning

GUI Graphical User Interface

NFMS Neural Fraud Management System

AMS Automatic Modeling System

TSP Time Stamp Protocol

IRS Internal Revenue Service

URL Uniform Resource Locator

56


THANK YOU

57

Documents

Cyber Crimes in Banking Sector