Cyber Crimes in Banking Sector

CYBER CRIMES IN BANKS
CHAPTER 1
INTRODUCTION TO CYBER CRIME
Meaning of Cyber Crime.

Definition of Cyber crimes.

CYBER CRIME
The usage of internet services in India is growing rapidly. It has given rise to new opportunities
in every field we can think of be it entertainment, business, sports or education. There are
many pros and cons of some new types of technology which are been invented or discovered.
Similarly the new & profound technology i.e. using of INTERNET Service, has also got some
pros & cons. These cons are named CYBER CRIME, the major disadvantages, illegal activity
committed on the internet by certain individuals because of certain loop-holes. The internet,
along with its advantages, has also exposed us to security risks that come with connecting to a
large network.
Computers today are being misused for illegal activities like e-mail espionage, credit card
fraud, spam, and software piracy and so on, which invade our Privacy and offend our senses.
Criminal activities in the cyberspace are on the rise. Computer crimes are criminal activities,
which involve the use of information technology to gain an illegal or an unauthorized access to
a computer system with intent of damaging, deleting or altering computer data. Computer
crimes also include the activities such as electronic frauds, misuse of devices, identity theft and
data as well as system interference.
Computer crimes may not necessarily involve damage to physical property. They rather includ
e the manipulation of confidential data and critical information. Computer crimes involve
activities of software theft, wherein the privacy of the users is hampered. Today, a large
number of rural areas in India and a couple of other nations in there go
on have increasing access to the internet,
particularly broadband. The challenges of information security have also grown manifold.
MEANING OF COMPUTER CRIME
:-
Criminals can operate anonymously over the Computer Networks.

Hackers Invade Privacy.
Hackers Destroy Property in the Form of Computer Files or Records.
Hackers injure other computer Users by Destroying Information system.
DEFINITION OF CYBER CRIME :2

Defining cyber crimes, as acts that are punishable by the Information technology Act would
be unsuitable as the Indian panel code also covers many cyber crimes, such as email spoofing
and cyber defamation, sending threatening emails etc. A simple yet sturdy definition of cyber
crime would be unlawful acts wherein the computers Is either a tool or a target or both.
CHAPTER -2
3
Banks Frauds
Computer Fraud
Banks are the most Favorites destination of hackers. As AN Roy, commissioner of police,
Mumbai, avers, Hacking a website or writing a programmed that will spread virus on
computer will not earn money. By hacking website of a bank or stealing a credit card Pin, a
street smart program can, besides enfettering himself, cause a lot of dangerous to banks and
their customers alike.
BANK FRAUDS :
Lapses in system make easy the job of offender to dupe banks.

4

Fraud is any dishonest acts ends behavior by which one person gains or intends to gain
advantages over another person. Fraud causes loss to the victim directly or indirectly. Fraud
has not been described or discussed clearly in the Indian penal code but sections dealing with
cheating. Concealment, forgery counterfeiting and breach of trust have been discussed with
leads to the act of Fraud.
In the contractual term as described in the Indian Contract act, sec 17 suggest that a Fraud
means and includes any of the acts by a party to a counter with his convenience or by his
agents with the intention to deceive another party or his agent or to include him to Banking
frauds is a federal crime in many countries, define as planning to obtain property of money
from any federally financial institution. It is sometimes considered a white collar crime.
The number of bank frauds in India is substantial. It is increasing with the passage of time. All
the major operational areas in baking represent a good opportunity for fraudsters with growing
incidence being reported under deposit, loan and inter-branch accounting transactions,
including remittances.
Thus banking Fraud can be Classified as :
Fraud by Insiders.
Fraud by Others.
FRAUD BY INSIDERS
Rough trader
Fraudulent loans
Wire transfer fraud
Forged or fraudulent documents
Uninsured deposits
Theft of identity
Demand draft fraud
5
1. Rogue traders
A rogue trader is a trader at a financial institution who engages in unauthorized trading to
recoup the loss he incurred in earlier trades. Out of fear and desperation, he manipulates the
internal controls to circumvent detection to buy more time.
Unfortunately, unauthorized trading activities invariably produce more losses due to time
constraints; most rogue traders are discovered at an early stage with losses ranging from $1
million to $100 million, but a very few working out of institutions with extremely lax
controls were not discovered until the loss had reached well over a billion dollars. The size of
the loss is a reflection of the laxity in controls instituted at the firm and not the trader's greed.
Contrary to the public perception, rogue traders do not have criminal intent to defraud his
employer to enrich himself; he is merely trying to recoup the loss to make his firm whole and
salvage his employment.
2. Fraudulent loans
One way to remove money from a bank is to take out a loan, a practice bankers would be
more than willing to encourage if they knew that the money will be repaid in full with
interest. A fraudulent loan, however, is one in which the borrower is a business entity
controlled by a dishonest bank officer or an accomplice; the "borrower" then declares
bankruptcy or vanishes and the money is gone. The borrower may even be a non-existent
entity and the loan merely an artifice to conceal a theft of a large sum of money from the
bank. This can also seen as a component within mortgage fraud (Bell, 2010)
3. Wire transfer fraud

Wire transfer networks such as the international SWIFT interbank fund transfer system are
tempting as targets as a transfer, once made, is difficult or impossible to reverse. As these
networks are used by banks to settle accounts with each other, rapid or overnight wire
transfer of large amounts of money are commonplace; while banks have put checks and
balances in place, there is the risk that insiders may attempt to use fraudulent or forged
documents which claim to request a bank depositor's money be wired to another bank, often
an offshore account in some distant foreign country.
There is a very high risk of fraud when dealing with unknown or uninsured institutions. Also,
a person may send a wire transfer from country to country. Since this takes a few days for the
transfer to "clear" and be available to withdraw, the other person may still be able to
withdraw the money from the other bank. A new teller or corrupt officer may approve the
withdraw since it is in pending status which then the other person cancels the wire transfer
and the bank institution takes a monetary loss.
4. Forged or fraudulent documents

Forged documents are often used to conceal other thefts; banks tend to count their money
meticulously so every penny must be accounted for. A document claiming that a sum of
money has been borrowed as a loan, withdrawn by an individual depositor or transferred or
invested can therefore be valuable to someone who wishes to conceal the minor detail that the
bank's money has in fact been stolen and is now gone.
5. Uninsured deposits
A bank soliciting public deposits may be uninsured or not licensed to operate at all. The
objective is usually to solicit for deposits to this uninsured "bank", although some may also
sell stock representing ownership of the "bank". Sometimes the names appear very official or
very similar to those of legitimate banks.

6. Demand draft fraud
Demand draft (DD) fraud typically involves one or more corrupt bank employees. Firstly,
such employees remove a few DD leaves or DD books from stock and write them like a
Regular DD. Since they are insiders, they know the coding and punching of a demand draft.
Such fraudulent demand drafts are usually drawn payable at a distant city without debiting an
Account. The draft is cashed at the payable branch. The fraud is discovered only when the
bank's head office does the branch-wise reconciliation, which normally take six months, by
which time the money is gone.
FRAUDS BY OUTSIDERS
Forgery and altered cheques

Stolen cheques
Accounting fraud
Forged currency notes
Money laundering
Bill discounting fraud
Cheque kiting
Credit card fraud
Booster cheques
Duplication or skimming of card information
Fraudulent loan applications
Phishing and Internet fraud.

1. Stolen cheques:
Fraudsters may seek access to facilities such as mailrooms, post offices, offices of a tax
authority, a corporate payroll or a social or veterans' benefit office, which process cheques in
large numbers. The fraudsters then may open bank accounts under assumed names and
Deposit the cheques, which they may first alter in order to appear legitimate, so that they can
subsequently withdraw unauthorized funds.
2. Cheque kiting :
Cheque kiting exploits a system in which, when a cheque is deposited to a bank account, the
money is made available immediately even though it is not removed from the account on
which the cheque is drawn until the cheque actually clears.
3. Forgery and altered cheques :

Fraudsters have altered cheques to change the name (in order to deposit cheques intended for
payment to someone else) or the amount on the face of cheques, simple altering can change
$100.00 into $100,000.00, although transactions of this value are subject to investigation as a
precaution to prevent fraud as policy.
Instead of tampering with a real cheque, fraudsters may alternatively attempt to forge a
depositor's signature on a blank cheque or even print their own cheques drawn on accounts
owned by others, non-existent accounts, etc. They would subsequently cash the fraudulent
cheque through another bank and withdraw the money before the banks realize that the
cheque was a fraud.
4. Accounting frauds :
In order to hide serious financial problems, some businesses have been known to use
fraudulent bookkeeping to overstate sales and income, inflate the worth of the company's
9

assets, or state a profit when the company is operating at a loss. These tampered records are
then used to seek investment in the company's bond or security issues or to make fraudulent
loan applications in a final attempt to obtain more money to delay the inevitable collapse
.Examples of accounting frauds: Enron and worldcom and Ocala Funding. These companies
"cooked the books" in order to appear as though they had profits each quarter, when in fact
they were deeply in debt.
5. Bill discounting fraud

Essentially a confidence trick, a fraudster uses a company at their disposal to gain confidence
with a bank, by appearing as a genuine, profitable customer. To give the illusion of being a
desired customer, the company regularly and repeatedly uses the bank to get payment from
one or more of its customers. These payments are always made, as the customers in question
are part of the fraud, actively paying any and all bills raised by the bank. After time, after the
bank is happy with the company, the company requests that the bank settles its balance with
the company before billing the customer. Again, business continues as normal for the
fraudulent company, its fraudulent customers, and the unwitting bank.
6. Booster cheques
A booster cheque is a fraudulent or bad cheque used to make a payment to a credit card
account in order to "bust out" or raise the amount of available credit on otherwise-legitimate
credit cards. The amount of the cheque is credited to the card account by the bank as soon as
the payment is made, even though the cheque has not yet cleared. Before the bad cheque is
discovered, the perpetrator goes on a spending spree or obtains cash advances until the
newly-"raised" available limit on the card is reached. The original cheque then bounces, but
by then it is already too late.
10
CHAPTER- 3
REASONS OF CYBER CRIMES
11
REASONS FOR CYBER CRIME:

Hart in his work "The Concept of Law" said that 'human beings are vulnerable so rule of law
is required to protect them'. By applying this to the cyberspace we may say that computers
are vulnerable so rule of law is required to protect and safeguard them against cyber crime.
The reasons for the vulnerability of computers may be said to be:
1. Capacity to store data in comparatively small space:The computer has a unique characteristic of storing data in a very small space. This allows for
much easier access or removal of information through either physical or virtual media.
12
2. Easy to access:The problems encountered in guarding a computer system from unauthorized access are that
there is every possibility of unauthorized access not due to human error but due to the
complex technology. By secretly implanted a logic bomb, key loggers that can steal access
codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and
bypass firewalls can be utilized to get past many security systems.
3. ComplexThe computers work on operating systems and these operating systems in turn are composed
of millions of lines of code. The human mind is fallible and it is not possible that there might
not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate
into the computer system using often more sophisticated means than originally anticipated by
the systems engineers.
4. Negligence: Negligence is very closely connected with human conduct. It is therefore very probable
that while protecting the computer system there might be any negligence, which in turn
provides a cyber criminal to gain access and control over the computer system. This
negligence is usually a property of under resourced IT security provisions and the
improvement of security barriers within software packages and network structures could lead
to improved security. Banks should work on improving awareness of the different threats that
currently exist, including e-mail fraud, phishing and malware.
13

CYBER CRIMINALS
Any person who commits an illegal act with a guilty intention or commits a crime is called an
offender or a criminal. In this context, any person who commits a cyber crime is known as a
Cyber criminal. The cyber criminals may be children an adolescent aged b/w 6-18 years, they
may be organized hackers, may be professional hackers or crackers, discounted employees,
cheaters or even psychic persons. This division may be justified on the basis of the object that
they have in their mind. The following are the category of Cyber Criminals.
1. Children and adolescents between the age group of 6-18 years
14

This is really difficult to believe but it is true. Most amateur hackers and cyber criminals are
teenagers. To them, who have just begun to understand what appears to be a lot about
computers, it is a matter of pride to have hacked into a computer system or a website. There is
also that little issue of appearing really smart among friends. These young rebels may also
commit cyber crimes without really knowing that they are doing anything Wrong. The simple
reason for this type of delinquent behavior pattern in children is seen mostly due to the
inquisitiveness to know and explore the things.
2. Organized hackers
These kinds of hackers are mostly Organized together to fulfill certain objective. The reason
may be to fulfill their political bias, fundamentalism, etc. The Pakistanis are said to be one of
the best quality hackers in the world. They mainly target the Indian government sites with the
purpose to fulfill their political objectives. Further the NASA as well as the Microsoft sites is
always under attack by the hackers.
3. Professional hackers / crackers

Their work is motivated by the colour of money. These kinds of hackers are mostly employed
to hack the site of the rivals and get credible, reliable and valuable information.\Further they
are vein employed to crack the system of the employer basically as a measures to make it
safer by detecting the loopholes.
4. Discontented employees
This group include those people who have been either sacked by their employer or are
dissatisfied with their employer. To avenge they normally hack the system of their employee.
CHAPTER 4
TYPES OF CYBER CRIME
15
ATM Frauds
Credit card Frauds
Phishing
Identity Theft
Hacking
Electronic Fund Transfer Fraud.
ATM frauds
16
The traditional and ancient society was devoid of any monetary instruments and the entire
exchange of goods and merchandise was managed by the barter system. The use of monetary
instruments as a unit of exchange replaced the barter system and money in various
denominations was used as the sole purchasing power.
The traditional monetary instruments from a paper and metal based currency toplastic money
are in the form of credit cards, debit cards, etc. This has resulted in the increasing use of ATM
all over the world. The use of ATM is not only safe but is also convenient. This safety and
convenience, unfortunately, has an evil side as well that do not originate from the use of plastic
money rather by the misuse of the same. This evil side is reflected in the form of
That is a global problem. The use of plastic money is increasing day by day for payment of
shopping bills, electricity bills, school fees, phone bills, insurance premium,
travelling bills
and even petrol bills. The world at large is struggling to increase the convenience and safety
on the one hand and to reduce it misuse.
ATM and Debit Card Fraud
17
ATM fraud is on the rise, Law enforcement officials say, because thrives are becoming more
and more sophisticated. Criminal have become virus clever a finding new ways to access
your funds so consumer needs to pay careful attention to their bank statements in ceases
therere an authorized withdrawals because its more likely that someone has access to your
bank account information.
Criminals Steel Your Money

Methods used by criminals to gain entry to your money accounts include hacking into bank
database, phishing scams and unsolicited email the birching of retailer computer system And
card skimming device placemen ATM machines and gas pupas. There isnt a lot you can do
About thieves gaining illegal entry into computer system and data base containing your
Financial information besides vigilance and reporting unusual activity but some odd the
methods criminals use of Greek into your bank account are directed right at the customer. I
many cases people are handling crook the keys to their accounts. Knowing something about
the methods used might save consume millions of dollar a year.
Magnetic Card Skimmers steal your data
18
Some tech savvy thieves are placing ATM card skimming devices over the real card readers.
They will also place a tiny camera somewhere on the ATM machine so that the information of
the screen is recorded as well as your hand punching in your PIN numbers. All of this is often
transmitted to the thieves who are often sitting in a nearby car. They now have everything
they need to empty your account of its fraud. This kind of scam has been reported in just
about every major city in the world and people lose millions of dollars a year this way. Some
of the card skimmers and cameras may be easy to detect but some of them take a trained eye
and are only discovered when the ATMs is serviced by a professional. If you notice anything
out of the ordinary when using an ATM to withdraw funds you might consider trying another
machine and report your suspicions to the authorities.
19
Hacking ATM PIN
A personal identification number (PIN, pronounced "pin"; often redundantly PIN number) is
a numeric password shared between a user and a system that can be used to authenticate the
user to the system. Typically, the user is required to provide a non-confidential user identifier
Or token (the user ID) and a confidential PIN to gain access to the system. Upon receiving
the user ID and PIN, the system looks up the PIN based upon the user ID and compares the
looked-up PIN with the received PIN. The user is granted access only when the number
entered matches with the number stored in the system.
Researchers say they have discovered a fundamental weakness in the system that banks use to
keep debit card pin codes undermine the entire debit card system. Using the methods outlined
by the researchers, a hacker could siphon of Thousands of PIN codes and compromises
hundred of banks. Criminals could them print phony debit cards and simultaneously
withdraw vast amounts of cash using ATMs around the world.
20

Rarely does the transmission go directly to a customer bank. Instead, it is handed off several
times on a banking network run by several third parties. Each time a Bank passes the data
along, it goes through a switch that contains the hardware. Security modules and the PIN
block is unscrambled and then descrambled. It is at these intermediate points where hackers
could trick the machines into sensational PINs.
CASE STUDY
India's first Atm card fraud
The Chennai City Police have busted a global posse included in cyber crime, with the capture
of Deepak Prem Manwani (22), who was discovered in the act while softening into an ATM
21

up the city in June last, it is dependably learnt. The measurements of the city cops'
accomplishment can be gagged from the way that they have netted a man who is on the
needed rundown of the imposing FBI of the United States. At the time of his confinement, he
had with him Rs 7.5 lakh knocked off from two Atms in T Nagar and A biramipuram in the
city. Before that, he had strolled away with Rs 50,000 from an ATM in Mumbai.
While researching Manwani's case, the police discovered a cyber crime including scores of
persons over the globe. Manwani is a MBA drop-out from a Pune school and served as an
advertising official in a Chennai-based firm for quite a while. Interestingly, his brassy crime
vocation began in an Internet bistro. While browsing the Net one day, he got pulled in to a
site which offered him support in breaking into the Atms. His contacts, sitting some place in
Europe, were prepared to provide for him MasterCard quantities of a couple of American
banks for $5 for every card. The site additionally offered the attractive codes of those cards,
yet charged $200 for every code. The administrators of the site had conceived an entrancing
thought to get the individual ID number (PIN) of the card clients. They glided another site
which looked like that of presumed telecom organizations. That organization has a large
number of endorsers. The fake site offered the guests to return$11.75 for every head which,
the site promoters said, had been gathered in overabundance by oversight from them.
Accepting that it was a veritable offer from the telecom organization being referred to, a few
lakh endorsers logged on to the site to get back that minimal expenditure, however
simultaneously separated with their Pins. Equipped with all imperative information to hack
22

The bank Atms, the posse started its deliberate plundering. Clearly, Manwani and numerous
others of his kind entered into an arrangement with the posse behind the site and could buy
any measure of information, obviously on specific terms, or just enter into an arrangement on
a goods imparting premise. In the mean time, Manwani additionally figured out how to create
30 plastic cards that contained fundamental information to empower him to break into ATMS.
He was enterprising to the point that he found himself able to offer away a couple of such
cards to his contacts in Mumbai. The police are on the lookout for those persons as well. On
receipt of vast scale grievances from the charged charge card clients and banks in the United
States, the FBI began an examination concerning the undertaking furthermore alarmed the
CBI in New Delhi that the worldwide posse had created a few connections in India as well.
Manwani has since been developed safeguard after session by the CBI. At the same time the
city police accept that this is the start of the end of a significant cyber crime.
23
Credit Card Fraud

There are many online credit card fraud are made when a customer use their credit
card or debit card for any online payment, a person who had a mala fide intention use
such cards detail and password by hacking and make misuse of it for online purchase
for which the customers card used or hacked is suffered for such kind of attract or
action of a fraud made by and evil. If electronic transactions are not secured the
credit card numbers can be stolen by the hackers who can misuse this card by
impersonating the credit card owner.
24

DEFINITION of 'Credit Card'
A card issued by a financial company giving the holder an option to borrow funds, usually
at point of sale. Credit cards charge interest and are primarily used for short-term financing.
Interest usually begins one month after a purchase is made and borrowing limits are pre-set
according to the individual's credit rating. Credit Card are convenient payment method,
although they do carry risks fraud with the use of stolen credit cards is committed for the
purpose of the obtaining goods without Paying.
Types of credit card fraud:
Lost and Stolen Credit Cards

Identity Theft
Application Fraud
Account take over
Counterfeit Credit cards
Credit Card Skimming
Mail/Internet Order Fraud
Lost and Stolen Credit Cards
25

In 2001 thieves stole 114m in the UK in 2001 through the use of lost and stolen credit cards.
Most fraud on lost and stolen credit cards will take place at commercial outlets or Internet
and telephone shops prior to the genuine card holder reporting its loss. Cards are often stolen
during burglaries or pick pocketing in the street and then used almost instantaneously. Unlike
counterfeit or card-not-present forms of fraud the victim will usually notice fairly quickly
enabling the card to be blocked and hopefully limiting the damage.
Identity theft
Identity theft can be divided into two broad categories: application fraud and
account takeover.
Application fraud
Application fraud takes place when a person uses stolen or fake documents to open an
account in another person's name. Criminals may steal documents such as utility bills and
bank statements to build up useful personal information. Alternatively, they may create fake
documents. With this information, they could open a credit card account or Loan account in
the victim's name, and then fully draw it.
Account takeover
Account takeover takes place when a person takes over another person's account, first by
gathering personal information about the intended victim, and then contacting their card
issuer while impersonating the genuine cardholder, and asking for mail to be redirected to a
new address. The criminal then reports the card lost and asks for a replacement card to be
sent. They may then set up a new PIN. They are then free to use the card until the rightful
cardholder discovers the deception when he or she tries to use their own card, by which time
the account would be drained.
26

Counterfeiting
Most cases of counterfeiting involve a process known as skimming or cloning, where
legitimate data from the magnetic stripe on a card is electronically copied on to another one
without the knowledge of the rightful card holder. This is a particularly common problem
when it comes to areas of commerce such as restaurants or bars where the cardholders will
likely lose sight of their cards when it is swiped to pay for their drinks or meals. Here, corrupt
waiters and waitresses are then able to sell on or use the details of the cardholder that they
have acquired for fraudulent purposes. This will involve the creation of a duplicate
counterfeited card which can then be signed on the back by the fraudster and then used as
they please. The legitimate cardholder is unlikely to realize until they next receive
information on their balance showing purchases that they did not make due to them thinking
that their card and personal details were safe in their wallet.
Skimming:
Skimming is the theft of payment card information used in an otherwise legitimate
transaction. The thief can procure a victim's card number using basic methods such as
Photocopying receipts or more advanced methods such as using a
small electronic device (skimmer) to swipe and store hundreds of
victims card numbers. Common scenarios for skimming are
restaurants or bars where the skimmer has possession of the victim's
payment card out of their immediate view. The thief may also use a
small keypad to unobtrusively transcribe the 3 or 4 digits Card Security
Code, which is not present on the magnetic strip. Call centers are
another area where skimming can easily occur. Skimming can also
occur at merchants such as gas stations when a third-party cardreading device is installed either outside or inside a fuel dispenser or
other card-swiping terminal. This device allows a thief to capture a
customers card information, including their PIN, with each card swipe.
27
PREVENTION FOR CREDIT CARD FRAUD

Credit card fraud is bad business. In 2004, credit card fraud cost US merchants 2,664.9
million dollars (Celent Communications). Credit card fraud is a significant problem in
Canada, too. The credit card loss total for 2007 was $304,255,215, according to the RCMP.
And while 'no-card' fraud is growing, most credit card frauds are still being committed using
lost, stolen or counterfeit cards. Whether you have a brick-and-mortar business or an online
one, credit card fraud is costing you money.
Credit card fraud prevention when dealing with credit card customers
face-to-face
Ask for and check other identification, such as a drivers license or other photo ID.
Check to see if the ID has been altered in any way as a person trying to use a
stolen credit card may also have stolen or fake ID.
Examine the signature on the card. If the signature on the credit card is smeared, it
could be that the credit card is stolen and the person has changed the signature to his
or her own.
Compare signatures. Besides comparing the signature on the credit card with the
persons signature on the credit card slip, compare the signatures as well to those on
any other ID presented.
Have another look at the cards signature panel. It should show a repetitive colour
design of the MasterCard or Visa name. Altered signature panels (those that are
discolored, glued, painted, erased, or covered with white tape) are an indication of
credit card fraud.
Check the credit cards embossing. Ghost images of other numbers behind theembo
ssing are a tip-off that the card has been re-embossed. The hologram may be
damaged. (The holograms on credit cards that have not been tampered with will show
clear, three-dimensional images that appear to move when the card is tilted.)
28
Check the presented card with recent lists of stolen and invalid credit card numbers.
Call for authorization of the credit card remembering to take both the credit card
and the sales draft with you. That way if the customer runs away while youre making
the call, you still have the credit card. Ask for a Code 10 if you have reason to
suspect a possible credit card fraud, such as a possible counterfeit or stolen card.
Destroy all carbon copies of the credit card transaction, to ensure that no one can steal
the credit card information and help prevent future credit card fraud. Its also very
important to be sure that your staff is educated about credit card fraud.
PHISHING
29
Meaning of Phishing :
Phishing is the attempt to acquire sensitive information such as usernames, passwords,
and credit card details (and sometimes, indirectly, money), often for malicious reasons, by
masquerading as a trustworthy entity in an electronic communication. The word is a
neologism created as a homophone of phishing due to the similarity of using fake bait in an
attempt to catch a victim. Communications purporting to be from popular social web sites,
auction sites, banks, online payment processors or IT administrators are commonly used to lure
unsuspecting victims. Phishing emails may contain links to websites that are infected
with malware. Phishing is typically carried out by email spoofing or instant messaging and it
often directs users to enter details at a fake website whose look and feel are almost identical
To the legitimate one. Phishing is an example of social engineering techniques used to
deceive users, and exploits the poor usability of current web security technologies. Attempts
to deal with the growing number of reported phishing incidents include legislation, user
training, public awareness, and technical security measures.
30
31
Tips to avoiding phishing scams

32
Dont click on any links in e-mails, and if you do end up clicking, dont enter any
sensitive information. If you get an e-mail from a person or institution you trust
seeking information, call up the helpline or any number that you know belongs to that
institution and verify.
Dont be taken in by e-mails that threaten to shut down your account if you do not
supply the information or promises of lottery winnings. These are usually faked.
Genuine sites use encryption to transfer your sensitive information securely. So

always check for the symbol of a lock on the bottom right of your browser and
http; // instead of http;// in the address bar. To make doubly sure, click on the lock
and check to whom the certificate is used.
If you are not sure about the site, try entering the wrong password. A fraudulent site
on the other hand will accept it.
If you think have fallen victim to a phishing attack immediately contact your
financial institution over the phone.
A good practice is to have different user names and passwords for different sites.
If you suspect a mail to be suspicious, forward it to the customer service E-mail for
the bank or institution in question.
Avoid filling out forms in e-mail message that ask for personal/financial privacy act
protected information.
Consider installing a web browser tool bar to help protect you from unknown
phishing fraud websites.
Regularly log into your online accounts.

Regularly check your bank, credit and debit card statement to ensure that all
transaction is legitimate.
Ensure that your browser is up to date and security patches applied.

33
IDENTITY THEFT AND IDENTITY FRAUDS
Identity theft is no longer an unusual occurrence. It is rapidly evolving and is quickly

becoming a socio economic inevitability. Identity theft is the fastest growing white-collar
crime. It is a crime in which an impostor obtains key pieces of your personal identifying
information such as your social security number or drivers license number and uses them for
their own personal gain. Identity pirates can gather all sorts of confidential information about
you by prowling the Web.
34

An identity thief can take your personal information from your mail box or your home. Identity
theft is bad enough but right now it is also pretty much of a cottage industry relying primarily
on techniques like dumpster diving. Identity theft laws and crack downs, while improving are
definitely not where they should be. Its hard to pin down, because each law enforcement
agency may classify ID theft differently it can involve credit card fraud, internet fraud or
mail theft among other crimes.
35
Signs of Identity Theft

Watch for signs of identity theft. The quicker you catch it, the less likely youll incur a major
hassle or expense. Follow up with creditors if any of the following occur:
Your bills dont arrive on time. This could mean an identity thief has taken over your
credit card account and changed your billing address
You receive unexpected credit cards or account statements
36
You receive calls or letters about purchases you did not make
You notice charges on your financial account or billing statement that you did not make
You may also receive a call from your credit card company asking if you made any
outstanding charges or large purchases at an unusual location. This would be a tip- off
that your information has been taken even though your physical card wasnt.
HACKING
"Hacking" is a crime, which means an unauthorized access made by a person to cracking the
systems or an attempt to bypass the security mechanisms, by hacking the banking sites or
accounts of the customers.
If such crime is proved then for such hacking offence the accuse is punished under IT Act, for
imprisonment, which may extend to three years or with fine, which may be extended to five
lakh rupees or both. Hacking offence is considered as a cognizable offence, it also a bail able
offence.
Types of HACKERS
Hackers can be broken down in several ways. You can classify hackers based on their skills,
on their chosen specialty or a combination of both. This section described the various types of
hackers and provides an indication of classification by reviewing guppta, Laliberqate &
Kleviskys (2000) three tired system. Each new technology that is developed generates a new
specialization and new terms are created to describe these individuals.
Some of them term that is most common are:
1. Cracker
37

Eric
S.
Raymond, author of The New Hacker's Dictionary, advocates that members of the computer
underground should be called crackers.
According to Ralph D. Clifford, a cracker or cracking is to "gain unauthorized access to a
computer in order to commit another crime such as destroying information contained in that
system". These subgroups may also be defined by the legal status of their activities.
2. Phreaker
Phreaking is a slang term coined to describe the activity of a culture of people who study,
experiment with, or explore telecommunication systems, such as equipment and systems
connected to public telephone networks. The term phreak is a sensational spelling of the
word freak with the ph- from phone, and may also refer to the use of various
audio frequencies to manipulate a phone system. Phreak, phreaker, or phone phreak are
names used for and by individuals who participate in phreaking. Phreaking consisted of
techniques to evade the long-distance charges. This evasion was illegal; the crime was called
"toll fraud.
3. Script kiddies
38

A script kiddies is basically an amateur or non-expert hacker wannabe who breaks into people's
computer systems not through his knowledge in IT security and the ins and outs of a given
website, but through the prepackaged automated scripts (hence the name), tools, and software
written by people who are real hackers, unlike him. He usually has little to know
Knowledge of the underlying concept behind how those scripts he has on hand works.
Script kiddies have at their disposal a large number of effective, easily downloadable
programs capable of breaching computers and networks.
These are a number of reasons why a hacker would want to break into your computer. He
may use your computer and ISP account for illegal activity, like disturbing child,
pornography. One of the most recent uses of Trojan is to causes does (distributive denial of
services) attacks. In a this attacks, the client comments all of the servers located on
individuals PC to attack a single website. Thousands of individuals PCs can be command to
access a web site like eBay or yahoo at the same time, clogging the sites bandwidth and
causing and interruption of services.
SOME OTHER TYPES OF CYBER CRIMES -
1. Denial Of Service Attack

This is an act by the criminal, who floods the bandwidth of the victims network or fills his
email box with spam mail depriving him of the services he is entitled to access or provide.
2. Software Piracy
Theft of software through the illegal copying of genuine programs or the counterfeiting and
distribution of products intended to pass for the original. Retail revenue losses worldwide are
ever increasing due to this crime. It can be done in various ways- End user copying, hard disk
loading, Counterfeiting, Illegal downloads from the internet etc
39

3. Spoofing
Getting one computer on a network to pretend to have the identity of another computer,
usually one with special access privileges, so as to obtain access to the other computers on
the network is called spoofing.
CHAPTER -6
PREVENTION OF CYBER CRIME.
40
Fraud is a billion-dollar business and it is increasing every year. The PwC global economic
crime survey of 2009 suggests that close to 30 percent of companies worldwide have reported
being victims of fraud in the past year. Fraud involves one or more persons who intentionally
Act secretly to deprive another of something of value, for their own benefit. Fraud is as old as
humanity itself and can take an unlimited variety of different forms. However, in recent
years, the development of new technologies has also provided further ways in which
criminals may commit fraud. In addition to that, business reengineering, reorganization or
downsizing may weaken or eliminate control, while new information systems may present
additional
Traditional methods of data analysis have long been used to detect fraud. They require
complex and time-consuming investigations that deal with different domains of knowledge
like financial, economics, business practices and law. Fraud often consists of many instances
or incidents involving repeated transgressions using the same method. Fraud instances can be
similar in content and appearance but usually are not identical.
The first industries to use data analysis techniques to prevent fraud were the telephone
companies, the insurance companies and the banks (Decker 1998). One early example of
successful implementation of data analysis techniques in the banking industry is the FICO
Falcon fraud assessment system, which is based on a neural network shell.
Retail industries also suffer from fraud at POS. Some supermarkets have started to make use
of digitized closed-circuit television (CCTV) together with POS data of most susceptible
transactions to fraud.
Internet transactions have recently raised big concerns, with some research showing that
internet transaction fraud is 12 times higher than in-store fraud.
Fraud that involves cell phones, insurance claims, tax return claims, credit card transactions
etc. represent significant problems for governments and businesses, but yet detecting and
preventing fraud is not a simple task.
41

Fraud is an adaptive crime, so it needs special methods of intelligent data analysis to detect
and prevent it. These methods exist in the areas of Knowledge Discovery in Databases
(KDD), Data Mining, Machine Learning and Statistics. They offer applicable and successful
solutions in different areas of fraud crimes.
Cyber prevention Act 2012

The Cybercrime Prevention Act of 2012 is the first law in the Philippines which specifically
criminalizes computer crime, which prior to the passage of the law had no strong legal
42

precedent in Philippine jurisprudence. While laws such as the Electronic Commerce Act of
2000 (Republic Act No. 8792[6]) regulated certain computer-related activities, these laws did
not provide a legal basis for criminalizing crimes committed on
a computer in general: for example, One l de Guzman, the computer programmer charged
with purportedly writing the I LOVE YOU computer worm, was ultimately not
prosecuted by Philippine authorities due to a lack of legal basis for him to be charged
under existing Philippine laws at the time of his arrest.
The initial draft of the law started in 2002 from the former Information Technology and e
Commerce Council (ITECC) Legal and Regulatory Committee chaired by Atty.
Reactions
The new Act received mixed reactions from several sectors upon its enactment,
particularly
with
how
its
provisions
could
potentially
affect
freedom
of
expression, freedom of speech and data security in the Philippines.
The local business process outsourcing industry has received the new law well, citing an
increase in the confidence of investors due to measures for the protection of electronic
devices and online data. Media organizations and legal institutions though have criticized
the Act for extending the definition of libel as defined in the Revised Penal Code of the
Philippines, which has been criticized by international organizations as being
outdated: the United Nations for one has remarked that the current definition of libel as
defined in the Revised Penal Code is inconsistent with the International Covenant on
Civil and Political Rights, and therefore violates the respect of freedom of expression.
Local media and journalist groups which are opposed to it. The Centre for Law and
Democracy also published a detailed analysis criticizing the law from a freedom of
expression perspective.
Steps for prevention of Cyber Crime

Prevention is always better than cure. It is always better to take certain precaution while
operating the net. Never disclose your personal information publicly on websites. This is as
43

Good as disclosing your identity to strangers in public place.
Always avoid sending any photograph online particularly to strangers and chat friends
as there have been incidents of misuse of the photographs.
Never enter your credit card number to any site that is not secured, to prevent its
misuse.
Always keep a watch on the sites that your children are accessing to prevent any
kind of harassment or depravation in children
Always use latest and updated Antivirus software to guard against virus attacks.
To prevent loss of data due to virus attacks, always keep back up of your data.
It is advisable to use a security program that gives control over the cookies and send
information back to the site, as leaving the cookies unguarded might prove fatal.
Use of firewalls proves beneficial.
Website owners should watch traffic and check any irregularity on the site. Putting host-based
intrusion detection devices on servers will serve the purpose. Capacity of human mind is
profound. It is not possible to eliminate cyber crime from the cyber space. It is quite possible
to check them. History is the witness that no legislation has
Succeeded in totally eliminating crime from the globe. The only possible step is to make
people aware of their rights and duties and to guard ourselves so that crime has no effect on
us.
44

CHAPTER -6
CYBER LAWS IN INDIA
INTRODUCTION
In Simple way we can say that cyber crime is unlawful acts wherein the computer is either a
tool or a target or both Cyber crimes can involve criminal activities that are traditional in
nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the
Indian Penal Code. The abuse of computers has also given birth to a gamut of new age crimes
45

That is addressed by the Information Technology Act, 2000.
Cyber law (also referred to as cyber law) is a term used to describe the legal issues related to
use of communications technology, particularly "cyberspace", i.e. the Internet. It is less a
distinct fielding of law in the way that property or contracts are as it is an intersection of
many legal fields, including intellectual property, privacy, freedom of expression, and
jurisdiction. In essence, cyber law is an attempt to integrate the challenges presented by
human activity on the Internet with legacy system of laws applicable to the physical world.
Advantages of Cyber Laws

The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber
crimes. We need such laws so that people can perform purchase transactions over the Net
through credit cards without fear of misuse. The Act offers the much-needed legal framework
so that information is not denied legal effect, validity or enforceability, solely on the ground
that
it
is
in
the
form
of
electronic
records.
In view of the growth in transactions and communications carried out through electronic
records, the Act seeks to empower government departments to accept filing, creating and
retention of official documents in the digital format. The Act has also proposed a legal
framework for the authentication and origin of electronic records / communications through
digital signature.
From the perspective of e-commerce in India, the IT Act 2000 and its provisions
contain many positive aspects. Firstly, the implications of these provisions for the ebusinesses would be that email would now be a valid and legal form of
communication in our country that can be duly produced and approved in a court of
law.
Companies shall now be able to carry out electronic commerce using the legal
infrastructure provided by the Act.

Digital signatures have been given legal validity and sanction in the Act.
The Act throws open the doors for the entry of corporate companies in the business of
being Certifying Authorities for issuing Digital Signatures Certificates.
46
The Act now allows Government to issue notification on the web thus heralding egovernance.
The Act enables the companies to file any form, application or any other document
with any office, authority, body or agency owned or controlled by the appropriate
Government in electronic form by means of such electronic form as may be
prescribed by the appropriate Government.
The IT Act also addresses the important issues of security, which are so critical to the
success of electronic transactions.
The Act has given a legal definition to the concept of secure digital signatures that
would be required to have been passed through a system of a security procedure, as
stipulated by the Government at a later date.
Under the IT Act, 2000, it shall now be possible for corporate to have a statutory remedy in
case if anyone breaks into their computer systems or network and causes damages or copies
data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs.
1 Crore.
IT Act of India 2000

In May 2000, both the houses of the Indian Parliament passed the Information Technology
Bill. The Bill received the assent of the President in August 2000 and came to be known as
The Information Technology Act, 2000. Cyber laws are contained in the IT Act, 2000.
This Act aims to provide the legal infrastructure for e-commerce in India. And the
cyber laws have a major impact for e-businesses and the new economy in India. So, it
is important to understand what are the various perspectives of the IT Act, 2000 and
what it offers.
The Information Technology Act, 2000 also aims to provide for the legal framework
so that legal sanctity is accorded to all electronic records and other activities carried
47

out by electronic means. The Act states that unless otherwise agreed, an acceptance of
contract may be expressed by electronic means of communication and the same shall
have legal validity and enforceability.
Some highlights of the Act are listed below:
Chapter-II of the Act specifically stipulates that any subscriber may authenticate an
electronic record by affixing his digital signature. It further states that any person can
verify an electronic record by use of a public key of the subscriber.
Chapter-III of the Act details about Electronic Governance and provides inter alia
amongst others that where any law provides that information or any other matter shall
be in writing or in the typewritten or printed form, then, notwithstanding anything
contained in such law, such requirement shall be deemed to have been satisfied if such
information or matter is rendered or made available in an electronic form; and
accessible so as to be usable for a subsequent reference. The said chapter also details
the legal recognition of Digital Signatures.
Chapter-IV of the said Act gives a scheme for Regulation of Certifying Authorities.
The Act envisages a Controller of Certifying Authorities who shall perform the
function of exercising supervision over the activities of the Certifying Authorities as
also laying down standards and conditions governing the Certifying Authorities as
also specifying the various forms and content of Digital Signature Certificates.
The Act recognizes the need for recognizing foreign Certifying Authorities and it
further details the various provisions for the issue of license to issue Digital Signature
Certificates.
Chapter-VII of the Act details about the scheme of things relating to Digital Signature
Certificates. The duties of subscribers are also enshrined in the said Act.
Chapter-IX of the said Act talks about penalties and adjudication for various offences.
The penalties for damage to computer, computer systems etc. has been fixed as
48

damages by way of compensation not exceeding Rs. 1,00,00,000 to affected persons.
The Act talks of appointment of any officers not below the rank of a Director to the
Government of India or an equivalent officer of state government as an Adjudicating
Officer who shall adjudicate whether any person has made a contravention of any of
the provisions of the said Act or rules framed there under. The said Adjudicating
Officer has been given the powers of a Civil Court.
Chapter-X of the Act talks of the establishment of the Cyber Regulations Appellate
Tribunal, which shall be an appellate body where appeals against the orders passed by
the Adjudicating Officers, shall be preferred.
Chapter-XI of the Act talks about various offences and the said offences shall be
investigated only by a Police Officer not below the rank of the Deputy Superintendent
of Police. These offences include tampering with computer source documents,
publishing of information, which is obscene in electronic form, and hacking.
The Act also provides for the constitution of the Cyber Regulations Advisory
Committee, which shall advice the government as regards any rules, or for any other
purpose connected with the said act. The said Act also proposes to amend the Indian
Penal Code, 1860, the Indian Evidence Act, 1872, The Bankers' Books Evidence Act,
1891, The Reserve Bank of India Act, 1934 to make them in tune with the provisions
of the IT Act.
CONCLUSION
49

Lastly I conclude by saying that Thieves are not born, but made out of opportunities. This
quote exactly reflects the present environment related to technology, where it is
changing very fast.
By the
time regulators come up with preventive measures to protectcustomers
from
innovative frauds, either the environment itself changes or new technology emerges. This
helps criminals to find new areas to commit the fraud. Computer forensics has developed as
an indispensable tool for law enforcement. But in the digital world, as in the physical world
the goals of law enforcement are balanced with the goals of maintaining personal liberty and
privacy.
Jurisdiction over cyber crimes should be standardized around the globe to make swift action
possible against terrorist whose activities are endearing security worldwide. The National
Institute of justice, technical working group digital evidence are some of the key organization
involved in research. The ATM fraud is not the sole problem of banks alone. It is a big threat
and it requires a
co-ordinated and cooperative action on the part of the bank, customers and the law
enforcement machinery. The ATM frauds not only cause financial loss to banks but they also
undermine customers' confidence in the use of ATMs. This would deter a greater use of ATM
for monetary transactions. It is therefore in the interest of banks to prevent ATM frauds. There
is
thus
needto take precautionary and insurance measures that give greater "protection" to the ATMs,
particularly those located in less secure areas.
Traditional systems like credit cards had some security features built into them to prevent
such crime but issue of e-money by unregulated institutions may have one. Preventing cyber
money laundering is an uphill task which needs to be tackled at different levels. This has
to be fought on three planes, first by banks/ financial institutions, second by
nation states and finally through international efforts. The regulatory framework must also
take into account all the related issues like development of e-money, right to
privacy of individual. International law and international co-operation will go a long way
in this regard. Capacity of human mind is unfathomable. It is not possible to eliminate cyber
crime from the cyber space. It is quite possible to check them. History is the witness that no
Legislation has succeeded in totally eliminating crime from the globe. The only possible step
is to make people aware of their rights and duties (to report crime as a collective
duty towards the society) and further making the application of the laws more stringent
to check crime. Undoubtedly the Act is a historical step in the cyber world. Further I all
50

together do not deny that there is a need to bring changes in the Information Technology
Act to make it more effective to combat cyber crimes
NAME OF BOOKS
AUTHORS NAME
WHAT IS CYBER CRIME
NAGPAL R.
CYBER CRIME
DUGGAL PAWAN
KUMAR
THE
VINODBATTLE
WINNING PARTHASARTHI PATI

AGAINST
CYBER CRIME
BIBLIOGRAPHY
51
WIBLIOGRAPHY
52
http;//www.hdfcbank.com/abouts/security/emeal_security.htm.
http;//www.navi.org/pati/pati_cybercrime-dce.03htm.
http;//www.legalserviceindia.com/article/1262-cyber-crimes-&generalprincipals.html
http;//www.mouthshut.com/review/avoiding_credit-card_fraud-20736-1.html
53

https://en.wikipedia.org/wiki/Bank_fraud
www.silverinnings.in/docs/Finance/Frauds/Types of Internet Fraud.
www.crossdomainsolutions.com/cyber-crime/
www.infosecawareness.in/cyber-laws/it-act-of-india-2000
ANNEXURE
Abbreviation
54

PIN
Personal Identification Number
ATM
Automated Teller Machine
CVV
Card Verification Value
IFCC
Internet Fraud Complaint Center
HSM
Hardware Security Module
EFT
Electronic Fund Transfer
ERP
Enterprise Resource Planning
GUI
Graphical User Interface
NFMS
Neural Fraud Management System
AMS
Automatic Modeling System
TSP
Time Stamp Protocol
IRS
Internal Revenue Service
URL
Uniform Resource Locator
THANK YOU
55

Cyber Crimes in Banking Sector

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Cyber Crimes in Banking Sector

Caricato da

Copyright:

Formati disponibili

CYBER CRIMES IN BANKS

Meaning of Cyber Crime.

CYBER CRIMES IN BANKS

MEANING OF COMPUTER CRIME

Criminals can operate anonymously over the Computer Networks.

DEFINITION OF CYBER CRIME :2

CYBER CRIMES IN BANKS

CYBER CRIMES IN BANKS

Lapses in system make easy the job of offender to dupe banks.

CYBER CRIMES IN BANKS

Thus banking Fraud can be Classified as :

CYBER CRIMES IN BANKS

3. Wire transfer fraud

CYBER CRIMES IN BANKS

4. Forged or fraudulent documents

CYBER CRIMES IN BANKS

Forgery and altered cheques

CYBER CRIMES IN BANKS

3. Forgery and altered cheques :

CYBER CRIMES IN BANKS

5. Bill discounting fraud

CYBER CRIMES IN BANKS

CYBER CRIMES IN BANKS

REASONS FOR CYBER CRIME:

CYBER CRIMES IN BANKS

CYBER CRIMES IN BANKS

1. Children and adolescents between the age group of 6-18 years

CYBER CRIMES IN BANKS

3. Professional hackers / crackers

CYBER CRIMES IN BANKS

CYBER CRIMES IN BANKS

ATM and Debit Card Fraud

CYBER CRIMES IN BANKS

Criminals Steel Your Money

Magnetic Card Skimmers steal your data

CYBER CRIMES IN BANKS

CYBER CRIMES IN BANKS

Hacking ATM PIN

CYBER CRIMES IN BANKS

CYBER CRIMES IN BANKS

CYBER CRIMES IN BANKS

CYBER CRIMES IN BANKS

Credit Card Fraud

CYBER CRIMES IN BANKS

Types of credit card fraud:

Lost and Stolen Credit Cards

Lost and Stolen Credit Cards

CYBER CRIMES IN BANKS

CYBER CRIMES IN BANKS

CYBER CRIMES IN BANKS

PREVENTION FOR CREDIT CARD FRAUD

CYBER CRIMES IN BANKS

CYBER CRIMES IN BANKS

CYBER CRIMES IN BANKS

CYBER CRIMES IN BANKS

Tips to avoiding phishing scams

CYBER CRIMES IN BANKS

Genuine sites use encryption to transfer your sensitive information securely. So

Regularly log into your online accounts.

Ensure that your browser is up to date and security patches applied.

CYBER CRIMES IN BANKS

IDENTITY THEFT AND IDENTITY FRAUDS

Identity theft is no longer an unusual occurrence. It is rapidly evolving and is quickly

CYBER CRIMES IN BANKS