Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
indispensable in a modern society. It plays a pivotal role in economic development of a country and
Banking industry in India has traversed a long way to assume its present stature. It has undergone a
major structural transformation after the nationalization of 14 major commercial banks in 1969 and 5
more on 15 April 1980. Banks are the engines that drive the operations in the financial sector, which
is vital for the economy. With the nationalization of banks in 1969, they also have emerged as
engines for social change. After Independence, the banks have passed through three stages. They
have moved from the character based lending to ideology based lending to today competitiveness
based lending in the context of India's economic liberalization policies and the process of linking
with the global economy. A sound banking system should possess three basic characteristics to
(iii) an in house immediate grievance remedial system. All these conditions are their missing or
Section 5(b) of the Banking Regulation Act, 1949 defines banking as Banking is the accepting for
the purpose of lending or investment, deposits of money from the purpose of lending or investment,
deposits of money from the public, repayable on demand or otherwise and withdraw able by cheque,
In the present day, Global Scenario Banking System has acquired new dimensions. Banking did
spread in India. Today, the banking system has entered into competitive markets in areas covering
1
resource mobilization, human resource development, customer services and credit management as
well. With the rising banking business, frauds in banks are also increasing and the fraudsters are
becoming more and more sophisticated and ingenious. In a bid to keep pace with the changing times,
the banking sector has diversified its business manifold. Replacement of the philosophy of class
banking with mass banking in the post-nationalization period has thrown a lot of challenges to the
management on reconciling the social responsibility with economic viability. The banking system in
our country has been taking care of all segments of our socio-economic set up. A bank fraud is a
deliberate act of omission or commission by any person carried out in the course of banking
transactions or in the books of accounts, resulting in wrongful gain to any person for a temporary
Fraud is defined as any behavior by which one person intends to gain a dishonest advantage over
another. In other words , fraud is an act or omission which is intended to cause wrongful gain to one
person and wrongful loss to the other, either by way of concealment of facts or otherwise. Fraud is
defined u/s 421 of the Indian Penal Code and u/s 17 of the Indian Contract Act. Thus essential
3. It must be with the knowledge that it is false or without belief in its truth; and
4. It must induce another to act upon the assertion in question or to do or not to do certain act.
allegations, or by concealment of what should have been disclosed that deceives and is intended to
deceive another so that the individual will act upon it to her or his legal injury. In law, the deliberate
misrepresentation of fact for the purpose of depriving someone of a valuable possession or legal
2
right. Any omission or concealment that is injurious to another or that allows a person to take
unconscionable advantage of another may constitute criminal fraud. The most common type of fraud
is the obtaining of property by giving a check for which there is insufficient funds in the signer's
account. Another is the assumption of someone else's or a fictitious identity with the intent to
deceive. Also important are mail and wire fraud (fraud committed by use of the postal service or
electronic devices, such as telephones or computers). A tort action based on fraud is sometimes
Losses sustained by banks as a result of frauds exceed the losses due to robbery, dacoit, burglary and
theft-all put together. Unauthorized credit facilities are extended for illegal gratification such as case
credit allowed against pledge of goods, hypothecation of goods against bills or against book debts.
Common modus operandi are, pledging of spurious goods, inletting the value of goods,
hypothecating goods to more than one bank, fraudulent removal of goods with the knowledge and
While the operations of the bank have become increasingly significant, there is also an occupation
hazard. There is a Tamil proverb, which says that a man who collects honey will always be tempted
to lick his fingers. Banks are all the time dealing with money and the temptation should therefore is
very high. Oscar Wilde said that the thief was an artist and the policeman was only a critic. There are
many people who are unscrupulous and are able to perpetrate a fraud. We must be able to see that we
devise our systems and procedures in such a way that the scope for such clever and unscrupulous
people is reduced.
Frauds in deposit accounts take place by opening of bogus accounts, forging signatures of introducers
and collecting through such accounts stolen or forged cheques or bank drafts. Frauds are also
3
committed in the area of granting overdraft facility in the current accounts of customers. A large
number of frauds have been committed through bank draft, mail transfers and telegraphic transfers.
An analysis made of cases brings out broadly the under mentioned four major elements responsible
1. Active involvement of the staff-both supervisor and clerical either independent of external
2. Failure on the part of the bank staff to follow meticulously laid down instructions and guidelines.
4. There has been a growing collusion between business, top banks executives, civil servants and
politicians in power to defraud the banks, by getting the rules bent, regulations flouted and banking
Beyond financial (monetary) losses fraud has other negative consequences that impact an institution
reputation, customer loyalty, and the confidence of the shareholder. Moreover in the greater impact,
The individual who fall victim to fraud can experience mental, psychological, financial, social and
Physical damage. The impact of fraud can also be very damaging to cooperate victims where
small/medium scale businesses are most times unable to recover from the financial or reputational
damage caused. However most large companies literally feel the impact through the increase cost of
doing business.
4
1.5 FRAUD MANAGEMENT
Today while , electronic tracking and improved security has deter fraud practices the threat still exist
and bank fraud still occurs on regular basis. Fraud as have been mentioned earlier on is a crime, and
is becoming difficult to pin down, however, with the right management controls, practices and policy
frame work, it can be mitigated. While financial institutions are increasingly spending more resources
on the management of fraud and it allied, the traditional approach of using transaction monitoring
systems can only work well for detecting individual point of sales fraud in real time.
The financial institutions need an integrated framework together with most comprehensive plan new
and modern fraud detection and prevention. This management approach needs to protect fraud at the
point and time of transaction, accurately detect incidents in transaction, span all the ways customers
interact with the institution and provide structured oversight for the fraud management program me.
There are some key elements that can help institutions to successfully prevent fraud. The institutions
must
Have managers who understand their responsibilities for preventing and detecting the risk of
fraud
Have employees who understand their responsibility for preventing fraud and detecting the
risk of fraud
5
CHAPTER : 2 TYPES OF BANK FRAUDS
1. Wire fraud
Wire transfer networks such as the international interbank fund transfer system are tempting as
targets as a transfer, once made, is difficult or impossible to reverse. As these networks are used by
banks to settle accounts with each other, rapid or overnight wire transfer of large amounts of money
are commonplace; while banks have put checks and balances in place, there is the risk that insiders
may attempt to use fraudulent or forged documents which claim to request a bank depositor's money
be wired to another bank, often an offshore account in some distant foreign country.
2. Rogue traders
A rogue trader is a highly placed insider nominally authorised to invest sizeable funds on behalf of
the bank; this trader secretly makes progressively more aggressive and risky investments using the
bank's money, when one investment goes bad, the rogue trader engages in further market speculation
in the hope of a quick profit which would hide or cover the loss. Unfortunately, when one investment
loss is piled onto another, the costs to the bank can reach into the hundreds of millions of dollars;
there have even been cases in which a bank goes out of business due to market investment losses.
3. Fraudulent loans
One way to remove money from a bank is to take out a loan, a practice bankers would be more than
willing to encourage if they know that the money will be repaid in full with interest. A fraudulent
loan, however, is one in which the borrower is a business entity controlled by a dishonest bank officer
or an accomplice; the "borrower" then declares bankruptcy or vanishes and the money is gone. The
6
borrower may even be a non-existent entity and the loan merely an artifice to conceal a theft of a
Forged documents are often used to conceal other thefts; banks tend to count their money
meticulously so every penny must be accounted for. A document claiming that a sum of money has
therefore be valuable to a thief who wishes to conceal the minor detail that the bank's money has in
5. Uninsured deposits
There are a number of cases each year where the bank itself turns out to be uninsured or not licensed
to operate at all. The objective is usually to solicit for deposits to this uninsured "bank", although
some may also sell stock representing ownership of the "bank". Sometimes the names appear very
official or very similar to those of legitimate banks. For instance, the "Chase Trust Bank" of
Washington D.C. appeared in 2002 with no licence and no affiliation to its seemingly apparent
namesake; the real Chase Manhattan Bank is based in New York. There is a very high risk of fraud
The risk is greatest when dealing with offshore or Internet banks (as this allows selection of countries
with lax banking regulations), but not by any means limited to these institutions.
Demand draft fraud is usually done by one or more dishonest bank employees. They remove few DD
leaves or DD books from stock and write them like a regular DD. Since they are insiders, they know
the coding, punching of a demand draft. These Demand drafts will be issued payable at distant
7
town/city without debiting an account. Then it will be cashed at the payable branch. For the paying
branch it is just another DD. This kind of fraud will be discovered only when the head office does the
branch-wise reconciliation, which normally will take 6 months. By that time the money is
unrecoverable.
Thieves have altered cheques to change the name (in order to deposit cheques intended for payment
to someone else) or the amount on the face of a cheque (a few strokes of a pen can change Rs.10000
into Rs.100,000, although such a large figure may raise some eyebrows). Instead of tampering with a
real cheque, some fraudsters will attempt to forge a depositor's signature on a blank cheque or even
print their own cheques drawn on accounts owned by others, non-existent accounts or even alleged
accounts owned by non-existent depositors. The cheque will then be deposited to another bank and
the money withdrawn before the cheque can be returned as invalid or for non-sufficient funds.
8. Stolen cheques
Some fraudsters obtain access to facilities handling large amounts of cheques, such as a mailroom or
post office or the offices of a tax authority (receiving many cheques) or a corporate payroll or a social
or veterans' benefit office (issuing many cheques). A few cheques go missing; accounts are then
opened under assumed names and the cheques (often tampered or altered in some way) deposited so
that the money can then be withdrawn by thieves. Stolen blank chequebooks are also of value to
8
9. Accounting fraud
In order to hide serious financial problems, some businesses have been known to use fraudulent
bookkeeping to overstate sales and income, inflate the worth of the company's assets or state a profit
when the company is operating at a loss. These tampered records are then used to seek investment
in the company's bond or security issues or to make fraudulent loan applications in a final attempt to
obtain more money to delay the inevitable collapse of an unprofitable or mismanaged firm.
Accounting fraud has also been used to conceal other theft taking place within a company.
Essentially a confidence trick, a fraudster uses a company at their disposal to gain confidence with a
bank, by appearing as a genuine, profitable customer. To give the illusion of being a desired
customer, the company regularly and repeatedly uses the bank to get payment from one or more of its
customers. These payments are always made, as the customers in question are part of the fraud,
actively paying any and all bills raised by the bank. After time, after the bank is happy with the
company, the company requests that the bank settles its balance with the company before billing the
customer. Again, business continues as normal for the fraudulent company, its fraudulent
customers, and the unwitting bank. Only when the outstanding balance between the bank and the
company is sufficiently large, the company takes the payment from the bank, and the company and
its customers disappear, leaving no-one to pay the bills issued by the bank.
11.Cheque kiting
Cheque kiting exploits a system in which, when a cheque is deposited to a bank account, the money
is made available immediately even though it is not removed from the account on which the cheque is
drawn until the cheque actually clears. Deposit Rs.1000 in one bank, write a cheque on that amount
and deposit it to your account in another bank; you now have Rs2000 until the cheque clears.
9
In-transit or non-existent cash is briefly recorded in multiple accounts. A cheque is cashed and,
before the bank receives any money by clearing the cheque, the money is deposited into some other
account or withdrawn by writing more cheques. In many cases, the original deposited cheque turns
out to be a forged cheque. Some perpetrators have swapped checks between various banks on a daily
basis, using each to cover the shortfall for a previous cheque. What they were actually doing was
check kiting; like a kite in the wind, it flies briefly but eventually has to come back down to the
ground.
Credit card fraud is widespread as a means of stealing from banks, merchants and clients. A credit
card is made of three plastic sheet of polyvinyl chloride. The central sheet of the card is known as the
core stock. These cards are of a particular size and many data are embossed over it. But credit cards
v) Genuine cards are obtained on fraudulent applications in the names/addresses of other persons and
used. It is feared that with the expansion of E-Commerce, M-Commerce and Internet facilities being
available on massive scale the fraudulent fund freaking via credit cards will increase tremendously.
i) Booster cheques:
A booster cheque is a fraudulent or bad cheque used to make a payment to a credit card account in
order to "bust out" or raise the amount of available credit on otherwise-legitimate credit cards. The
amount of the cheque is credited to the card account by the bank as soon as the payment is made,
10
even though the cheque has not yet cleared. Before the bad cheque is discovered, the perpetrator goes
on a spending spree or obtains cash advances until the newly-"raised" available limit on the card is
reached. The original cheque then bounces, but by then it is already too late.
Often, the first indication that a victim's wallet has been stolen is a phone call from a credit card
issuer asking if the person has gone on a spending spree; the simplest form of this theft involves
stealing the card itself and charging a number of high-ticket items to it in the first few minutes or
A variant of this is to copy just the credit card numbers (instead of drawing attention by stealing the
card itself) in order to use the numbers in online frauds. The use of a four digit Personal Identity
This takes a number of forms, ranging from a dishonest merchant copying clients' credit card
numbers for later misuse (or a thief using carbon copies from old mechanical card imprint machines
to steal the info) to the use of tampered credit or debit card readers to copy the magnetic stripe from a
payment card while a hidden camera captures the numbers on the face of the card.
Some thieves have surreptitiously added equipment to publicly accessible automatic teller machines;
a fraudulent card stripe reader would capture the contents of the magnetic stripe while a hidden
camera would sneak a peek at the user's PIN. The fraudulent equipment would then be removed and
the data used to produce duplicate cards that could then be used to make ATM withdrawals from the
victims' accounts.
11
13. Empty ATM envelope deposits:
A criminal overdraft can result due to the account holder making a worthless or misrepresented
deposit at an automated teller machine in order to obtain more cash than present in the account or to
prevent a check from being returned due to non-sufficient funds. The crime could also be perpetrated
against another person's account in an "account takeover" or with a counterfeit ATM card, or an
account opened in another person's name as part of an identity theft scam. This scenario may become
a thing of the past next decade due to the emergence of ATM deposit technology that scans currency
14. Impersonation:
Impersonation has become an increasing problem; the scam operates by obtaining information about
an individual, then using the information to apply for identity cards, accounts and credit in that
person's name. Often little more than name, parents' name, date and place of birth are sufficient to
obtain a birth certificate; each document obtained then is used as identification in order to obtain
more identity documents. Government issued standard identification numbers such as "social security
Information may be obtained from insiders (such as dishonest bank or government employees), by
fraudulent offers for employment or investments (in which the victim is asked for a long list of
In some cases, a name is needed to impersonate a citizen while working as an illegal immigrant but
often the identity thieves are using the bogus identity documents in the commission of other crimes or
even to hide from prosecution for past crimes. The use of a stolen identity for other frauds such
as gaining access to bank accounts, credit cards, loans and fraudulent social benefit or tax refund
claims is not uncommon. Unsurprisingly, the perpertators of such fraud have been known to take out
12
loans and disappear with the cash, quite content to see the wrong persons blamed when the debts go
These take a number of forms varying from individuals using false information to hide a credit
history filled with financial problems and unpaid loans to corporations using accounting fraud to
overstate profits in order to make a risky loan appear to be a sound investment for the bank.
Some corporations have engaged in over-expansion, using borrowed money to finance costly mergers
and acquisitions and overstating assets, sales or income to appear solvent even after becoming
The "prime bank" operation which claims to offer an urgent, exclusive opportunity to cash in on the
best-kept secret in the banking industry, guaranteed deposits in "prime banks", "constitutional banks",
"bank notes and bank-issued debentures from top 500 world banks", "bank guarantees and standby
letters of credit" which generate spectacular returns at no risk and are "endorsed by the World Bank"
or various national governments and central bankers. However, these official-sounding phrases and
more are the hallmark of the so-called "prime bank" fraud; they may sound great on paper, but the
guaranteed offshore investment with the vague claims of an easy 100% monthly return are all
Phishing operates by sending forged e-mail, impersonating an online bank, auction or payment site;
the e-mail directs the user to a forged web site which is designed to look like the login to the
13
legitimate site but which claims that the user must update personal info. The information thus stolen
is then used in other frauds, such as theft of identity or online auction fraud.
Phishing means sending an e-mail that falsely claims to be a particular enterprise and asking for
sensitive financial information. Phishing, thus, is an attempt to scam the user into surrendering
private information that will then be used by the scammer for his own benefit.Phishing uses 'spoofed'
e-mails and fraudulent Web sites that look very similar to the real ones thus fooling the recipients into
giving out their personal data. Most phishing attacks ask for credit card numbers, account usernames
and passwords. According to statistics phishers are able to convince up to five per cent of the
Money laundering has been used to describe any scheme by which the true origin of funds is hidden
or concealed. The operations work in various forms. One variant involved buying securities (stocks
and bonds) for cash; the securities were then placed for safe deposit in one bank and a claim on those
assets used as collateral for a loan at another bank. The borrower would then default on the loan. The
securities, however, would still be worth their full amount. The transaction served only to disguise
Paper currency is the usual mode of exchange of money at the personal level, though in business,
cheques and drafts are also used considerably. Bank note has been defined in Section 489A.If forgery
of currency notes could be done successfully then it could on one hand made the forger millionaire
and the other hand destroy the economy of the nation. A currency note is made out of a special paper
with a coating of plastic laminated on both sides of each note to protect the ink and the anti forgery
device from damage. More over these notes have security threads, water marks. But these things are
14
not known to the majority of the population. Forged currency notes are in full circulation and its
very difficult to catch hold of such forgers as once such notes are circulated its very difficult to track
its origin.
Computerization has brought advantages of efficiency, speed and economy in all spheres of life. It is
a very powerful tool and provides opportunities of efficiency and speed to everybody using it.
Further, the vast increase in the memory (whether RAM or storage) and processing speeds as well as
availability of wide range of software, particularly Internet and web-based applications i.e.
connectivity, have made them pervade all aspects of our lives. This has also brought large economy
of scale particularly in our economic environment and we are becoming more and more dependent on
computers and their networks for the services such systems deliver. Frauds committed using
computers vary from complex financial frauds where large amounts are illegally transferred between
accounts by sophisticated hackers, to the simpler frauds where computer is only a tool that a criminal
uses to commit a crime. It also provides ample opportunities for their misuse particularly for
economic or financial gains. This is as computers networks can also be used to commit crimes from
geographically far places. Such computer frauds are known by various names such as cyber crimes or
e-crimes and we can describe them as an act involving computer equipment, software or data that
losses running into very large sums. Although in India, frauds committed so far have not revealed any
extensive manipulation of computer systems, it is no doubt a potentially high-risk area, which should
be addressed carefully and in timely manner. According to a recent survey, companies in India have
15
1) Manipulation: In an ideal situation, where information systems have all the necessary controls,
which are properly integrated with other manual controls and maintained, there will generally be no
Not only, most system controls are not perfect, people also try to manipulate systems for variety of
motives from games playing, ego peer pressure, and hatred for the organization, emotional
maladjustment, blackmail and economic gains. Such people could be insiders, outsiders as well as
vendors, competitors in fact any one. Computer frauds gain their criticality as they are easy to
commit, difficult to detect and even harder to prove. The most important type of such frauds is
a) Input Manipulation: In input manipulation, input data such as deposit amounts in ledgers, limits in
b) Output manipulation: Output manipulation is achieved by affecting the output of the system, such
different accounts and siphoning of the rounded digits to another account. No system is foolproof and
fraudulent transfers can occur in even highly automated and secure funds transfer systems.
2) Unauthorized use: Other types of such frauds or crimes could be unauthorized access to computers
by hacking into systems or stealing passwords, deliberate damage caused to computer data or
programs, computer forgery (changing of data or images stored in computers) and un-authorized
3) Awareness: Other important causes of such frauds are lack of employee awareness, poor
implementation of security policies and segregation of duties, vendor products with weak security
controls, outsourced service providers and hackers (many as young as school students). Computer
frauds in such cases are generally for economic benefit to the fraudster and corresponding loss to the
organization.
16
CHAPTER : 3 MEASURES TAKEN BY BANK TO AVOID FRAUD
A close study of any fraud in bank reveals many common basic features. There may have been
negligence or dishonesty at some stage, on part of one or more of the bank employees. One of them
may have colluded with the borrower. The bank official may have been putting up with the
borrowers sharp practices for a personal gain. The proper care which was expected of the staff, as
custodians of banks interest may not have been taken. The banks rules and procedures laid down in
the Manual instructions and the circulars may not have been observed or may have been deliberately
ignored.
Components of Fraud:
There are two important components in any fraud committed by an employee of a bank, himself or in
collusion with a burrower. They are, firstly, the intention which is subjective; and secondly, the
opportunity which is objective. Conditions must be created in the bank that the person who intends
In India, the design, management and regulation of electronically-based payments system are
becoming the focus of policy deliberations. The imperatives of developing an effective, efficient and
speedy payment and settlement systems are getting sharper with introduction of new instruments
such as credit cards, telebanking, ATMs, retail Electronic Funds Transfer (EFT) and Electronic
Clearing Services (ECS). We are moving towards smart cards, credit and financial Electronic Data
Interchange (EDI) for straight through processing. We are basically concerned about computer frauds
committed by an unauthorized user (whether insider or outsider) to the computer networks, which
aims at causing economic or financial gains to the user by this act or an economic or financial loss to
17
3.1 PREVENTION OF FRAUDS
i) Internal Prevention:
It is said that failures are the stepping stone for success. What this means is that if we are able to
analyse why a particular failure by way of a fraud took place, we can then detect the loopholes in our
system which led to the fraud and take corrective measures or change the system. For instance the
great Harshad Mehta scam took place because among other things, the public debt office of the
Reserve Bank of India was not computerized and was operating on a manual system. This gave a
float of fifteen days, which gave opportunity for people like Ketan Parekh to perpetrate the fraud.
Even after this scam while in the case of the RBI the defect was rectified the overall banking system
is still manual. Only 5000 out of the 65000 branches of banks are computerised. In today's
competitive market, it is necessary that the banks are able to service their clients effectively.
Therefore strongly urge is that we should have a massive effort at computerisation of the banks.
Execution of Documents:
1. A bank officer must adopt a strict professional approach in the execution of documents. The ink
and the pen used for the execution must be maintained uniformly.
2. Bank documents should not be typed on a typewriter for execution. These should be invariably
3. The execution should always be done in the presence of the officer responsible for obtain them,
4. The borrowers should be asked to sign in full signatures in same style throughout the documents.
5. Unless there is a specific requirement in the document, it should not be got attested or witnessed as
such attestation may change the character of the instruments and the documents may subject to stamp
duty.
6. The paper on which the bank documents are made should be pilfer proof. It should be unique and
7. The printing of the bank documents should have highly artistic intricate and complex graphics.
18
8. The documents executed between Banker and Borrowers must be kept in safe custody,
One issue when a fraud is perpetrated is who should be held responsible. For instance in the case of
the borrower-based accounts, there is the person who posts the accounts, there is the person who
passes the instrument and, there is a third person who makes the payment. It has been suggested that
there must be a method of isolating the person who makes the payment from the people who make
the posting or pass the order. The relative responsibility of the three will have to be fixed. This is an
issue that has been raised before me by one of the Chairman of the banks. Perhaps in a program like
this we will be able to go into such issues and evolve guidelines about what should be done so that
while the innocent is not punished, the guilty are not spared.
Another issue, which is of importance to the Indian economy. This is the reported fear of many
officers, especially in the middle levels in the banks, to take decisions regarding dispersal of funds.
As a result, there is always a tendency to push the case upwards and the whole banking system is
operating in a sub-optimal manner. We must be able to find a solution to this. In fact, the whole
vigilance function can become an effective function for economic growth if we are able to create an
environment in which the honest are encouraged to take the decision and the dishonest are punished
quickly.
Bank frauds are the failure of the banker. It does not mean that the external frauds do not defraud
banks. But if the banker is upright and knows his job, the task of defrauder will become extremely
In the banking and financial sectors, the introduction of electronic technology for transactions,
settlement of accounts, bookkeeping and all other related functions is now an imperative.
Increasingly, whether we like it or not, all banking transactions are going to be electronic. The thrust
is on commercially important centers, which account for 65 percent of banking business in terms of
value. There are now a large number of fully computerized branches across the country.
19
a) Appropriate controls:
The first steps in prevention of frauds in computerized systems involve setting up of proper access
controls both physical and logical. The physical protection of Information System assets means
physical control of access to computer and network systems and the devices to which they are
connected. Access to these systems could be controlled by security guards, installation of code locks,
smart card driven door opening devices or modern biometric devices (which control the access on the
basis of certain individual characteristics such as finger-prints, eyes retina image etc., which cannot
be changed or falsified).
However, in a computerized environment, logical access controls (i.e. controls to operating systems,
data-base systems as well as application systems) play more important role. Adequate controls over
system software and data is done by keeping a strict control over functional division of labor between
all classes of employees, keeping in mind the principle of least privilege and that maker and checker.
A clear segmentation of access to system engineers, programmers and administrators is also done
depending on their work responsibility. Information System Auditors / Security Management must
exercise a great deal of creativity in identifying ways in which unauthorized users could gain access.
Hence, the first step in prevention of computer frauds is setting up of the appropriate controls.
b) Proper Implementation:
Second step in prevention of frauds would be to ensure that the users properly implement the control
systems. Control measures could be either software driven like passwords or system driven like
exception reports and transaction authorization processes. In this connection, it may be noted that
access controls are a system in themselves and existence of such controls means existence and
In the case of passwords, as access control measures. It may be noted that merely having passwords is
not sufficient. It should also be ensured that password have been prescribed to have certain minimum
characters, are stored in encrypted files, there is a forced change of passwords at the time of first
20
login as well as after a specified period. These features however depend on the security policy of the
organization.
Systems are also designed to keep a chronological record of the events occurring in the system (i.e.
commands executed by the users, actions on files, messages displayed by the system, resources
consumption by the users, transaction entry and security violations) in the form of audit trails. These
can be built in operating systems, database management systems as well as application software. A
regular analysis of audit trails as control measure helps in containing any future loss through fraud.
However, although having good controls and maintaining them is a major step in prevention of frauds
it is still not sufficient to prevent them. Even with the best of systems and their maintenance, all the
possibilities of their misuse can neither be predicted nor tested. Even when the best of the access
controls tools are used and monitored, when data flows from within the network through data
communication lines or from one network to another or through Internet, protection of the data
becomes an important tool for prevention of frauds. For this, one can either depend on simple
processes like check sum or hash totals built in the software or may require using encryption
technology or cryptography. The complexity and cost of implementation of these methods varies a lot
Present technology also makes us available what is called as Intruder Detection Systems (IDS). IDS
are systems build up to detect intruders entering the network. It is the process of identifying and
responding to malicious activity targeted at computing and networking resources and is an important
component of defensive measures protecting computer system and networks from abuses.
i) Network Intrusion Detection Systems (NIDS) monitor packets on the network and attempt
ii) System Integrity Verifiers (SIV) monitors system files to detect when an intruder changes
log files that suggest an intruder is attacking. Once the hacker gets into the network it triggers an
As firewall acts like a fence around the network, it cannot on its own detect somebody trying to break
in. It restricts access at the designated points. IDS, on the other hand, are intended to recognize
attacks against the network that firewall are unable to see. 80% of all the financial losses are due to
hacking that come from inside the network. Firewall cannot see anything happening inside the
network. Firewall checks for traffic which passes between internal network and the Internet. Adding
IDS will double-check miss-configured firewalls; catch attempts that fail; catch insider hacking;
i) Internal detection:
Despite all care and vigilance there may still be some frauds, though their number, periodicity and
intensity may be considerably reduced. The following procedure would be very helpful if taken into
consideration:
1. All relevant data-papers, documents etc. Should be promptly collected. Original vouchers or other
papers forming the basis of the investigation should be kept under lock and key.
2. All persons in the bank who may be knowing something about the time, place a modus operandi of
3. The probable order of events should thereafter be reconstructed by the officer, in his own mind.
4. It is advisable to keep the central office informed about the fraud and further developments in
regard thereto.
One method of detection will be only by regular checks and this is where apparently there is
slackness today. Ultimately we must be able to create in our banks an atmosphere of trust on the one
22
side and transparency on the other so that frauds if they occur are immediately detected, checked and
penalized.
Apart from the systems and procedures, ultimately the whole issue boils down to the values we have.
Today we are highly tolerant of corruption. We also have in our Hindu philosophy the two basic
principles, which seem to indirectly encourage corruption. These are extreme tolerance and the
prayaschitta principle. As a result many people who commit frauds can literally get away freely. Our
systems are really to be blamed. As it is seen, if we make a quick analysis of 100 people in any given
organisation, 10% may be honest and 10% dishonest whatever we do. 80% depend on the systems we
have. And our systems encourage corruption due to the following factors:
Lack of transparency
Cushions of safety that have been built for the corrupt on the healthy principle that everybody is
innocent till proved guilty. We have got voluminous vigilance manuals and the corrupt can find
Do not know to what extent the bank frauds can be attributed to the people in our own banking
system that, because of loyalty of the profession or organisation, tends to protect the corrupt. Such
people may be doing a disservice to the nation. We should therefore be able to evolve ultimately
systems which tackle the corruption promoting factors mentioned above so that the punishment of the
corrupt becomes a perceived reality and acts as a check for people who have a tendency to commit
frauds. After all that is the way for prevention and detection of frauds.
23
ii) External detection:
Despite all such measures, as technology is taking rapid strides (for fraudsters as well as
organizations), system security administrators are discovering that they have to constantly improve
upon the technological tools. However, security can only reduce the possibility of fraud and not
totally rule it out. In a computerized environment, the perpetrators of fraud also expect their crime to
be near impossible to detect among the thousands or millions of transactions processed by the
organization. Hence to reduce the losses, timely detection of the frauds plays an important role. Bank
computer crimes have a typical feature, the evidence relating to crime is intangible. The evidences
can be easily erased, tampered or secreted. More over it is not easily detectable. More over the
evidence connecting the criminal with the crime is often not available. Computer crimes are different
from the usual crimes mainly because of the mode of investigation. There are no eyewitness, no usual
Hi-tech crime
The information technology is changing very fast. The normal investigator does not have the proper
background and knowledge .special investigators have to be created to carry out the investigations.
the FBI of USA have a cell, even in latest scenario there has been cells operating in the Maharashtra
police department to counter cyber crimes.C.B.I also have been asked to create special team for
International crime:
A computer crime may be committed in one country and the result can be in another country. There
has been lot of jurisdictional problem a though the Interpol does help but it too has certain
limitations. The different treaties and conventions have created obstructions in relation to tracking of
24
No-scene crime:
The computer satellite computer link can be placed or located any where. The usual crime scene is
the cyber space. The terminal may be anywhere and the criminal need not indicate the place. The
Faceless crime:
The major advantage criminal has in instituting a computer crime is that there is no personal
truly and in strict sense faceless. There are certain spy softwares which is utilized to find out
passwords and other vital entry information to a computer system. The entry is gained through a
The existing enacted laws of India are not at all adequate to counter cyber crimes. The Indian Penal
code, evidence act, and criminal procedure code has no clue about computers when they were
codified. It is highly required to frame and enact laws which would deal with those subjects which
are new to the country specially cyber law; Intellectual property right etc.
The Reserve Bank of India has come up with different proposals to make the way easier, they have
enacted electronic fund transfer act and regulations, have amended, The Reserve Bank of India Act,
Bankers Book Evidence Act etc., experience of India in relation to information and technology is
limited and is in a very immature state. It is very much imperative that the state should seek the help
As the success of the fraudster depends on how fast their crime is detected among very large number
of transactions processed by the organization, auditors and fraud investigators find that computers are
their best tools for detection of fraud. Powerful, interactive software that quickly sifts through
mountains of electronic data enables auditors to effectively detect and prevent fraud throughout an
organization.
25
3.3 SECURITY IN BANKING SYSTEM
Security implies sense of safety and of freedom from danger or anxiety. When a banker takes a
collateral security, say in the form of gold or a title deed, against the money lent by him, he has a
sense of safety and of freedom from anxiety about the possible non-payment of the loan by the
borrower. These should be communicated to all strata of the organization through appropriate means.
Before staff managers should analyze current practices. Security procedure should be stated explicitly
and agreed upon by each user in the specific environment. Such practices ensure information security
and enhance availability. Bank security is essentially a defense against unforced attacks by thieves,
A large part of banks security depends on social security measures. Physical security measures can be
defined as those specific and special protective or defensive measures adopted to deter, detect, delay,
defend and defeat or to perform any one or more of these functions against culpable acts, both covert
and acclamations natural events. The protective or defensive, measures adopted involve construction,
2. One person should not continue on the same seat for more than two months.
3. Daybook should not be written by the Cashier where another person is available to the job.
4. No cash withdrawal should be allowed within passbook in case of withdrawal by pay order.
5. The branch manager should ensure that all staff members have recorder their presence in the
26
CHANGES IN LEGISLATIONS AFTER ELECTRONIC TRANSACTIONS:
2. Section 92 of Indian Evidence Act, 1872 shall be amended to include commuter based
communications.
3. Section 93 of Bankers Book Evidence Act, 1891 has been amended to give legal sanctity for books
4. Section 94 of the Reserve Bank of India Act, 1939 shall be amended to facilitate electronic fund
transfers between the financial institutions and the banks. A new clause has been inserted in Section
58(2).
The cases of credit card frauds do not seem to end. Following the recent case of an ING Vysya Bank
employee, in partnership with others, duping the bank of crores, a case has been registered against a
Punjab National Bank (PNB) in Chandigarh. Baldev Singh, who works as a cashier-cum-computer
operator in the Kurali branch of PNB, has been remanded to police custody because of
duping the bank to an amount of Rs 2 lakh. According to the investigating officer, Ravindar Pal
Singh, the accused had first defrauded the bank of Rs 1.87 lakh; however, after he was caught, he
duped 2 more customers to the tune of Rs 1.1 lakh to clear the banks liability.
The case had come to the Kurali police when the head of PNB, Chandigarh Circle, had lodged a
complaint against Baldev on March 10. That day the bank had given Rs 8 lakh in cash to Baldev
12,700 but failed to deposit back the remaining amount of Rs 1, 87,300. After the bank authorities
27
had initiated an enquiry against the accused, he committed to the crime and agreed to pay back the
defrauded cash.
However, on March 15, he once again siphoned off Rs 1, 00,500 from the account of a customer,
Balveer Singh. Further enquiry also revealed that he had duped another customer, Beant Singh, of Rs
10,000 as he withdrew Rs 15,000 from Beants account when the latter had come to withdraw Rs
5,000.
The Economic Offences Wing, Crime Branch, Delhi Police, received a complaint from the vice
president, Operations, UTI Bank that many customers of various UTI banks in Delhi,
Vishakapatnam, Thane, Nasik, and Ahmedabad received emails claiming to have originated from the
bank. These emails included a hyperlink within the email itself, and a click on the link took the
recipients to a Web page, which was identical to UTI's Web page. Some unsuspecting recipients
responded to these mails, and gave their login information and passwords. Later on, through Internet
banking, a large number of fraudulent transactions took place. These transactions resulted in loss of
over Rs 20 lakh for customers with bank accounts in Delhi, Vishakapatnam, Thane, Nasik, and
Ahmedabad.
An analysis on those phishing mails revealed that they had originated from somewhere in Lagos,
Nigeria. The UTI phishing site had lifted the UTI logo as well as the Iconnect symbol from the
original UTI site in order to make the fake site look real. The fake site provided a 'click here' option,
which in turn took victims to a fake customer verification site based in Austria. IP addresses of the
fraudulent transactions indicated transactions had been made from Nigeria, Atlanta and California.
28
CONCLUSION
The Indian Banking Industry has undergone tremendous growth since nationalization of 14 banks in
the year 1969. There has an almost eight times increase in the bank branches from about 8000 during
1969 to more than 60,000 belonging to 289 commercial banks, of which 66 banks are in private
sector.
However, with the spread of banking and banks, frauds have been on a constant increase. It could be
a natural corollary to increase in the number of customers who are using banks these days. In the year
2000 alone we have lost Rs 673 crores in as many as 3,072 number of fraud cases. These are only
reported figures. There were nearly 65,800 bank branches of a total of 295 commercial banks in India
as on June 30, 2001 reporting a total of nearly 3,072 bank fraud cases.
The most important feature of Bank frauds is that ordinarily they do not involve an individual direct
victim. They are punishable because they harm the whole society. It is clear that money involved in
Bank belongs to public. There must be certain preventive and curative measures to control frauds.
The
higher authority of bank must follow strict rules against such fraudsters. The various new
Thus, a fraud is the game of two, the rule makers and the rule breakers. Fraud is a phenomenon that
29
BIBLOGRAPHY
WEBSITE:
www.google.co.in
www.yahoo.com
www.fraudsinindianbankingsector.com
www.icicibank.com
www.axisbank.com
www.scribd.com
30