Banking Related Technological Frauds

: Sunayana Sahu

Phishing is an attempt by fraudsters to 'fish' for your banking details. A phishing attempt usually is in the form of an e-mail that appears to be from your bank. What? The e-mail usually encourages you to click a link in it that takes you to a fraudulent log-on page designed to capture your details.

Persuading to give away confidential information such as their credit card details or online banking passwords on replica bank or credit card provider Web sites.
How do fraudsters operate?

However, one click on the link activates the downloading of a Trojan worm. This malware then monitors the user's surfing activity and when they enter their bank URL transports them to a bogus Web site, giving criminals easy access to any confidential passwords and log-in details.

y Web site spoofing is the act of creating a web site, as a hoax, with

the intention of performing fraud. y To make spoof sites seem legitimate, phishers use the names, logos, graphics and even code of the actual web site. y Fraudsters send e-mails with a link to a spoofed web site asking you to update or confirm account related information. y This is done with the intention of obtaining sensitive account related information like your Internet Banking user ID, password, PIN, credit card / debit card / bank account number, card verification value (CVV) number, etc..

y Skimming is a method used by fraudsters to capture

your personal or account information from your credit card. y Your card is swiped through the skimmer and the information contained in the magnetic strip on the card is then read into and stored on the skimmer or an attached computer.

y Vishing is a combination of Voice and Phishing that uses

Voice over Internet Protocol (VoIP) technology wherein fraudsters feigning to represent real companies such as banks attempt to trick unsuspecting customers into providing their personal and financial details over the phone.

y The fraudster sets up an automatic dialler which uses a modem to

call all the phone numbers in a region. y When the phone is answered, an automated recording is played to alert the customer that his/her credit card has had illegal activity and that the customer should call the recorded phone number immediately. The phone number is with a caller identifier that makes it appear that they are calling from the financial company they are feigning to represent. y When the customer calls the number, it is answered by a computergenerated voice that tells the customer they have reached 'account verification' and instructs the consumer to enter his/her 16-digit credit card number on the key-pad.

y Once a customer enters his/her credit card number, the

'visher' has all of the information necessary to place fraudulent charges on his/her card. Those responding are also asked for the security number found on the rear of the card. y The call can then be used to obtain additional details such as security PIN, expiry date, date of birth, bank account number, etc.

y Spam is an electronic 'junk mail' or unwanted

messages sent to your email account or mobile phone. y They may try to persuade you to buy a product or service, or visit a website where you can make purchases; or they may attempt to trick you into divulging your bank account or credit card details.

y Spyware such as Trojan Horse is generally considered

to be software that is secretly installed on a computer and takes things from it without the permission or knowledge of the user. y Spyware may take personal information, business information, bandwidth; or processing capacity and secretly gives it to someone else.

Preventive Solutions

TECHNOLOGICAL SOLUTIONS Biometric tokens Enhanced security ATM Monitoring Customized software's Customer motivation Alerts

y Difficult to Investigate

being Faceless, No-scene

Crime.
y Being high tech crime, the normal investigator does not

have the proper background and knowledge. Special investigators have to be created to carry out the investigations. y The Reserve Bank of India has come up with different proposals to counter these frauds, they have enacted Electronic Fund Transfer Act and regulations have been amended. But the experience is limited and is in a very immature state.

y The existing enacted laws of India are not at all

adequate to counter cyber crimes. The Indian Penal code, evidence act, and criminal procedure code had no clue about computers when they were codified. It is highly required to frame and enact laws which would deal with those subjects which are new to the country specially cyber law; Intellectual property right etc.