Cyber Crimes in Banks in IndiaEXECUTIVE SUMMARY Cyber crimes are any illegal activities committed using computer target of the criminal activity can be either a computer, network operations. Cyber crimes are genus of crimes, which use computers and networks for criminal activities. The difference between traditional crimes and cyber crimes is the cyber crimes can be transnational in nature. Cyber crime is a crime that is committed online in many areas using e-commerce. A computer can be the target of an offence when unauthorized access of computer network occurs and on other hand it affects E-COMMERCE. Cyber crime can be of various types such as Telecommunication Piracy, Electronic Money Laundering and Tax Evasion, Sales and Investment Fraud, Electronic Funds Transfer Fraud and so on…The modern contemporary era has replaced these traditional monetary instruments from a paper and metal based currency to ―plastic money‖ in the form of credit cards, debit cards, etc. This has resulted in the increasing use of ATM all over the world. The use of ATM is not only safe but is also convenient. This safety and convenience, unfortunately, has an evil side as well that do not originate from the use of plastic money rather by the misuse of the same. This evil side is reflected in the form of ―ATM frauds‖ that is a global problem. Internet commerce has grown exponentially during the past few years and is still growing. But unfortunately the growth is not on the expected lines because the credit card fraud which has become common has retarded the e-commerce growth. Credit card fraud has become regular on internet which not only affects card holders but also online merchants. Credit card fraud can be done by taking over the account, skimming or if the card is stolen. Certain preventive measures can be taken to becoming a 1 Cyber Crimes in Banks in India credit card victim. The term "Internet fraud" refers generally to any type of fraud scheme that uses one or more components of the Internet - such as chat rooms, e-mail, message boards, or Web sites - to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial institutions or to other connected with the scheme. Some form of internet form include: spam, scams, identity theft, phishing, spyware, internet banking fraud. INTRODUCTION Cyber crime is like traditional crime; cybercrime can take many shapes and can occur nearly anytime or anyplace. Criminals committing cybercrime use a number of methods, depending on their skill-set and their goal. This 2 Cyber Crimes in Banks in India should not be surprising: cybercrime is, after all, simply 'crime' with some sort of 'computer' or ‗cyber‘ aspects. Cybercrime has surpassed illegal drug trafficking as a criminal moneymaker. Every 3 seconds an identity is stolen. Without security, your unprotected PC can become infected within four minutes of connecting to the internet. The usage of internet service in India is growing rapidly. It has given rise to new opportunities in every field we can think of – be it entertainment, business, sport or education. There are many pros and cons of some new types of technology which are been invented or discovered. Similarly the new & profound technology i.e. using of INTERNET Service, has also got some pros & cons. These cons are named CYBER CRIME, the major disadvantage, illegal activity committed on the internet by certain individuals because of certain loop-holes. The interest, along with its advantages, has also exposed us to security risk that comes with come with connecting to a large network. Computer today are being misused for illegal activities like e-mail espionage, credit card fraud, spams, and software 3 The challenges of information security have also grown manifold. which invade our privacy and offend our senses. spam and phishing and bot attacks. They rather include them manipulation of confidential data and critical information. wherein the privacy of the users is hampered. In recent years. These criminal activities involve the breach of human and information privacy. more than a fifth of the malicious activities in the world originate from the Asia Pacific region. As per the National Crime Report Bureau statistics. the growth and penetration of internet across Asia Pacific has been phenomenal. identity theft and data as well as system interference. misuse of devices. a large number of rural areas in India and a couple of other nations in the region have increasing access to the internet — particularly broadband. Today. which involve the use of information technology to gain an illegal or an unauthorized access to a computer system with intent of damaging. According to the latest statistics. It is becoming imperative for organizations to take both preventive and corrective action if their systems are to be protected from any kind of compromise by external malicious element. And mind you. Computer crimes may not necessarily involve damage to physical property.Cyber Crimes in Banks in India piracy and so on. This widespread nature of cyber crime is beginning to show negative impact on the economic growth opportunities in each of the countries. Criminal activities in the cyberspace are on the rise. spam made up 69% of all monitored e-mail traffic in the Asia pacific region. these are just the 4 . Overall. The malicious attacks included denial-of-service attacks. Computer crimes involve activities of software theft. Computer crimes are criminal activities. there has been a 255% increase in cyber crime in India alone. as also the theft and illegal alteration of system critical information. The different types of computer crimes have necessitated the introduction and use of newer and more effective security measures. Computer crimes also include the activities such as electronic frauds. deleting or altering computer data. various governmental and non governmental agencies are working towards reducing cyber crime activities. although the term computer crime and cyber crime are more properly restricted to describing criminal activity in which the computer or network is a necessary part of the crime. 2000. sending threatening emails etc. theft. such as fraud. become Defining Cyber Crime Information Technology Act. target.Cyber Crimes in Banks in India reported cases. According. and embezzlement. or place of a crime. computer crime has more important. In view of this. hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the source. cyber crime. Computer crime. forgery. in which computer has grown. These categories are not exclusive and many activities can be characterized as falling in one more category. such as email spoofing and cyber defamation. Defining cyber crimes. as ―acts that are punishable by the Information Technology Act" would be unsuitable as the Indian Penal Code also covers many cyber crimes. 5 . tool. these terms are also sometimes used to include traditional crimes. e-crime. blackmail. They 6 . Joseph-Marie Jacquard.C. The era of modern computers. The history of cyber crime The first recorded cyber crime took place in the year 1820! This is not surprising considering the fact that the abacus. however. produced the loom. as in the illegal transfer of funds or to alter the data or property of others‖ (―Computer Crime‖. in India. In 1820.Cyber Crimes in Banks in India Computer crime has been defined as ―unauthorized use of a computer for personal gain. has been around since 3500 B. A generalized definition of cyber crime may be ―unlawful acts wherein the computer is either a tool or target or both‖. began with the analytical engine of Charles Babbage. This device allowed the repetition of a series of steps in the weaving of special fabrics. and China. 2007). a textile manufacturer in France. This result in a fear amongst Jacquard‘s employee that their traditional employment and livelihood were being threatened. which is thought to be the earliest form of a computer. Cyber Crimes in Banks in India committed acts of sabotage to discourage Jacquard from Further use of the new technology. This is the first recorded cyber crime! Today computers have come a long way, with neural networks andnanocomputing promising to turn every atom in a glass of water into a computer capable of performing a Billion operations per second. Cyber crime is an evil having its origin in the growing dependence on computer in modern life. In a day and age when everything from microwave ovens and refrigerators to nuclear power plants is being run on computers, cybercrime has assumed rather sinister implications. Major Cyber crimes in the recent past include the Citibank rip off. US $ 10 million were fraudulently transferred out of the bank and into a bank account in Switzerland. A Russian hacker group led by Vladimir Kevin, a renowned hacker, perpetrated the attack. The group compromised the bank's security systems. Vladimir was allegedly using his office computer at AO Saturn, a computer firm in St Petersburg, Russia, to break into Citibank computers. He was finally arrested on Heathrow airport on his way to Switzerland. 7 Cyber Crimes in Banks in India CYBERCRIMES IN INDIA As India become the fourth highest number of Internet users in the world, cyber crimes in India has also increased 50 percent in 2007 over the previous year. According to the Information Technology (IT) Act, the majority of offenders were under 30 years of age. Around 46% of cyber crimes were related to incident of cyber pornography, followed by hacking. According to recent published ‗crime in 2007 report‘ published by the national crime record bureau (NCRB), in over 60 percent of cases, offenders were between 18 and 30. These cyber crimes are publishable under two categories; the IT Act 2000 and the Indian Penal Code (IPC). According to the report, 217 cases of cyber crime were registered under the IT Act in 2007, which is an increase of 50 percent from the previous year. Under the IPC section, 339 cases were recorded in 2007 compared to 311 cases in 2006.Out of 35 mega cities, 17 cities have reported around 300 cases of cyber-crimes under both categories that is an increase of 32.6 percent in a year. The report also shows that cyber crime is not only limited to metro cities but it also moved to small cities like Bhopal. According to the report, Bhopal, the capital of Madhya Pradesh has reported the highest incidence of cyber crimes in the country. In order to tackle with cyber crime, Delhi Police have trained 100 of its officers in handling cyber crime and placed them in its Economic Offences Wing. These officers were trained for six weeks in computer hardware and software, computer networks comprising data communication networks, network protocols, wireless networks and network security. Faculty at Guru Go bind Singh Indraprastha University (GGSIPU) was the trainers. CYBERSPACE 8 Cyber Crimes in Banks in India As the cases of cybercrime grow; there is a growing need to prevent them. Cyberspace belongs to everyone. There should be electronic surveillance which means investigators tracking down hackers often want to monitor a cracker as he breaks into a victim's computer system. The two basic laws governing real-time electronic surveillance in other criminal investigations also apply in this context, search warrants which means that search warrants may be obtained to gain access to the premises where the cracker is believed to have evidence of the crime. Such evidence would include the computer used to commit the crime, as well as the software used to gain unauthorized access and other evidence of the crime. Researchers must explore the problems in greater detail to learn the origins, methods, and motivations of this growing criminal group. Decisionmakers in business, government, and law enforcement must react to this emerging body of knowledge. They must develop policies, methods, and regulations to detect incursions, investigate prosecute the perpetrators, and prevent future crimes. In addition, Police Departments should immediately take steps to protect their own information systems from intrusions. (Any entry into an area not previously occupied). Internet provides anonymity: This is one of the reasons why criminals try to get away easily when caught and also give them a chance to commit the crime again. Therefore, we users should be careful. We should not disclose any personal information on the internet or use credit cards and if we find anything suspicious in e-mails or if the system is hacked, it should be immediately reported to the Police officials who investigate cyber crime rather than trying to fix the problem by ourselves. Computer crime is a multi- billion dollar problem. Law enforcement must seek ways to keep the drawback from the great promise of the computer age. Cybercrime is a menace that has to be tackled effectively not only by the official but also by the users by co-operating with the law. 9 Theft of Telecommunications Services 10 .Cyber Crimes in Banks in India TYPES OF CYBER CRIME 1. Communications in Furtherance of Criminal Conspiracies 11 . Costs to individual subscribers can also be significant in one case. Additional forms of service theft include capturing "calling card" details and on-selling calls charged to the calling card account. by fraudulently obtaining an employee's access code. up to 5% of total industry turnover has been lost to fraud (Schieck 1995: 2-5). It has been suggested that as long ago as 1990. computer hackers in the United States illegally obtained access to Scotland Yard's telephone network and made £620. and counterfeiting or illicit reprogramming of stored value telephone cards. Some sophisticated offenders loop between PBX systems to evade detection. and that more recently.Cyber Crimes in Banks in India The "phone phreakers" of three decades ago set a precedent for what has become a major criminal industry. or by using software available on the internet. 2. By gaining access to organizations can obtain access to dial-in/dial-out circuits and then market their own calls or sell call time to third parties (Gold 1999).000 worth of international calls for which Scotland Yard was responsible (Tendler and Nuttall 1996). Offenders may gain access to the switchboard by impersonating a technician. security failures at one major telecommunications carrier cost approximately £290 million. to North America. Today. and entail a significant degree of coordination.Cyber Crimes in Banks in India Just as legitimate organisation in the private and public sector rely upon information systems for communication and record keeping. There is evidence of telecommunications equipment being used to facilitate organized drug trafficking. an international network with members in at least 14 nations ranging from Europe. Access to the group was password protected. child pornography and trade in weapons (in those jurisdictions where such are illegal). Illustrative of such activity was the Wonderland Club. use sophisticated technologies of concealment. and content was encrypted Police investigation of the activity. there appear to have been a number of networks whic h extend cross-nationally. these materials can be imported across national borders at the speed of light. gambling. to Australia. prostitution money laundering. The use of encryption technology may place criminal communications beyond the reach of law enforcement. so too are the activities of criminal organizations enhanced by technology. codenamed ―Operating Cathedral‖ 12 . Just as legitimate organization in the private and public sector rely upon information systems for communication and record keeping. The use of computer networks to produce and distribute child pornography has become the subject of increasing attention. so too are the activities of criminal organisation enhanced by technology. some of the less publicly visible traffic in child pornography activity appears to entail a greater degree of organization. The more overt manifestations of internet child pornography entail a modest degree of organization. By contrast. Although knowledge is confined to that conduct which has been the target of successful police investigation. as required by the infrastructure of IRC and WWW. but the activity appears largely confined to individuals. sound. 1998.8 billion in business application software. 13 . or indeed.4 billion worth of software was lost to piracy in 1993 with $2 billion of that being stolen from the Internet (Meyer and Underwood 1994). and multimedia combinations. According to the Straits Times (8/11/99) A copy of the most recent James Bond Film The World is Not Enough.Cyber Crimes in Banks in India resulted in approximately 100 arrests around the world. graphics. it has been estimated that losses of between US$15 and US$17 billion are sustained by industry by reason of copyright infringement (United States. $1. $3. Ryan (1998) puts the cost of foreign piracy to American industry at more than $10 billion in 1996. for sale at a lower price. Telecommunications Piracy Digital technology permits perfect reproduction and easy dissemination of print. in whatever medium. This has caused considerable concern to owners of copyrighted material. including $1.8 billion in the film industry. The Software Publishers Association has estimated that $7. 131). The temptation to reproduce copyrighted material for personal use. in addition to financial loss. for free distribution. When creators of a work. Each year. are unable to profit from their creations. and $690 million in book publishing. Information Infrastructure Task Force 1995. 3. there can be a chilling effect on creative effort generally.2 billion in music.000 images in September. and the seizure of over 100. has proven irresistable to many. was available free on the internet before its official release. In another case a rejected suitor posted invitations on the Internet under the name of a 28-year-old woman. and lost her job (Miller 1999. and instructions for the fabrication of incendiary and explosive devices. Strange men turned up at her home on six different occasions and she received many obscene phone calls. in which persistent messages are sent to an unwilling recipient. threatening or intrusive communications. graphic sexual descriptions and references to their daily activities. He apparently made the 14 .Cyber Crimes in Banks in India 3. DISSEMINATION OF OFFENSIVE MATERIALS Content considered by some to be objectionable exists in abundance in cyberspace. she would not answer the phone. This includes. The unfortunate couple. along with her name. received phone calls and e-mails from strangers as far away as Denmark who said they had seen the photos on the Internet. Investigations also revealed that the suspect was maintaining records about the woman's movements and compiling information about her family (Spice and Sink 1999). Telecommunications systems can also be used for harassing. from the traditional obscene telephone call to its contemporary manifestation in "cyber-stalking". phone number. address and telephone number. was afraid to leave her home. including her address. Wisconsin. Miller and Maharaj 1999). sexually explicit materials. While the woman was not physically assaulted. racist propaganda. He then communicated via email with men who replied to the solicitations and gave out personal information about the woman. among much else. the would-be object of his affections. residents of Kenosha. One man allegedly stole nude photographs of his former girlfriend and her new boyfriend and posted them on the Internet. details of her physical appearance and how to bypass her home security system. One former university student in California used email to harass 5 female students in 1998. that said that she had fantasies of rape and gang rape. He bought information on the Internet about the women using a professor's credit card and then sent 100 messages including death threats. The development of informal banking institutions and parallel banking systems may permit central bank supervision to be bypassed. The article cited four incidents between 1993 and 1995 in which a total of 42. Computer networks may also be used in furtherance of extortion. Large financial institutions will no longer be the only ones with the ability to achieve electronic funds transfers transiting numerous jurisdictions at the speed of light. 5.5 million Pounds Sterling were paid by senior executives of the organisations concerned. electronic funds transfers have assisted in concealing and in moving the proceeds of crime. Emerging technologies will greatly assist in concealing the origin of ill-gotten gains. 1996). (The Sunday Times. Legitimately derived income may also be more easily concealed from taxation authorities. ELECTRONIC MONEY LAUNDERING AND TAX EVASION For some time now. June 2. who were convinced of the extortionists' capacity to crash their computer systems (Denning 1999 233-4). financial institutions were reported to have paid significant amounts to sophisticated computer criminals who threatened to wipe out computer systems.Cyber Crimes in Banks in India threats in response to perceived teasing about his appearance (Associated Press 1999a). In England. but can also facilitate the evasion of cash 15 . The Sunday Times (London) reported in 1996 that over 40 financial institutions in Britain and the United States had been attacked electronically over the previous three years. downloading them back to my stored value card (Wahlert 1996). and have the potential for inflicting massive harm (Hundley and Anderson 1995. Whether motivated by curiosity or vindictiveness electronic intruders cause inconvenience at best. which have flourished in Asian countries for centuries. Damage to. in return for an untraceable transfer of stored value to my "smart-card". will enjoy even greater capacity through the use of telecommunications. While this potential has yet to be realised. I may soon be able to sell you a quantity of heroin. any of these systems can lead to catastrophic consequences. 6. or interference with. ELECTRONIC VANDALISM. TERRORISM AND EXTORTION As never before. With the emergence and proliferation of various technologies of electronic commerce. Traditional underground banks. a number of individuals and protest groups have hacked the official web pages of various governmental and 16 . western industrial society is dependent upon complex data processing and telecommunications systems. one can easily envisage how traditional countermeasures against money laundering and tax evasion may soon be of limited value. I can discreetly draw upon these funds as and when I may require. which I then download anonymously to my account in a financial institution situated in an overseas jurisdiction which protects the privacy of banking clients.Cyber Crimes in Banks in India transaction reporting requirements in those nations which have them. Schwartau 1994). 7. deceptive charitable solicitations. and of the North Atlantic Treaty Organization during the 1999 bombing of Belgrade (BBC 1999).000 be delivered to a mail drop in Germany. the application of digital technology to fraudulent endeavours will be that much greater. More recently.Cyber Crimes in Banks in India commercial organisations (Rathmell 1997). http://www.2600. and. Co-operation between US and German authorities resulted in the arrest of the extortionists (Bauer 1998). disabling eight of the ISPs ten servers.com/hacked_pages/ (visited 4 January 2000). One case. from traditional securities such as stocks 17 . an extortionist in Eastern Europe obtained the credit card details of customers of a North American based on-line music retailer. SALES AND INVESTMENT FRAUD As electronic commerce becomes more prevalent. which at the time was seeking its independence from Indonesia (Creed 1999). or bogus investment overtures is increasingly common. The offenders obtained personal information and credit card details of 10. which illustrates the transnational reach of extortionists.000 subscribers. Cyberspace now abounds with a wide variety of investment opportunities. and published some on the Internet when the retailer refused to comply with his demands (Mark off 2000). demanded that US$30. Defence planners around the world are investing substantially in information warfare-. This may also operate in reverse: early in 1999 an organised hacking incident was apparently directed at a server which hosted the Internet domain for East Timor. communicating via electronic mail through one of the compromised accounts.means of disrupting the information technology infrastructure of defence systems (Stix 1995). Attempts were made to disrupt the computer systems of the Sri Lankan Government (Associated Press 1998). The use of the telephone for fraudulent sales pitches. involved a number of German hackers who compromised the system of an Internet service provider in South Florida. The electromagnetic signals emitted by a computer may themselves be intercepted. The technology of the World Wide Web is ideally suited to investment solicitations. and worldwide telephone lotteries (Cella and Stark 1997 837-844). Classic pyramid schemes and "Exciting. Cables may act as broadcast antennas. From activities as time-honoured as surveillance of an unfaithful spouse.Cyber Crimes in Banks in India and bonds. Here again. the digital age has been accompanied by unprecedented opportunities for misinformation. Low-Risk Investment Opportunities" are not uncommon. the fraudster can produce a home page that looks better and more sophisticated than that of a Fortune 500 company" (Cella and Stark 1997. ILLEGAL INTERCEPTION OF TELECOMMUNICATIONS Developments in telecommunications provide new opportunities for electronic eavesdropping. 18 . to more exotic opportunities such as coconut farming. telecommunications interception has increasing applications. 8. and from the privacy of a basement office or living room. Existing law does not prevent the remote monitoring of computer radiation. In the words of two SEC staff "At very little cost. Indeed. technological developments create new vulnerabilities. the sale and leaseback of automatic teller machines. instantaneously and at minimal cost. to the newest forms of political and industrial espionage. 822). Fraudsters now enjoy direct access to millions of prospective victims around the world. were frozen. Germany. In 1995. accessed the computers of Citibank's central wire transfer department. 55). located in Argentina. the Netherlands. and transferred funds from large corporate accounts to other accounts which had been opened by his accomplices in The United States. Finland. he was arrested during a visit to the United States and subsequently imprisoned (Denning 1999. Valid credit card numbers can be intercepted electronically. Other types of cyber crime Hacker: 19 . and so has the risk that such transactions may be intercepted and diverted. we don't need Willie Sutton to remind us that banks are where they keep the money. and Israel. Another accomplice was caught attempting to withdraw funds from an account in Rotterdam. operating from St Petersburg. located in San Francisco. The accomplice was arrested. and the suspect accounts. hackers employed by a criminal organisation attacked the communications system of the Amsterdam Police. Officials from one of the corporate victims. a Russian hacker Vladimir Levin. as well as physically. notified the bank. In 1994. ELECTRONIC FUNDS TRANSFER FRAUD Electronic funds transfer systems have begun to proliferate. Of course. and in disrupting police communications (Rathmell 1997). the digital information stored on a card can be counterfeited. Although Russian law precluded Levin's extradition. 9.Cyber Crimes in Banks in India It has been reported that the notorious American hacker Kevin Poulsen was able to gain access to law enforcement and national security wiretap data prior to his arrest in 1991 (Littman 1997). The hackers succeeded in gaining police operational intelligence. to mean "someone who tries to break into computer systems. this kind of hacker would be a proficient programmer or engineer with sufficient technical knowledge to understand the weak points in a security system. as in "UNIX hacker" 2) The term hacker is used in popular media to describe someone who attempts to break into computer systems. Raymond lists five possible characteristics that qualify one as a hacker.Cyber Crimes in Banks in India Hacker is a term used by some to mean "a clever programmer" and by others. which we paraphrase here: A person who enjoys learning details of a programming language or system A person who enjoys actually doing the programming rather than just theorizing about it A person capable of appreciating someone else's hacking A person who picks up programming quickly A person who is an expert at a particular programming language or system. especially those in popular media. defines a hacker as a clever programmer. compiler of The New Hacker's Dictionary. A "good hack" is a clever solution to a programming problem and "hacking" is the act of doing it. Typically." 1) Eric Raymond. 20 . Today. Adventure f. Wants to sell n/w security services Theft: This crime occurs when a person violates copyrights and downloads music. movies. Desire to access forbidden information g. Power c. Greed b. the justice system is addressing this cyber crime and there are laws that prevent people from illegal downloading. There are even peer sharing websites which encourage software piracy and many of these websites are now being targeted by the FBI. games and software. 21 .Cyber Crimes in Banks in India Motive Behind The Crime a. Revenge e. Publicity d. Destructive mindset h. However. The software is used to gain access to a system to steal sensitive information or data or causing damage to software present in the system. a criminal accesses data about a person‘s bank account. In this cyber crime. Identity Theft: This has become a major problem with people using the Internet for cash transactions and banking services. Social Security. credit cards. they use the Internet to stalk. if they notice that cyber stalking is not having the desired effect.Cyber Crimes in Banks in India Cyber Stalking: This is a kind of online harassment wherein the victim is subjected to a barrage of online messages and emails. Malicious Software: These are Internet-based software or programs that are used to disrupt a network. It can result in major financial losses for the victim and even spoil the victim‘s credit history. Child soliciting and Abuse: 22 . Typically. debit card and other sensitive information to siphon money or to buy things online in the victim‘s name. they begin offline stalking along with cyber stalking to make the victims‘ lives more miserable. these stalkers know their victims and instead of resorting to offline stalking. CLASSIFICATION CRIME OF CYBER Cybercrimes can be basically divided into 3 major categories: 23 .Cyber Crimes in Banks in India This is also a type of cyber crime wherein criminals solicit minors via chat rooms for the purpose of child pornography. The FBI has been spending a lot of time monitoring chat rooms frequented by children with the hopes of reducing and preventing child abuse and soliciting. (iv)Harassment & Cyber Stalking: 24 . (ii)Cyber Defamation: This occurs when defamation takes place with the help of computers and / or the Internet.g.Cyber crime against Individual 2. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information.Cyber crime Against Organization 4.Cyber Crimes in Banks in India classification of cyber crime 1. E.Cyber crime Against Society 1)Against Individuals: (i)Email spoofing: A spoofed email is one in which e-mail header is forged so that mail appears to originate from one source but actually has been sent from another source.Cyber crime Against Property 3. (ii) Spamming: Spamming means sending multiple copies of unsolicited mails or mass emails such as chain letters. Cyber Crimes in Banks in India Cyber Stalking Means following the moves of an individual's activity over internet. It can be of 2 forms: a) Changing/deleting data: Unauthorized changing of data. It can be done with the help of many protocols available such at email. user net groups. (ii) Denial of Service: 25 . Copyright infringement Trademarks violations Theft of computer source code (iii) Internet time theft: the usage of the Internet hours by an unauthorized person which is actually paid by another person. chat rooms. distribution of copies of software. (3) Against Organisation (i) Unauthorized Accessing of Computer: Accessing the computer/network without permission from the owner. b) Computer voyeur: The criminal reads or copies confidential or proprietary information but the data is neither deleted nor changed. (2) Against Property: (i) Credit Card Fraud: (ii) Intellectual Property crimes: These include Software piracy: illegal copying of programs. (iii)Computer Contamination/ Virus Attack: A computer virus is a computer program that can infect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of it. unlike viruses do not need the host to attach themselves to.Cyber Crimes in Banks in India When Internet server is flooded with continuous bogus requests so as to denying legitimate users to use the server or to crash the server. as soon as the designated event occurs. it crashes the computer. 26 . release a virus or any other harmful possibilities. (vii) Trojan Horse: An unauthorized program which functions from inside what seems to be an authorized program. (v)Salami Attack: When negligible amounts are removed & accumulated in to something larger. Worms. These attacks are used for the commission of financial crimes. Viruses can be file infecting or affecting boot sector of the computer. (vi)Logic Bomb: It‘s an event dependent programme. thereby concealing what it is actually doing. (iv) E-mail Bombing: Sending large numbers of mails to the individual or company or mail servers thereby ultimately resulting into crashing. mark sheets etc can be forged using computers and high quality scanners and printers. (ii) Cyber Terrorism: Use of computer resources to intimidate or coerce others. REASONS FOR CYBER CRIME Hart in his work ―The Concept of Law‖ has said ‗hu man beings are vulnerable so rule of law is required to protect them‘. (iii) Web Jacking: Hackers gain access and control over the website of another. revenue stamps. even they change the content of website for fulfilling political objective or for money. (4) Against Society (i) Forgery: Currency notes. Applying this to the cyberspace we may say that computer are vulnerable (capable of attack) so rule of law is required to protect and safeguard them against cyber crime. The reasons for the vulnerability of computers may be said to be: 27 .Cyber Crimes in Banks in India (viii) Data diddling: This kind of an attack involves altering raw data just before it is processed by a computer and then changing it back after the processing is completed. Coplex The computers work on operating systems and these operating systems in turn are composed of millions of codes. 4. The cyber criminals take advantage of these lacunas and penetrate into the computer system. 3. That can fool biometric systems and bypass firewalls can be utilized to get past many a security system. key loggers that can steal access codes. Eassy To Access The problem encountered in guarding a computer system from unauthorized access is that there is every possibility of breach not due to human error but due to the complex technology. It is therefore very probable that while protecting the computer system 28 . retina imagers etc. 2 . advanced voice recorders. Capacity To Store Data In Comparatively Small SpaceThe computer has unique characteristic of storing data in a very small space. Human mind is fallible and it is not possible that there might not be a lapse at any stage.Cyber Crimes in Banks in India 1. This affords to remove or derive information either through physical or virtual medium makes it much easier. Negligence Negligence is very closely connected with human conduct. By secretly implanted logic bomb. Further collection of data outside the territorial extent also paralyses this system of crime investigation. 29 . BANKING SECTOR The Banking Industry was once a simple and reliable business that took deposits from investors at a lower interest rate and loaded it out to borrowing at a higher rate. Loss of evidence Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. 5.Cyber Crimes in Banks in India there might be any negligence. which in turn provides a cyber criminal to gain access and control over the computer system. and in electronically enabled exchanges where everything from stocks to currency futures contracts can be traded. at a competitive interest rate. means that some of the more extreme risk-taking and complex securitization activities that banks increasingly engaged in since 2000 30 . Banking services include transactional services. The collapse of the Banking Industry in the Financial Crisis. it includes access to loans for the creditworthy. The Banking Industry at its core provides access to credit.Cyber Crimes in Banks in India However deregulation and technology led to a revolution in the Banking Industry that saw it transformed. account balance details and the transfer of funds. banking services have become available 24 hours a day. Online banking channels have become a key in the last 10 years. at online banking. Banks have become global industrial powerhouses that have created ever more complex products that use risk. such as verification of account details . includes access to their own savings and investments. however. In the lenders case. through ATMs. 365 days a week. Through technology development. In the case of borrowers. as well as advisory services that help individuals and institutions to properly plan and manage their finances. and interest payments on those amounts. a government-owned bank that traces its origins back to June 1806 and that is the largest commercial bank in the country. regarding it to commercial banking functions. In 1969 the government nationalized the 14 largest commercial banks. Debts were settled by one -third cash and two-thirds bill of exchange. According to a report by ICRA Limited. The bill of exchange. 31 private banks (these do not have government stake.000 branches and 17. Central banking is the responsibility of the Reserve Bank of India. They have a combined network of over 53.the forerunner of banknotes .was established in the 14th century. The first 31 . Babylon and Egypt 3000 years ago. which in 1935 formally took over these responsibilities from the Imperial Bank of India.000 ATMs.2% and 6. a rating agency. to ensure that there is not another banking system meltdown in the future. Banking in India originated in the last decades of the 18th century. the public sector banks hold over 75 percent of total assets of the banking industry.Cyber Crimes in Banks in India will be limited and carefully watched. with the private and foreign banks holding 18. the government nationalized the six next largest in 1980. After India independent in 1947. The oldest bank inexistence in India is the State Bank of India. they may be publicly listed and traded on stock exchanges) and 38 foreign banks. the Reserve Bank was nationalized and given broader powers.5%respectively. India has 88 scheduled commercial banks (SCBs) 27 public sector banks ( t h a t i s w i t h t h e G o v e r n m e n t o f I n d i a holding a stake). Paper money followed only in the 17th century. CREDIT CARDS FRAUDS INTRODUCTION TO CREDIT CARDS Credit was first used in Assyria. Currently. They were called "tallymen" because they kept a record or tally of what people had bought on a wooden stick. the first "plastic money". But it was only until the establishment of standards for the magnetic strip in 1970 that the credit card became part of the information age . It could only be used in the shops which issued it. One side of the stick was marked with notches it represent the amount of debt and the other side was a record of payments.a "buy now.was introduced in the USA. In 1950. In the 1920‘s. meaning ―TRUST‖. a shopper‘s plate . pay later" system .The first use of magnetic stripes on cards was in the early 1960's. Diners Club issued the first credit card to 200 customers who could use it at 27 restaurants in New York. San Francisco Bay Area Rapid Transit installed a paper based ticket the same size as the credit cards in the late 1960's.Cyber Crimes in Banks in India advertisement for credit was placed in 1730 by Christopher Thornton. 32 . The word credit comes fro m Latin. In 1951. tallymen sold clothes in return for small weekly payments. Diners Club and American Express launched their charge cards in the USA. who offered furniture that could be paid off weekly. From the 18th century until the early part of the 20th. when the London Transit Authority installed a magnetic stripe system. m o s t b a n k s h a v e toll-free telephone numbers with 24 -hour support to encourage prompt reporting. In the absence of other security measures. Still. it is possible for a thief to make unauthorized purchases on that card up until the card is cancelled.Cyber Crimes in Banks in India IF CARD IS STOLEN When a credit card is lost or stolen. a thief could potentially purchase thousands of dollars in merchandise or services before the card holder or the bank realize that the card is in the wrong hands. it remains usable until the holder notifies the bank t h a t t h e c a r d i s l o s t . 33 . Cyber Crimes in Banks in India In the United States. such as a driver's license. For example. Many merchants will demand to see a picture ID. a large transaction occurring a great distance from the card holder's home might be f l a g g e d a s s u s p i c i o u s . Banks have a number of countermeasures at the network level. A common countermeasure is to require the user to key in some identifying information. a U. the card holder has a right to refuse to show additional verification. in practice. to verify the identity of the purchaser. including sophisticated real -time analysis that can estimate the probability of fraud based on a number of factors. This method may deter casual theft of a card found alone. regardless of the amount charged on the card. it may be trivial for the thief to deduce the information by looking at other items in the wallet. etc. such as the user's ZIP or postal code. many banks will waive even this small payment and simply remove the fraudulent charges from the customer's account if the customer signs an affidavit confirming that the charges are indeed fraudulent. and asking for such verification may be a violation of the merchant's agreement with the credit card companies. kiosks. and some credit cards include the holder's picture on the card itself. For instance. Other countries generally have similar laws aimed at protecting consumers from physical theft of the card The only common security measure on all cards is a signature panel. but signatures are relatively easy to forge. federal law limits the liability of card holders to $50 in the event of theft. as there is no way to verify the card holder's identity. Self-serve payment systems (gas stations. However. but if the card holder's wallet is stolen. driver license commonly has the holder's home address and ZIP code printed on it. T h e m e r c h a n t m a y b e 34 .S.) are common targets for stolen cards. The industry term for catalog order and similar transactions is "Card Not Present" (CNP). Stolen cards can be reported quickly by card holders. Account numbers are embossed or imprinted on the card a magnetic stripe on the contains the data in machine readable format.Cyber Crimes in Banks in India i n s t r u c t e d t o c a l l t h e b a n k f o r v e r i f i c a t i o n . The merchant must rely on the holder ( o r someone purporting to be the holder) to present the information 35 . Mail/Internet Order Fraud The mail and the Internet are major routes for fraud against merchants who sell and ship products. Compromised Accounts Card account information is stored in a number of formats. t o decline the transaction. but a compromised account can be hoarded by a thief for weeks or months before any fraudulent use. D a t a o b t a i n e d i n a t h e f t . making it difficult to identify the source of the compromise. Fields can vary. as well Internet merchants who provide online services. The card holder may not discover fraudulent use until receiving a billing statement. l i k e a d d r e s s e s o r p h o n e n u m b e r s . meaning that the card is not physically available for the merchant to inspect . but the most common include: Name of card holder Account number Expiration date Many Web sites have been compromised in the past and theft of credit card data is a m a j o r c o n c e r n f o r b a n k s . which may be delivered infrequently. c a n b e highly useful to a thief as additional card holder verification. or even to hold the card and refuse to return it to the customer. Cyber Crimes in Banks in India on the card by indirect means. Merchant associations have developed some prevention measures. Anonymous scam artists bet on the fact that many fraud prevention features do not apply in this environment. smaller transactions generally undergo less scrutiny. since the cost of research and prosecution usually far outweighs the loss due to fraud. and have little incentive to pursue additional security due to laws limiting customer liability in the event of fraud. Account Takeover. Application Fraud. but they are not required to c h e c k i d e n t i f i c a t i o n a n d t h e y are usually are not involved in processing payments for the merchandise. Shipping companies can guarantee delivery to a location. A common preventive measure for merchants is to allow shipment only to an address approved by the cardholder. and are less likely to be investigated by either the bank or the merchant. Additionally. and merchant banking systems offer simple methods of verifying this information.It is difficult for a merchant to verify that the actual card holder is indeed authorizing the purchase. whether by mail. CNP merchants must take extra precaution against fraud exposure and associated losses. but these have not met with much success. such as single use card numbers. Customers expect to be able to use their credit card without any hassles. 36 . Merchants can implement these prevention measures but risk losing business if the customer chooses not to use the measures Account Takeover There are two types of fraud within the identity theft category: 1. telephone or over the Internet when the cardholder is not present at the point of sale . and they pay higher rates to merchant banks for t h e privilege of accepting cards. 2. Account takeover involves a criminal trying to take over another person‘s account. Criminal may try to steal documents such as utility bills and bank statements to build up useful personal information. Application Fraud. first by gathering information about the intended victim. then contacting their bank or credit issuer.Cyber Crimes in Banks in India 1. The replacement card is then used fraudulently. Account Takeover.masquerading as the genuine cardholder-asking for mail to be redirected to a new address. The criminal then reports the card lost and asks for a replacement to be sent. CYBER CRIME IN BANKING SECTOR AUTOMATED TELLER MACHINE The traditional and ancient society was devoid of any monetary instruments and the entire exchange of goods and merchandise was 37 . 2. Application fraud occurs when criminals use stolen or fake documents to open an account in someone else‘s name. The use of plastic money is increasing day by day for payment of shopping bills. has an evil side as well that do not originate from the use of plastic money rather by misuse of the same. Thought card Jamming ATM‘s card reader is tampered with in order to trap a customer‘s card. This safety and convenience. Later on the criminal removes the card. unfortunately. Card Skimming. The use of monetary instruments as a unit of exchange replaced the barter system and money in various denominations was used as the sole purchasing power. WAYS TO CARD FRAUDS Some of the popular techniques used to carry out ATM crime are: 1. etc. The world at large is struggling to increase the convenience and safety on the one hand and to reduce it misuse on the other. This has resulted in the increasing use of ATM all over the world. The convenience and safety that credit cards carry with its use has been instrumental in increasing both credit card volumes and usage. through this customer‘s card is swapped for another card without the knowledge of cardholder. insurance premium. The modern contemporary era has replace these traditional monetary instruments from a paper and mental based currency to ―plastic money‖ in the form of credit cards. phone bills. 2. debit cards. is the illegal way of stealing the card‘s security information from the card‘s magnetic stripe. school fees. 38 . Card Swappi ng. This evil side is reflected in the form of “ATM FRAUDS” that is a global problem. This growth is not only in positive use of the same but as well as the negative use of the same.Cyber Crimes in Banks in India managed by the ―barter system‖. 3. electricity bills. The use of ATM is not only safe but is also convenient. travelling bills and even petrol bills. which are used to reproduce the card for use at an ATM.Cyber Crimes in Banks in India 4. PIN and other information. here a new fictitious site is made which looks authentic to the user and customers are asked to give their card number. Website Spoofing. HOW TO USE CASH MACHINE 39 . cancel the card immediately with the card issuer‘s 24-hour emergency line. Under no circumstances should members of the public attempt to remove a device as it‘s possible the offender may be nearby. beware of help offered by "well meaning strangers". stick on card entry slots etc. Do not assume that your bank automatically knows that the machine has withheld your card. Examine the machine for stick on boxes. If there is anything unusual about the cash machine report it to the bank and police or the owner of the premises immediately. Card Fraud Also Happens In The Home: Cardholder should also be warned of the risks of verifying bank details at home in unsolicited telephone conversations. choose another. Tear up or preferably shred these items before discarding them. Always call the person back using the advertised customer telephone number. go to another machine. Dispose of your cash machine receipt. not the telephone number they may give you. 40 . discreetly put your money and card away before leaving the cash machine. What Precaution Should Be Taken While Leaving Cash Machine Once you have completed a transaction. If someone close by the cash machine is behaving suspiciously or make you feel uncomfortable. do not use it. Again. which can be found on your last bank statement. mini-statement or balance enquiry slip with care.Cyber Crimes in Banks in India Be aware of other around you. If you find it difficult to get your card into the slot. If you lose your card in cash machine. Make sure you check the machine before you use it for any signs of tampering. negligence of banks in educating their customers about the matters that should be taken care of while at an ATM. At a 41 . Look for suspicious attachment. Criminals often capture information through ATM skimming– using devices that steal magnetic strip information. Phone your bank instead on their main customer number or access your account using the bank's main website address. and more importantly. The most important aspect for reducing ATM related fraud is to educate the customer. take your card along to a cash machine and change the number to one that you will be able to remember without writing it down. than by sophisticated crimes like skimming. NEVER Write Down Your Pin: People make life very easy for pickpockets if they write down their PIN and keep it in their purse or wallet. Use good antivirus and firewall protection.D o N o t C l i c k O n H y p e r l i n k s S e n t T o Y o u B y E m a i l A s k i n g Y o u T o Confirm Your Bank Details Online: Hyperlinks are links to web pages that have been sent to you by email and may open a dummy website designed to steal your personal details. PREVENTION FOR ATM CARDS Most ATM fraud happens due to the negligence of customers in using. Do not write down your PIN. If you have been given a number that you find difficult to remember. The number of fraud in India is more in regard to negligence of the Personal Identification Number (PIN). borrowers and depositors. Banks need to develop a fraud policy – the policy should be written and distributed to all employees. Here is a compiled list of guidelines to help your customer from being an ATM fraud victim: 1.Cyber Crimes in Banks in India 1. make sure they go through-if it gets jammed and it doesn‘t fully go into the machine. 42 . After having made the ATM deposit. but not while at the ATM. Minimize your time at the ATM. one is advised do it at home or office. As for the envelope-based deposit. To spot one. Even when depositing a cheque at the ATM. press the ATM cancel button. After the transaction. remove your card and leave the area immediately. If you do not feel safe at any time. Sometimes. fraudsters place hi dden cameras facing the ATM screen. There‗s also the helpful bystander (the criminal) who may be standing by to kindly inform you the machine has had problems and offer to help. the equipment will even cut off the printed labels on the ATM. go to an area with a lot of people and call the police. To get that. on should not make/sign the cheque at the ATM. The more time you spend at the ATM. the skimmer looks just like a regular ATM slot. compare your record with the account statements or online banking records. Some ATMs allow you to directly deposit checks and cash into your accounts without stuffing envelopes. The skimmer will not obtain PIN numbers. if you think you are being followed. however. the more vulnerable you are. 3. the attachment slightly protrudes from the machine and may not be parallel with the inherent grooves. If you need to update your records after a transaction. but it‘s an attachment that captures ATM card number.Cyber Crimes in Banks in India glance. Mark smart deposits. the next person can walk up and it out. 2. the bank should create awareness among customers about the card-related frauds to reduce the number of frauds in future. But they could increase as more and more ATM‘s will penetrate in the country. 43 . customers and the law enforcement machinery. ATM-related frauds are very less. depend upon the requirements of the respective banks. where total number of installed ATM‘s base is far less than many developed countries. It is therefore in the interest of banks to prevent ATM frauds. particularly those located in less secure areas. It is a big threat and it requires a coordinated and cooperative action on the part of the bank. In India. This would deter a greater use of ATM for monetary transactions.Cyber Crimes in Banks in India INDIAN SCENARIO In India. Indian Banks Association (IBA)can take lead to kick started. The ATM fraud is not the sole problem of banks alone. The ATM frauds not only cause financial loss to banks but they also undermine customers‘ confidence in the use of ATMs. The nature and the extent of measures to be adopted will. however. There is thus a need to take precautionary and insurance measures that gives greater ―protection‖ to the ATMs. Mondex card. smart cards like Visa Cash. e-cash. there is an upper limit imposed by the card issuers but technically there is no limit. They can be effective tool in the hands of money launderers.Cyber Crimes in Banks in India CYBER MONEY LAUNDERING During the past two decades. Mobile banking and mobile commerce are growing and these technologies have the capability to transfer any amount of money at the touch of a bottom or click of a mouse. Computer networks and Interne t. permit transfer of funds electronically between trading partners. This transfer can be done in many ways. Two individuals also can transfer funds directly using e. Internet banking. In some other form of computer-based emoney. As cyber payment systems eliminate the need for face to face interactions. for example. transfer of funds can be done between two trading partners directly. in particular. speed. E-commerce has come into existence due to the attributes of Internet like ease of use. At present. e-wallet etc. businesses and consumers. This 44 . IT and Internet technologies have reached every nook and corner of the world. anonymity and its International nature. They include use of credit cards. the anonymity offered by internet and cyber payment system is exploited to the hilt by the criminal elements. Internet has converted the world into a boundary less market place that never sleeps. there is no upper limit. whose use is growing can store billions of dollars.wallets. First and foremost. Drug peddlers and organized criminals found a natural and much sought after ally in Internet. The capacity to transfer unlimited amounts of money without having to go through strict checks makes cyber money laundering an attractive proposition. all the above advantages cyber payments provide to consumers and trading partners. Earlier.Cyber Crimes in Banks in India problem is further compounded by the fact that. With the entry of Internet commerce. in many countries. From the point of view of law enforcing agencies. cross-border transactions were controlled by the central banks of respective countries. 45 . turn out to be great disadvantages while investigating the crimes. the jurisdictional technicalities come into play and it is a nother area that is being exploited by the money launderers. Monitoring the activities of these institutions in a traditional manner is not possible. nonfinancial institutions are also permitted to issue e-money. Cyber Crimes in Banks in India WHY MONEY LAUNDERING? The most important aim of money laundering is to conceal the original of the money. Money laundering from the point of view of the criminal increases the profits and. reduces the risk. By laundering the money the criminals are trying to close their tracks. Criminal resort to this practice it avoid detection of the money by law enforcement which will lead to its confiscation and also may provide leads to the illegal activity. and also of course. in almost all cases. at the same time. which. is from illegal activity. their aims could be to increase the profit by resorting to illegal money transfer etc. to support new criminal ventures. While indulging in money laundering process. 46 . Future. They conceal the origin and ownership of the proceeds. extortion generate very volumes of money. The three steps involved are Placement. People involved in these activities cannot explain the origin and source of these funds to the authorities. maintain control over proceeds and change the form of proceeds. E-money and cyber payment systems come in handy in all the three stages of the process. There is a constant fear of getting caught.Cyber Crimes in Banks in India the launderers also attempt to safeguard their interests. PLACEMENT The first activity is placement. So the immediate requirement is to send this money to a different location using all available 47 . Layering and Integration. Illegal activities like drug trafficking. MONEY LAUNDERING PROCESS Money laundering is normally accomplished by using a three stage process. 1. and exporting them to a different jurisdiction. Normally. this is done by opening up bank accounts in the names of non-existent people or commercial organizations and depositing the money. 2. This is done by breaking up the huge cash into smaller chunks.Cyber Crimes in Banks in India means. This is achieved by moving the names from and to offshore bank accounts in the names of shell companies or front companies by using Electronic Funds Transfer (EFT) or by other electronic means. 48 . LAYERING Layering is the second sub process. Launderers were also found to purchase high value commodities like diamonds etc. In this complex layers of financial transaction are created to disguise the audit trail and provide anonymity. This stage is characterized by facilitating the process of inducting the criminal money into the legal financial system. This is used to distance the money from the sources. stock brokers in the layering process. Launderers are very careful at this stage because the chances of getting caught are considerable here. Placement in cyber space occurs by depositing the illegal money with some legitimate financial institutions or businesses. Cyber payment systems can come in handy during this process. they make use of the banks wherever possible as in the legal commercial activity. During this proc ess. Every day trillions of dollars are transferred all over the world by other legitimate business and thus it is almost impossible ton as certain whether some money is legal or illegal. Launderers normally make use of commodity brokers. Online banking and Internet banking make it very easy for a launderer to open and operate a bank account. the launderer s e t s u p t h e w e b s i t e f o r h i s c o m p a n y a n d a c c e p t s o n l i n e p a y m e n t s u s i n g c r e d i t c a r d s f o r t h e purchases made from his company‘s website. INTEGRATION Integration is third sub process. They can then take loans from these companies and bring back the money. The bank then pays the money into the account of the company. Another way can be by placing false export import invoices and over valuing goods. The money launderer‘s first activity is to set up an online commerce company which is legal. 49 . As in normal transactions. launderers obtain credit cards from some banks or financial institutions located in countries with lax rules. This way they not only convert their money this way but also can take advantages associated with loan servicing in terms of tax relief. the Web-based system then sends an invoice to the customer‘s (who happens to the launderer himself) bank. which are known as safe havens. As a part of the whole scheme. The entire process can be explained with the help of an example. This is normally accomplished by the launderers by establishing anonymous companies in countries where secrecy is guaranteed. Normally. This can look and function like any other ebusiness as far as the outside world is concerned. Anyone with access to Internet can start an e-business. This is the stage in which the ‗cleaned‘ money is ploughed back. This anonymity is what makes Internet very attractive for the launderers. then. Cyber space provides a secure and anonymous opportunity to the criminals in money laundering operations. It has come to light that many gangs are opening up the front companies and hiring information technology specialists for nefarious activities. This is achieved by making it appears legally earned.Cyber Crimes in Banks in India 3. in the safe haven. ‗makes purchases‘ using this credit card from his own website. Incidents have also come to light where the c r i m i n a l s a r e u s i n g cryptography for hiding their transaction. The launderer sitting at home. Luxembourg. In fact. When BCCI bank was investigated it came to light that there were 3.‘ Multinational banks are more vulnerable to money laundering operations. Other financial institution like fund managers and those facilitating Electronic Fund Transfer are also being manipulated by the launderers. Banking obviously is the most affected sector by the money laundering operations. T h e o f f s h o r e accounts of these banks are popular because they offer anonymity and also help in tax evasion. The second area is underground banking or parallel banking. As far as the banks are concerned the countries that are considered safe f o r l a u n d e r e r s are Cayman Islands. and then buy a bank. This is practiced by different countries by different names . 50 .000 criminal customers and they were involved in offenses ranging from financing nuclear weapon programs to narcotics. and Switzerland .Cyber Crimes in Banks in India BUSINESS AREAS THAT SUPPORT OR ARE PRONE TO MONEY LAUNDERING The banks and other financial institution are the most important intermediaries in the money laundering chain. ‗If you want to steal. Cyprus. Ber ltlot Brecht said. U n d e r t h i s s y s t e m .Cyber Crimes in Banks in India China follows a system called ‗Fic Chin‘. financing housing schemes. India and Columbia. antique dealers and jewelers. It is much easier to launder the money using these methods as there is no physical movement of money. Futures and commodity markets are another area which is found to be facilitating the money laundering. In all the cases the underlying factor is paperless transactions. In Columbia. It was also found that launderers do take advantages of privatization in various c o u n t r i e s b y investing in them. when the banks were privatized the ‗CarliCartel‘ was reported to have inves t e d h e a v i l y a n d I t a l i a n m a f i a reportedly purchased shares in Italian banks. The money is paid back in another place on production of the chit. Similar systems known as Hundi. casinos. Casinos are other business areas that are actively involved in money laundering process. The other a reas include professional advisers. This was observed in UK. This only shows the extent of the problem and also t h a t t h e b a n k s and financial institutions are the primary target of the l a u n d e r e r s . These practices mostly work on trust and mostly controlled by mafia in many countries. m o n e y i s deposited in one country and the depositor is handed a chit or chop. I n s o m e countries. 51 . even political parties organizations are known to be using laundered money for their campaigns. Hawallah are practiced in India. This incident also shows how the national economy gets affected. It is not difficult to see what effect it has on the profitability of banks. money laundering can undermine the credibility of the banking system.Cyber Crimes in Banks in India EFFECTS ON BANKS Almost all the banks trade in foreign exchange Money l a u n d e r i n g i n a n y c o u n t r y o r economy affects the foreign exchange market directly.5 bn illegal transactions. A few years before that. The low regulation by central banks will become difficult and consequently. the banks survival has come under threat. OTHER EFFECTS In one incident. The money laundering reduces the legal volume of the banks business. 52 . In some reported cases. the Indian Government was so short of foreign exchange that it had to pledge gold in the London bank. It also causes fluctuations in the exchange rate. Facilitating the activities of launderers even inadvertently can push the banks into problems with law enforcement agencies and also governments. before his arrest during 1993. One needs not be an economist understands the impact of money laundering on economies of developing countries . an Indian national in one year handled US 81. Further. Money laundering can help in spread of parallel economy. national and international levels. PREVENTION Because of the nature of Cyber money laundering. 53 . the effects are much severe. Samper in 1996 elections. overall income distribution in an economy is likely to get affected. On the social plane. Future. Cyber money laundering has to be dealt with at organizational [Bank or Financial Institution].Cyber Crimes in Banks in India there will be rise in inflation. Because cyber money laundering can be done from anywhere in the world without any jurisdiction. which will result in loss to national income due to reduced tax collections and lost jobs. no country can effectively deal with it in isolation. this can result in increased crime rate. violence in society. There may be attempts to gain political power either directly or indirectly like Coli Cocoine Cartel‘s attempt in supporting Columbian President. Instances of skimming have been reported where the perpetrator has put a device over the card slot of a public cash machine (Automated Teller Machine). Common scenarios for skimming are restaurants or bars where the skimmer has possession of the victim's credit card out of their immediate view. The skimmer will typically use a small keypad to unobtrusively transcribe the 3 or 4 digits Card Security Code which is not present on the magnetic strip. It is typically an "inside job" by a dishonest employee of a legitimate merchant. which reads the magnetic strip as the user unknowingly passes their card through it. and can be as simple as photocopying of receipts. 54 . These devices are often used in conjunction with a pinhole camera to read the user's PIN at the same time.Cyber Crimes in Banks in India Skimming Skimming is the theft of credit card information used in an otherwise legitimate transaction. The thief presents the card information on a website that has real-time transaction processing. that merchant's terminals (devices used to authorize transactions) can be directly investigated. The specific item purchased is immaterial. which can be a death blow to businesses such as restaurants which rely on credit card processing CARDING Carding is a term used for a process t o verify the validity of stolen card data. and then test them to see which valid account were. both to avoid using the card's credit limit. A website known to be susceptible to carding is known as a cardable website. and also to avoid att racting the bank's attention.Cyber Crimes in Banks in India Skimming is difficult for the typical card holder to detect. The bank collects a list of all the card holders who have complained about fraudulent transactions. In the past. and the thief does not need to purchase an actual product. if many of the customers used one particular merchant. a Web site subscription or charitable donation would be sufficient. If the card is processed successfully. and the merchants they use. it is fairly easy for the bank to detect. ranging from large fines to complete exclusion from the merchant banking system. but given a large enough sample. carders used computer programs called "generators" to produce a sequence of credit card numbers. KIMMER Sophisticated algorithms can also search for known patterns of fraud. Another variation would be take false card numbers to allocation that does not immediately process card 55 . the thief knows that the card is still good. and penalties for merchants can be severe in cases of compromise. Merchants must ensure the physical security of their terminals. The purchase is usually for a small monetary amount. For example. as well as the more prevalent use of wireless card scanners that can process transactions right away. However. carding is more typically used to verify credit card data obtained directly from the victims by skimming or phishing.00 depending on the type of card. freshness of the data and credit status of the victim.Cyber Crimes in Banks in India numbers. 56 . such as a trade show or special event. Nowadays. this process is no longer viable due to widespread requirement by internet credit card processing systems for additional data such as the billing address. Market price for a phish ranges from US$1. A set of credit card details that has been verified in this way is known in fraud circles as a phish. A carder will typically sell data files of phish to other individuals who will carry out the actual fraud.00 to US$50. the 3 to 4 digit card Security Code and/or the card‘s expiry date. And while 'no-card' fraud is growing. Credit card fraud prevention when dealing with credit card customers face-to-face 1. too. In 2004.664.215.255. stolen or counterfeit cards. Ask for and check other identification. If the signature on the credit card is smeared. Compare signatures. Check to see if the ID has been altered in any way as a person trying to use a stolen credit card may also have stolen or fake ID. Whether you have a brick-and-mortar business or an online one. credit card fraud cost US merchants 2. most credit card frauds are still being committed using lost. according to the RCMP. such as a driver‘s license or other photo ID. The credit card loss total for 2007 was $304. 3. 4. Besides comparing the signature on the credit card with the person‘s signature on the credit card slip. Examine the signature on the card. Check the security feature of the credit card: 57 . Credit card fraud is a significant problem in Canada. credit card fraud is costing you money.Cyber Crimes in Banks in India PREVENTION FRAUD FOR CREDIT CARD Credit card fraud is bad business. 2.9 million dollars (Celent Communications). compare the signatures as well to those on any other ID presented. it could be that the credit card is stolen and the person has changed the signature to his or her own. The hologram may be damaged. Check the presented card with recent lists of stolen and invalid credit card numbers. such as a possible counterfeit or stolen card. have another look at the card‘s signature panel. see Suspicious Behaviors That May Indicate Credit Card Fraud.Cyber Crimes in Banks in India i. Check the credit card‘s embossing. Altered signature panels (those that are discoloured. glued. ―Ghost images‖ of other numbers behind the embossing are a tip-off that the card has been re-embossed. ii. You can use the points above as a ―to do‖ list for dealing with credit card transaction. three- dimensional images that appear to move when the card is tilted. 58 . For information on the suspicious behavior that may indicate someone trying to commit credit card fraud. Destroy all carbon copies of the credit card transaction.( T h e h o l o g r a m s o n c r e d i t c a r d s t h a t have not been tampered with will show clear. Call for authorization of the credit-remembering to take both the credit card and the sales draft with you. It‘s also very important to be sure that your staff is educated about credit card fraud. erased. painted. or covered with white tape) are an indication of credit card fraud. You can. to ensure that no one can steal the credit card information and help prevent future credit card fraud. 6. credit card fraud prevention strategies such as scrutinizing the credit card aren‘t going to work. When dealing with credit card customers over the phone or through the Internet. however. Ask for a ―Code 10‖ if you have reason to suspect a possible credit card fraud.) 5. It should show a repetitive colour design of the MasterCard or Visa name. 7. you still have the credit card. That way if the customer runs away while you‘re making the call. This test should be first to be that it is applied to any credit card number one process. In such a case. Don‘t process credit card orders unless the information is complete. 1. It cannot give any other details like no.especially if the order exhibits any of the characteristics noted above. Be wary of orders shipped to a single address but purchased with multiple cards. If the card fails Mod10 one can safely assume fraud.Cyber Crimes in Banks in India be alert to suspicious behaviors and shape your credit policies to nip credit card fraud in the bud. 6. You may even want to make it a policy to ship only to the billing address on the credit card. The first is Mod10 algorithm testing. issued by any other company. 59 . Don‘t process credit card orders that originate from free e-mail addresses or from e-mail forwarding addresses. 5. 4. Be wary of overseas order. call the customer to confirm the order. 7. Be wary of orders you‘re asked to ship express. Call the customer to confirm the order first. Be wary of unusually large orders. rush or overnight. 3. If the shipping address and the billing address on the order are different. 8. 2. ask the customer for an IPS (Internet Service Provider) or domain-based e-mail address that can be traced back. Mod10 is an algorithm that will show whether the card number being presented is valid card number and is within the range of numbers issued by credit card companies. This is the shipping of choice for many credit card fraudsters. Be wary of multiple transactions made with similar card numbers in a sequence. 9. Cyber Crimes in Banks in India Credit card fraud may not be entirely preventable. you can cut down your credit card fraud losses CASE STUDY INDIA'S FIRST ATM CARD FRAUD The Chennai City Police have busted an international gang involved in cyber crime. but by establishing and following procedures to check every credit card transaction. who was caught red-handed while breaking into an ATM in the city in June 60 . with the arrest of Deepak Prem Manwani (22). The operators of the site had devised a f a s c i n a t i n g i d e a t o g e t t h e personal identification number (PIN) of the card users. the gang started its systematic l o o t i n g . The fake site offered the visitors to return$11. While browsing the Net one day. His contacts. The dimensions of the city cops' achievement c a n b e g a u g e d f r o m t h e f a c t t h a t t h e y h a v e n e t t e d a m a n w h o i s o n t h e w a n t e d l i s t o f t h e formidable FBI of the United States. but in the process parted with their PINs. he had walked away with Rs 50. While investigating Manwani's case.Cyber Crimes in Banks in India last. A p p a r e n t l y . he had with him Rs 7. his audacious crime career started in an Internet cafe. he got attracted to a site which offered him assistance in breaking into the ATMs. Prior to that. the police stumbled upon a cyber crime involving scores of persons across the globe. At the time of his detention. They floated a new site which resembled that of a reputed telecom companies. it is reliably learnt.5 lakh knocked off from two ATMs in T Nagar and Abiramipuram in the city.000 from an ATM in Mumbai. That company has millions of subscribers. had been collected in excess by mistake from them. Interestingly. Manwani is an MBA drop-out from a Pune college and served as a marketing executive in a Chennai-based firm for some time. sitting somewhere in Europe. but charged $200 per code.75 per head which. M a n w a n i a n d m a n y o t h e r s o f h i s i l k e n t e r e d i n t o a d e a l w i t h t h e g a n g behind the 61 . the site promoters said. The site also offered the magnetic codes of those cards. Armed with all requisite data to hack the bank ATMs. Believing that it was a genuine offer from the telecom company in quest subscribers logged on to the site to get back that little money. were ready to give him credit card numbers of a few American banks for $5 per card. Meanwhile. several lakh. Manwani has since been enlarged on bail after interrogation by the CBI. but consumers need to remember that just because something appears on the Internet. the FBI started an investigation into the affair and also alerted the CBI in New Delhi that the international gang had developed some links in India too. GENERAL TIPS ON AVOIDING POSSIBLE INTERNET FRAUD SCHEMES 1. The ready availability of 62 . of course on certain terms. The police are on the lookout for those persons too. But the city police believe that this is the beginning of the end of a major cyber crimeion.no matter how impressive or professional the Web site looks . Manwani also managed to generate 30 plastic cards that contained necessary data to enable him to break into ATMS. Don’t Judge by Initial Appearances It may seem obvious.Cyber Crimes in Banks in India site and could purchase any amount of data.doesn‘t mean it's true. He was so enterprising that he was able to sell away a few such cards to his contacts in Mumbai. or simply enter into a deal on a booty-sharing basis. On receipt of large-scale complaints from the billed credit card users and banks in the United States. at minimal cost. Be Especially Careful About Online Communications with Someone Who Conceals His True Identity If someone sends you an e-mail in which he refuses to disclose his full identity. you need to look carefully at any online seller of goods or services who wants you to send checks or money orders immediately to a post office box.don't just send the data without knowing more about who 's asking. Criminals have been known to send messages in which they pretend to be (for example) a systems administrator or Internet service provider representative in order to persuade people online that they should disclose valuable personal data. "
[email protected]" companies..g. to set up a professional-looking Web site means that criminals can make their Web sites look as impressive as those of legitimate e-commerce merchants. Legitimate startup "dot. or uses an e-mail header that has no useful identifying data (e. before you receive the goods or services you've been promised. that may be an indication that the person doesn't want to leave any information that could allow you to contact them later if you have a dispute over undelivered goods for which you paid. 3. 4.Cyber Crimes in Banks in India software that allows anyone. of course.com"). you should be highly wary about relying on advice that such people give you if they are trying to persuade you to entrust your money to them. credit-card number. Watch Out for "Advance-Fee" Demands In general. or password . m a y 63 . Be Careful About Giving Out Valuable Personal Data Online If you see e-mail messages from someone you don't know that ask you for personal data -such as your Social Security number. As a result. 2. where it is changing very fast. a s i n t h e physical world the goals of law enforcement are 64 . The old principle of ‗Knowing the customer‘ well will help a great deal. 5. CONCLUSION Lastly I conclude by saying that― Thieves are not born. SUGGESTIONS ON CYBER MONEY LAUNDERING Because of the nature of Cyber money laundering.Cyber Crimes in Banks in India not have the brand-name recognition of long-established c o m p a n i e s . But in the d i g i t a l w o r l d . but made out of opportunities. either the environment itself changes or new technology emerges.‖ This quote exactly reflects the present environment related to technology. This helps criminals to find new areas to commit the fraud. a n d s t i l l b e f u l l y capable of delivering what you need at a fair price. Even so. Computer forensics has d e v e l o p e d as an indispensable tool for law enforcement. Cyber money laundering has to be dealt with at organizational [Bank or Financial Institution]. using the Internet to research online companies that aren't known to you is a reasonable step to take before you decide to entrust a significant amount of money to such companies. By the time regulators come up with preventive measures to protect customers from innovative frauds. no country can effectively deal with it in isolation. national. AT ORGANIZATIONAL [BANK] LEVEL The banking and other financial organisations can reduce the quantum of money laundering by following the guidelines issued by central banks of respective countries in letter and spirit. The purpose may be to obtain goods w i t h o u t unauthorized f u n d s f r o m a n a c c o u n t . For carrying out their activities 65 paying. particularly those located in less secure areas. C y b e r s p a c e a n d c y b e r payment methods are being abused by money launderers for converting their dirty money into legal money. It is therefore in the interest of banks to prevent ATM frauds. The National institutes of justice. however. It is a big threat and it requires a coordinated and cooperative action on the part of the bank. Internet Banking F r a u d i s a f o r m o f identity theft and is usually made possible through t e c h n i q u e s s u c h a s phishing. The nature and extent of precautionary measures to be adopted will. The ATM fraud is not the sole problem of banks alone. Credit card fraud can be committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. or to obtain . Internet Banking Fraud is a fraud or theft committed using online technology to illegally remove money from a bank account and/or transfer money to an account in a different bank. This would deter a greater use of ATM for monetary transactions. depend upon the requirements of the respective banks. There is thus a need t o t a k e precautionary and insurance measures that give greater "prot e c t i o n " t o t h e A T M s . The ATM frauds not only cause financial loss to banks but they also undermine customers' confidence in the use of ATMs.Cyber Crimes in Banks in India balanced with the goals of maintaining personal liberty and privacy. customers and the law enforcement machinery. Jurisdiction over cyber crimes should be standardized around the globe to make swift action possible against terrorist whose activities are endearing security worldwide. technical working group digital evidence are some of the key organization involved in research. Traditional systems like credit cards had some security features built into them to prevent such crime but issue of emoney by unregulated institutions may have none. This has to be fought on three planes. first by banks/ financial institutions. International law and international co-operation will go a long way in this regard.Cyber Crimes in Banks in India launderers need banking system. Further I all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime. The regulatory framework must also take into account all the related issues like development of e-money. Preventing cyber money laundering is an uphill task which needs to be tackled at different levels. online banking facilitates speedy financial transactions in relative anonymity and this is being exploited by the cyber money launderers. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. right to privacy of individual. Undoubtedly the Act is a historical step in the cyber world. second by nation states and finally through international efforts. It is not possible to eliminate cyber crime from the cyber space. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. 66 . Internet. Capacity of human mind is unfathomable. Cyber Crimes in Banks in India BI BLIOGRAPHY www.com 67 .wikipedia.