CYBER CRIMES IN BANKSCHAPTER – 1 INTRODUCTION TO CYBER CRIME Meaning of Cyber Crime. Definition of Cyber crimes. 1 CYBER CRIMES IN BANKS CYBER CRIME The usage of internet services in India is growing rapidly. It has given rise to new opportunities in every field we can think of – be it entertainment, business, sports or education. There are many pros and cons of some new types of technology which are been invented or discovered. Similarly the new & profound technology i.e. using of INTERNET Service, has also got some pros & cons. These cons are named CYBER CRIME, the major disadvantages, illegal activity committed on the internet by certain individuals because of certain loop-holes. The internet, along with its advantages, has also exposed us to security risks that come with connecting to a large network. Computers today are being misused for illegal activities like e-mail espionage, credit card fraud, spam, and software piracy and so on, which invade our Privacy and offend our senses. Criminal activities in the cyberspace are on the rise. Computer crimes are criminal activities, which involve the use of information technology to gain an illegal or an unauthorized access to a computer system with intent of damaging, deleting or altering computer data. Computer crimes also include the activities such as electronic frauds, misuse of devices, identity theft and data as well as system interference. Computer crimes may not necessarily involve damage to physical property. They rather includ e the manipulation of confidential data and critical information. Computer crimes involve activities of software theft, wherein the privacy of the users is hampered. Today, a large number of rural areas in India and a couple of other nations in there go on have increasing access to the internet, particularly broadband. The challenges of information security have also grown manifold. MEANING OF COMPUTER CRIME :- Criminals can operate anonymously over the Computer Networks. Hackers Invade Privacy. Hackers Destroy “Property” in the Form of Computer Files or Records. Hackers injure other computer Users by Destroying Information system. DEFINITION OF CYBER CRIME :2 CYBER CRIMES IN BANKS Defining cyber crimes, as “acts that are punishable by the Information technology Act” would be unsuitable as the Indian panel code also covers many cyber crimes, such as email spoofing and cyber defamation, sending threatening emails etc. A simple yet sturdy definition of cyber crime would be ‘unlawful acts wherein the computers Is either a tool or a target or both”. CHAPTER -2 CYBER CRIMES IN BANKS 3 CYBER CRIMES IN BANKS Banks Frauds Computer Fraud Banks are the most Favorite’s destination of hackers. As AN Roy, commissioner of police, Mumbai, avers, ‘Hacking a website or writing a programmed that will spread virus on computer will not earn money. By hacking website of a bank or stealing a credit card Pin, a street – smart program can, besides enfettering himself, cause a lot of dangerous to banks and their customers alike. BANK FRAUDS : “Lapses in system make easy the job of offender to dupe banks”. 4 CYBER CRIMES IN BANKS Fraud is any dishonest acts ends behavior by which one person gains or intends to gain advantages over another person. Fraud causes loss to the victim directly or indirectly. Fraud has not been described or discussed clearly in the Indian penal code but sections dealing with cheating. Concealment, forgery counterfeiting and breach of trust have been discussed with leads to the act of Fraud. In the contractual term as described in the Indian Contract act, sec 17 suggest that a Fraud means and includes any of the acts by a party to a counter with his convenience or by his agents with the intention to deceive another party or his agent or to include him to Banking frauds is a federal crime in many countries, define as planning to obtain property of money from any federally financial institution. It is sometimes considered a white collar crime. The number of bank frauds in India is substantial. It is increasing with the passage of time. All the major operational areas in baking represent a good opportunity for fraudsters with growing incidence being reported under deposit, loan and inter-branch accounting transactions, including remittances. Thus banking Fraud can be Classified as : Fraud by Insiders. Fraud by Others. FRAUD BY INSIDERS Rough trader Fraudulent loans Wire transfer fraud Forged or fraudulent documents Uninsured deposits Theft of identity Demand draft fraud 5 CYBER CRIMES IN BANKS 1. Rogue traders A rogue trader is a trader at a financial institution who engages in unauthorized trading to recoup the loss he incurred in earlier trades. Out of fear and desperation, he manipulates the internal controls to circumvent detection to buy more time. Unfortunately, unauthorized trading activities invariably produce more losses due to time constraints; most rogue traders are discovered at an early stage with losses ranging from $1 million to $100 million, but a very few working out of institutions with extremely lax controls were not discovered until the loss had reached well over a billion dollars. The size of the loss is a reflection of the laxity in controls instituted at the firm and not the trader's greed. Contrary to the public perception, rogue traders do not have criminal intent to defraud his employer to enrich himself; he is merely trying to recoup the loss to make his firm whole and salvage his employment. 2. Fraudulent loans One way to remove money from a bank is to take out a loan, a practice bankers would be more than willing to encourage if they knew that the money will be repaid in full with interest. A fraudulent loan, however, is one in which the borrower is a business entity controlled by a dishonest bank officer or an accomplice; the "borrower" then declares bankruptcy or vanishes and the money is gone. The borrower may even be a non-existent entity and the loan merely an artifice to conceal a theft of a large sum of money from the bank. This can also seen as a component within mortgage fraud (Bell, 2010) 3. Wire transfer fraud 6 CYBER CRIMES IN BANKS Wire transfer networks such as the international SWIFT interbank fund transfer system are tempting as targets as a transfer, once made, is difficult or impossible to reverse. As these networks are used by banks to settle accounts with each other, rapid or overnight wire transfer of large amounts of money are commonplace; while banks have put checks and balances in place, there is the risk that insiders may attempt to use fraudulent or forged documents which claim to request a bank depositor's money be wired to another bank, often an offshore account in some distant foreign country. There is a very high risk of fraud when dealing with unknown or uninsured institutions. Also, a person may send a wire transfer from country to country. Since this takes a few days for the transfer to "clear" and be available to withdraw, the other person may still be able to withdraw the money from the other bank. A new teller or corrupt officer may approve the withdraw since it is in pending status which then the other person cancels the wire transfer and the bank institution takes a monetary loss. 4. Forged or fraudulent documents Forged documents are often used to conceal other thefts; banks tend to count their money meticulously so every penny must be accounted for. A document claiming that a sum of money has been borrowed as a loan, withdrawn by an individual depositor or transferred or invested can therefore be valuable to someone who wishes to conceal the minor detail that the bank's money has in fact been stolen and is now gone. 5. Uninsured deposits A bank soliciting public deposits may be uninsured or not licensed to operate at all. The objective is usually to solicit for deposits to this uninsured "bank", although some may also sell stock representing ownership of the "bank". Sometimes the names appear very official or very similar to those of legitimate banks. 7 CYBER CRIMES IN BANKS 6. Demand draft fraud Demand draft (DD) fraud typically involves one or more corrupt bank employees. Firstly, such employees remove a few DD leaves or DD books from stock and write them like a Regular DD. Since they are insiders, they know the coding and punching of a demand draft. Such fraudulent demand drafts are usually drawn payable at a distant city without debiting an Account. The draft is cashed at the payable branch. The fraud is discovered only when the bank's head office does the branch-wise reconciliation, which normally take six months, by which time the money is gone. FRAUDS BY OUTSIDERS Forgery and altered cheques Stolen cheques Accounting fraud Forged currency notes Money laundering Bill discounting fraud Cheque kiting Credit card fraud Booster cheques Duplication or skimming of card information Fraudulent loan applications Phishing and Internet fraud. 8 CYBER CRIMES IN BANKS 1. Stolen cheques: Fraudsters may seek access to facilities such as mailrooms, post offices, offices of a tax authority, a corporate payroll or a social or veterans' benefit office, which process cheques in large numbers. The fraudsters then may open bank accounts under assumed names and Deposit the cheques, which they may first alter in order to appear legitimate, so that they can subsequently withdraw unauthorized funds. 2. Cheque kiting : Cheque kiting exploits a system in which, when a cheque is deposited to a bank account, the money is made available immediately even though it is not removed from the account on which the cheque is drawn until the cheque actually clears. 3. Forgery and altered cheques : Fraudsters have altered cheques to change the name (in order to deposit cheques intended for payment to someone else) or the amount on the face of cheques, simple altering can change $100.00 into $100,000.00, although transactions of this value are subject to investigation as a precaution to prevent fraud as policy. Instead of tampering with a real cheque, fraudsters may alternatively attempt to forge a depositor's signature on a blank cheque or even print their own cheques drawn on accounts owned by others, non-existent accounts, etc. They would subsequently cash the fraudulent cheque through another bank and withdraw the money before the banks realize that the cheque was a fraud. 4. Accounting frauds : In order to hide serious financial problems, some businesses have been known to use fraudulent bookkeeping to overstate sales and income, inflate the worth of the company's 9 CYBER CRIMES IN BANKS assets, or state a profit when the company is operating at a loss. These tampered records are then used to seek investment in the company's bond or security issues or to make fraudulent loan applications in a final attempt to obtain more money to delay the inevitable collapse .Examples of accounting frauds: Enron and worldcom and Ocala Funding. These companies "cooked the books" in order to appear as though they had profits each quarter, when in fact they were deeply in debt. 5. Bill discounting fraud Essentially a confidence trick, a fraudster uses a company at their disposal to gain confidence with a bank, by appearing as a genuine, profitable customer. To give the illusion of being a desired customer, the company regularly and repeatedly uses the bank to get payment from one or more of its customers. These payments are always made, as the customers in question are part of the fraud, actively paying any and all bills raised by the bank. After time, after the bank is happy with the company, the company requests that the bank settles its balance with the company before billing the customer. Again, business continues as normal for the fraudulent company, its fraudulent customers, and the unwitting bank. 6. Booster cheques A booster cheque is a fraudulent or bad cheque used to make a payment to a credit card account in order to "bust out" or raise the amount of available credit on otherwise-legitimate credit cards. The amount of the cheque is credited to the card account by the bank as soon as the payment is made, even though the cheque has not yet cleared. Before the bad cheque is discovered, the perpetrator goes on a spending spree or obtains cash advances until the newly-"raised" available limit on the card is reached. The original cheque then bounces, but by then it is already too late. 10 CYBER CRIMES IN BANKS CHAPTER- 3 REASONS OF CYBER CRIMES 11 CYBER CRIMES IN BANKS REASONS FOR CYBER CRIME: Hart in his work "The Concept of Law" said that 'human beings are vulnerable so rule of law is required to protect them'. By applying this to the cyberspace we may say that computers are vulnerable so rule of law is required to protect and safeguard them against cyber crime. The reasons for the vulnerability of computers may be said to be: 1. Capacity to store data in comparatively small space:The computer has a unique characteristic of storing data in a very small space. This allows for much easier access or removal of information through either physical or virtual media. 12 CYBER CRIMES IN BANKS 2. Easy to access:The problems encountered in guarding a computer system from unauthorized access are that there is every possibility of unauthorized access not due to human error but due to the complex technology. By secretly implanted a logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many security systems. 3. ComplexThe computers work on operating systems and these operating systems in turn are composed of millions of lines of code. The human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system using often more sophisticated means than originally anticipated by the systems engineers. 4. Negligence:Â Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system. This negligence is usually a property of under resourced IT security provisions and the improvement of security barriers within software packages and network structures could lead to improved security. Banks should work on improving awareness of the different threats that currently exist, including e-mail fraud, phishing and malware. 13 CYBER CRIMES IN BANKS CYBER CRIMINALS Any person who commits an illegal act with a guilty intention or commits a crime is called an offender or a criminal. In this context, any person who commits a cyber crime is known as a Cyber criminal. The cyber criminals may be children an adolescent aged b/w 6-18 years, they may be organized hackers, may be professional hackers or crackers, discounted employees, cheaters or even psychic persons. This division may be justified on the basis of the object that they have in their mind. The following are the category of Cyber Criminals. 1. Children and adolescents between the age group of 6-18 years 14 CYBER CRIMES IN BANKS This is really difficult to believe but it is true. Most amateur hackers and cyber criminals are teenagers. To them, who have just begun to understand what appears to be a lot about computers, it is a matter of pride to have hacked into a computer system or a website. There is also that little issue of appearing really smart among friends. These young rebels may also commit cyber crimes without really knowing that they are doing anything Wrong. The simple reason for this type of delinquent behavior pattern in children is seen mostly due to the inquisitiveness to know and explore the things. 2. Organized hackers These kinds of hackers are mostly Organized together to fulfill certain objective. The reason may be to fulfill their political bias, fundamentalism, etc. The Pakistanis are said to be one of the best quality hackers in the world. They mainly target the Indian government sites with the purpose to fulfill their political objectives. Further the NASA as well as the Microsoft sites is always under attack by the hackers. 3. Professional hackers / crackers Their work is motivated by the colour of money. These kinds of hackers are mostly employed to hack the site of the rivals and get credible, reliable and valuable information.\Further they are vein employed to crack the system of the employer basically as a measures to make it safer by detecting the loopholes. 4. Discontented employees This group include those people who have been either sacked by their employer or are dissatisfied with their employer. To avenge they normally hack the system of their employee. CHAPTER – 4 TYPES OF CYBER CRIME 15 CYBER CRIMES IN BANKS ATM Frauds Credit card Frauds Phishing Identity Theft Hacking Electronic Fund Transfer Fraud. ATM frauds 16 CYBER CRIMES IN BANKS The traditional and ancient society was devoid of any monetary instruments and the entire exchange of goods and merchandise was managed by the “barter system”. The use of monetary instruments as a unit of exchange replaced the barter system and money in various denominations was used as the sole purchasing power. The traditional monetary instruments from a paper and metal based currency to“plastic money” are in the form of credit cards, debit cards, etc. This has resulted in the increasing use of ATM all over the world. The use of ATM is not only safe but is also convenient. This safety and convenience, unfortunately, has an evil side as well that do not originate from the use of plastic money rather by the misuse of the same. This evil side is reflected in the form of That is a global problem. The use of plastic money is increasing day by day for payment of shopping bills, electricity bills, school fees, phone bills, insurance premium, travelling bills and even petrol bills. The world at large is struggling to increase the convenience and safety on the one hand and to reduce it misuse. ATM and Debit Card Fraud 17 CYBER CRIMES IN BANKS ATM fraud is on the rise, Law enforcement officials say, because thrives are becoming more and more sophisticated. Criminal have become virus clever a finding new ways to access your funds so consumer needs to pay careful attention to their bank statements in ceases there’re an authorized withdrawals because it’s more likely that someone has access to your bank account information. Criminals Steel Your Money Methods used by criminals to gain entry to your money accounts include hacking into bank database, phishing scams and unsolicited email the birching of retailer computer system And card skimming device placemen ATM machines and gas pupas. There isn’t a lot you can do About thieves gaining illegal entry into computer system and data base containing your Financial information besides vigilance and reporting unusual activity but some odd the methods criminals use of Greek into your bank account are directed right at the customer. I many cases people are handling crook the keys to their accounts. Knowing something about the methods used might save consume millions of dollar a year. Magnetic Card Skimmers steal your data 18 CYBER CRIMES IN BANKS Some tech savvy thieves are placing ATM card skimming devices over the real card readers. They will also place a tiny camera somewhere on the ATM machine so that the information of the screen is recorded as well as your hand punching in your PIN numbers. All of this is often transmitted to the thieves who are often sitting in a nearby car. They now have everything they need to empty your account of its fraud. This kind of scam has been reported in just about every major city in the world and people lose millions of dollars a year this way. Some of the card skimmers and cameras may be easy to detect but some of them take a trained eye and are only discovered when the ATM’s is serviced by a professional. If you notice anything out of the ordinary when using an ATM to withdraw funds you might consider trying another machine and report your suspicions to the authorities. 19 CYBER CRIMES IN BANKS Hacking ATM PIN A personal identification number (PIN, pronounced "pin"; often redundantly PIN number) is a numeric password shared between a user and a system that can be used to authenticate the user to the system. Typically, the user is required to provide a non-confidential user identifier Or token (the user ID) and a confidential PIN to gain access to the system. Upon receiving the user ID and PIN, the system looks up the PIN based upon the user ID and compares the looked-up PIN with the received PIN. The user is granted access only when the number entered matches with the number stored in the system. Researchers say they have discovered a fundamental weakness in the system that banks use to keep debit card pin codes undermine the entire debit card system. Using the methods outlined by the researchers, a hacker could siphon of Thousands of PIN codes and compromises hundred of banks. Criminals could them print phony debit cards and simultaneously withdraw vast amounts of cash using ATM’s around the world. 20 CYBER CRIMES IN BANKS Rarely does the transmission go directly to a customer bank. Instead, it is handed off several times on a banking network run by several third parties. Each time a Bank passes the data along, it goes through a switch that contains the hardware. Security modules and the PIN block is unscrambled and then descrambled. It is at these intermediate points where hackers could trick the machines into sensational PINs. CASE STUDY India's first Atm card fraud The Chennai City Police have busted a global posse included in cyber crime, with the capture of Deepak Prem Manwani (22), who was discovered in the act while softening into an ATM 21 CYBER CRIMES IN BANKS up the city in June last, it is dependably learnt. The measurements of the city cops' accomplishment can be gagged from the way that they have netted a man who is on the needed rundown of the imposing FBI of the United States. At the time of his confinement, he had with him Rs 7.5 lakh knocked off from two Atm’s in T Nagar and A biramipuram in the city. Before that, he had strolled away with Rs 50,000 from an ATM in Mumbai. While researching Manwani's case, the police discovered a cyber crime including scores of persons over the globe. Manwani is a MBA drop-out from a Pune school and served as an advertising official in a Chennai-based firm for quite a while. Interestingly, his brassy crime vocation began in an Internet bistro. While browsing the Net one day, he got pulled in to a site which offered him support in breaking into the Atm’s. His contacts, sitting some place in Europe, were prepared to provide for him MasterCard quantities of a couple of American banks for $5 for every card. The site additionally offered the attractive codes of those cards, yet charged $200 for every code. The administrators of the site had conceived an entrancing thought to get the individual ID number (PIN) of the card clients. They glided another site which looked like that of presumed telecom organizations. That organization has a large number of endorsers. The fake site offered the guests to return$11.75 for every head which, the site promoters said, had been gathered in overabundance by oversight from them. Accepting that it was a veritable offer from the telecom organization being referred to, a few lakh endorsers logged on to the site to get back that minimal expenditure, however simultaneously separated with their Pins. Equipped with all imperative information to hack 22 CYBER CRIMES IN BANKS The bank Atms, the posse started its deliberate plundering. Clearly, Manwani and numerous others of his kind entered into an arrangement with the posse behind the site and could buy any measure of information, obviously on specific terms, or just enter into an arrangement on a goods imparting premise. In the mean time, Manwani additionally figured out how to create 30 plastic cards that contained fundamental information to empower him to break into ATMS. He was enterprising to the point that he found himself able to offer away a couple of such cards to his contacts in Mumbai. The police are on the lookout for those persons as well. On receipt of vast scale grievances from the charged charge card clients and banks in the United States, the FBI began an examination concerning the undertaking furthermore alarmed the CBI in New Delhi that the worldwide posse had created a few connections in India as well. Manwani has since been developed safeguard after session by the CBI. At the same time the city police accept that this is the start of the end of a significant cyber crime. 23 CYBER CRIMES IN BANKS Credit Card Fraud There are many online credit card fraud are made when a customer use their credit card or debit card for any online payment, a person who had a mala fide intention use such cards detail and password by hacking and make misuse of it for online purchase for which the customers card used or hacked is suffered for such kind of attract or action of a fraud made by and evil. If electronic transactions are not secured the credit card numbers can be stolen by the hackers who can misuse this card by impersonating the credit card owner. 24 CYBER CRIMES IN BANKS DEFINITION of 'Credit Card' A card issued by a financial company giving the holder an option to borrow funds, usually at point of sale. Credit cards charge interest and are primarily used for short-term financing. Interest usually begins one month after a purchase is made and borrowing limits are pre-set according to the individual's credit rating. Credit Card are convenient payment method, although they do carry risks fraud with the use of stolen credit cards is committed for the purpose of the obtaining goods without Paying. Types of credit card fraud: Lost and Stolen Credit Cards Identity Theft Application Fraud Account take – over Counterfeit Credit cards Credit Card Skimming Mail/Internet Order Fraud Lost and Stolen Credit Cards 25 CYBER CRIMES IN BANKS In 2001 thieves stole £114m in the UK in 2001 through the use of lost and stolen credit cards. Most fraud on lost and stolen credit cards will take place at commercial outlets or Internet and telephone shops prior to the genuine card holder reporting its’ loss. Cards are often stolen during burglaries or pick pocketing in the street and then used almost instantaneously. Unlike counterfeit or card-not-present forms of fraud the victim will usually notice fairly quickly enabling the card to be blocked and hopefully limiting the damage. Identity theft Identity theft can be divided into two broad categories: application fraud and account takeover. Application fraud Application fraud takes place when a person uses stolen or fake documents to open an account in another person's name. Criminals may steal documents such as utility bills and bank statements to build up useful personal information. Alternatively, they may create fake documents. With this information, they could open a credit card account or Loan account in the victim's name, and then fully draw it. Account takeover Account takeover takes place when a person takes over another person's account, first by gathering personal information about the intended victim, and then contacting their card issuer while impersonating the genuine cardholder, and asking for mail to be redirected to a new address. The criminal then reports the card lost and asks for a replacement card to be sent. They may then set up a new PIN. They are then free to use the card until the rightful cardholder discovers the deception when he or she tries to use their own card, by which time the account would be drained. 26 CYBER CRIMES IN BANKS Counterfeiting Most cases of counterfeiting involve a process known as ‘skimming’ or cloning, where legitimate data from the magnetic stripe on a card is electronically copied on to another one without the knowledge of the rightful card holder. This is a particularly common problem when it comes to areas of commerce such as restaurants or bars where the cardholders will likely lose sight of their cards when it is swiped to pay for their drinks or meals. Here, corrupt waiters and waitresses are then able to sell on or use the details of the cardholder that they have acquired for fraudulent purposes. This will involve the creation of a duplicate counterfeited card which can then be signed on the back by the fraudster and then used as they please. The legitimate cardholder is unlikely to realize until they next receive information on their balance showing purchases that they did not make due to them thinking that their card and personal details were safe in their wallet. Skimming: Skimming is the theft of payment card information used in an otherwise legitimate transaction. The thief can procure a victim's card number using basic methods such as Photocopying receipts or more advanced methods such as using a small electronic device (skimmer) to swipe and store hundreds of victims’ card numbers. Common scenarios for skimming are restaurants or bars where the skimmer has possession of the victim's payment card out of their immediate view. The thief may also use a small keypad to unobtrusively transcribe the 3 or 4 digits Card Security Code, which is not present on the magnetic strip. Call centers are another area where skimming can easily occur. Skimming can also occur at merchants such as gas stations when a third-party cardreading device is installed either outside or inside a fuel dispenser or other card-swiping terminal. This device allows a thief to capture a customer’s card information, including their PIN, with each card swipe. 27 CYBER CRIMES IN BANKS PREVENTION FOR CREDIT CARD FRAUD Credit card fraud is bad business. In 2004, credit card fraud cost US merchants 2,664.9 million dollars (Celent Communications). Credit card fraud is a significant problem in Canada, too. The credit card loss total for 2007 was $304,255,215, according to the RCMP. And while 'no-card' fraud is growing, most credit card frauds are still being committed using lost, stolen or counterfeit cards. Whether you have a brick-and-mortar business or an online one, credit card fraud is costing you money. Credit card fraud prevention when dealing with credit card customers face-to-face Ask for and check other identification, such as a driver’s license or other photo ID. Check to see if the ID has been altered in any way as a person trying to use a stolen credit card may also have stolen or fake ID. Examine the signature on the card. If the signature on the credit card is smeared, it could be that the credit card is stolen and the person has changed the signature to his or her own. Compare signatures. Besides comparing the signature on the credit card with the person’s signature on the credit card slip, compare the signatures as well to those on any other ID presented. Have another look at the card’s signature panel. It should show a repetitive colour design of the MasterCard or Visa name. Altered signature panels (those that are discolored, glued, painted, erased, or covered with white tape) are an indication of credit card fraud. Check the credit card’s embossing. “Ghost images” of other numbers behind theembo ssing are a tip-off that the card has been re-embossed. The hologram may be damaged. (The holograms on credit cards that have not been tampered with will show clear, three-dimensional images that appear to move when the card is tilted.) 28 CYBER CRIMES IN BANKS Check the presented card with recent lists of stolen and invalid credit card numbers. Call for authorization of the credit card – remembering to take both the credit card and the sales draft with you. That way if the customer runs away while you’re making the call, you still have the credit card. Ask for a “Code 10” if you have reason to suspect a possible credit card fraud, such as a possible counterfeit or stolen card. Destroy all carbon copies of the credit card transaction, to ensure that no one can steal the credit card information and help prevent future credit card fraud. It’s also very important to be sure that your staff is educated about credit card fraud. PHISHING 29 CYBER CRIMES IN BANKS Meaning of Phishing : Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. The word is a neologism created as a homophone of phishing due to the similarity of using fake bait in an attempt to catch a victim. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting victims. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical To the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. 30 CYBER CRIMES IN BANKS 31 CYBER CRIMES IN BANKS Tips to avoiding phishing scams 32 CYBER CRIMES IN BANKS Don’t click on any links in e-mails, and if you do end up clicking, don’t enter any sensitive information. If you get an e-mail from a person or institution you trust seeking information, call up the helpline or any number that you know belongs to that institution and verify. Don’t be taken in by e-mails that threaten to shut down your account if you do not supply the information or promises of lottery winnings. These are usually faked. Genuine sites use encryption to transfer your sensitive information securely. So always check for the symbol of a lock on the bottom right of your browser and http; // instead of http;// in the address bar. To make doubly sure, click on the lock and check to whom the certificate is used. If you are not sure about the site, try entering the wrong password. A fraudulent site on the other hand will accept it. If you think have fallen victim to a phishing attack immediately contact your financial institution over the phone. A good practice is to have different user names and passwords for different sites. If you suspect a mail to be suspicious, forward it to the customer service E-mail for the bank or institution in question. Avoid filling out forms in e-mail message that ask for personal/financial privacy act protected information. Consider installing a web browser tool bar to help protect you from unknown phishing fraud websites. Regularly log into your online accounts. Regularly check your bank, credit and debit card statement to ensure that all transaction is legitimate. Ensure that your browser is up to date and security patches applied. 33 CYBER CRIMES IN BANKS IDENTITY THEFT AND IDENTITY FRAUDS Identity theft is no longer an unusual occurrence. It is rapidly evolving and is quickly becoming a socio economic inevitability. Identity theft is the fastest growing white-collar crime. It is a crime in which an impostor obtains key pieces of your personal identifying information such as your social security number or driver’s license number and uses them for their own personal gain. Identity pirates can gather all sorts of confidential information about you by prowling the Web. 34 CYBER CRIMES IN BANKS An identity thief can take your personal information from your mail box or your home. Identity theft is bad enough but right now it is also pretty much of a cottage industry relying primarily on techniques like dumpster diving. Identity theft laws and crack downs, while improving are definitely not where they should be. It’s hard to pin down, because each law enforcement agency may classify ID theft differently – it can involve credit card fraud, internet fraud or mail theft among other crimes. 35 CYBER CRIMES IN BANKS Signs of Identity Theft Watch for signs of identity theft. The quicker you catch it, the less likely you’ll incur a major hassle or expense. Follow up with creditors if any of the following occur: Your bills don’t arrive on time. This could mean an identity thief has taken over your credit card account and changed your billing address You receive unexpected credit cards or account statements 36 CYBER CRIMES IN BANKS You receive calls or letters about purchases you did not make You notice charges on your financial account or billing statement that you did not make You may also receive a call from your credit card company asking if you made any outstanding charges or large purchases at an unusual location. This would be a tip- off that your information has been taken even though your physical card wasn’t. HACKING "Hacking" is a crime, which means an unauthorized access made by a person to cracking the systems or an attempt to bypass the security mechanisms, by hacking the banking sites or accounts of the customers. If such crime is proved then for such hacking offence the accuse is punished under IT Act, for imprisonment, which may extend to three years or with fine, which may be extended to five lakh rupees or both. Hacking offence is considered as a cognizable offence, it also a bail able offence. Types of HACKERS Hackers can be broken down in several ways. You can classify hackers based on their skills, on their chosen specialty or a combination of both. This section described the various types of hackers and provides an indication of classification by reviewing guppta, Laliberqate & Klevisky’s (2000) three tired system. Each new technology that is developed generates a new specialization and new terms are created to describe these individuals. Some of them term that is most common are: 1. Cracker 37 CYBER CRIMES IN BANKS Eric S. Raymond, author of The New Hacker's Dictionary, advocates that members of the computer underground should be called crackers. According to Ralph D. Clifford, a cracker or cracking is to "gain unauthorized access to a computer in order to commit another crime such as destroying information contained in that system". These subgroups may also be defined by the legal status of their activities. 2. Phreaker Phreaking is a slang term coined to describe the activity of a culture of people who study, experiment with, or explore telecommunication systems, such as equipment and systems connected to public telephone networks. The term phreak is a sensational spelling of the word freak with the ph- from phone, and may also refer to the use of various audio frequencies to manipulate a phone system. Phreak, phreaker, or phone phreak are names used for and by individuals who participate in phreaking. Phreaking consisted of techniques to evade the long-distance charges. This evasion was illegal; the crime was called "toll fraud. 3. Script kiddies 38 CYBER CRIMES IN BANKS A script kiddies is basically an amateur or non-expert hacker wannabe who breaks into people's computer systems not through his knowledge in IT security and the ins and outs of a given website, but through the prepackaged automated scripts (hence the name), tools, and software written by people who are real hackers, unlike him. He usually has little to know Knowledge of the underlying concept behind how those scripts he has on hand works. Script kiddies have at their disposal a large number of effective, easily downloadable programs capable of breaching computers and networks. These are a number of reasons why a hacker would want to break into your computer. He may use your computer and ISP account for illegal activity, like disturbing child, pornography. One of the most recent uses of Trojan is to causes does (distributive denial of services) attacks. In a this attacks, the client comments all of the “servers” located on individuals PC to attack a single website. Thousands of individuals PCs can be command to access a web site like eBay or yahoo at the same time, clogging the sites bandwidth and causing and interruption of services. SOME OTHER TYPES OF CYBER CRIMES - 1. Denial Of Service Attack This is an act by the criminal, who floods the bandwidth of the victim’s network or fills his email box with spam mail depriving him of the services he is entitled to access or provide. 2. Software Piracy Theft of software through the illegal copying of genuine programs or the counterfeiting and distribution of products intended to pass for the original. Retail revenue losses worldwide are ever increasing due to this crime. It can be done in various ways- End user copying, hard disk loading, Counterfeiting, Illegal downloads from the internet etc 39 CYBER CRIMES IN BANKS 3. Spoofing Getting one computer on a network to pretend to have the identity of another computer, usually one with special access privileges, so as to obtain access to the other computers on the network is called spoofing. CHAPTER -6 PREVENTION OF CYBER CRIME. 40 CYBER CRIMES IN BANKS Fraud is a billion-dollar business and it is increasing every year. The PwC global economic crime survey of 2009 suggests that close to 30 percent of companies worldwide have reported being victims of fraud in the past year. Fraud involves one or more persons who intentionally Act secretly to deprive another of something of value, for their own benefit. Fraud is as old as humanity itself and can take an unlimited variety of different forms. However, in recent years, the development of new technologies has also provided further ways in which criminals may commit fraud. In addition to that, business reengineering, reorganization or downsizing may weaken or eliminate control, while new information systems may present additional Traditional methods of data analysis have long been used to detect fraud. They require complex and time-consuming investigations that deal with different domains of knowledge like financial, economics, business practices and law. Fraud often consists of many instances or incidents involving repeated transgressions using the same method. Fraud instances can be similar in content and appearance but usually are not identical. The first industries to use data analysis techniques to prevent fraud were the telephone companies, the insurance companies and the banks (Decker 1998). One early example of successful implementation of data analysis techniques in the banking industry is the FICO Falcon fraud assessment system, which is based on a neural network shell. Retail industries also suffer from fraud at POS. Some supermarkets have started to make use of digitized closed-circuit television (CCTV) together with POS data of most susceptible transactions to fraud. Internet transactions have recently raised big concerns, with some research showing that internet transaction fraud is 12 times higher than in-store fraud. Fraud that involves cell phones, insurance claims, tax return claims, credit card transactions etc. represent significant problems for governments and businesses, but yet detecting and preventing fraud is not a simple task. 41 CYBER CRIMES IN BANKS Fraud is an adaptive crime, so it needs special methods of intelligent data analysis to detect and prevent it. These methods exist in the areas of Knowledge Discovery in Databases (KDD), Data Mining, Machine Learning and Statistics. They offer applicable and successful solutions in different areas of fraud crimes. Cyber prevention Act 2012 The Cybercrime Prevention Act of 2012 is the first law in the Philippines which specifically criminalizes computer crime, which prior to the passage of the law had no strong legal 42 CYBER CRIMES IN BANKS precedent in Philippine jurisprudence. While laws such as the Electronic Commerce Act of 2000 (Republic Act No. 8792[6]) regulated certain computer-related activities, these laws did not provide a legal basis for criminalizing crimes committed on a computer in general: for example, One l de Guzman, the computer programmer charged with purportedly writing the I LOVE YOU computer worm, was ultimately not prosecuted by Philippine authorities due to a lack of legal basis for him to be charged under existing Philippine laws at the time of his arrest. The initial draft of the law started in 2002 from the former Information Technology and e Commerce Council (ITECC) Legal and Regulatory Committee chaired by Atty. Reactions The new Act received mixed reactions from several sectors upon its enactment, particularly with how its provisions could potentially affect freedom of expression, freedom of speech and data security in the Philippines. The local business process outsourcing industry has received the new law well, citing an increase in the confidence of investors due to measures for the protection of electronic devices and online data. Media organizations and legal institutions though have criticized the Act for extending the definition of libel as defined in the Revised Penal Code of the Philippines, which has been criticized by international organizations as being outdated: the United Nations for one has remarked that the current definition of libel as defined in the Revised Penal Code is inconsistent with the International Covenant on Civil and Political Rights, and therefore violates the respect of freedom of expression. Local media and journalist groups which are opposed to it. The Centre for Law and Democracy also published a detailed analysis criticizing the law from a freedom of expression perspective. Steps for prevention of Cyber Crime Prevention is always better than cure. It is always better to take certain precaution while operating the net. Never disclose your personal information publicly on websites. This is as 43 CYBER CRIMES IN BANKS Good as disclosing your identity to strangers in public place. Always avoid sending any photograph online particularly to strangers and chat friends as there have been incidents of misuse of the photographs. Never enter your credit card number to any site that is not secured, to prevent its misuse. Always keep a watch on the sites that your children are accessing to prevent any kind of harassment or depravation in children Always use latest and updated Antivirus software to guard against virus attacks. To prevent loss of data due to virus attacks, always keep back up of your data. It is advisable to use a security program that gives control over the cookies and send information back to the site, as leaving the cookies unguarded might prove fatal. Use of firewalls proves beneficial. Website owners should watch traffic and check any irregularity on the site. Putting host-based intrusion detection devices on servers will serve the purpose. Capacity of human mind is profound. It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has Succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties and to guard ourselves so that crime has no effect on us. 44 CYBER CRIMES IN BANKS CHAPTER -6 CYBER LAWS IN INDIA INTRODUCTION In Simple way we can say that cyber crime is unlawful acts wherein the computer is either a tool or a target or both Cyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code. The abuse of computers has also given birth to a gamut of new age crimes 45 CYBER CRIMES IN BANKS That is addressed by the Information Technology Act, 2000. Cyber law (also referred to as cyber law) is a term used to describe the legal issues related to use of communications technology, particularly "cyberspace", i.e. the Internet. It is less a distinct fielding of law in the way that property or contracts are as it is an intersection of many legal fields, including intellectual property, privacy, freedom of expression, and jurisdiction. In essence, cyber law is an attempt to integrate the challenges presented by human activity on the Internet with legacy system of laws applicable to the physical world. Advantages of Cyber Laws The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. We need such laws so that people can perform purchase transactions over the Net through credit cards without fear of misuse. The Act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records. In view of the growth in transactions and communications carried out through electronic records, the Act seeks to empower government departments to accept filing, creating and retention of official documents in the digital format. The Act has also proposed a legal framework for the authentication and origin of electronic records / communications through digital signature. From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain many positive aspects. Firstly, the implications of these provisions for the ebusinesses would be that email would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law. Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act. Digital signatures have been given legal validity and sanction in the Act. The Act throws open the doors for the entry of corporate companies in the business of being Certifying Authorities for issuing Digital Signatures Certificates. 46 CYBER CRIMES IN BANKS The Act now allows Government to issue notification on the web thus heralding egovernance. The Act enables the companies to file any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in electronic form by means of such electronic form as may be prescribed by the appropriate Government. The IT Act also addresses the important issues of security, which are so critical to the success of electronic transactions. The Act has given a legal definition to the concept of secure digital signatures that would be required to have been passed through a system of a security procedure, as stipulated by the Government at a later date. Under the IT Act, 2000, it shall now be possible for corporate to have a statutory remedy in case if anyone breaks into their computer systems or network and causes damages or copies data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 Crore. IT Act of India 2000 In May 2000, both the houses of the Indian Parliament passed the Information Technology Bill. The Bill received the assent of the President in August 2000 and came to be known as The Information Technology Act, 2000. Cyber laws are contained in the IT Act, 2000. This Act aims to provide the legal infrastructure for e-commerce in India. And the cyber laws have a major impact for e-businesses and the new economy in India. So, it is important to understand what are the various perspectives of the IT Act, 2000 and what it offers. The Information Technology Act, 2000 also aims to provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried 47 CYBER CRIMES IN BANKS out by electronic means. The Act states that unless otherwise agreed, an acceptance of contract may be expressed by electronic means of communication and the same shall have legal validity and enforceability. Some highlights of the Act are listed below: Chapter-II of the Act specifically stipulates that any subscriber may authenticate an electronic record by affixing his digital signature. It further states that any person can verify an electronic record by use of a public key of the subscriber. Chapter-III of the Act details about Electronic Governance and provides inter alia amongst others that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is rendered or made available in an electronic form; and accessible so as to be usable for a subsequent reference. The said chapter also details the legal recognition of Digital Signatures. Chapter-IV of the said Act gives a scheme for Regulation of Certifying Authorities. The Act envisages a Controller of Certifying Authorities who shall perform the function of exercising supervision over the activities of the Certifying Authorities as also laying down standards and conditions governing the Certifying Authorities as also specifying the various forms and content of Digital Signature Certificates. The Act recognizes the need for recognizing foreign Certifying Authorities and it further details the various provisions for the issue of license to issue Digital Signature Certificates. Chapter-VII of the Act details about the scheme of things relating to Digital Signature Certificates. The duties of subscribers are also enshrined in the said Act. Chapter-IX of the said Act talks about penalties and adjudication for various offences. The penalties for damage to computer, computer systems etc. has been fixed as 48 CYBER CRIMES IN BANKS damages by way of compensation not exceeding Rs. 1,00,00,000 to affected persons. The Act talks of appointment of any officers not below the rank of a Director to the Government of India or an equivalent officer of state government as an Adjudicating Officer who shall adjudicate whether any person has made a contravention of any of the provisions of the said Act or rules framed there under. The said Adjudicating Officer has been given the powers of a Civil Court. Chapter-X of the Act talks of the establishment of the Cyber Regulations Appellate Tribunal, which shall be an appellate body where appeals against the orders passed by the Adjudicating Officers, shall be preferred. Chapter-XI of the Act talks about various offences and the said offences shall be investigated only by a Police Officer not below the rank of the Deputy Superintendent of Police. These offences include tampering with computer source documents, publishing of information, which is obscene in electronic form, and hacking. The Act also provides for the constitution of the Cyber Regulations Advisory Committee, which shall advice the government as regards any rules, or for any other purpose connected with the said act. The said Act also proposes to amend the Indian Penal Code, 1860, the Indian Evidence Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934 to make them in tune with the provisions of the IT Act. CONCLUSION 49 CYBER CRIMES IN BANKS Lastly I conclude by saying that “Thieves are not born, but made out of opportunities.” This quote exactly reflects the present environment related to technology, where it is changing very fast. By the time regulators come up with preventive measures to protectcustomers from innovative frauds, either the environment itself changes or new technology emerges. This helps criminals to find new areas to commit the fraud. Computer forensics has developed as an indispensable tool for law enforcement. But in the digital world, as in the physical world the goals of law enforcement are balanced with the goals of maintaining personal liberty and privacy. Jurisdiction over cyber crimes should be standardized around the globe to make swift action possible against terrorist whose activities are endearing security worldwide. The National Institute of justice, technical working group digital evidence are some of the key organization involved in research. The ATM fraud is not the sole problem of banks alone. It is a big threat and it requires a co-ordinated and cooperative action on the part of the bank, customers and the law enforcement machinery. The ATM frauds not only cause financial loss to banks but they also undermine customers' confidence in the use of ATMs. This would deter a greater use of ATM for monetary transactions. It is therefore in the interest of banks to prevent ATM frauds. There is thus a needto take precautionary and insurance measures that give greater "protection" to the ATMs, particularly those located in less secure areas. Traditional systems like credit cards had some security features built into them to prevent such crime but issue of e-money by unregulated institutions may have one. Preventing cyber money laundering is an uphill task which needs to be tackled at different levels. This has to be fought on three planes, first by banks/ financial institutions, second by nation states and finally through international efforts. The regulatory framework must also take into account all the related issues like development of e-money, right to privacy of individual. International law and international co-operation will go a long way in this regard. Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no Legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. Further I all 50 CYBER CRIMES IN BANKS together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crimes NAME OF BOOKS AUTHOR’S NAME WHAT IS CYBER CRIME NAGPAL R. CYBER CRIME DUGGAL PAWAN KUMAR THE VINODBATTLE WINNING PARTHASARTHI PATI AGAINST CYBER CRIME BIBLIOGRAPHY 51 CYBER CRIMES IN BANKS WIBLIOGRAPHY 52 CYBER CRIMES IN BANKS http;//www.hdfcbank.com/abouts/security/emeal_security.htm. http;//www.navi.org/pati/pati_cybercrime-dce.03htm. http;//www.legalserviceindia.com/article/1262-cyber-crimes-&generalprincipals.html http;//www.mouthshut.com/review/avoiding_credit-card_fraud-20736-1.html 53 CYBER CRIMES IN BANKS https://en.wikipedia.org/wiki/Bank_fraud www.silverinnings.in/docs/Finance/Frauds/Types of Internet Fraud. www.crossdomainsolutions.com/cyber-crime/ www.infosecawareness.in/cyber-laws/it-act-of-india-2000 ANNEXURE Abbreviation 54 CYBER CRIMES IN BANKS PIN Personal Identification Number ATM Automated Teller Machine CVV Card Verification Value IFCC Internet Fraud Complaint Center HSM Hardware Security Module EFT Electronic Fund Transfer ERP Enterprise Resource Planning GUI Graphical User Interface NFMS Neural Fraud Management System AMS Automatic Modeling System TSP Time Stamp Protocol IRS Internal Revenue Service URL Uniform Resource Locator THANK YOU 55