A STUDY ON CYBERCRIMES

IN BANKING SECTOR IN
INDORE AND CYBER LAWS
-By Priyanka Ahirwar [L.L.M. II sem. (Business Law)]
INTRODUCTION
Economy is one of the pillars which defines the progress and growth of a nation. Banking sector is
considered as the backbone of the economy. For our day-to-day transactions, we enter into monetary
transactions in the form of cash payments, cheques or demand drafts. However, this trend has paved the
way to a modern system of payment in the form of swiping of debit cards or credit cards. On the
recommendation of the Committee on Financial System (Narasimha Committee) 1991-1998, information
and technology in banking sector was used. On one hand, technology has created advantage for banks and
financial institutions but on the other hand, there have been risks involved in it as well. Technology risks
not only have a direct impact on a bank as operational risks but can also exacerbate other risks like credit
risks and market risks. Given the increasing reliance of customers on electronic delivery channels to
conduct transactions, any security related issues have the potential to undermine public confidence in the
use of e-banking channels and lead to reputation risks to the banks. Inadequate technology
implementation can also induce strategic risk in terms of strategic decision making based on inaccurate
data/information. Banking sector has witnessed expansion of its services and strives to provide better
customer facility through technology but cyber-crime remains an issue. Information which is available
online is highly susceptible to be attacked by cyber criminals. Cyber-crimes result in huge monetary losses
which are incurred not only by the customer but by the banks also which affects economy of a nation.
Non-monetary cyber-crime occurs when viruses are created and distributed on other computers or
confidential business information is posted on Internet. The most common of it is phishing and pharming.
CONCEPT OF E-BANKING
• Electronic Banking or e-banking refers to a system where banking activities are
carried out using informational and computer technology over human resource.
In comparison to traditional banking services, in e-banking there is no physical
interaction between the bank and the customers. E-banking is the delivery of
banks information and services by banks to customers via different delivery
platforms that can be used with different terminal devices such as personal
computer and a mobile phone with browser or desktop software, telephone or
digital television.

• E-banking is also known as Cyber Banking, Home Banking and Virtual

Banking. E-banking includes Internet Banking, Mobile Banking, RTGS, ATMs,
Credit Cards, Debit Cards, and Smart Cards etc.
CYBERCRIME
Neither crime nor cyber-crime has been defined in IPC or Information Technology Act,
2000 (hereinafter referred as IT Act), but only provides punishment for certain
offences. The word "cyber" is synonymous with computer, computer systems and
computer network. Thus, it can be said that cybercrime occurs when any illegal activity
is committed using a computer or computer resource or computer network. Douglas
and Loader have defined cybercrime as a computer mediated activity which is
conducted through global electronic networks that are either considered illicit or illegal
by certain parties. Cybercrimes have been classified into four categories by Wall. They
are cyber-deceptions, cyber-violence, cyber-pornography and cybertrespass. The frauds
in e-banking sector are covered under cyber-deception. Cyber-deception is further
defined as an immoral activity which includes theft, credit card fraud, and intellectual
property violations. Mostly frauds are committed because of two goals, one, to gain
access to the user's account and steal his/her personal information and transfer funds
from one account to another. Second is to undermine the image of the bank and block
the bank server so that the customer is unable to access his/her account.
CYBERCRIME IN BANKING SECTOR
Hacking: It is a technique to gain illegal access to a computer or
network in order to steal, corrupt, or illegitimately view data.
Phishing: It is a technique to obtain confidential information such
as usernames, passwords, and debit/credit card details, by
impersonating as a trustworthy entity in an electronic
communication and replay the same details for malicious reasons.
Vishing: It is the criminal practice of using social engineering over
the telephone system to gain access to private personal and
financial information from the public for the purpose of financial
reward.
E-mail Spoofing: It is a technique of hiding an e-mails actual origin by forging the e-mail header to appear
to originate from one legitimate source instead of the actual originating source.
Spamming: Unwanted and unsolicited emails usually sent in bulk in an attempt to force the message on
people who would not otherwise choose to receive it are referred to as Spam E-mails.
Denial of Service : This attack is characterized by an explicit attempt by attackers to prevent legitimate users
of a service from using that service by "flooding" a network to disallow legitimate network traffic, disrupt
connections between two machines to prohibit access to a service or prevent a particular individual from
accessing a service.
Advanced Persistent Threat: It is characterised as a set of complex, hidden and ongoing computer hacking
processes, often targeting a specific entity to break into a network by avoiding detection to gather sensitive
information over a significant period of time. The attacker usually uses some type of social engineering, to
gain access to the targeted network through legitimate means. Successful advanced persistent threat
campaigns can result in costly data breaches.
ATM Skimming and Point of Sale Crimes: It is a technique of compromising the ATM machine or POS
systems by installing a skimming device atop the machine keypad to appear as a genuine keypad or a device
made to be affixed to the card reader to look like a part of the machine. Additionally, malware that steals
credit card data directly can also be installed on these devices. Successful Implementation of skimmers
causes ATM machines to collect card numbers and personal identification number (PIN) codes that are later
replicated to carry out fraudulent transactions.
1. (Chavan, 2013) has stated that the meaning of electronic banking is providing banking services and products to the
customers through electronic delivery channels such asinternet banking, mobile banking ATM facilities and Credit
cards etc.

2. (Raghavan and Parthiban, 2014) There are various frauds committed in e-banking sector relating to Automatic Teller
Machine, credit card frauds such as phishing attacks, identity theft;data stealing, hacking, cracking, malware attacks and
many more this is leading to huge financial losses to the country at large.

3. In the words of Cybint, human error is the main cause of cybersecurity and 2020 was significantly affected by online
criminals and these will consistently go on in the coming years also.

4. A. Lakshmanan (2019) has done a study exclusively focused on cybercrime and found that cybercrime activities will be
rising in the upcoming days and there is no full stop for that.
5. Ms. Neeta, Dr. V.K. Baksh (2019) has jointly published a research article on Cyber Crimes in Banking Sector and
suggested that cyber-attacks should be prevented by adhering to strict compliance of law.

6. H. Singh Rao (2019) did a study to analyze Cyber Crimes in the Banking Sector. The study highlighted the fact that
India stands third among top 20 cybercrime victims.

7. (Singh, 2012) the article states that various kinds of phishing techniques are practiced by the fraudsters.
The various cases were reported by ICICI Bank and later on even by UTI bank and state bank of India and others. In
India there are several cases relating to attacks on genuine websites.

8. (Patil, 2012) have said that here are various types of Internet banking risk one of it is information security risk, lack
of data security techniques exposes banks data to hackers or insider attackers by inserting viruses and stealing the data
which will be misused by the fraudsters in committing frauds, therefore causing financial losses to the institutions.
Objectives of the study
● To study cybercrimes and its implications on the Banking
Sector
● To understand the seriousness of online cyber threats
available to the Internet banking industry.
● To understand the impacts of cybercrime and its motives.
● To measure the scope of security and its implementation in
Internet banking sectors.
● To analyze and use the preventive measures available to
control frauds.
SOCIAL AND LEGAL AREA IN WHICH ORGANIZATION IS WORKING

The Yuva Udaan Foundation aims at creating a cyber secure nationwhere each citizen is
safeguarded against cybercrimes. They believe that security and welfare in today’s times
need to be as much online as offline. The foundation aims to achieve social welfare using
information technology. Through it, they aim to make all citizens cyber warriors who can
successfully deal with the challenges that come with the advancement in technology.
Their pattern of education is not completely evolved yet to be able to counter the
increasing cyber crimes and so people become easy victims irrespective of their
qualifications. The foundation aims to empower people through interactions and
workshops in schools, colleges and organisations , collaborations with police departments
and NGOs and sensitisation drives. The foundation would work through a network of
trained volunteers who would be equipped with knowledge and techniques to use
technology for the greater good.
 PROVISIONS UNDER THE INFORMATION TECHNOLOGY ACT, 2000

Hacking and Data Theft:

Sections 43 and Section 66 of the IT Act penalizes activities such as data theft, hacking into a computer network,
introducing and spreading viruses through computer networks, damaging computers or computer networks or computer
programs, disrupting any computer or network, damaging or destroying information in a computer, etc. The maximum
punishment for these offenses is imprisonment of up to 3 (three) years or a fine of Rs. 5,00,000/- (Rupees Five Lakh
only) or both.

Identity theft and cheating by personation:

Section 66C of the IT Act prescribes punishment for identity theft and provides that anyone who fraudulently or
dishonestly makes use of the electronic signature, password, or any other unique identification feature of any other
person shall be punished with imprisonment of either description for a term which may extend to 3 (three) years and
shall also be liable to fine which may extend to Rs. 1,00,000/- (Rupees One Lakh only.)
Section 66D of the IT Act prescribes punishment for cheating by personation by using computer resources
and provides that any person who by means of any communication device or computer resource cheats by
personation, shall be punished with imprisonment of either description for a term which may extend to 3
(three) years and shall also be liable to fine which may extend to Rs. 1,00,000/- (Rupees One Lakh only).

Section 43(h) of the IT Act:

Section 43(h) read with section 66 of the IT Act penalizes an individual who charges the services availed of
by a person to the account of another person by tampering with or manipulating any computer, computer
system, or computer network.

Section 65 of the IT Act:

Section 65 of the IT Act prescribes punishment for tampering with computer source documents as
imprisonment for up to 3 (three) years or with a fine which may extend to Rs. 2,00,000/- (Rupees Two Lakh
only) or with both.
Section 73 of IT Act:
Read along with Section 3 that defines and explains electronic signature (the word electronic signature was
earlier defined as digital signature, and was amended vide Information Technology Amendment Act, 2008)
In these circumstances, the person may be imprisoned for a term that may extend to 2 (two) years and shall
also be liable to a fine which may extend to Rs. 1,00,000/- (Rupees One Lakh only) or both.

Section 75 of the IT Act:

This section grants universal jurisdiction for offenses committed by a person not authorized to do so, who
attacks the computer system under operations in banks in India by hacking either by operating within India
or outside India.
PROVISIONS UNDER INDIAN PENAL CODE, 1860

Section 379: The punishment involved under this section, for theft, can be up to three years in addition to the fine.
The IPC Section comes into play in part because many cyber crimes involve hijacked electronic devices, stolen
data, or stolen computers.
Section 420: This section talks about cheating and dishonestly inducing delivery of property. Seven-year
imprisonment in addition to a fine is imposed under this section on cybercriminals doing crimes like creating fake
websites and cyber frauds. In this section of the IPC, crimes related to password theft for fraud or the creation of
fraudulent websites are involved.
Section 463: This section involves falsifying documents or records electronically. Spoofing emails is punishable
by up to 7 years in prison and/or a fine under this section.
Section 465: This provision typically deals with the punishment for forgery. Under this section, offences such as
the spoofing of email and the preparation of false documents in cyberspace are dealt with and punished with
imprisonment ranging up to two years, or both.
Section 468: Fraud committed with the intention of cheating may result in a seven-year prison sentence and a fine.
This section also punishes email spoofing.
INTERNATIONAL INITIATIVE ON CYBERCRIME

The Asia-Pacific Economic Cooperation (APEC)

In the Asia-Pacific region, the APEC coordinates its 21 member economies to promote cybersecurity
and to tackle the risks brought about by cybercrime (APEC, 2003). The APEC has conducted a
capacity-building project on cybercrime for member economies in relation to legal structures and
investigative abilities, where the advanced APEC economies support other member-economies in
training legislative and investigative personnel.

The Organization for Economic Cooperation and

Development (OECD)

With its 30 member countries, the OECD addressed computer security for several decades. In 1983, an
expert committee was appointed by the OECD to discuss computer crime phenomena and criminal-law
reform (Schjolberg & Hubbard, 2005). Offences against confidentiality, integrity or availability listed in the
1985 OECD document included unauthorized access, damage to computer data or computer programmes,
computer sabotage, unauthorized interception, and computer espionage.
Global international efforts by the United Nations (UN)

In 1990, the General Assembly of the UN adopted the Guidelines Concerning

Computerized Personal Data Files. It proposed to take appropriate measures to
protect the files against both natural and artificial dangers. The guidelines extended
the protection of governmental international organizations (Part B).

"The International Review of Criminal Policy: United Nations Manual on the

Prevention and Control of Computer-related Crime“ called for further international
work and presented a proper statement of the problem. It stated that at the
international level, further activities could be undertaken, including harmonizing
substantive law, and establishing a jurisdictional base.
NATIONAL INITIATIVE ON CYBERCRIME

Cyber Surakshit Bharat

Aiming at strengthening the cybersecurity ecosystem in India — in line with the
government’s vision for a ‘Digital India’, The Ministry of Electronics and Information
Technology (MeitY) has launched Cyber Surakshit Bharat initiative. This program was in
association with the National e-Governance Division (NeGD).

Website Audit
Amid the increasing number of government website hacking, email phishing, data theft, and
privacy breach cases, the Indian government has planned to conduct an audit on all the
government websites and applications. Under this initiative, approximately 90 security
auditing organisations have been empanelled by the government for auditing the best practices
of information security.
Crisis Management Plan
Another major initiative by the central government is the formulation and implementation of a crisis
management plan by all the government departments and the above mentioned critical sectors. This initiative is
aimed at establishing a strategic framework for employees and leaders to prepare for a breach incident. It also
ensures to manage the cyber interruptions of critical functions in every critical sector of the government. It
assists organisations to put in place the correct mechanisms behind the desk to effectively deal with the
cybersecurity crisis. If properly implemented this can also be able to pinpoint responsibilities and
accountabilities right down to individual level.

Personal Data Protection Bill

Lastly, however, the most important one for Indian citizen, is theapproval of the Personal Data Protection (PDP)
Bill by the uniongovernment in order to protect Indian users from global breaches, which focuses on data
localisation. The bill implies the storage and processing of any critical information related to individuals only in
India. It strictly states that the sensitive personal data of the individual requires to be stored locally, however, it
can be processed abroad subject to certain conditions. The bill also aims at making social media companies more
accountable and pushing them to solve issues related to the spread of offensive content.
PROBLEM STATEMENT

Cybercrime is a major problem in this world and mostly all banking organizations rely on the internet. Cyber-
attacks have become an easy option for cybercriminals to access other confidential data through the internet,
normally hackers are targeting customer's data and funds, as well as the bank's core systems. These cyber-
attacks are commonly done by malware and phishing. Cybercriminals are targeting banks because their data
is more valuable, normally cybercriminals obtain their customer data from social networks like Facebook.
Today in India (according to RBI statistics) around 35 % of the population is using E-Banking for daily
transactions, this plays a major role in cybercrime. One-third of the cyber-attacks were fruitful for the
attacker who hit on financial services. The country recorded over one thousand cases of credit and debit card
frauds in 2020. Criminals are also learning new technologies to make cyber-attacks. As the world becomes
digital, security measures must update frequently.
RESEARCH METHODOLOGY

This research was conducted using second-hand Data listed in different databases of books,
Research papers, and related articles on Cybercrime in the banking sector in indore.
CYBERCRIME- DEBIT CARD/ CREDIT CARD
CYBERCRIME- OTP FRAUDS
CYBERCRIME- CHEATING BY PERSONATION BY USING
COMPUTER RESOURCES (SEC.66D)
CYBERCRIME- IDENTITY THEFT (SEC.66C)
CYBERCRIME- ONLINE BANKING FRAUD
CYBERCRIME- ATM
Not only cyber experts, many other people, especially students
believe that digital transactions will increase online and ATM
frauds and the Government didn’t have strong cyber security
mechanism to control the crime.