You are on page 1of 79

UNIVERSITY OF MUMBAI PROJECT ON CYBER CRIME IN BANKING SECTOR

SUBMITTED BY ASHA VASHUMAL AHUJA

PROJECT GUIDE Prof. Mrs. MINAL GANDHI

BACHELOR OF MANAGEMENT STUDIES SEMESTER V (2009-10)

V.E.S. COLLEGE OF ARTS, SCIENCE & COMMERCE, SINDHI COLONY, CHEMBUR – 400071

Page 1 of 79

UNIVERSITY OF MUMBAI

PROJECT ON CYBER CRIME IN BANKING SECTOR

Submitted In Partial Fulfillment of the requirements For the Award of the Degree of Bachelor of Management By AKHIL RAVIN SHETTY

PROJECT GUIDE Prof. Mrs. MINAL GANDHI

BACHELOR OF MANAGEMENT STUDIES SEMESTER V (2013-14) S.D COLLEGE OF SCIENCE & COMMERCE,

Page 2 of 79

Declaration
I student of BBI –

Semester V (20013-14) hereby declare that I have completed this project on .

. The information submitted is true & original to the best of my knowledge.

Student’s Signature

Name of Student ( )

Page 3 of 79

(Mrs) J. A. ________________________ Of TYBMS has successfully completed the project on __________________________ _____________________ under the guidance of_________________ ___________ Project Guide Prof. MARTINA External Examiner Page 4 of 79 . PHADNIS Course Co-ordinator Mrs.K. MINAL GANDHI Principal Dr.C E R T I F I C A T E This is to certify that Ms.

Credit also goes to my friends whose constant encouragement kept me in good stead. I would avail this opportunity to express my profound gratitude and indebtness to all those people. I am extremely grateful to my project guide Prof. Lastly without fail I would thank all my faculties for providing all explicit and implicit support to me during the course of my project. I would like to thank all the people who have helped me in completion of project. She proved to be a constant source of inspiration to me and provided constructive comments on how to make this report better. MINAL GANDHI who has given an opportunity to work on such an interesting project. Page 5 of 79 . Mrs.ACKNOWLEDGEMENT This is to express my earnest gratitude and extreme joy at being bestowed with an opportunity to get an opportunity to get an interesting and informative project on ―CYBER CRIME IN BANKING SECTOR‖.

Cyber crime is a crime that is committed online in many areas using e-commerce.to present fraudulent solicitations to prospective victims. or Web sites . has an evil side as well that do not originate from the use of plastic money rather by the misuse of the same. Cyber crimes can be of various types such as Telecommunications Piracy.Scams. Internet commerce has grown exponentially during the past few years and is still growing.Internet banking fraud. which use computers and networks for criminal activities. But unfortunately the growth is not on the expected lines because the credit card fraud which has become common has retarded the e-commerce growth.such as chat rooms. etc. network operations. Spyware .Identity theft . Electronic Money Laundering and Tax Evasion. Sales and Investment Fraud. to conduct fraudulent transactions. A computer can be the target of an offence when unauthorized access of computer network occurs and on other hand it affects ECOMMERCE. Electronic Funds Transfer Fraud and so on… The modern contemporary era has replaced these traditional monetary instruments from a paper and metal based currency to ―plastic money‖ in the form of credit cards. Certain preventive measures can be taken to becoming a credit card victim. e-mail. The use of ATM is not only safe but is also convenient. Page 6 of 79 . This has resulted in the increasing use of ATM all over the world.EXCECUTIVE SUMMARY Cyber crimes are any illegal activities committed using computer target of the criminal activity can be either a computer. unfortunately. or to transmit the proceeds of fraud to financial institutions or to other connected with the scheme. debit cards. message boards. Credit card fraud can be done by taking over the account. This evil side is reflected in the form of ―ATM frauds‖ that is a global problem.Phishing . The term "Internet fraud" refers generally to any type of fraud scheme that uses one or more components of the Internet . Credit card fraud has become regular on internet which not only affects card holders but also online merchants. skimming or if the card is stolen. include: Spam . Some forms of Internet fraud. Cyber crimes are genus of crimes. The difference between traditional crimes and cyber crimes is the cyber crimes can be transnational in nature. This safety and convenience.

1991 Page 7 of 79 . Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb". – National Research Council. "Computers at Risk"."The modern thief can steal more with a computer than with a gun.

3. 1. 5.INDEX SRNO. 4. TOPICS CYBER CRIME TYPES OF CYBER CRIME CLASSIFICATION OF CYBER CRIME REASONS FOR CYBER CRIME PAGE NO 01-08 09-25 26-28 29-30 CYBER CRIMINALS MODE AND MANNER OF COMMITING CYBER CRIME BANKING SECTOR CYBER CRIME IN BANKING SECTOR A) ATM FRAUD B) MONEY LAUNDERING C) CREDIT CARD FRAUD CASE STUDY GENERAL TIPS ON AVOIDING POSSIBLE INTERNET FRAUD SCHEMES RECENT CASES CONCLUSION BIBLOGRAPHY 31 32-34 35-36 7 5 8 37-43 42-52 53-63 64-65 9 10 66-67 11 12 13 68 69-70 71 Page 8 of 79 . 6. 2.

The internet. sports or education. Computer crimes are criminal activities. which involve the use of information technology to gain an illegal or an unauthorized access to a computer system with intent of damaging. using of INTERNET Service. It has given rise to new opportunities in every field we can think of – be it entertainment. They rather include the manipulation of confidential data and critical information. Computers today are being misused for illegal activities like email espionage. business. the major disadvantages. identity theft and data as well as system interference. as also the theft and illegal alteration of system critical Page 9 of 79 . has also got some pros & cons. Computer crimes may not necessarily involve damage to physical property. along with its advantages. deleting or altering computer data. has also exposed us to security risks that come with connecting to a large network. which invade our privacy and offend our senses. and software piracy and so on. illegal activity committed on the internet by certain individuals because of certain loop-holes. Computer crimes also include the activities such as electronic frauds. wherein the privacy of the users is hampered. Similarly the new & profound technology i. These criminal activities involve the breach of human and information privacy. There are many pros and cons of some new types of technology which are been invented or discovered. spams. credit card fraud.CYBER CRIME INTRODUCTION The usage of internet services in India is growing rapidly. Computer crimes involve activities of software theft.e. misuse of devices. Criminal activities in the cyberspace are on the rise. These cons are named CYBER CRIME.

theft. although the terms computer crime and cybercrime are more properly restricted to describing criminal activity in which the computer or network is a necessary part of the crime. and phishing and bot attacks. As per the National Crime Records Bureau statistics. cybercrime. various governmental and non-governmental agencies are working towards reducing cyber crime activities. The different types of computer crimes have necessitated the introduction and use of newer and more effective security measures. target. including illegal access (unauthorized access). and embezzlement. such as fraud. e-crime. Computer crime. And mind you. forgery. there has been a 255% increase in cyber crime in India alone. The malicious attacks included denial-of-service attacks. Today. spam made up 69% of all monitored e-mail traffic in the Asia Pacific region. tool. from or within a computer Page 10 of 79 . or place of a crime. Computer crime can broadly be defined as criminal activity involving an information technology infrastructure. a large number of rural areas in India and a couple of other nations in the region have increasing access to the internet—particularly broadband. In recent years. these are just the reported cases. It is becoming imperative for organizations to take both preventive and corrective actions if their systems are to be protected from any kind of compromise by external malicious elements. blackmail. This widespread nature of cyber crime is beginning to show negative impact on the economic growth opportunities in each of the countries. In view of this. Overall. According to the latest statistics.information. computer crime has become more important. in which computers or networks are used. more than a fifth of the malicious activities in the world originate from the Asia Pacific region. hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the source. These categories are not exclusive and many activities can be characterized as falling in one or more category. Additionally. illegal interception (by technical means of non-public transmissions of computer data to. As the use of computers has grown. these terms are also sometimes used to include traditional crimes. spam. the growth and penetration of internet across Asia Pacific has been phenomenal. The challenges of information security have also grown manifold.

data interference (unauthorized damaging. deletion. alteration or suppression of computer data). deteriorating. transmitting. deterioration. The annual losses grew in subsequent years. forgery (ID theft). misuse of devices.S. deleting. Internet Crime Complaint Center reported that more than $54 million dollars had been lost through a variety of fraud schemes. damaging. 1999) In 2002 the newly formed U. altering or suppressing computer data). this represented a threefold increase over estimated losses of $17 million in 2001.system). and electronic fraud (Taylor. systems interference (interfering with the functioning of a computer system by inputting. reaching $125 million in 2003. Page 11 of 79 . about $200 million in 2006 and close to $250 million in 2008.

The report also shows that cyber crime is not only limited to metro cities but it also moved to small cities like Bhopal. which is an increase of 50 percent from the previous year. According to recent published 'Crime in 2007 report'. Under the IPC section. In order to tackle with cyber crime. in over 60 percent of these cases. 217 cases of cyber-crime were registered under the IT Act in 2007. the majority of offenders were under 30 years of age. According to the report. Bhopal.6 percent in a year. cyber crimes in India has also increased 50 percent in 2007 over the previous year. According to the report. Faculty at Guru Gobind Singh Indraprastha University (GGSIPU) were the trainers. followed by hacking. 339 cases were recorded in 2007 compared to 311 cases in 2006. Around 46 percent of cyber crimes were related to incidents of cyber pornography. the IT Act 2000 and the Indian Penal Code (IPC).CYBERCRIMES IN INDIA As India become the fourth highest number of Internet users in the world. Delhi Police have trained 100 of its officers in handling cyber crime and placed them in its Economic Offences Wing. published by the National Crime Record Bureau (NCRB). These cyber-crimes are punishable under two categories. These officers were trained for six weeks in computer hardware and software. computer networks comprising data communication networks. the capital of Madhya Pradesh has reported the highest incidence of cyber crimes in the country. network protocols. Page 12 of 79 . wireless networks and network security. According to the Information Technology (IT) Act. Out of 35 mega cities. offenders were between 18 and 30. 17 cities have reported around 300 cases of cyber-crimes under both categories that is an increase of 32.

a total of 17 cases.2% in 2005 over 2004. "With the little offences came the larger ones involving huge money. And mind you. While the number of cyber crime instances has been constantly growing over the last few years. a 255% increase in the total number of complaints received in the Cyber Cell/EOW over the last year. During 2005. Seth Associates. a total of 302 cases were registered under IPC sections as compared to 279 such cases during 2004. where the computer was the victim. cyber crimes must grow at the same rate as the use of the Internet. pointing out that they have seen a jump in the number of cyber crime cases that they've been handling in the last one year. advocate with the Supreme Court of India and Karnika Seth. However. during the year 2005. in particular. thereby reporting a significant increase of 163. the contributing factors are high volume of data processing.06). these are just the reported cases. thereby reporting an increase of 8. actual numbers continue to include. In 2006. 206 complaints were received in comparison with only 58 in 2005. Hence. a tool or a repository of evidence. NCRB is yet to release the statistics for 2006. mobile phone. CEO. partner. Most victims. especially the corporate. In terms of cases registered and investigated in 2006 (up to 22. considering the fact that a majority of the cases go unreported.2% in 2005 over 2004. Advocates and Legal Consultants. Cyber lawyers. continue to downplay on account of Page 13 of 79 . Mahindra Special Services Group (SSG). especially of financial institutions and their customer transactions.CRIME STATISTICS As per the National Crime Records Bureau statistics. have been registered in the Cyber Cell/EOW as compared to 12 cases registered in 2005.12. and one has seen this sudden jump from smaller crimes to financial crimes in the last one year" According to Captain Raghu Raman. testify to this. rapid growth and major migration into the online space. One also should remember that the term 'Cyber Crime' should be applied to all offences committed with the use of 'Electronic Documents'. has seen a rapid spurt in the pace of cyber crime activities. Pavan Duggal. 179 cases were registered under the IT Act as compared to 68 cases during the previous year. ATM. credit cards or perhaps even faster. the past year and a half.

the ratio effectively is 1:500 and this. only fifty are reported and out of that fifty." he adds. "If we. he points out. focus on the number of cases registered or number of convictions achieved. Page 14 of 79 . many cases don't come to light. director.the fear of negative publicity thereby failing to give a correct picture of the cyber crime scene in the country. Cyber Security and Compliance at Nasscom. So. we only get diverted from real facts. Nandkumar Sarvade. For every 500 instances of cyber crimes that take place in India. Duggal points out to the results of a survey he conducted in early 2006 on the extent of underreporting." he adds. therefore. the reason being that a majority of cyber crimes don't get reported. people are not aware whether an incident is a cyber crime. only one is registered as an FIR or criminal case. there is also lack of awareness on where to lodge a complaint or whether the police will be able to understand. "Added to this is the fear of losing business and hence. are conservative estimates. it is difficult to measure the growth of Cyber Crimes by any statistics. points out that very often. Giving an insight into the reasons for low reporting. According to Cyber law expert Na Vijayashankar (popularly known as Naavi).

malicious emails that were more prevalent in the past. ACP. As Seth points out. Delhi Police concurs that the cases that are now coming up are more related to financial frauds. with the little offences came the larger ones involving huge money and one has seen this sudden jump from smaller crimes to financial crimes in the last one year.CHANGING FACE OF CRIME The last year has seen a quantum jump not only in the quantity and quality but also the very nature of cyber crime activities. a perceptible trend being observed is that cyber crimes are moving from 'Personal Victimization' to 'Economic Offences'. pornography. Economic Offences Wing. initially. phishing attacks. online share trading. etc. IPR and Cyber Cell. certain crimes were noticeable and cyber stalking was one of the first ones. when the Internet boom began. are becoming more widespread. now credit card frauds." she adds. "However. SD Mishra. As opposed to obscenity. According to Naavi. Page 15 of 79 .

methods. and law enforcement must react to this emerging body of knowledge. and regulations to detect incursions.CYBERSPACE As the cases of cybercrime grow. Computer crime is a multi-billion dollar problem. In addition. Cybercrime is a menace that has to be tackled effectively not only by the official but also by the users by cooperating with the law. and motivations of this growing criminal group. Therefore. There should be electronic surveillance which means investigators tracking down hackers often want to monitor a cracker as he breaks into a victim's computer system. it should be immediately reported to the Police officials who investigate cyber-crimes rather than trying to fix the problem by ourselves. Researchers must explore the problems in greater detail to learn the origins. Page 16 of 79 . Such evidence would include the computer used to commit the crime. as well as the software used to gain unauthorized access and other evidence of the crime. They must develop policies. methods. Internet provides anonymity: This is one of the reasons why criminals try to get away easily when caught and also give them a chance to commit the crime again. The founding fathers of internet wanted it to be a boon to the whole world and it is upon us to keep this tool of modernization as a boon and not make it a bane to the society. The two basic laws governing real-time electronic surveillance in other criminal investigations also apply in this context. we users should be careful. and prevent future crimes. investigate and prosecute the perpetrators. Cyberspace belongs to everyone. search warrants which means that search warrants may be obtained to gain access to the premises where the cracker is believed to have evidence of the crime. We should not disclose any personal information on the internet or use credit cards and if we find anything suspicious in e-mails or if the system is hacked. government. there is a growing need to prevent them. Law enforcement must seek ways to keep the drawbacks from overshadowing the great promise of the computer age. Decision-makers in business. Police Departments should immediately take steps to protect their own information systems from intrusions (Any entry into an area not previously occupied).

By gaining access to an organization‘s telephone switchboard (PBX) individuals or criminal organizations can obtain access to dial-in/dial-out circuits and then make their own calls or sell call time to third parties (Gold 1999). and counterfeiting or illicit reprogramming of stored value telephone cards. or by using software available on the internet. gambling. There is evidence of telecommunications equipment being used to facilitate organized drug trafficking. Communications in Furtherance of Criminal Conspiracies Just as legitimate organizations in the private and public sectors rely upon information systems for communications and record keeping. 2. Some sophisticated offenders loop between PBX systems to evade detection. up to 5% of total industry turnover has been lost to fraud (Schieck 1995: 2-5). so too are the activities of criminal organizations enhanced by technology. The use of encryption technology may place criminal communications beyond the reach of law enforcement.000 worth of international calls for which Scotland Yard was responsible (Tendler and Nuttall 1996). money laundering. The use of computer networks to produce and distribute child pornography has become the subject of increasing attention. It has been suggested that as long ago as 1990. Costs to individual subscribers can also be significant in one case. security failures at one major telecommunications carrier cost approximately £290 million. prostitution. Today. and that more recently. child pornography and trade in weapons (in those jurisdictions where such activities are illegal). Offenders may gain access to the switchboard by impersonating a technician. Additional forms of service theft include capturing "calling card" details and on-selling calls charged to the calling card account. these materials can be imported across national Page 17 of 79 .TYPES OF CYBER CRIME 1. computer hackers in the United States illegally obtained access to Scotland Yard's telephone network and made £620. by fraudulently obtaining an employee's access code. Theft of Telecommunications Services The "phone phreakers" of three decades ago set a precedent for what has become a major criminal industry.

8 billion in the film industry. and content was encrypted. Each year. $3. an international network with members in at least 14 nations ranging from Europe. Information Infrastructure Task Force 1995. including $1. some of the less publicly visible traffic in child pornography activity appears to entail a greater degree of organization.4 billion worth of software was lost to piracy in 1993 with $2 billion of that being stolen from the Internet (Meyer and Underwood 1994).borders at the speed of light. and the seizure of over 100. for sale at a lower price. Police investigation of the activity. Ryan (1998) puts the cost of foreign piracy to American industry at more than $10 billion in 1996. sound. to Australia. as required by the infrastructure of IRC and WWW. This has caused considerable concern to owners of copyrighted material. codenamed "Operation Cathedral" resulted in approximately 100 arrests around the world. Although knowledge is confined to that conduct which has been the target of successful police investigation. there appear to have been a number of networks which extend cross-nationally.000 images in September. or indeed. Illustrative of such activity was the Wonderland Club. to North America. use sophisticated technologies of concealment. By contrast. has proven irresistible to many. The Software Publishers Association has estimated that $7. Page 18 of 79 . The more overt manifestations of internet child pornography entail a modest degree of organization. and entail a significant degree of coordination. Telecommunications Piracy Digital technology permits perfect reproduction and easy dissemination of print. $1.2 billion in music. Access to the group was password protected. but the activity appears largely confined to individuals.8 billion in business application software. it has been estimated that losses of between US$15 and US$17 billion are sustained by industry by reason of copyright infringement (United States. 1998. and $690 million in book publishing. graphics. 3. for free distribution. 131). and multimedia combinations. The temptation to reproduce copyrighted material for personal use.

One man allegedly stole nude photographs of his former girlfriend and her new boyfriend and posted them on the Internet. received phone calls and e-mails from strangers as far away as Denmark who said they had seen the photos on the Internet. in addition to financial loss. While the woman was not physically assaulted. Investigations also revealed that the suspect was maintaining records about the woman's movements and compiling information about her family (Spice and Sink 1999). in whatever medium. the would-be object of his affections that said that she had fantasies of rape and gang rape. and instructions for the fabrication of incendiary and explosive devices. Miller and Maharaj 1999). He bought information on the Internet about the women using a professor's credit card and then sent 100 messages including death threats. in which persistent messages are sent to an unwilling recipient. among much else. from the traditional obscene telephone call to its contemporary manifestation in "cyber-stalking". there can be a chilling effect on creative effort generally. sexually explicit materials. In another case a rejected suitor posted invitations on the Internet under the name of a 28year-old woman. phone number. are unable to profit from their creations. along with her name. This includes. she would not answer the phone. address and telephone number. One former university student in California used email to harass 5 female students in 1998. was available free on the internet before its official release. When creators of a work.According to the Straits Times (8/11/99) A copy of the most recent James Bond Film The World is Not Enough. The unfortunate couple. Strange men turned up at her home on six different occasions and she received many obscene phone calls. graphic sexual descriptions and references to Page 19 of 79 . was afraid to leave her home. residents of Kenosha. 4. Wisconsin. including her address. Dissemination of Offensive Materials Content considered by some to be objectionable exists in abundance in cyberspace. threatening or intrusive communications. and lost her job (Miller 1999. racist propaganda. details of her physical appearance and how to bypass her home security system. Telecommunications systems can also be used for harassing. He then communicated via email with men who replied to the solicitations and gave out personal information about the woman.

Traditional underground banks. which have flourished in Asian countries for centuries. I may soon be able to sell you a quantity of heroin. Computer networks may also be used in furtherance of extortion. 1996). financial institutions were reported to have paid significant amounts to sophisticated computer criminals who threatened to wipe out computer systems. In England. (The Sunday Times. but can also facilitate the evasion of cash transaction reporting requirements in those nations which have them. will enjoy even greater capacity through the use of telecommunications. June 2. Electronic Money Laundering and Tax Evasion For some time now. With the emergence and proliferation of various technologies of electronic commerce. The Sunday Times (London) reported in 1996 that over 40 financial institutions in Britain and the United States had been attacked electronically over the previous three years. Emerging technologies will greatly assist in concealing the origin of illgotten gains. one can easily envisage how traditional countermeasures against money laundering and tax evasion may soon be of limited value. which I then download anonymously to my account in a financial institution situated in an overseas jurisdiction which protects the privacy of banking clients. in return for an untraceable transfer of stored value to my "smart-card". The article cited four incidents between 1993 and 1995 in which a total of 42. electronic funds transfers have assisted in concealing and in moving the proceeds of crime. I can discreetly draw upon these funds as and when I may require. The development of informal banking institutions and parallel banking systems may permit central bank supervision to be bypassed. He apparently made the threats in response to perceived teasing about his appearance (Associated Press 1999a).5 million Pounds Sterling were paid by senior executives of the organizations concerned. 5. Page 20 of 79 . Legitimately derived income may also be more easily concealed from taxation authorities. Large financial institutions will no longer be the only ones with the ability to achieve electronic funds transfers transiting numerous jurisdictions at the speed of light. downloading them back to my stored value card (Wahlert 1996).their daily activities. who were convinced of the extortionists' capacity to crash their computer systems (Denning 1999 233-4).

7. an extortionist in Eastern Europe obtained the credit card details of customers of a North American based on-line music retailer. http://www. disabling eight of the ISPs ten servers. Sales and Investment Fraud As electronic commerce becomes more prevalent. involved a number of German hackers who compromised the system of an Internet service provider in South Florida. Attempts were made to disrupt the computer systems of the Sri Lankan Government (Associated Press 1998). The offenders obtained personal information and credit card details of 10. communicating via electronic mail through one of the compromised accounts.000 be delivered to a mail drop in Germany. and published some on the Internet when the retailer refused to comply with his demands (Markoff 2000). and of the North Atlantic Treaty Organization during the 1999 bombing of Belgrade (BBC 1999). or interference with. More recently.g. any of these systems can lead to catastrophic consequences. Co-operation between US and German authorities resulted in the arrest of the extortionists (Bauer 1998).:(Rathmell 1997). which at the time was seeking its independence from Indonesia (Creed 1999). a number of individuals and protest groups have hacked the official web pages of various governmental and commercial organizations for e. the application of digital technology to fraudulent endeavours will be that much greater. The use of the telephone for fraudulent sales Page 21 of 79 .6. which illustrates the transnational reach of extortionists. Electronic Vandalism. demanded that US$30.2600.000 subscribers.com/hacked_pages/ (visited 4 January 2000). Whether motivated by curiosity or vindictiveness electronic intruders cause inconvenience at best. and have the potential for inflicting massive harm While this potential has yet to be realised. This may also operate in reverse: early in 1999 an organized hacking incident was apparently directed at a server which hosted the Internet domain for East Timor. Terrorism and Extortion As never before. Damage to. and. Defence planners around the world are investing substantially in information warfare means of disrupting the information technology infrastructure of defence systems (Stix 1995). One case. western industrial society is dependent upon complex data processing and telecommunications systems.

Electronic Funds Transfer Fraud Electronic funds transfer systems have begun to proliferate. instantaneously and at minimal cost. and worldwide telephone lotteries (Cella and Stark 1997 837-844). technological developments create new vulnerabilities. Cables may act as broadcast antennas. the sale and leaseback of automatic teller machines. to more exotic opportunities such as coconut farming. as well as physically. Low-Risk Investment Opportunities" are not uncommon. from traditional securities such as stocks and bonds. and from the privacy of a basement office or living room. to the newest forms of political and industrial espionage. deceptive charitable solicitations.pitches. In 1995. From activities as time-honoured as surveillance of an unfaithful spouse. 9. Classic pyramid schemes and "Exciting. In the words of two SEC staff "At very little cost. or bogus investment overtures is increasingly common. Valid credit card numbers can be intercepted electronically. the fraudster can produce a home page that looks better and more sophisticated than that of a Fortune 500 company" (Cella and Stark 1997. Here again. 822). Fraudsters now enjoy direct access to millions of prospective victims around the world. and so has the risk that such transactions may be intercepted and diverted. The hackers succeeded in gaining police operational intelligence. Illegal Interception of Telecommunications Developments in telecommunications provide new opportunities for electronic eavesdropping. and in disrupting police communications (Rathmell 1997). The electromagnetic signals emitted by a computer may themselves be intercepted. Existing law does not prevent the remote monitoring of computer radiation. The technology of the World Wide Web is ideally suited to investment solicitations. Page 22 of 79 . It has been reported that the notorious American hacker Kevin Poulsen was able to gain access to law enforcement and national security wiretap data prior to his arrest in 1991 (Littman 1997). the digital age has been accompanied by unprecedented opportunities for misinformation. 8. Indeed. hackers employed by a criminal organization attacked the communications system of the Amsterdam Police. Cyberspace now abounds with a wide variety of investment opportunities. telecommunications interception has increasing applications. the digital information stored on a card can be counterfeited.

and need not occur in isolation.1 Computer-related crime may be compound in nature. Finland. a Russian hacker Vladimir Levin. or in furtherance of a criminal conspiracy. Just as an armed robber might steal an automobile to facilitate a quick getaway. he was arrested during a visit to the United States and subsequently imprisoned. located in San Francisco. accessed the computers of Citibank's central wire transfer department.Of course. the Netherlands. (Denning 1999. Germany. and transferred funds from large corporate accounts to other accounts which had been opened by his accomplices in The United States. combining two or more of the generic forms outlined above. and the suspect accounts. The above forms of computer-related crime are not necessarily mutually exclusive. In 1994. were frozen. Page 23 of 79 . so too can one steal telecommunications services and use them for purposes of vandalism. located in Argentina. The accomplice was arrested. Although Russian law precluded Levin's extradition. and Israel. notified the bank. Another accomplice was caught attempting to withdraw funds from an account in Rotterdam. fraud. 55). operating from St Petersburg. Officials from one of the corporate victims. we don't need Willie Sutton to remind us that banks are where they keep the money.

Hackers enjoy the media coverage. Some hackers hack for personal monetary gains. They extort money from some corporate giant threatening him to publish the stolen information which is critical in nature. Government websites are the hot targets of the hackers due to the press coverage. Hackers write or use ready-made computer programs to attack the target computer. c.OTHER TYPES OF CYBER CRIME 1. such as to stealing the credit card information. but from Indian Laws perspective there is no difference between the term hacking and cracking. HACKING Hacking in simple terms means an illegal intrusion into a computer system and/or network. Greed Power Publicity Revenge Page 24 of 79 . b. cracking. it receives.e. transferring money from various bank accounts to their own account followed by withdrawal of money. They possess the desire to destruct and they get the kick out of such destruction. There is an equivalent term to hacking i. Motive Behind The Crime a. d. Every act committed towards breaking into a computer and/or network is hacking.

But in case of cyber world. Sometimes Pedophiles contact children in the chat rooms posing as teenagers or a child of similar age. In physical world. The easy access to the pornographic contents readily and freely available over the internet lower the inhibitions of the children. parents know the face of dangers and they know how to avoid & face the problems by following simple rules and accordingly they advice their children to keep away from dangerous things and ways. Then starts actual exploitation of the children by offering them some money or falsely promising them good opportunities in life. Hence the children are left unprotected in the cyber world. more children would be using the internet and more are the chances of falling victim to the aggression of pedophiles. Adventure Desire to access forbidden information Destructive mindset Wants to sell n/w security services 2. Pedophiles take Page 25 of 79 . Child Pornography The Internet is being highly used by its abusers to reach and abuse children sexually. f. worldwide. The pedophiles then sexually exploit the children either by using them as sexual objects or by taking their pornographic pictures in order to sell those over the internet. Pedophiles lure the children by distributing pornographic material.e. g. The internet is very fast becoming a household commodity in India. then they start becoming friendlier with them and win their confidence. most of the parents do not themselves know about the basics in internet and dangers posed by various services offered over the internet. h. Its explosion has made the children a viable victim to the cyber crime. Then slowly pedophiles start sexual chat to help children shed their inhibitions about sex and then call them out for personal interaction. and then they try to meet them for sex or to take their nude photographs including their engagement in sexual positions. As more homes have access to internet.

Starts sending pornographic images/text to the victim including child pornographic images in order to help child/teen shed his inhibitions so that a feeling is created in the mind of the victim that what is being fed to him is normal and that everybody does it. d. e. Extract personal information from child/teen. h. Extract personal information from the child/teen by winning his confidence. b. who are not advised by their parents or by their teachers about what is wrong and what is right for them while browsing the internet. In order to prevent your child/teen from falling into the trap of pedophile. Gets the e-mail address of the child/teen and starts making contacts on the victim e-mail address as well. f. Cyber Stalking Cyber Stalking can be defined as the repeated acts harassment or threatening behavior of the cyber criminal towards the victim by using internet services.advantage of this situation and lure the children. Pedophiles use false identity to trap the children/teenagers. c. Page 26 of 79 . Stalking in General terms can be referred to as the repeated acts of harassment targeting the victim such as following the victim. At the end of it. g. How Do They Operate a. read the tips under Tips & Tricks heading. Pedophiles contact children/teens in various chat rooms which are used by children/teen to interact with other children/teen. Befriend the child/teen. 3. the pedophile set up a meeting with the child/teen out of the house and then drag him into the net to further sexually assault him or to use him as a sex object.

It all depends on the course of conduct of the stalker.making harassing phone calls. because of which victim starts receiving such kind of unsolicited e-mails. f. the victim may have filled in while opening the chat or e-mail account or while signing an account with some website. Some stalkers keep on sending repeated e-mails asking for various kinds of favors or threaten the victim. b. e. Both kind of Stalkers Online & Offline – have desire to control the victims life. Some stalkers subscribe the e-mail account of the victim to innumerable pornographic and sex sites. vandalizing victims property. Stalking may be followed by serious violent acts such as physical harm to the victim and the same has to be treated and viewed seriously. who then want to harass the victim because they failed to satisfy their secret desires. People of all kind from nook and corner of the World. leaving written messages or objects. posing as if the victim is posting this information and invite the people to call the victim on her telephone numbers to have sexual services. Page 27 of 79 . Telephone Numbers of residence and work place. The stalker may post this information on any website related to sex-services or dating services. who come across this information. How Do They Operate a. In online stalking the stalker can make third party to harass the victim. Collect all personal information about the victim such as name. date of birth etc. address of residence and place of work. c. start calling the victim at her residence and/or work place. Stalker even uses very filthy and obscene language to invite the interested persons. killing the victims pet. Majority of the stalkers are the dejected lovers or ex-lovers. asking for sexual services or relationships. Most of the stalkers are men and victim female. family background. daily routine of the victim. d. he collects the information from the internet resources such as various profiles. If stalker is a stranger to victim. If the stalker is one of the acquaintances of the victim he can easily get this information.

Follow their victim from board to board. The letters may be loving. appearing at a person‘s home or place of business. such behavior may be a prelude to stalking and violence and should be treated seriously. Nature and Extent of Cyber stalking An existing problem aggravated by new technology. harass. Many times they will ―flame‖ their victim (becoming argumentative. making sure the victim is aware that he/she is being followed. j. e-mail. cyber stalking shares important characteristics with offline stalking. They ―hangout‖ on the same BB‘s as their victim. and still others require only that the alleged stalker‘s course of conduct constitute an implied threat. threatening. Track the victim to his/her home. Although online harassment and threats can take many forms. or vandalizing a person‘s property. the term is used in this report to refer to the use of the Internet. many times posting notes to the victim. insulting) to get their attention. he will many times make calls to the victim to threaten. Definition of Cyber stalking Although there is no universally accepted definition of cyber stalking. or intimidate them. Stalkers will almost always make contact with their victims through email. Page 28 of 79 . i. h. such as following a person.g. making harassing phone calls. Stalking generally involves harassing or threatening behavior that an individual engages in repeatedly. others include threats against the victim‘s immediate family. Most stalking laws require that the perpetrator make a credible threat of violence against the victim. Contact victim via telephone. or other electronic communications devices to stalk another person. or sexually explicit. He will many times use multiple names when contacting the victim. leaving written messages or objects. If the stalker is able to access the victim‘s telephone. (1) While some conduct involving annoying or menacing behavior might fall short of illegal stalking.

4. Finally. the ease of use and non-confrontational. the available evidence (which is largely anecdotal) suggests that the majority of cyber stalkers are men and the majority of their victims are women. impersonal. Phishing is an Page 29 of 79 . whereas a potential stalker may be unwilling or unable to confront a victim in person or on the telephone. The fact that cyber stalking does not involve physical contact may create the misperception that it is more benign than physical stalking. Even when using server authentication. However. as with physical stalking. the cyber stalker and the victim had a prior relationship. This is not necessarily true. there also have been many instances of cyber stalking by strangers. phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames. including physical violence. In many cases. he or she may have little hesitation sending harassing or threatening electronic communications to a victim. stalkers can take advantage of the ease of communications as well as increased access to personal information. In addition. Given the enormous amount of personal information available through the Internet. and the cyber stalking begins when the victim attempts to break off the relationship. Phishing is typically carried out by e-mail or instant messaging. Put another way. online payment processors or IT Administrators are commonly used to lure the unsuspecting public. online harassment and threats may be a prelude to more serious behavior.Many stalkers – online or offline – are motivated by a desire to exert control over their victims and engage in similar types of behavior to accomplish this end. passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. a cyber stalker can easily locate private information about a potential victim with a few mouse clicks or key strokes. auction sites. and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. it may require tremendous skill to detect that the website is fake. As the Internet becomes an ever more integral part of our personal and professional lives. As with offline stalking. Communications purporting to be from popular social web sites. and sometimes anonymous nature of Internet communications may remove disincentives to cyber stalking. although there have been reported cases of women cyber stalking men and of same-sex cyber stalking. Phishing In the field of computer security.

" the idea being that bait is thrown out with the hopes that while most will ignore the bait. user training. Thank you. To verify your account information we are asking you to provide us with all the data we are requesting.co. Attempts to deal with the growing number of reported phishing incidents include legislation. A phishing technique was described in detail in 1987.*****bank. and the first recorded use of the term "phishing" was made in 1996. is a variation on "fishing.in/Verify. Phishing. https://infinity. and technical security measures. some will be tempted into biting.example of social engineering techniques used to fool users. also referred to as brand spoofing or carding. Otherwise we will not be able to verify your identity and access to your account will be denied.com] Sent: 08 June 2004 03:25 To: India Subject: Official information from ***** Bank Dear valued ***** Bank Customer! For security purposes your account has been randomly chosen for verification. Please click on the link below to get to the bank secure page and verify your account details. Phishing email From: *****Bank [mailto:support@****Bank. public awareness.jsp ****** Bank Limited Page 30 of 79 . and exploits the poor usability of current web security technologies.

and the Digital Economy (DBCDE) website. Spyware may take personal information. While the actual amount of money lost by businesses and the community is unknown. Communication. or processing capacity and secretly gives it to someone else. or they may attempt to trick you into divulging your bank account or credit card details. More information about spam is available from the Australian Communications and Media Authority (ACMA website). They may try to persuade you to buy a product or service. business information. Scams The power of the Internet and email communication has made it all too easy for email scams to flourish. It is recognized as a growing problem. the number of people claiming to have been defrauded by these scams is relatively low. 6. Spam Spam is a generic term used to describe electronic 'junk mail' or unwanted messages sent to your email account or mobile phone.5. 7. or visit a website where you can make purchases. These messages vary. Many are related to the welldocumented Nigerian Scam or Lotto Scams and use similar tactics in one form or another. Spyware Spyware is generally considered to be software that is secretly installed on a computer and takes things from it without the permission or knowledge of the user. but are essentially commercial and often annoying in their sheer volume. More information about scams is available from the Australian Competition and Consumer Commission (ACCC) SCAM watch website and the Australian Securities and Investments Commission FIDO website. These schemes often arrive uninvited by email. Page 31 of 79 . bandwidth. More information about taking care of spyware is available from the Department of Broadband.

12. so as to obtain access to the other computers on the network. 10. Software Piracy Theft of software through the illegal copying of genuine programs or the counterfeiting and distribution of products intended to pass for the original. Logic Bomb..SALAMI ATTACK In such crime criminal makes insignificant changes in such a manner that such changes would go unnoticed. Criminal makes such program that deducts small amount like Rs. Denial Of Service Attack This is an act by the criminal. Retail revenue losses worldwide are ever increasing due to this crime.. In Page 32 of 79 . (Virus. Virus Dissemination Malicious software that attaches itself to other software. Counterfeiting. worms. It can be done in various ways. Hard disk loading. usually one with special access privileges. 2. 9.50 per month from the account of all the customer of the Bank and deposit the same in his account.. Rabbit and Bacterium are the malicious software‘s)...8.End user copying. Spoofing Getting one computer on a network to pretend to have the identity of another computer. 13. Time bomb. Trojan Horse.... Net Extortion Copying the company‘s confidential data in order to extort said company for huge amount. Illegal downloads from the internet etc 11. who floods the bandwidth of the victim‘s network or fills his email box with spam mail depriving him of the services he is entitled to access or provide.

Page 33 of 79 . • They may use the techniques off stenography for hiding the messages.SALE OF NARCOTICS • Sale & Purchase through net. • There are web sites which offer sale and shipment off contrabands drugs.this case no account holder will approach the bank for such small amount but criminal gains huge amount. 14.

A minor girl in Ahmadabad was lured to a private place through cyber chat by a man. she was rescued. It is estimated that the virus caused 80 million dollars in damages to computers worldwide. The Melissa virus first appeared on the internet in March of 1999. This is one Cybercrime which threatens to undermine the growth of the younger generation as also leave irreparable scars and injury on the younger generation. The potential harm of such a crime to humanity can hardly be amplified. who. Another example wherein the damage was not done to a person but to the masses is the case of the Melissa virus. The trafficking. It spread rapidly throughout computer systems in the United States and Europe. constitutes one of the most important Cybercrimes known today. if not controlled. harassment of any one with the use of a computer such as e-mail. posting. Page 34 of 79 . in a report has clearly defined the various categories and types of cybercrimes. As some passersby heard her cry.CLASSIFICATION OF CYBER CRIME Mr. and dissemination of obscene material including pornography and indecent exposure. Cybercrimes Against Persons Cybercrimes committed against persons include various crimes like transmission of child-pornography. along with his friends. distribution. attempted to gang-rape her. Cybercrimes can be basically divided into 3 major categories: 1. net and consultant. Pavan Duggal. who is the President of cyber laws.

There are numerous examples of such computer viruses few of them being "Melissa" and "love bug". Cybercrimes Against Government The third category of Cybercrimes relate to Cybercrimes against Government. publishing electronic information which is lascivious or prurient. gives draconian powers to the Police to enter and search. Page 35 of 79 . the Information Technology Act in 2000.In the United States alone. These crimes include computer vandalism (destruction of others' property). The growth of internet has shown that the medium of Cyberspace is being used by individuals and groups to threaten the international governments as also to terrorize the citizens of a country. without any warrant. 3. 9. The Act also specifies that cybercrimes can only be investigated by an official holding no less a rank than that of Dy. breach of confidentiality and publishing false digital signatures. the Indian Cyber law talks of the arrest of any person who is about to commit a cybercrime. Also. A Mumbai-based upstart engineering company lost a say and much money in the business when the rival company. the virus made its way through 1. Superintendent of Police (Dy.SP). an industry major. any public place for the purpose of nabbing cybercriminals and preventing cybercrime. Cybercrimes Against Property The second category of Cybercrimes is that of Cybercrimes against all forms of property. 2. The Act defines five cybercrimes damage to computer source code. transmission of harmful programmes. hacking.2 million computers in onefifth of the country's largest businesses. This crime manifests itself into terrorism when an individual "cracks" into a government or military maintained website. The Parliament of India passed its first Cyber law. 1999 to state and federal charges associated with his creation of the Melissa virus. David Smith pleaded guilty on Dec. stole the technical database from their computers with the help of a corporate cyber spy. It not only provides the legal infrastructure for E-commerce in India but also at the same time. Cyber terrorism is one distinct kind of crime in this category.

they don't want to confess their system is not secure". Similarly. SP. computer crime poses a real threat. Money and intellectual property have been stolen. preferring instead to fix the damage and take action to keep crackers from gaining access again with as little public attention as possible. or as in the case of business houses. Page 36 of 79 . According to Sundari Nanda.It is common that many systems operators do not share information when they are victimized by crackers. may be because they are aware of the extent of the crime committed against them. CBI. "most of the times the victims do not complain. and jobs lost as a result of computer crime. Those who believe otherwise simply have not been awakened by the massive losses and setbacks experienced by companies worldwide. They don't contact law enforcement officers when their computer systems are invaded. information systems in government and business alike have been compromised. corporate operations impeded. As the research shows. The economic impact of computer crime is staggering (great difficulty).

The reasons for the vulnerability of computers may be said to be: 1. advanced voice recorders. retina imagers etc. This affords to remove or derive information either through physical or virtual medium makes it much easier. key loggers that can steal access codes. Capacity To Store Data In Comparatively Small SpaceThe computer has unique characteristic of storing data in a very small space.REASONS FOR CYBER CRIME Hart in his work ―The Concept of Law‖ has said ‗human beings are vulnerable so rule of law is required to protect them‘. 2. By secretly implanted logic bomb. Page 37 of 79 . that can fool biometric systems and bypass firewalls can be utilized to get past many a security system. Applying this to the cyberspace we may say that computers are vulnerable (capable of attack) so rule of law is required to protect and safeguard them against cyber crime. Easy To Access The problem encountered in guarding a computer system from unauthorised access is that there is every possibility of breach not due to human error but due to the complex technology.

Loss Of Evidence Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Page 38 of 79 . 4. Complex The computers work on operating systems and these operating systems in turn are composed of millions of codes. The cyber criminals take advantage of these lacunas and penetrate into the computer system.3. Negligence Negligence is very closely connected with human conduct. Further collection of data outside the territorial extent also paralyses this system of crime investigation. 5. which in turn provides a cyber criminal to gain access and control over the computer system. It is therefore very probable that while protecting the computer system there might be any negligence. Human mind is fallible and it is not possible that there might not be a lapse at any stage.

Other cognate reason may be to prove themselves to be outstanding amongst other children in their group. etc. 4. 3. Further the NASA as well as the Microsoft sites is always under attack by the hackers. They mainly target the Indian government sites with the purpose to fulfil their political objectives. fundamentalism. Further they are even employed to crack the system of the employer basically as a measure to make it safer by detecting the loopholes. E. The reason may be to fulfil their political bias. Discontented Employees This group include those people who have been either sacked by their employer or are dissatisfied with their employer. To avenge they normally hack the system of their employee. These kinds of hackers are mostly employed to hack the site of the rivals and get credible. the Bal Bharati (Delhi) case was the outcome of harassment of the delinquent by his friends. Organised Hackers These kinds of hackers are mostly organised together to fulfil certain objective. The Pakistanis are said to be one of the best quality hackers in the world. reliable and valuable information. The following are the category of cyber criminals- 1.CYBER CRIMINALS The cyber criminals constitute of various groups/ category. Professional Hackers / Crackers Their work is motivated by the colour of money. 2. Page 39 of 79 . Further the reasons may be psychological even.g. This division may be justified on the basis of the object that they have in their mind. Children And Adolescents Between The Age Group Of 6 – 18 Years The simple reason for this type of delinquent (A young offender) behaviour pattern in children is seen mostly due to the inquisitiveness to know and explore the things.

Salami Attacks This kind of crime is normally prevalent in the financial institutions or for the purpose of committing financial crimes. 4. An important feature of this type of offence is that the alteration is so small that it would normally go unnoticed. the Ziegler case wherein a logic bomb was introduced in the bank‘s system.MODE AND MANNER OF COMMITING CYBER CRIME 1. removable storage media etc.g. Page 40 of 79 . However the framers of the Information Technology Act 2000 have no where used this term so to avoid any confusion we would not interchangeably use the word hacking for ‗unauthorized access‘ as the latter has wide connotation. which deducted 10 cents from every account and deposited it in a particular account. which may be an individual or a company or even mail servers there by ultimately resulting into crashing. 2. 5. Unauthorized Access To Computer Systems Or Networks / Hacking This kind of offence is normally referred as hacking in the generic sense. Data Diddling This kind of an attack involves altering raw data just before a computer processes it and then changing it back after the processing is completed. Theft Of Information Contained In Electronic Form This includes information stored in computer hard disks. Email Bombing This kind of activity refers to sending large numbers of mail to the victim. The electricity board faced similar problem of data diddling while the department was being computerised. 3. Theft may be either by appropriating the data physically or by tampering them through the virtual medium. E.

They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory. which affected at least 5 % of the computers of the globe. Virus / Worm Attacks Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. which passively gains control over another‘s system by representing itself as an authorised programme. The world's most famous worm was the Internet worm let loose on the Internet by Robert Morris sometime in 1988. They usually affect the data on a computer. while chatting. In software field this means an unauthorized programme. Worms. E. The most common form of installing a Trojan is through e-mail.g. E. Yahoo. 8. The cyber criminal through the web cam installed in the computer obtained her nude photographs.S. a Trojan was installed in the computer of a lady film director in the U. This implies that these programs are created to do something only when a certain event (known as a trigger event) occurs.g. Logic Bombs These are event dependent programs. 7. either by altering or deleting it. He further harassed this lady. Denial Of Service AttackThe computer of the victim is flooded with more requests than it can handle which cause it to crash.g. Amazon. unlike viruses do not need the host to attach themselves to. Trojan Attacks This term has its origin in the word ‗Trojan horse‘. E. Almost brought development of Internet to a complete halt. Page 41 of 79 . Distributed Denial of Service (DDS) attack is also a type of denial of service attack. E. in which the offenders are wide in number and widespread.g. love bug virus.6. The losses were accounted to be $ 10 million. 9. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobyl virus).

E. This is done by gaining access to the login ID and the password. In these kinds of offences the hacker gains access and control over the web site of another. Further the site of Bombay crime branch was also web jacked. Page 42 of 79 . This may be done for fulfilling political objectives or for money. 11. recently the site of MIT (Ministry of Information Technology) was hacked by the Pakistani hackers and some obscene matter was placed therein. E. Colonel Bajwa’s case.g. This was perhaps one of the first reported cases related to cyber crime in India.10. Thus web jacking is a process where by control over the site of another is made backed by some consideration for it. Further a ransom of US $ 1 million was demanded as ransom. He may even mutilate or change the information on the site. In this case the site was hacked and the information pertaining to gold fish was changed. However this case made the police infamous as to their lack of understanding of the nature of cyber crime. Another case of web jacking is that of the ‗gold fish’ case.g. Internet Time Thefts Normally in these kinds of thefts the Internet surfing hours of the victim are used up by another person.the Internet hours were used up by any other person. Web Jacking This term is derived from the term hi jacking.

In the lenders case. Banks have become global industrial powerhouses that have created ever more complex products that use risk. and in electronically enabled exchanges where everything from stocks to currency futures contracts can be traded. and interest payments on those amounts. The Banking Industry at its core provides access to credit. banking services have become available 24 hours a day. Online banking channels have become a key in the last 10 years. through ATMs. account balance details and the transfer of funds. at online banking. Through technology development. However deregulation and technology led to a revolution in the Banking Industry that saw it transformed. as well as advisory services that help individuals and institutions to properly plan and manage their finances. this includes access to their own savings and investments. such as verification of account details. Banking services include transactional services. 365 days a week. Page 43 of 79 . In the case of borrowers. at a competitive interest rate.BANKING SECTOR The Banking Industry was once a simple and reliable business that took deposits from investors at a lower interest rate and loaned it out to borrowers at a higher rate. it includes access to loans for the creditworthy.

relegating it to commercial banking functions. Central banking is the responsibility of the Reserve Bank of India. In 1969 the government nationalized the 14 largest commercial banks. a government-owned bank that traces its origins back to June 1806 and that is the largest commercial bank in the country. they may be publicly listed and traded on stock exchanges) and 38 foreign banks. the public sector banks hold over 75 percent of total assets of the banking industry.27 public sector banks (that is with the Government of India holding a stake).000 ATMs.5% respectively.000 branches and 17. which in 1935 formally took over these responsibilities from the then Imperial Bank of India. After India's independence in 1947. The oldest bank in existence in India is the State Bank of India. with the private and foreign banks holding 18. means that some of the more extreme risk-taking and complex securitization activities that banks increasingly engaged in since 2000 will be limited and carefully watched. Page 44 of 79 . According to a report by ICRA Limited. a rating agency. Banking in India originated in the last decades of the 18th century. however. the Reserve Bank was nationalized and given broader powers. 31 private banks (these do not have government stake.2% and 6. Currently.The collapse of the Banking Industry in the Financial Crisis. the government nationalized the six next largest in 1980. India has 88 scheduled commercial banks (SCBs) . They have a combined network of over 53. to ensure that there is not another banking system meltdown in the future.

travelling bills and even petrol bills. insurance premium. The convenience and safety that credit cards carry with its use has been instrumental in increasing both credit card volumes and usage. phone bills. unfortunately. The modern contemporary era has replaced these traditional monetary instruments from a paper and metal based currency to ―plastic money‖ in the form of credit cards.CYBER CRIME IN BANKING SECTOR AUTOMATED TELLER MACHINE The traditional and ancient society was devoid of any monetary instruments and the entire exchange of goods and merchandise was managed by the ―barter system‖. The world at large is struggling to increase the convenience and safety on the one hand and to reduce it misuse on the other. This has resulted in the increasing use of ATM all over the world. etc. The use of ATM is not only safe but is also convenient. The use of plastic money is increasing day by day for payment of shopping bills. has an evil side as well that do not originate from the use of plastic money rather by the misuse of the same. This safety and convenience. electricity bills. debit cards. This growth is not only in positive use of the same but as well as the negative use of the same. Page 45 of 79 . This evil side is reflected in the form of ―ATM FRAUDS‖ that is a global problem. school fees. The use of monetary instruments as a unit of exchange replaced the barter system and money in various denominations was used as the sole purchasing power.

Card Swapping. Physical Attack.WAYS TO CARD FRAUDS Some of the popular techniques used to carry out ATM crime are: 1. which are used to reproduce the card for use at an ATM. 4. here a new fictitious site is made which looks authentic to the user and customers are asked to give their card number. through this customer‘s card is swapped for another card without the knowledge of cardholder. is the illegal way of stealing the card‘s security information from the card‘s magnetic stripe. Later on the criminal removes the card. Card Skimming. Page 46 of 79 . PIN and other information. Through Card Jamming ATM‘s card reader is tampered with in order to trap a customer‘s card. Website Spoofing. 2. 3. 5. ATM machine is physical attacked for removing the cash.

choose another . Page 47 of 79 . do not use it.Make sure you check the machine before you use it for any signs of tampering.HOW TO USE CASH MACHINE Be aware of others around you. If you find it difficult to get your card into the slot. Examine the machine for stick on boxes. If someone close by the cash machine is behaving suspiciously or makes you feel uncomfortable. go to another machine. stick on card entry slots etc.

Give other users space to enter their personal identity number (PIN) in private. If someone is crowding or watching you. HOW TO USE A CASH MACHINE 1. cancel the transaction and go to another machine. Stand close to the cash machine and always shield the keypad to avoid anyone seeing you enter your PIN. 4. Do not accept help from "well meaning" strangers and never allow yourself to be distracted. Be aware of your surroundings. Under no circumstances should members of the public attempt to remove a device as it‘s possible the offender may be nearby. 2. 3. Page 48 of 79 .If there is anything unusual about the cash machine report it to the bank and police or the owner of the premises immediately. Take your card with you.

What Precaution Should Be Taken While Leaving Cash Machine Once you have completed a transaction. Tear up or preferably shred these items before discarding them. 1. Do not assume that your bank automatically knows that the machine has withheld your card. Do Not Click On Hyperlinks Sent To You By Email Asking You To Confirm Your Bank Details Online: Hyperlinks are links to web pages that have been sent to you by email and may open a dummy website designed to steal your personal details. not the telephone number they may give you. take your card along to a cash machine and change the number to one that you will be able to remember without writing it down. Page 49 of 79 . If you lose your card in a cash machine. If you have been given a number that you find difficult to remember. Card Fraud Also Happens In The Home: Cardholders should also be warned of the risks of verifying bank details at home in unsolicited telephone conversations. cancel the card immediately with the card issuer‘s 24-hour emergency line. discreetly put your money and card away before leaving the cash machine. Again. 2. NEVER Write Down Your Pin: People make life very easy for pickpockets if they write down their PIN and keep it in their purse or wallet. Do not write down your PIN. Phone your bank instead on their main customer number or access your account using the bank's main website address. 3. Use good antivirus and firewall protection. Dispose of your cash machine receipt. which can be found on your last bank statement. beware of help offered by "well meaning strangers". Always call the person back using the advertised customer telephone number. mini-statement or balance enquiry slip with care.

At a glance. remove your card and leave the area immediately. the next person can walk up Page 50 of 79 . 2. go to an area with a lot of people and call the police. Look for suspicious attachments. The number of ATM frauds in India is more in regard to negligence of the Personal Identification Number (PIN). Sometimes. There‗s also the helpful bystander (the criminal) who may be standing by to kindly inform you the machine has had problems and offer to help. The most important aspect for reducing ATM related fraud is to educate the customer. negligence of banks in educating their customers about the matters that should be taken care of while at an ATM. but not while at the ATM. press the ATM cancel button. one is advised do it at home or office. and more importantly. the more vulnerable you are. make sure they go through – if it gets jammed and it doesn‗t fully go into the machine. however. Criminals often capture information through ATM skimming – using devices that steal magnetic strip information. Even when depositing a cheque at the ATM. If you do not feel safe at any time. Banks need to develop a fraud policy – the policy should be written and distributed to all employees. Minimize your time at the ATM. on should not make/sign the cheque at the ATM. the skimmer looks just like a regular ATM slot. The skimmer will not obtain PIN numbers. The more time you spend at the ATM. If you need to update your records after a transaction. To spot one. As for the envelope-based deposits. After the transaction. Make smart deposits. but it‗s an attachment that captures ATM card numbers. fraudsters place hidden cameras facing the ATM screen. To get that. Some ATMs allow you to directly deposit checks and cash into your accounts without stuffing envelopes. borrowers and depositors.PREVENTION FOR ATM CARDS Most ATM frauds happen due to the negligence of customers in using. the attachment slightly protrudes from the machine and may not be parallel with the inherent grooves. if you think you are being followed. 3. than by sophisticated crimes like skimming. the equipment will even cut off the printed labels on the ATM. Here is a compiled list of guidelines to help your customer from being an ATM fraud victim: 1.

It is therefore in the interest of banks to prevent ATM frauds. It is a big threat and it requires a coordinated and cooperative action on the part of the bank. But they could increase as more and more ATM‘s will penetrate in the country. Indian Banks Association (IBA) can take lead to kick started. the bank should create awareness among customers about the cardrelated frauds to reduce the number of frauds in future. The ATM frauds not only cause financial loss to banks but they also undermine customers‘ confidence in the use of ATMs. There is thus a need to take precautionary and insurance measures that give greater ―protection‖ to the ATMs. where total number of installed ATM‘s base is far less than many developed countries. In India. depend upon the requirements of the respective banks. compare your records with the account statements or online banking records. After having made the ATM deposit. Page 51 of 79 . ATM-related frauds are very less. particularly those located in less secure areas. The ATM fraud is not the sole problem of banks alone. customers and the law enforcement machinery. This would deter a greater use of ATM for monetary transactions.and take it out. INDIAN SCENARIO In India. however. The nature and the extent of precautionary measures to be adopted will.

This transfer can be done in many ways. ewallet etc. Page 52 of 79 . the anonymity offered by internet and cyber payment systems is being exploited to the hilt by the criminal elements. non-financial institutions are also permitted to issue e-money. Two individuals also can transfer funds directly using e. Earlier. turn out to be great disadvantages while investigating the crimes. businesses and consumers. all the above advantages cyber payments provide to consumers and trading partners. transfer of funds can be done between two trading partners directly. With the entry of Internet commerce. whose use is growing can store billions of dollars. Computer networks and Internet. Internet banking. Mondex card. there is an upper limit imposed by the card issuers but technically there is no limit. E-commerce has come into existence due to the attributes of Internet like ease of use. They include use of credit cards.CYBER MONEY LAUNDERING During the past two decades. Mobile banking and mobile commerce are growing and these technologies have the capability to transfer any amount of money at the touch of a bottom or click of a mouse. cross-border transactions were controlled by the central banks of respective countries. smart cards like Visa Cash. They can be effective tools in the hands of money launderers. Internet has converted the world into a boundary less market place that never sleeps. there is no upper limit. speed. e-cash. anonymity and its International nature. permit transfer of funds electronically between trading partners. Monitoring the activities of these institutions in a traditional manner is not possible. At present. in particular. As cyber payment systems eliminate the need for face to face interactions. for example. IT and Internet technologies have reached every nook and corner of the world. In some other forms of computer-based e-money. The capacity to transfer unlimited amounts of money without having to go through strict checks makes cyber money laundering an attractive proposition. From the point of view of law enforcing agencies. This problem is further compounded by the fact that. First and foremost. in many countries. Drug peddlers and organized criminals found a natural and much sought after ally in Internet. the jurisdictional technicalities come into play and it is another area that is being exploited by the money launderers.wallets.

and also of course. They conceal the origin and ownership of the proceeds. the launderers also attempt to safeguard their interests. is from illegal activity. Criminal resort to this practice to avoid detection of the money by law enforcement which will lead to its confiscation and also may provide leads to the illegal activity. at the same time. maintain control over proceeds and change the form of proceeds. While indulging in money laundering process. reduces the risk. Money laundering from the point of view of the criminal increases the profits and. which. Page 53 of 79 . to support new criminal ventures. in almost all cases. By laundering the money the criminals are trying to close their tracks.WHY MONEY LAUNDERING? The most important aim of money laundering is to conceal the origin of the money. their aims could be to increase the profits by resorting to illegal money transfer etc. Further.

Cyber payment systems can come in handy during this process. E-money and cyber payment systems come in handy in all the three stages of the process. 2. Placement in cyber space occurs by depositing the illegal money with some legitimate financial institutions or businesses. This is done by breaking up the huge cash into smaller chunks. Page 54 of 79 . Every day trillions of dollars are transferred all over the world by other legitimate business and thus it is almost impossible ton as certain whether some money is legal or illegal.MONEY LAUNDERING PROCESS Money laundering is normally accomplished by using a three-stage process. Normally. generate very volumes of money. this is done by opening up bank accounts in the names of non-existent people or commercial organizations and depositing the money. and exporting them to a different jurisdiction. This stage is characterized by facilitating the process of inducting the criminal money into the legal financial system. Illegal activities like drug trafficking. Launderers are very careful at this stage because the chances of getting caught are considerable here. There is a constant fear of getting caught. Online banking and Internet banking make it very easy for a launderer to open and operate a bank account. Launderers normally make use of commodity brokers. This is achieved by moving the names from and to offshore bank accounts in the names of shell companies or front companies by using Electronic Funds Transfer (EFT) or by other electronic means. So the immediate requirement is to send this money to a different location using all available means. LAYERING Layering is the second sub process. they make use of the banks wherever possible as in the legal commercial activity. Layering and Integration. stock brokers in the layering process. PLACEMENT The first activity is placement. Launderers were also found to purchase high value commodities like diamonds etc. In this complex layers of financial transaction are created to disguise the audit trail and provide anonymity. People involved in these activities cannot explain the origin and source of these funds to the authorities. During this process. The three steps involved are Placement. 1. This is used to distance the money from the sources. extortion.

The launderer sitting at home. This is the stage in which the ‗cleaned‘ money is ploughed back. the launderer sets up the website for his company and accepts online payments using credit cards for the purchases made from his company‘s website. then. Anyone with access to Internet can start an e-business. They can then take loans from these companies and bring back the money. which are known as safe havens. The money launderers first activity is to set up an online commerce company which is legal. The entire process can be explained with the help of an example . INTEGRATION Integration is the third sub process. ‗makes purchases‘ using this credit card from his own website. This is achieved by making it appear as legally earned. It has come to light that many gangs are opening up the front companies and hiring information technology specialists for nefarious activities. This is normally accomplished by the launderers by establishing anonymous companies in countries where secrecy is guaranteed. launderers obtain credit cards from some banks or financial institutions located in countries with lax rules. Incidents have also come to light where the criminals are using cryptography for hiding their transaction. Cyber space provides a secure and anonymous opportunity to the criminals in money laundering operations. As in normal transactions. This anonymity is what makes Internet very attractive for the launderers.3. in the safe haven. As a part of the whole scheme. Another way can be by placing false export import invoices and over valuing goods. This way they not only convert their money this way but also can take advantages associated with loan servicing in terms of tax relief. Page 55 of 79 . This can look and function like any other e-business as far as the outside world is concerned. the Web-based system then sends an invoice to the customer‘s (who happens to the launderer himself) bank. The bank then pays the money into the account of the company. Normally.

Banking obviously is the most affected sector by the money laundering operations. Hawallah are practiced in India. Futures and commodity markets are another area which is found to be facilitating the money laundering. antique dealers and jewelers. It is much easier to launder the money using these methods as there is no physical movement of money. Luxembourg. Casinos are another business areas that is actively involved in money laundering process. and Switzerland. In Columbia. when the banks were privatized the ‗Carli Cartel‘ was reported to have invested heavily and Italian mafia reportedly purchased shares in Italian banks. India and Columbia. As far as the banks are concerned the countries that are considered safe for launderers are Cayman Islands. Under this system. casinos. money is deposited in one country and the depositor is handed a chit or chop.000 criminal customers and they were involved in offenses ranging from financing nuclear weapon programs to narcotics. Berltlot Brecht said. even political parties organizations are known to be using laundered money for their campaigns. This only shows the extent of the problem and also that the banks and financial institutions are the primary target of the launderers. These practices mostly work on trust and mostly controlled by mafia in many countries. Other financial institution like fund managers and those facilitating Electronic Fund Transfer are also being manipulated by the launderers. It was also found that launderers do take advantages of privatization in various countries by investing in them.‘ Multinational banks are more vulnerable to money laundering operations. In fact. Cyprus. When BCCI bank was investigated it came to light that there were 3. China follows a system called ‗Fic Chin‘.BUSINESS AREAS THAT SUPPORT OR ARE PRONE TO MONEY LAUNDERING The banks and other financial institution are the most important intermediaries in the money laundering chain. Similar systems known as Hundi. The money is paid back in another place on production of the chit. This was observed in UK. In some countries. The offshore accounts of these banks are popular because they offer anonymity and also help in tax evasion. Page 56 of 79 . In all the cases the underlying factor is paperless transactions. financing housing schemes. ‗If you want to steal. This is practiced by different countries by different names. The other areas include professional advisers. then buy a bank. The second area is underground banking or parallel banking.

There may be attempts to gain political power either directly or indirectly like Coli Cocoine C artel‘s attempt in supporting Columbian President.5 bn illegal transactions. which will result in loss to national income due to reduced tax collections and lost jobs. One needs not be an economist understand the impact of money laundering on economies of developing countries. an Indian national in one year handled US 81. before his arrest during 1993. Because cyber money laundering can be done from anywhere in the world without any jurisdiction. the effects are much severe. the banks survival has come under threat. Facilitating the activities of launderers even inadvertently can push the banks into problems with law enforcement agencies and also governments. violence in society.EFFECTS ON BANKS Almost all the banks trade in foreign exchange Money laundering in any country or economy affects the foreign exchange market directly. the Indian Government was so short of foreign exchange that it had to pledge gold in the London bank. The low regulation by central banks will become difficult and consequently. overall income distribution in an economy is likely to get affected. A few years before that. Further. Money laundering can help in spread of parallel economy. money laundering can undermine the credibility of the banking system. It is not difficult to see what effect it has on the profitability of banks. This incident also shows how the national economy gets affected. OTHER EFFECTS In one incident. this can result in increased crime rate. It also causes fluctuations in the exchange rate. Page 57 of 79 . there will be rise in inflation. In some reported cases. On the social plane. The money laundering reduces the legal volume of the banks business. Samper in 1996 elections. Further.

AT NATIONAL LEVEL Some countries liken UK have taken proactive steps to control this crime. Developing internal control mechanisms is very essential in this regard. Cyber money laundering has to be dealt with at organizational [Bank or Financial Institution]. bank can have early warning on such activities. However. national and international levels. Issue of electronic money by private parties is another factor. Law enforcement agencies have details of criminal elements and their transactions. banks must keep in mind the legal provisions regarding privacy of individuals.PREVENTION Because of the nature of Cyber money laundering. deposit taking institutions (including banks) are expected to report suspicious transactions to the law enforcement authorities. By working in close conjunction with them. which could be cumulated by others. Courts also permit confiscation of cash. Any suspicious activities must be reported to law enforcement authorities. no country can effectively deal with it in isolation. if the investigating authorities have strong evidence that the money has come from illegal activities of drug trafficking. Having an eye on suspicious deals can give early warnings on the impending trouble. working in close association with other banks and exchange of information and intelligence in this regard will be definitely helpful. at least for 8 to 10 years. The legal provisions regarding ‗knowing the customer‘ brought down the crime to a great extent. as in some countries regulation of these people is not effective. They empowered their customs officials to seize cash consignments of 10. The old principle of ‗Knowing the customer‘ well will help a great deal. Slowly. In UK. different Page 58 of 79 . AT ORGANIZATIONAL [BANK] LEVEL The banking and other financial organizations can reduce the quantum of money laundering by following the guidelines issued by central banks of respective countries in letter and spirit. It is very important to keep the records of the customer for a sufficient time. Further.000 pounds or more.

Further. The major weapon to combat this crime is controlling financial transactions including e-transactions. During 2000. In order to cover this vast amount of money they need financial services industry. Hong Kong has passed similar laws. As a result of UN the efforts. through legislation. Financial Action Task Force (FATF) had noticed some critical points in the modus operandi of criminals which are difficult for the launderers to avoid. The most important issues at national level are establishing legal framework and training law enforcing officials. Many other countries are following suit. transfers to and from financial system and cross-border flows of cash. the UN also organized another convention against transnational organized crime. Some of the suggested measures are putting an upper limit on the amount of payment and frequency of using e-money in peer to peer transfers. less than 1% money laundered in cyber space is ever detected or criminals prosecuted. Prevention of money laundering in cyber space is proving to be really a daunting task. the group of seven industrialized nations established ‗Financial Action Task Force‘ (FATF). UK. US have stringent laws in dealing with Cyber money laundering. The third is ensuring that Internet service providers keep a log of files involving finances for a number of years. this convention made money laundering a crime and provided a model.countries are realizing the importance of this issue and enacting suitable rules aimed at providing transparency in transactions carried out by these institutions. Paying attention to these issues can help in controlling cyber laundering to a considerable extent. The second is making it mandatory for emoney organization to identify their clients and also to keep a track of money movement. AT INTERNATIONAL LEVEL The UN has taken the lead and during 1995 international community meeting signed a convention known as ‗UN Convention Against Illict Traffic in Narcotic Drugs and Psychotropic Substances‘. According to financial crimes enforcement network of US. The biggest source of money laundering funds comes from drug trade and the volume of money is large. The fourth is making audit compulsory for all electronic merchants and Page 59 of 79 . After studying this phenomenon. They are points of entry of cash into financial system. Many countries have enacted some stringent laws to control this crime. The Council of Europe has passed Criminal Justice Act. The single most important issue is harmonizing the terrestrial laws with cyber laws. They eye financial institutions that are in the business of accepting deposits from customers.

is international co-operation and harmonizing the national cyber and terrestrial laws with international can help in dealing with this crime effectively. The fifth is training law enforcement agencies in dealing effectively with this crime. Last but not the least.ensuring that they keep transaction records for a certain period of time. Page 60 of 79 .

Debts were settled by onethird cash and two-thirds bill of exchange. Diners Club issued the first credit card to 200 customers who could use it at 27 restaurants in New York. The bill of exchange . meaning ―TRUST‖. The word credit comes from Latin.The first use of magnetic stripes on cards was in the early 1960's. The first advertisement for credit was placed in 1730 by Christopher Thornton. In the 1920s.the forerunner of banknotes . pay later" system .CREDIT CARDS FRAUDS INTRODUCTION TO CREDIT CARDS Credit was first used in Assyria. the first "plastic money". a shopper's plate a "buy now. who offered furniture that could be paid off weekly. Page 61 of 79 . In 1950. They were called "tallymen" because they kept a record or tally of what people had bought on a wooden stick. Babylon and Egypt 3000 years ago.was introduced in the USA. From the 18th century until the early part of the 20th. It could only be used in the shops which issued it. Diners Club and American Express launched their charge cards in the USA. Paper money followed only in the 17th century. tallymen sold clothes in return for small weekly payments.was established in the 14th century. In 1951. But it was only until the establishment of standards for the magnetic strip in 1970 that the credit card became part of the information age. when the London Transit Authority installed a magnetic stripe system. San Francisco Bay Area Rapid Transit installed a paper based ticket the same size as the credit cards in the late 1960's. One side of the stick was marked with notches to represent the amount of debt and the other side was a record of payments.

at least until the account is ultimately used for fraud. According to the Federal Trade Commission. The compromise can occur by many common routes and can usually be conducted without tipping off the card holder. while identity theft had been holding steady for the last few years. A simple example is that of a store clerk copying sales receipts for later use. Credit card fraud is also an adjunct to identity theft. including the card account number or other information that would routinely and necessarily be available to a merchant during a legitimate transaction. The purpose may be to obtain goods without paying. However. or to obtain unauthorized funds from an account. fraud in the United Kingdom alone was estimated at £535 million. decreased as a percentage of all ID theft complaints for the sixth year in a row. that crime which most people associate with ID theft. it saw a 21 percent increase in 2008. The rapid Page 62 of 79 . In 2006. The fraud begins with either the theft of the physical card or the compromise of data associated with the account. credit card fraud. the merchant or the bank. or US$750-830 million at prevailing 2006 exchange rates. The cost of credit card fraud reaches into billions of dollars annually.CREDIT CARD FRAUD INTRODUCTION Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction.

it is possible for a thief to make unauthorized purchases on that card up until the card is cancelled. Other countries generally have similar laws aimed at protecting consumers from physical theft of the card. regardless of the amount charged on the card.growth of credit card use on the Internet has made database security lapses particularly costly. IF CARD IS STOLEN When a credit card is lost or stolen. such as a driver's Page 63 of 79 . a thief could potentially purchase thousands of dollars in merchandise or services before the card holder or the bank realize that the card is in the wrong hands. Still. in practice. it remains usable until the holder notifies the bank that the card is lost. In the absence of other security measures. in some cases. millions of accounts have been compromised. many banks will waive even this small payment and simply remove the fraudulent charges from the customer's account if the customer signs an affidavit confirming that the charges are indeed fraudulent. federal law limits the liability of card holders to $50 in the event of theft. Many merchants will demand to see a picture ID. most banks have toll-free telephone numbers with 24-hour support to encourage prompt reporting. but signatures are relatively easy to forge. In the United States. The only common security measure on all cards is a signature panel.

and some credit cards include the holder's picture on the card itself.) are common targets for stolen cards. but the most common include:   Name of card holder Account number Page 64 of 79 . as there is no way to verify the card holder's identity. kiosks. it may be trivial for the thief to deduce the information by looking at other items in the wallet. Banks have a number of countermeasures at the network level. However. Compromised Accounts Card account information is stored in a number of formats. but if the card holder's wallet is stolen. and a magnetic stripe on the back contains the data in machine readable format. The merchant may be instructed to call the bank for verification. The card holder may not discover fraudulent use until receiving a billing statement. Stolen cards can be reported quickly by card holders. which may be delivered infrequently. such as the user's ZIP or postal code. For example. etc. A common countermeasure is to require the user to key in some identifying information. For instance. This method may deter casual theft of a card found alone. or even to hold the card and refuse to return it to the customer. Account numbers are often embossed or imprinted on the card. a U. and asking for such verification may be a violation of the merchant's agreement with the credit card companies. Fields can vary. making it difficult to identify the source of the compromise. driver license commonly has the holder's home address and ZIP code printed on it. a large transaction occurring a great distance from the card holder's home might be flagged as suspicious. including sophisticated real-time analysis that can estimate the probability of fraud based on a number of factors. to decline the transaction. to verify the identity of the purchaser.license. the card holder has a right to refuse to show additional verification.S. Self-serve payment systems (gas stations. but a compromised account can be hoarded by a thief for weeks or months before any fraudulent use.

 

Expiration date Verification Many Web sites have been compromised in the past and theft of credit card data is a

major concern for banks. Data obtained in a theft, like addresses or phone numbers, can be highly useful to a thief as additional card holder verification.

Mail/Internet Order Fraud
The mail and the Internet are major routes for fraud against merchants who sell and ship products, as well Internet merchants who provide online services. The industry term for catalog order and similar transactions is "Card Not Present" (CNP), meaning that the card is not physically available for the merchant to inspect. The merchant must rely on the holder (or someone purporting to be the holder) to present the information on the card by indirect means, whether by mail, telephone or over the Internet when the cardholder is not present at the point of sale. It is difficult for a merchant to verify that the actual card holder is indeed authorizing the purchase. Shipping companies can guarantee delivery to a location, but they are not required to check identification and they are usually are not involved in processing payments for the merchandise. A common preventive measure for merchants is to allow shipment only to an address approved by the cardholder, and merchant banking systems offer simple methods of verifying this information. Additionally, smaller transactions generally undergo less scrutiny, and are less likely to be investigated by either the bank or the merchant, since the cost of research and prosecution usually far outweighs the loss due to fraud. CNP merchants must take extra precaution against fraud exposure and associated losses, and they pay higher rates to merchant banks for the privilege of accepting cards. Anonymous scam artists bet on the fact that many fraud prevention features do not apply in this environment.

Page 65 of 79

Merchant associations have developed some prevention measures, such as single use card numbers, but these have not met with much success. Customers expect to be able to use their credit card without any hassles, and have little incentive to pursue additional security due to laws limiting customer liability in the event of fraud. Merchants can implement these prevention measures but risk losing business if the customer chooses not to use the measures.

Account Takeover
There are two types of fraud within the identity theft category:
1. Application Fraud 2. Account Takeover.

1. Application Fraud Application fraud occurs when criminals use stolen or fake documents to open an account in someone else's name. Criminals may try to steal documents such as utility bills and bank statements to build up useful personal information. Alternatively, they may create counterfeit documents.

2. Account Takeover
Account takeover involves a criminal trying to take over another person's account, first by gathering information about the intended victim, then contacting their bank or credit issuer — masquerading as the genuine cardholder — asking for mail to be redirected to a new address. The criminal then reports the card lost and asks for a replacement to be sent. The replacement card is then used fraudulently. Some merchants added a new practice to protect consumers and self reputation, where they ask the buyer to send a copy of the physical card and statement to ensure the legitimate usage of a card.

Page 66 of 79

Skimming

Skimming is the theft of credit card information used in an otherwise legitimate transaction. It is typically an "inside job" by a dishonest employee of a legitimate merchant, and can be as simple as photocopying of receipts. Common scenarios for skimming are restaurants or bars where the skimmer has possession of the victim's credit card out of their immediate view. The skimmer will typically use a small keypad to unobtrusively transcribe the 3 or 4 digits Card Security Code which is not present on the magnetic strip. Instances of skimming have been reported where the perpetrator has put a device over the card slot of a public cash machine (Automated Teller Machine), which reads the magnetic strip as the user unknowingly passes their card through it. These devices are often used in conjunction with a pinhole camera to read the user's PIN at the same time. Skimming is difficult for the typical card holder to detect, but given a large enough sample, it is fairly easy for the bank to detect. The bank collects a list of all the card holders who have complained about fraudulent transactions, and then uses data mining to discover relationships among the card holders and the merchants they use. For example, if many of the

Page 67 of 79

SKIMMER Sophisticated algorithms can also search for known patterns of fraud. and penalties for merchants can be severe in cases of compromise. Page 68 of 79 . If the card is processed successfully. A website known to be susceptible to carding is known as a cardable website. Merchants must ensure the physical security of their terminals. which can be a death blow to businesses such as restaurants which rely on credit card processing. The specific item purchased is immaterial. both to avoid using the card's credit limit. ranging from large fines to complete exclusion from the merchant banking system. a Web site subscription or charitable donation would be sufficient.customers used one particular merchant. The thief presents the card information on a website that has real-time transaction processing. and the thief does not need to purchase an actual product. CARDING Carding is a term used for a process to verify the validity of stolen card data. The purchase is usually for a small monetary amount. that merchant's terminals (devices used to authorize transactions) can be directly investigated. the thief knows that the card is still good. and also to avoid attracting the bank's attention.

and then test them to see which were valid accounts. A set of credit card details that has been verified in this way is known in fraud circles as a phish.215. Credit card fraud prevention when dealing with credit card customers face-to-face 1. most credit card frauds are still being committed using lost. Credit card fraud is a significant problem in Canada. Whether you have a brick-and-mortar business or an online one. In 2004. Check to see if the ID has been altered in any way as a person trying to use a stolen credit card may also have stolen or fake ID. Examine the signature on the card. Another variation would be to take false card numbers to a location that does not immediately process card numbers.255. A carder will typically sell data files of phish to other individuals who will carry out the actual fraud. according to the RCMP. freshness of the data and credit status of the victim PREVENTION FOR CREDIT CARD FRAUD Credit card fraud is bad business. such as a driver‘s license or other photo ID. as well as the more prevalent use of wireless card scanners that can process transactions right away. 2.00 to US$50. carding is more typically used to verify credit card data obtained directly from the victims by skimming or phishing. Market price for a phish ranges from US$1.00 depending on the type of card. If the signature on the credit card is smeared. it could be that the credit card is stolen and the person has changed the signature to his or her own. However. Ask for and check other identification. too. such as a trade show or special event. The credit card loss total for 2007 was $304.In the past. credit card fraud cost US merchants 2. And while 'no-card' fraud is growing.664. credit card fraud is costing you money.9 million dollars (Celent Communications). Page 69 of 79 . carders used computer programs called "generators" to produce a sequence of credit card numbers. Nowadays. stolen or counterfeit cards. this process is no longer viable due to widespread requirement by internet credit card processing systems for additional data such as the billing address. the 3 to 4 digit Card Security Code and/or the card's expiry date.

Check the credit card‘s embossing. That way if the customer runs away while you‘re making the call. ii. glued. 7. For information on the suspicious behavior that may indicate someone trying to commit credit card fraud. Compare signatures. Page 70 of 79 . It should show a repetitive colour design of the MasterCard or Visa name. i. to ensure that no one can steal the credit card information and help prevent future credit card fraud. painted. three-dimensional images that appear to move when the card is tilted. (The holograms on credit cards that have not been tampered with will show clear.3. ―Ghost images‖ of other numbers behind the embossing are a tip-off that the card has been re-embossed. Check the security features of the credit card. 6. Have another look at the card‘s signature panel. erased. such as a possible counterfeit or stolen card. 4. Altered signature panels (those that are discoloured. You can use the points above as a ―to do‖ list for dealing with credit card transactions. compare the signatures as well to those on any other ID presented. see Suspicious Behaviors That May Indicate Credit Card Fraud. Ask for a ―Code 10‖ if you have reason to suspect a possible credit card fraud. you still have the credit card. or covered with white tape) are an indication of credit card fraud. Call for authorization of the credit card – remembering to take both the credit card and the sales draft with you.) 5. Destroy all carbon copies of the credit card transaction. It‘s also very important to be sure that your staff is educated about credit card fraud. Check the presented card with recent lists of stolen and invalid credit card numbers. The hologram may be damaged. Besides comparing the signature on the credit card with the person‘s signature on the credit card slip.

7. but by establishing and following procedures to check every credit card transaction. issued by any other company. be alert to suspicious behaviors and shape your credit policies to nip credit card fraud in the bud. You may even want to make it a policy to ship only to the billing address on the credit card. If the shipping address and the billing address on the order are different. 9. you can cut down your credit card fraud losses. 4. 5. 2. 3. call the customer to confirm the order. It cannot give any other details like no. credit card fraud prevention strategies such as scrutinizing the credit card aren‘t going to work. Be wary of multiple transactions made with similar card numbers in a sequence. Call the customer to confirm the order first. however. 1. 8. Mod10 is an algorithm that will show whether the card number being presented is valid card number and is within the range of numbers issued by credit card companies.When dealing with credit card customers over the phone or through the Internet . Be wary of orders shipped to a single address but purchased with multiple cards. Be wary of overseas orders – especially if the order exhibits any of the characteristics noted above. rush or overnight. Be wary of unusually large orders. Page 71 of 79 . This test should be first to be that it is applied to any credit card number one process. In such a case. You can. 6. If the card fails Mod10 one can safely assume fraud. Be wary of orders you‘re asked to ship express. The first is Mod10 algorithm testing. ask the customer for an ISP (Internet Service Provider) or domain-based e-mail address that can be traced back. Credit card fraud may not be entirely preventable. This is the shipping of choice for many credit card fraudsters. Don‘t process credit card orders that originate from free e-mail addresses or from e-mail forwarding addresses. Don‘t process credit card orders unless the information is complete.

Manwani is an MBA drop-out from a Pune college and served as a marketing executive in a Chennai-based firm for some time. who was caught red-handed while breaking into an ATM in the city in June last. While investigating Manwani's case. he had with him Rs 7. That company has millions of subscribers. the police stumbled upon a cyber crime involving scores of persons across the globe.000 from an ATM in Mumbai.5 lakh knocked off from two ATMs in T Nagar and Abiramipuram in the city. They floated a new site which resembled that of a reputed telecom companies. had been collected in excess by mistake from them. At the time of his detention. it is reliably learnt. with the arrest of Deepak Prem Manwani (22). the site promoters said. but in the process parted with their PINs. The dimensions of the city cops' achievement can be gauged from the fact that they have netted a man who is on the wanted list of the formidable FBI of the United States.CASE STUDY INDIA'S FIRST ATM CARD FRAUD The Chennai City Police have busted an international gang involved in cyber crime. he got attracted to a site which offered him assistance in breaking into the ATMs. but charged $200 per code. The site also offered the magnetic codes of those cards. were ready to give him credit card numbers of a few American banks for $5 per card. Page 72 of 79 . sitting somewhere in Europe. he had walked away with Rs 50.75 per head which. While browsing the Net one day. Believing that it was a genuine offer from the telecom company in question. The fake site offered the visitors to return $11. his audacious crime career started in an Internet cafe. Prior to that. Interestingly. several lakh subscribers logged on to the site to get back that little money. The operators of the site had devised a fascinating idea to get the personal identification number (PIN) of the card users. His contacts.

Apparently. The police are on the lookout for those persons too. Page 73 of 79 . the FBI started an investigation into the affair and also alerted the CBI in New Delhi that the international gang had developed some links in India too. On receipt of large-scale complaints from the billed credit card users and banks in the United States. Meanwhile. Manwani and many others of his ilk entered into a deal with the gang behind the site and could purchase any amount of data. or simply enter into a deal on a booty-sharing basis. Manwani also managed to generate 30 plastic cards that contained necessary data to enable him to break into ATMS. Manwani has since been enlarged on bail after interrogation by the CBI. He was so enterprising that he was able to sell away a few such cards to his contacts in Mumbai. But the city police believe that this is the beginning of the end of a major cyber crime.Armed with all requisite data to hack the bank ATMs. of course on certain terms. the gang started its systematic looting.

The ready availability of software that allows anyone.com")..no matter how impressive or professional the Web site looks .doesn't mean it's true.don't just send the data without knowing more about who's asking. Criminals have been known to send messages in which they pretend to be (for example) a systems administrator or Internet service provider representative in order to persuade people online that they should disclose valuable personal data. to set up a professional-looking Web site means that criminals can make their Web sites look as impressive as those of legitimate e-commerce merchants. Be Careful About Giving Out Valuable Personal Data Online If you see e-mail messages from someone you don't know that ask you for personal data such as your Social Security number.g. Page 74 of 79 . Don't Judge by Initial Appearances It may seem obvious. credit-card number. or uses an e-mail header that has no useful identifying data (e. that may be an indication that the person doesn't want to leave any information that could allow you to contact them later if you have a dispute over undelivered goods for which you paid.GENERAL TIPS ON AVOIDING POSSIBLE INTERNET FRAUD SCHEMES 1. 3. As a result. 2. you should be highly wary about relying on advice that such people give you if they are trying to persuade you to entrust your money to them. but consumers need to remember that just because something appears on the Internet . "W6T7S8@provider. or password . Be Especially Careful About Online Communications with Someone Who Conceals His True Identity If someone sends you an e-mail in which he refuses to disclose his full identity. at minimal cost.

you need to look carefully at any online seller of goods or services who wants you to send checks or money orders immediately to a post office box. national. Even so. 5. before you receive the goods or services you've been promised. In UK. AT NATIONAL LEVEL Some countries liken UK have taken proactive steps to control this crime. deposit taking institutions (including banks) are expected to report suspicious transactions to the law enforcement authorities.com" companies. AT ORGANIZATIONAL [BANK] LEVEL The banking and other financial organizations can reduce the quantum of money laundering by following the guidelines issued by central banks of respective countries in letter and spirit.4. Page 75 of 79 . using the Internet to research online companies that aren't known to you is a reasonable step to take before you decide to entrust a significant amount of money to such companies. of course. Cyber money laundering has to be dealt with at organizational [Bank or Financial Institution]. and still be fully capable of delivering what you need at a fair price. may not have the brand-name recognition of long-established companies. which could be cumulated by others. Legitimate startup "dot. SUGGESTIONS ON CYBER MONEY LAUNDERING Because of the nature of Cyber money laundering. no country can effectively deal with it in isolation. The old principle of ‗Knowing the customer‘ well will help a great deal. Watch Out for "Advance-Fee" Demands In general.

IDG News Service Page 76 of 79 . A criminal can then view the number of transactions. Trustwave has collected multiple versions of the malware." Trustwave wrote. The collected card data. The malware has been found on ATMs in Eastern European countries.RECENT TRENDS  In February 2009. Trustwave wrote. The malware records the magnetic stripe information on the back of a card as well as the PIN (Personal Identification Number). can be printed out by the ATM's receipt printer. The company believes that the particular one it analyzed is "a relatively early version of the malware and that subsequent versions have seen significant additions to its functionality. reboot the machine and even uninstall the malware. print card data.  June 4." The company advised banks to scan their ATMs to see if they're infected. The malware is controlled via a GUI that is displayed when a so-called "trigger card" is inserted into the machine by a criminal. Another menu option appears to allow the ejection of an ATM's cash cassette. which would potentially allow criminals to clone the card in order to withdraw cash. according to security vendor Trustwave. 10:00 AM — IDG News Service — Cybercriminals are improving a malicious software program that can be installed on ATMs running Microsoft's Windows XP operating system that records sensitive card details. "The malware contains advanced management functionality allowing the attacker to fully control the compromised ATM through a customized user interface built into the malware. 2009. The trigger card causes a small window to appear that gives its controller 10 seconds to pick one of 10 command options using the ATM's keypad. according to a Trustwave report. a group of criminals used counterfeit ATM cards to steal $9 million from 130 ATMs in 49 cities around the world all within a time period of 30 minutes. which is encrypted using the DES (Data Encryption Standard) algorithm.

The ATM frauds not only cause financial loss to banks but they also undermine customers' confidence in the use of ATMs. customers and the law enforcement machinery. where it is changing very fast. The National institute of justice. It is therefore in the interest of banks to prevent ATM frauds. By the time regulators come up with preventive measures to protect customers from innovative frauds. There is thus a need to take precautionary and insurance measures that give greater "protection" to the ATMs. The purpose may be to obtain goods without paying. however. The nature and extent of precautionary measures to be adopted will. But in the digital world. It is a big threat and it requires a coordinated and cooperative action on the part of the bank. depend upon the requirements of the respective banks. Internet Banking Fraud is a fraud or theft committed using online technology to illegally remove money from a bank account and/or transfer money to an account in a different bank. Cyber space and cyber Page 77 of 79 . Jurisdiction over cyber crimes should be standardized around the globe to make swift action possible against terrorist whose activities are endearing security worldwide. Internet Banking Fraud is a form of identity theft and is usually made possible through techniques such as phishing. technical working group digital evidence are some of the key organization involved in research. This would deter a greater use of ATM for monetary transactions.‖ This quote exactly reflects the present environment related to technology. The ATM fraud is not the sole problem of banks alone. either the environment itself changes or new technology emerges. as in the physical world the goals of law enforcement are balanced with the goals of maintaining personal liberty and privacy. Credit card fraud can be committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. Computer forensics has developed as an indispensable tool for law enforcement. or to obtain unauthorized funds from an account. but made out of opportunities. This helps criminals to find new areas to commit the fraud. particularly those located in less secure areas.CONCLUSION Lastly I conclude by saying that ―Thieves are not born.

payment methods are being abused by money launderers for converting their dirty money into legal money. Undoubtedly the Act is a historical step in the cyber world. For carrying out their activities launderers need banking system. Preventing cyber money laundering is an uphill task which needs to be tackled at different levels. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. Capacity of human mind is unfathomable. Internet. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. International law and international co-operation will go a long way in this regard. Page 78 of 79 . Traditional systems like credit cards had some security features built into them to prevent such crime but issue of e-money by unregulated institutions may have none. second by nation states and finally through international efforts. The regulatory framework must also take into account all the related issues like development of e-money. right to privacy of individual. first by banks/ financial institutions. Further I all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime. This has to be fought on three planes. It is not possible to eliminate cyber crime from the cyber space. online banking facilitates speedy financial transactions in relative anonymity and this is being exploited by the cyber money launderers.

google.britannica.com SEARCH ENGINE: www.com Page 79 of 79 .cybercellmumbai.com www.wikipedia.in www.com www.BIBLIOGRAPHY WEBSITE: www.agapeinc.com www.yahoo.