INDEX

SR NO. TABLE OF CONTENT PG

NO.

Chapter.1 CYBER CRIME. 03

1.1 Introduction 03
1.2 Cyber Crime in India 06
1.3 Cyber Statistics 07
1.4 Changing face of Crime 09
1.5 Cyber pace 10

Chapter.2 TYPES OF CYBER CRIME. 11

2.1 Thefts through Communication Channel 11
2.2 Other types of Cyber Crime 17
2.3 Motive behind the Crime 17

Chapter.3 CLASSIFICATION OF CYBER CRIME. 27

3.1 Cyber Crime Against Person 27
3.2 Cyber Crime Against Property 28
3.3 Cyber Crime Against Government 28

Chapter.4 REASONS FOR CYBER CRIME. 30

4.1 Capacity to store data in comparatively small space 30
4.2 Easy to Access 30
4.3 Complex 31
4.4 Negligence 31
4.5 Lack of evidence 31

Chapter.5 CYBER CRIMINALS. 32

Chapter.6 MODE & MANNER OF COMMITING CYBER 33

CRIME.

Chapter.7 BANKING SECTOR. 36

1
Chapter.8 CYBER CRIME IN BANKING SECTOR. 38
8.1 ATM Fraud 38
8.2 Money Laundering 43
8.3 Credit Card Fraud 50

Chapter.9 CASE STUDY. 58

Chapter.10 GENERAL TIPS ON AVOIDING POSSIBLE 59

INTERNET FRAUD SCHEMES.

Chapter.11 RECENT CASES. 60

Chapter.12 CONCLUSION. 61

Chapter.13 BIBLOGRAPHY 62

2
CHAPTER:1

CYBER CRIME
INTRODUCTION

The usage of internet services in India

is growing rapidly. It has given rise to new opportunities in every field we can think of be
it entertainment, business, sports or education.
There are many pros and cons of some new types of technology which are been
invented or discovered. Similarly the new & profound technology i.e. using of
INTERNET Service, has also got some pros & cons. These cons are named CYBER
CRIME, the major disadvantages, illegal activity committed on the internet by certain
individuals because of certain loop-holes. The internet, along with its advantages, has also
exposed us to security risks that come with connecting to a large network. Computers today
are being misused for illegal activities like e- mail espionage, credit card fraud, spams, and
software piracy and so on, which invade our privacy and offend our senses. Criminal
activities in the cyberspace are on the rise.
Computer crimes are criminal activities, which involve the use of information
technology to gain an illegal or an unauthorized access to a computer system with intent of
damaging, deleting or altering computer data. Computer crimes also include the activities
such as electronic frauds, misuse of devices, identity theft and data as well as system
interference. Computer crimes may not necessarily involve damage to physical property.
They rather include the manipulation of confidential data and critical information.
Computer crimes involve activities of software theft, wherein the privacy of the users is
hampered. These criminal activities involve the breach of human and information privacy,
as also the theft and illegal alteration of system critical information. The different types of

3
 computer crimes have necessitated the introduction and use of newer and more effective
security measures.
In recent years, the growth and penetration of internet across Asia Pacific has been
phenomenal. Today, a large number of rural areas in India and a couple of other nations in
the region have increasing access to the internetparticularly broadband. The challenges
of information security have also grown manifold. This widespread nature of cyber crime
is beginning to show negative impact on the economic growth opportunities in each of the
countries.
It is becoming imperative for organizations to take both preventive and corrective
actions if their systems are to be protected from any kind of compromise by external malicious
elements. According to the latest statistics, more than a fifth of the malicious activities in
the world originate from the Asia Pacific region. The malicious attacks included denial-of-
service attacks, spam, and phishing and bot attacks. Overall, spam made up 69% of all
monitored e-mail traffic in the Asia Pacific region. As per the National Crime Records
Bureau statistics, there has been a 255% increase in cyber crime in India alone. And mind
you, these are just the reported cases.
In view of this, various governmental and non-governmental agencies are working
towards reducing cyber crime activities.
Computer crime, cybercrime, e-crime, hi-tech crime or electronic crime generally
refers to criminal activity where a network is the source, tool, target, or place of a crime.
These categories are not exclusive and many activities can be characterized as falling in
one or more category. Additionally, although the terms computer crime and cybercrime are
more properly restricted to describing criminal activity in which the computer or network is
a necessar peddlers and organized criminals found a natural and much sought after ally in
Internet peddlers and organized criminals found a natural and much sought after ally in
Internet y part of the crime, these terms are also sometimes used to include traditional
crimes, such as fraud, theft, blackmail, forgery, and embezzlement, in which computers or
networks are used. As the use of computers has grown, computer crime has become more
important.
Computer crime can broadly be defined as criminal activity involving an information technology
infrastructure, including illegal access (unauthorized access), illegal interception (by technical means
of non-public transmissions of computer data to, from or within a computer system), data
interference (unauthorized damaging, deletion, deterioration, alteration or suppression of computer
data), systems interference (interfering with the functioning of a computer system by inputting,
transmitting, damaging, deleting, deteriorating, altering or suppressing computer data), misuse of
devices, forgery (ID theft), and electronic fraud (Taylor, 1999)

4
 In 2002 the newly formed U.S. Internet Crime Complaint Center reported that more
than
$54 million dollars had been lost through a variety of fraud schemes; this represented a
threefold increase over estimated losses of $17 million in 2001. The annual losses grew in
subsequent years, reaching $125 million in 2003, about $200 million in 2006 and close to
$250 million in 2008.

5
 CYBERCRIMES IN INDIA

As India become the fourth highest number of Internet users in the world, cyber
crimes in India has also increased 50 percent in 2007 over the previous year. According to
the Information Technology (IT) Act, the majority of offenders were under 30 years of age.
Around 46 percent of cyber crimes were related to incidents of cyber pornography,
followed by hacking. According to recent published 'Crime in 2007 report', published by
the National Crime Record Bureau (NCRB), in over 60 percent of these cases, offenders
were between 18 and 30. These cyber-crimes are punishable under two categories; the IT
Act 2000 and the Indian Penal Code (IPC). According to the report, 217 cases of cyber-
crime were registered under the IT Act in 2007, which is an increase of 50 percent from the
previous year. Under the IPC section, 339 cases were recorded in 2007 compared to 311
cases in 2006. Out of 35 mega cities, 17 cities have reported around 300 cases of cyber-
crimes under both categories that is an increase of 32.6 percent in a year. The report also
shows that cyber crime is not only limited to metro cities but it also moved to small cities
like Bhopal. According to the report, Bhopal, the capital of Madhya Pradesh has reported
the highest incidence of cyber crimes in the country.
In order to tackle with cyber crime, Delhi Police have trained 100 of its officers in
handling cyber crime and placed them in its Economic Offences Wing. These officers were
trained for six weeks in computer hardware and software, computer networks comprising
data communication networks, network protocols, wireless networks and network security.
Faculty at Guru Gobind Singh Indraprastha University (GGSIPU) were the trainers.

6
 CRIME STATISTICS

As per the National Crime Records Bureau statistics, during the year 2005, 179
cases were registered under the IT Act as compared to 68 cases during the previous year,
thereby reporting a significant increase of 163.2% in 2005 over 2004. During 2005, a total
of 302 cases were registered under IPC sections as compared to 279 such cases during
2004, thereby reporting an increase of 8.2% in 2005 over 2004. NCRB is yet to release the
statistics for 2006. In 2006, 206 complaints were received in comparison with only 58 in
2005, a 255% increase in the total number of complaints received in the Cyber Cell/EOW
over the last year. In terms of cases registered and investigated in 2006 (up to 22.12.06), a
total of 17 cases, where the computer was the victim, a tool or a repository of evidence,
have been registered in the Cyber Cell/EOW as compared to 12 cases registered in 2005.
And mind you, these are just the reported cases.
While the number of cyber crime instances has been constantly growing over the
last few years, the past year and a half, in particular, has seen a rapid spurt in the pace of
cyber crime activities. Cyber lawyers, Pavan Duggal, advocate with the Supreme Court of
India and Karnika Seth, partner, Seth Associates, Advocates and Legal Consultants, testify
to this, pointing out that they have seen a jump in the number of cyber crime cases that
they've been handling in the last one year. One also should remember that the term 'Cyber
Crime' should be applied to all offences committed with the use of 'Electronic Documents'.
Hence, cyber crimes must grow at the same rate as the use of the Internet, mobile phone,
ATM, credit cards or perhaps even faster.

"With the little offences came the larger ones involving huge money, and one has
seen this sudden jump from smalle crimes to financial crimes in the last one year"

According to Captain Raghu Raman, CEO, Mahindra Special Services Group (SSG), the
contributing factors are high volume of data processing, rapid growth and major migration
into the online space, especially of financial institutions and their customer
transactions.

However, actual numbers continue to include, considering the fact that a majority of the
cases go unreported. Most victims, especially the corporate, continue to downplay on
account of the fear of negative publicity thereby failing to give a correct picture of the
cyber crime scene in the country. According to Cyber law expert Na Vijayashankar
(popularly known as Naavi); it is difficult to measure the growth of Cyber Crimes by any

7
statistics, the reason being that a majority of cyber crimes don't get reported. "If we,
therefore, focus on the number of cases registered or number of convictions achieved, we
only get diverted from real facts," he adds. Duggal points out to the results of a survey he
conducted in early 2006 on the extent of under- reporting. For every 500 instances of cyber
crimes that take place in India, only fifty are reported and out of that fifty, only one is
registered as an FIR or criminal case. So, the ratio effectively is 1:500 and this, he points
out, are conservative estimates. Giving an insight into the reasons for low reporting,
Nandkumar Sarvade, director, Cyber Security and Compliance at Nasscom, points out that
very often, people are not aware whether an incident is a cyber crime; there is also lack of
awareness on where to lodge a complaint or whether the police will be able to understand.
"Added to this is the fear of losing business and hence, many cases don't come to light," he
adds.

8
 CHANGING FACE OF CRIME

The last year has seen a quantum jump not only in the quantity and quality but also
the very nature of cyber crime activities. According to Naavi, a perceptible trend being
observed is that cyber crimes are moving from 'Personal Victimization' to 'Economic
Offences'. SD Mishra, ACP, IPR and Cyber Cell, Economic Offences Wing, Delhi Police
concurs that the cases that are now coming up are more related to financial frauds. As
opposed to obscenity, pornography, malicious emails that were more prevalent in the past,
now credit card frauds, phishing attacks, online share trading, etc. are becoming more
widespread. As Seth points out, initially, when the Internet boom began, certain crimes
were noticeable and cyber stalking was one of the first ones. "However, with the little
offences came the larger ones involving huge money and one has seen this sudden jump
from smaller crimes to financial crimes in the last one year," she adds.

9
 CYBERSPACE

As the cases of cybercrime grow; there is a growing need to prevent them.

Cyberspace belongs to everyone. There should be electronic surveillance which means
investigators tracking down hackers often want to monitor a cracker as he breaks into a
victim's computer system. The two basic laws governing real-time electronic surveillance in
other criminal investigations also apply in this context, search warrants which means that
search warrants may be obtained to gain access to the premises where the cracker is believed
to have evidence of the crime. Such evidence would include the computer used to commit
the crime, as well as the software used to gain unauthorized access and other evidence of the
crime. Researchers must explore the problems in greater detail to learn the origins, methods,
and motivations of this growing criminal group. Decision-makers in business, government,
and law enforcement must react to this emerging body of knowledge. They must develop
policies, methods, and regulations to detect incursions, investigate and prosecute the
perpetrators, and prevent future crimes. In addition, Police Departments should immediately
take steps to protect their own information systems from intrusions (Any entry into an area
not previously occupied).
Internet provides anonymity: This is one of the reasons why criminals try to get
away easily when caught and also give them a chance to commit the crime again.
Therefore, we users should be careful. We should not disclose any personal information on
the internet or use credit cards and if we find anything suspicious in e-mails or if the
system is hacked, it should be immediately reported to the Police officials who investigate
cyber-crimes rather than trying to fix the problem by ourselves.
Computer crime is a multi-billion dollar problem. Law enforcement must seek
ways to keep the drawbacks from overshadowing the great promise of the computer age.
Cybercrime is a menace that has to be tackled effectively not only by the official but also
by the users by co- operating with the law. The founding fathers of internet wanted it to be
a boon to the whole world and it is upon us to keep this tool of modernization as a boon
and not make it a bane to the society.

10
CHAPTER: 2

TYPES OF CYBER CRIME

Theft of Telecommunications Services

The "phone phreakers" of three decades ago set a precedent for what has become a
major criminal industry. By gaining access to an organizations telephone switchboard
(PBX) individuals or criminal organizations can obtain access to dial-in/dial-out circuits
and then make their own calls or sell call time to third parties (Gold 1999). Offenders may
gain access to the switchboard by impersonating a technician, by fraudulently obtaining an
employee's access code, or by using software available on the internet. Some sophisticated
offenders loop between PBX systems to evade detection. Additional forms of service theft
include capturing "calling card" details and on-selling calls charged to the calling card
account, and counterfeiting or illicit reprogramming of stored value telephone cards.
It has been suggested that as long ago as 2000, security failures at one major
telecommunications carrier cost approximately 290 million, and that more recently, up to
5% of total industry turnover has been lost to fraud (Schieck 1995: 2-5). Costs to individual
subscribers can also be significant in one case; computer hackers in the United States
illegally obtained access to Scotland Yard's telephone network and made 620,000 worth
of international calls for which Scotland Yard was responsible (Tendler and Nuttall 2006).

Communications in Furtherance of Criminal Conspiracies

Just as legitimate organizations in the private and public sectors rely upon
information systems for communications and record keeping, so too are the activities of
criminal organizations enhanced by technology.
There is evidence of telecommunications equipment being used to facilitate
organized trafficking, gambling, prostitution, money laundering, child pornography and
trade in weapons (in those jurisdictions where such activities are illegal). The use of
encryption technology may place criminal communications beyond the reach of law
enforcement.
The use of computer networks to produce and distribute child pornography has
become the subject of increasing attention. Today, these materials can be imported
across national borders at the speed of light. The more overt manifestations of internet

11
child pornography entail a modest degree of organization, as required by the infrastructure
of IRC and WWW, but the activity appears largely confined to individuals.
By contrast, some of the less publicly visible traffic in child pornography activity appears
to entail a greater degree of organization. Although knowledge is confined to that conduct
which has been the target of successful police investigation, there appear to have been a
number of networks which extend cross-nationally, use sophisticated technologies of
concealment, and entail a significant degree of coordination.
Illustrative of such activity was the Wonderland Club, an international network with
members in at least 14 nations ranging from Europe, to North America, to Australia.
Access to the group was password protected, and content was encrypted. Police
investigation of the activity, codenamed "Operation Cathedral" resulted in approximately
100 arrests around the world, and the seizure of over 100,000 images in September, 1998.

Telecommunications Piracy

Digital technology permits perfect reproduction and easy dissemination of print,

graphics, sound, and multimedia combinations. The temptation to reproduce copyrighted
material for personal use, for sale at a lower price, or indeed, for free distribution, has
proven irresistible to many.
This has caused considerable concern to owners of copyrighted material. Each year,
it has been estimated that losses of between US$15 and US$17 billion are sustained by
industry by reason of copyright infringement (United States, Information Infrastructure
Task Force 1995, 131).
The Software Publishers Association has estimated that $7.4 billion worth of
software was lost to piracy in 1993 with $2 billion of that being stolen from the Internet
(Meyer and Underwood 1994).
Ryan (1998) puts the cost of foreign piracy to American industry at more than $10
billion in 1996, including $1.8 billion in the film industry, $1.2 billion in music, $3.8
billion in business application software, and $690 million in book publishing.
According to the Straits Times (8/11/99) A copy of the most recent James Bond
Film The World is Not Enough, was available free on the internet before its official
release.
When creators of a work, in whatever medium, are unable to profit from their creations,
there can be a chilling effect on creative effort generally, in addition to financial loss.

12
 Dissemination of Offensive Materials

Content considered by some to be objectionable exists in abundance in cyberspace.

This includes, among much else, sexually explicit materials, racist propaganda, and
instructions for the fabrication of incendiary and explosive devices. Telecommunications
systems can also be used for harassing, threatening or intrusive communications, from the
traditional obscene telephone call to its contemporary manifestation in "cyber-stalking", in
which persistent messages are sent to an unwilling recipient.
One man allegedly stole photographs of his former girlfriend and her new boyfriend
and posted them on the Internet, along with her name, address and telephone number. The
unfortunate couple, residents of Kenosha, Wisconsin, received phone calls and e-mails
from strangers as far away as Denmark who said they had seen the photos on the Internet.
Investigations also revealed that the suspect was maintaining records about the woman's
movements and compiling information about her family (Spice and Sink 1999).
In another case a rejected suitor posted invitations on the Internet under the name of
a 28- year-old woman, the would-be object of his affections that said that she had fantasies
of rape and gang rape. He then communicated via email with men who replied to the
solicitations and gave out personal information about the woman, including her address,
phone number, details of her physical appearance and how to bypass her home security
system. Strange men turned up at her home on six different occasions and she received
many obscene phone calls. While the woman was not physically assaulted, she would not
answer the phone, was afraid to leave her home, and lost her job (Miller 1999; Miller and
Maharaj 1999).
One former university student in California used email to harass 5 female students
in 1998. He bought information on the Internet about the women using a professor's credit
card and then sent 100 messages including death threats, graphic sexual descriptions and
references to their daily activities. He apparently made the threats in response to perceived
teasing about his appearance (Associated Press 1999a).
Computer networks may also be used in furtherance of extortion. The Sunday Times
(London) reported in 1996 that over 40 financial institutions in Britain and the United
States had been attacked electronically over the previous three years. In England, financial
institutions were reported to have paid significant amounts to sophisticated computer
criminals who threatened to wipe out computer systems. (The Sunday Times, June 2, 1996).

13
 The article cited four incidents between 1993 and 1995 in which a total of 42.5 million
Pounds Sterling were paid by senior executives of the organizations concerned, who were
convinced of the extortionists' capacity to crash their computer systems (Denning 1999
233-4).

Electronic Money Laundering and Tax Evasion

For some time now, electronic funds transfers have assisted in concealing and in moving
the proceeds of crime. Emerging technologies will greatly assist in concealing the origin of
ill- gotten gains. Legitimately derived income may also be more easily concealed from
taxation authorities. Large financial institutions will no longer be the only ones with the
ability to achieve electronic funds transfers transiting numerous jurisdictions at the speed of
light. The development of informal banking institutions and parallel banking systems may
permit central bank supervision to be bypassed, but can also facilitate the evasion of cash
transaction reporting requirements in those nations which have them. Traditional
underground banks, which have flourished in Asian countries for centuries, will enjoy even
greater capacity through the use of telecommunications.

With the emergence and proliferation of various technologies of electronic

commerce, one can easily envisage how traditional countermeasures against money
laundering and tax evasion may soon be of limited value. I may soon be able to sell you a
quantity of in return for an untraceable transfer of stored value to my "smart-card", which I
then download anonymously to my account in a financial institution situated in an overseas
jurisdiction which protects the privacy of banking clients. I can discreetly draw upon these
funds as and when I may require, downloading them back to my stored value card
(Wahlert 1996).

Electronic Vandalism, Terrorism and Extortion

As never before, western industrial society is dependent upon complex data

processing and telecommunications systems. Damage to, or interference with, any of these
systems can lead to catastrophic consequences. Whether motivated by curiosity or
vindictiveness electronic intruders cause inconvenience at best, and have the potential for
inflicting massive harm While this potential has yet to be realised, a number of individuals
and protest groups have hacked the official web pages of various governmental and

14
 commercial organizations for e.g.:(Rathmell 1997). http://www.2600.com/hacked_pages/
(visited 4 January 2000). This may also operate in reverse: early in 1999 an organized
hacking incident was apparently directed at a server which hosted the Internet domain for
East Timor, which at the time was seeking its independence from Indonesia (Creed 1999).
Defence planners around the world are investing substantially in information
warfare - means of disrupting the information technology infrastructure of defence systems
(Stix 1995). Attempts were made to disrupt the computer systems of the Sri Lankan
Government (Associated Press 1998), and of the North Atlantic Treaty Organization during
the 1999 bombing of Belgrade (BBC 1999). One case, which illustrates the transnational
reach of extortionists, involved a number of German hackers who compromised the system
of an Internet service provider in South Florida, disabling eight of the ISPs ten servers.
The offenders obtained personal information and credit card details of 10,000 subscribers,
and, communicating via electronic mail through one of the compromised accounts,
demanded that US$30,000 be delivered to a mail drop in Germany. Co-operation between
US and German authorities resulted in the arrest of the extortionists (Bauer 1998).
More recently, an extortionist in Eastern Europe obtained the credit card details of
customers of a North American based on-line music retailer, and published some on the
Internet when the retailer refused to comply with his demands (Markoff 2000).

Sales and Investment Fraud

As electronic commerce becomes more prevalent, the application of digital

technology to fraudulent endeavours will be that much greater. The use of the telephone for
fraudulent sales pitches, deceptive charitable solicitations, or bogus investment overtures is
increasingly common. Cyberspace now abounds with a wide variety of investment
opportunities, from traditional securities such as stocks and bonds, to more exotic
opportunities such as coconut farming, the sale and leaseback of automatic teller machines,
and worldwide telephone lotteries (Cella and Stark 1997 837-844). Indeed, the digital age
has been accompanied by unprecedented opportunities for misinformation. Fraudsters now
enjoy direct access to millions of prospective victims around the world, instantaneously
and at minimal cost.
Classic pyramid schemes and "Exciting, Low-Risk Investment Opportunities" are
not uncommon. The technology of the World Wide Web is ideally suited to investment
solicitations. In the words of two SEC staff "At very little cost, and from the privacy of a

15
 basement office or living room, the fraudster can produce a home page that looks better
and more sophisticated than that of a Fortune 500 company" (Cella and Stark 1997, 822).

Illegal Interception of Telecommunications

Developments in telecommunications provide new opportunities for electronic

eavesdropping. From activities as time-honoured as surveillance of an unfaithful spouse, to
the newest forms of political and industrial espionage, telecommunications interception has
increasing applications. Here again, technological developments create new vulnerabilities.
The electromagnetic signals emitted by a computer may themselves be intercepted. Cables
may act as broadcast antennas. Existing law does not prevent the remote monitoring of
computer radiation.
It has been reported that the notorious American hacker Kevin Poulsen was able to
gain access to law enforcement and national security wiretap data prior to his arrest in 1991
(Littman 1997). In 1995, hackers employed by a criminal organization attacked the
communications system of the Amsterdam Police. The hackers succeeded in gaining police
operational intelligence, and in disrupting police communications (Rathmell 1997).

Electronic Funds Transfer Fraud

Electronic funds transfer systems have begun to proliferate, and so has the risk that
such transactions may be intercepted and diverted. Valid credit card numbers can be
intercepted electronically, as well as physically; the digital information stored on a card can
be counterfeited.Of course, we don't need Willie Sutton to remind us that banks are where
they keep the money. In 1994, a Russian hacker Vladimir Levin, operating from St
Petersburg, accessed the computers of Citibank's central wire transfer department, and
transferred funds from large corporate accounts to other accounts which had been opened
by his accomplices in The United States, the Netherlands, Finland, Germany, and Israel.
Officials from one of the corporate victims, located in Argentina, notified the bank, and the
suspect accounts, located in San Francisco, were frozen. The accomplice was arrested.
Another accomplice was caught attempting to withdraw funds from an account in
Rotterdam. Although Russian law precluded Levin's extradition, he was arrested during a
visit to the United States and subsequently imprisoned. (Denning 1999, 55).The above
forms of computer-related crime are not necessarily mutually exclusive, and need not occur
in isolation.

16
OTHER TYPES OF CYBER CRIME

HACKING

Hacking in simple terms means an illegal intrusion into a computer system and/or
network. There is an equivalent term to hacking i.e. cracking, but from Indian Laws
perspective there is no difference between the term hacking and cracking. Every act
committed towards breaking into a computer and/or network is hacking. Hackers write or
use ready-made computer programs to attack the target computer. They possess the desire
to destruct and they get the kick out of such destruction. Some hackers hack for personal
monetary gains, such as to stealing the credit card information, transferring money from
various bank accounts to their own account followed by withdrawal of money. They extort
money from some corporate giant threatening him to publish the stolen information which
is critical in nature.
Government websites are the hot targets of the hackers due to the press coverage, it
receives. Hackers enjoy the media coverage.

Motive Behind The Crime

Greed
Greed is one of the main causes for people falling prey to cyber crimes despite
extensive exposure of its dangers by authorities and cautionary tales from cheated victims.

Crime Analyst Datuk Akhbar Satar said the frequent media reports on such crimes
should serve as a lesson to the society and deter them from being tempted by these scams.

Cyber crimes always involve quick profits and that is why greedy people fall prey to
it, he told Bernama.

Power
The Central Government may give directions to any State Government as to
the carrying into execution in the State of any of the provisions of this Act or
of any rule, regulation or order made there under.

17
 Publicity
As the Internet and other components of cyber-space continue to proliferate in
the workplace, as modern businesses would do well to address the threat of
cyber-crime. The ability to conduct a successful cybercrime investigations will,
increasingly, become a necessity. Management can ill-afford to neglect the
threat.

Revenge

More and more youngsters keen on instant retribution and the perceived anonymity
of the internet along with what police say is a casual view of online misdemeanors are
finding themselves in a run-in with the police. The Mumbai police encounters nearly three
to five such cases everyday, where fake profiles are created and obscene content uploaded
to tarnish someones reputation.
Adventure
From a very primitive age, we have learnt to see things in a twin perspective where one stands
as the Good and the other as the Bad. If something has about 99.9% good in it, it certainly
shows a 0.1% of negative side which perhaps can never be avoided. It all depends on how
much we are ready to compromise and of course, improvise to make it suit our needs. But all
that was a thing of the past, surely in this age of flying machines and diving cars, we could get
past through the evil side of our inventions

Desire to access forbidden information

The Right to Information has been interpreted by the Supreme Court to be a part of
fundamental rights guaranteed under Article 19(1) of the Constitution of India, which
states that every citizen has the right to freedom of speech and expression. After the
passing of the Right to Information Act, 2005 (Act), this right is now also a legal right
granted by the statute. Right to information includes the right to inspect works,
documents and records. It also includes the right to take notes, extracts or certified
copies of documents or records and even take certified samples of the material.

Destructive mindset
Self-destructive behavior is any behavior that is harmful or potentially harmful
towards the person who engages in the behavior.Self-destructive behaviors
exist on a continuum, with suicide at one extreme end of the scale. Self-
destructive actions may be deliberate, born of impulse, or developed as
a habit. The term however tends to be applied toward self-destruction that
either is fatal, or is potentially habit-forming or addictive and thus potentially
fatal. Self-destructive behavior is often associated with mental illnesses such
as borderline personality disorder or schizophrenia.

Wants to sell n/w security services

In computing, Network Security Services (NSS) comprises a set
of libraries designed to support cross-platform development of security-enabled
client and server applications with optional support for hardware TLS/SSL
acceleration on the server side and hardware smart cards on the client side. NSS
provides a complete open-source implementation of cryptographic libraries
supporting Transport Layer Security (TLS) / Secure Sockets Layer (SSL)
and S/MIME.
18
 Child Pornography

The Internet is being highly used by its abusers to reach and abuse children
sexually, worldwide. The internet is very fast becoming a household commodity in India.
Its explosion has made the children a viable victim to the cyber crime. As more homes
have access to internet, more children would be using the internet and more are the chances
of falling victim to the aggression of pedophiles.
The easy access to the pornographic contents readily and freely available over the
internet lower the inhibitions of the children. Pedophiles lure the children by distributing
pornographic material, and then they try to meet them for sex or to take their photographs
including their engagement in sexual positions. Sometimes Pedophiles contact children in
the chat rooms posing as teenagers or a child of similar age, then they start becoming
friendlier with them and win their confidence. Then slowly pedophiles start sexual chat to
help children shed their inhibitions about sex and then call them out for personal
interaction. Then starts actual exploitation of the children by offering them some money or
falsely promising them good opportunities in life. The pedophiles then sexually exploit the
children either by using them as sexual objects or by taking their pornographic pictures in
order to sell those over the internet.
In physical world, parents know the face of dangers and they know how to avoid &
face the problems by following simple rules and accordingly they advice their children to
keep away from dangerous things and ways. But in case of cyber world, most of the
parents do not themselves know about the basics in internet and dangers posed by various
services offered over the internet. Hence the children are left unprotected in the
cyber world. Pedophiles take advantage of this situation and lure the children, who are
not advised by their parents or by their teachers about what is wrong and what is right for
them while browsing the internet.

19
How Do They Operate

Pedophiles use false identity to trap the children/teenagers.

Pedophiles contact children/teens in various chat rooms which are used by

children/teen to interact with other children/teen.

Befriend the child/teen.

Extract personal information from the child/teen by winning his confidence.

Gets the e-mail address of the child/teen and starts making contacts on the victim e-
mail address as well.

Starts sending pornographic images/text to the victim including child pornographic

images in order to help child/teen shed his inhibitions so that a feeling is created in
the mind of the victim that what is being fed to him is normal and that everybody
does it.

Extract personal information from child/teen.

At the end of it, the pedophile set up a meeting with the child/teen out of the house
and then drag him into the net to further sexually assault him or to use him as a sex
object.

In order to prevent your child/teen from falling into the trap of pedophile, read the tips
under Tips & Tricks heading.

Cyber Stalking

Cyber Stalking can be defined as the repeated acts harassment or threatening

behavior of the cyber criminal towards the victim by using internet services. Stalking in
General terms can be referred to as the repeated acts of harassment targeting the
victim such as following the victim, making harassing phone calls, killing the victims pet,
vandalizing victims property, leaving written messages or objects. Stalking may be
followed by serious violent acts such as physical harm to the victim and the same has to be
treated and viewed seriously. It all depends on the course of conduct of the stalker.

20
 Both kind of Stalkers Online & Offline have desire to control the victims life.
Majority of the stalkers are the dejected lovers or ex-lovers, who then want to harass the
victim because they failed to satisfy their secret desires. Most of the stalkers are men and
victim female.

How Do They Operate

Collect all personal information about the victim such as name, family background,
Telephone Numbers of residence and work place, daily routine of the victim,
address of residence and place of work, date of birth etc. If the stalker is one of the
acquaintances of the victim he can easily get this information. If stalker is a stranger
to victim, he collects the information from the internet resources such as various
profiles, the victim may have filled in while opening the chat or e-mail account or
while signing an account with some website.

The stalker may post this information on any website related to sex-services or
dating services, posing as if the victim is posting this information and invite the
people to call the victim on her telephone numbers to have sexual services. Stalker
even uses very filthy and obscene language to invite the interested persons.

People of all kind from nook and corner of the World, who come across this
information, start calling the victim at her residence and/or work place, asking for
sexual services or relationships.

Some stalkers subscribe the e-mail account of the victim to innumerable

pornographic and sex sites, because of which victim starts receiving such kind of
unsolicited e-mails.

Some stalkers keep on sending repeated e-mails asking for various kinds of favors
or threaten the victim.

In online stalking the stalker can make third party to harass the victim.

Follow their victim from board to board. They hangout on the same BBs as their
victim, many times posting notes to the victim, making sure the victim is aware that
he/she is being followed. Many times they will flame their victim (becoming
argumentative, insulting) to get their attention.

21
 Stalkers will almost always make contact with their victims through email. The
letters may be loving, threatening, or sexually explicit. He will many times use
multiple names when contacting the victim.

Contact victim via telephone. If the stalker is able to access the victims telephone,
he will many times make calls to the victim to threaten, harass, or intimidate them.

Track the victim to his/her home.

Definition of Cyber stalking

Although there is no universally accepted definition of cyber stalking, the term is

used in this report to refer to the use of the Internet, e-mail, or other electronic
communications devices to stalk another person. Stalking generally involves harassing or
threatening behavior that an individual engages in repeatedly, such as following a person,
appearing at a persons home or place of business, making harassing phone calls, leaving
written messages or objects, or vandalizing a persons property. Most stalking laws require
that the perpetrator make a credible threat of violence against the victim; others include
threats against the victims immediate family; and still others require only that the alleged
stalkers course of conduct constitute an implied threat. (1) While some conduct involving
annoying or menacing behavior might fall short of illegal stalking, such behavior may be a
prelude to stalking and violence and should be treated seriously.

Nature and Extent of Cyber stalking

An existing problem aggravated by new technology. Although online harassment

and threats can take many forms, cyber stalking shares important characteristics with
offline stalking. Many stalkers online or offline are motivated by a desire to exert
control over their victims and engage in similar types of behavior to accomplish this end.
As with offline stalking, the available evidence (which is largely anecdotal) suggests that
the majority of cyber stalkers are men and the majority of their victims are women,
although there have been reported cases of women cyber stalking men and of same-sex
cyber stalking. In many cases, the cyber stalker and the victim had a prior relationship, and
the cyber stalking begins when the victim attempts to break off the relationship. However,
there also have been many instances of cyber stalking by strangers. Given the enormous

22
amount of personal information available through the Internet, a cyber stalker can easily
locate private information about a potential victim with a few mouse clicks or key strokes.

The fact that cyber stalking does not involve physical contact may create the
misperception that it is more benign than physical stalking. This is not necessarily true. As
the Internet becomes an ever more integral part of our personal and professional lives,
stalkers can take advantage of the ease of communications as well as increased access to
personal information. In addition, the ease of use and non-confrontational, impersonal, and
sometimes anonymous nature of Internet communications may remove disincentives to
cyber stalking. Put another way, whereas a potential stalker may be unwilling or unable to
confront a victim in person or on the telephone, he or she may have little hesitation sending
harassing or threatening electronic communications to a victim. Finally, as with physical
stalking, online harassment and threats may be a prelude to more serious behavior,
including physical violence.

Phishing

In the field of computer security, phishing is the criminally fraudulent process of

attempting to acquire sensitive information such as usernames, passwords and credit card
details by masquerading as a trustworthy entity in an electronic communication.
Communications purporting to be from popular social web sites, auction sites, online
payment processors or IT Administrators are commonly used to lure the unsuspecting
public. Phishing is typically carried out by e-mail or instant messaging, and it often directs
users to enter details at a fake website

whose look and feel are almost identical to the legitimate one. Even when using server
authentication, it may require tremendous skill to detect that the website is fake. Phishing is
an example of social engineering techniques used to fool users, and exploits the poor
usability of current web security technologies. Attempts to deal with the growing number
of reported phishing incidents include legislation, user training, public awareness, and
technical security measures.

Phishing, also referred to as brand spoofing or carding, is a variation on "fishing,"

the idea being that bait is thrown out with the hopes that while most will ignore the bait,
some will be tempted into biting.

23
 A phishing technique was described in detail in 1987, and the first recorded use of
the term "phishing" was made in 1996.

Phishing email
From: *****Bank
[mailto:support@****Bank.com] Sent: 08 June
2004 03:25
To: India
Subject: Official information from *****
Bank Dear valued ***** Bank Customer!
For security purposes your account has been
randomly chosen for verification. To verify
your account information we are asking you
to provide us with all the data we are
requesting.
Otherwise we will not be able to verify your identity
and access to your account will be denied. Please
click on the link below to get to the bank secure
page and verify your account details. Thank you.
https://infinity.*****bank.co.in/Verify.jsp

****** Bank Limited

Spam

Spam is a generic term used to describe electronic 'junk mail' or unwanted

messages sent to your email account or mobile phone. These messages vary, but are
essentially commercial and often annoying in their sheer volume. They may try to persuade
you to buy a product or service, or visit a website where you can make purchases; or they
may attempt to trick you into divulging your bank account or credit card details.

More information about spam is available from the Australian Communications and
Media Authority (ACMA website).

24
Scams
The power of the Internet and email communication has made it all too easy for
email scams to flourish. These schemes often arrive uninvited by email. Many are related
to the well- documented Nigerian Scam or Lotto Scams and use similar tactics in one form
or another.

While the actual amount of money lost by businesses and the community is
unknown, the number of people claiming to have been defrauded by these scams is
relatively low.

More information about scams is available from the Australian Competition and
Consumer Commission (ACCC) SCAM watch website and the Australian Securities and
Investments Commission FIDO website.

Spyware

Spyware is generally considered to be software that is secretly installed on a

computer and takes things from it without the permission or knowledge of the user.
Spyware may take personal information, business information, bandwidth; or processing
capacity and secretly gives it to someone else. It is recognized as a growing problem.

More information about taking care of spyware is available from the Department of
Broadband, Communication, and the Digital Economy (DBCDE) website.

Denial Of Service Attack

This is an act by the criminal, who floods the bandwidth of the victims network or
fills his email box with spam mail depriving him of the services he is entitled to access or
provide.

Virus Dissemination

Malicious software that attaches itself to other software. (Virus , worms , Trojan
Horse , Time bomb , Logic Bomb , Rabbit and Bacterium are the malicious softwares).

25
 Software Piracy

Theft of software through the illegal copying of genuine programs or the

counterfeiting and distribution of products intended to pass for the original.

Retail revenue losses worldwide are ever increasing due to this crime.

It can be done in various ways- End user copying, Hard disk loading ,
Counterfeiting , Illegal downloads from the internet etc

Spoofing

Getting one computer on a network to pretend to have the identity of another

computer, usually one with special access privileges, so as to obtain access to the other
computers on the network .

Net Extortion

Copying the companys confidential data in order to extort said company for huge
amount.

SALAMI ATTACK

In such crime criminal makes insignificant changes in such a manner that such changes
would go unnoticed. Criminal makes such program that deducts small amount like Rs. 2.50
per month from the account of all the customer of the Bank and deposit the same in his
account. In this case no account holder will approach the bank for such small amount but
criminal gains huge amoun

26
CHAPTER:3
CLASSIFICATION OF CYBER CRIME

Mr. Pavan Duggal, who is the President of cyber laws, net and consultant, in a report has
clearly defined the various categories and types of cybercrimes.

Cybercrimes can be basically divided into 3 major categories:

Cybercrimes Against Persons

Cybercrimes committed against persons include various crimes like transmission of

child-pornography, harassment of any one with the use of a computer such as e-mail. The
trafficking, distribution, posting, and dissemination of obscene material including
pornography and indecent exposure, constitutes one of the most important Cybercrimes
known today. The potential harm of such a crime to humanity can hardly be amplified.
This is one Cybercrime which threatens to undermine the growth of the younger generation
as also leave irreparable scars and injury on the younger generation, if not controlled.

A minor girl in Ahmadabad was lured to a private place through cyber chat by a
man, who, along with his friends, attempted to gang-rape her. As some passersby heard her
cry, she was rescued.

Another example wherein the damage was not done to a person but to the masses is
the case of the Melissa virus. The Melissa virus first appeared on the internet in March of
1999. It spread rapidly throughout computer systems in the United States and Europe. It is
estimated that the virus caused 80 million dollars in damages to computers worldwide.

27
 In the United States alone, the virus made its way through 1.2 million computers in
one- fifth of the country's largest businesses. David Smith pleaded guilty on Dec. 9, 1999
to state and federal charges associated with his creation of the Melissa virus. There are
numerous examples of such computer viruses few of them being "Melissa" and "love bug".

Cybercrimes Against Property

The second category of Cybercrimes is that of Cybercrimes against all forms of

property. These crimes include computer vandalism (destruction of others' property),
transmission of harmful programmes.

A Mumbai-based upstart engineering company lost a say and much money in the
business when the rival company, an industry major, stole the technical database from their
computers with the help of a corporate cyber spy.

Cybercrimes Against Government

The third category of Cybercrimes relate to Cybercrimes against Government.

Cyber terrorism is one distinct kind of crime in this category. The growth of internet has
shown that the medium of Cyberspace is being used by individuals and groups to threaten
the international governments as also to terrorize the citizens of a country. This crime
manifests itself into terrorism when an individual "cracks" into a government or military
maintained website.
The Parliament of India passed its first Cyber law, the Information Technology Act
in 2000. It not only provides the legal infrastructure for E-commerce in India but also at the
same time, gives draconian powers to the Police to enter and search, without any warrant,
any public place for the purpose of nabbing cybercriminals and preventing cybercrime.
Also, the Indian Cyber law talks of the arrest of any person who is about to commit
a cybercrime.
The Act defines five cybercrimes damage to computer source code, hacking,
publishing electronic information which is lascivious or prurient, breach of confidentiality
and publishing false digital signatures. The Act also specifies that cybercrimes can only be
investigated by an official holding no less a rank than that of Dy. Superintendent of Police
(Dy.SP).
It is common that many systems operators do not share information when they are
victimized by crackers. They don't contact law enforcement officers when their computer

28
systems are invaded, preferring instead to fix the damage and take action to keep crackers
from gaining access again with as little public attention as possible.

According to Sundari Nanda, SP, CBI, "most of the times the victims do not
complain, may be because they are aware of the extent of the crime committed against
them, or as in the case of business houses, they don't want to confess their system is not
secure".

As the research shows, computer crime poses a real threat. Those who believe
otherwise simply have not been awakened by the massive losses and setbacks experienced
by companies worldwide. Money and intellectual property have been stolen, corporate
operations impeded, and jobs lost as a result of computer crime.

Similarly, information systems in government and business alike have been

compromised. The economic impact of computer crime is staggering (great
difficulty).

29
CHAPTER:4
REASONS FOR CYBER CRIME

Hart in his work The Concept of Law has said human beings are vulnerable so
rule of law is required to protect them. Applying this to the cyberspace we may say that
computers are vulnerable (capable of attack) so rule of law is required to protect and
safeguard them against cyber crime. The reasons for the vulnerability of computers may be
said to be:

Capacity To Store Data In Comparatively Small Space-

The computer has unique characteristic of storing data in a very small space. This
affords to remove or derive information either through physical or virtual medium makes it
much easier.

Easy To Access

The problem encountered in guarding a computer system from unauthorised access

is that there is every possibility of breach not due to human error but due to the complex
technology. By secretly implanted logic bomb, key loggers that can steal access codes,
advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass
firewalls can be utilized to get past many a security system.

30
 Complex

The computers work on operating systems and these operating systems in turn are
composed of millions of codes. Human mind is fallible and it is not possible that there
might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and
penetrate into the computer system.

Negligence

Negligence is very closely connected with human conduct. It is therefore very

probable that while protecting the computer system there might be any negligence, which
in turn provides a cyber criminal to gain access and control over the computer system.

Loss Of Evidence

Loss of evidence is a very common & obvious problem as all the data are routinely
destroyed.
Further collection of data outside the territorial extent also paralyses this system of crime
investigation.

31
CHAPTER:5
CYBER CRIMINALS
The cyber criminals constitute of various groups/ category. This division may be
justified on the basis of the object that they have in their mind. The following are the
category of cyber criminals-

Children And Adolescents Between The Age Group Of 15 25 Years

The simple reason for this type of delinquent (A young offender) behaviour pattern
in children is seen mostly due to the inquisitiveness to know and explore the things. Other
cognate reason may be to prove themselves to be outstanding amongst other children in
their group. Further the reasons may be psychological even. E.g. the Bal Bharati (Delhi)
case was the outcome of harassment of the delinquent by his friends.

Organised Hackers

These kinds of hackers are mostly organised together to fulfil certain objective. The
reason may be to fulfil their political bias, fundamentalism, etc. The Pakistanis are said to
be one of the best quality hackers in the world. They mainly target the Indian government
sites with the purpose to fulfil their political objectives. Further the NASA as well as the
Microsoft sites is always under attack by the hackers.

Professional Hackers / Crackers

Their work is motivated by the colour of money. These kinds of hackers are mostly
employed to hack the site of the rivals and get credible, reliable and valuable information.
Further they are even employed to crack the system of the employer basically as a measure
to make it safer by detecting the loopholes.

Discontented Employees

This group include those people who have been either sacked by their employer or
are dissatisfied with their employer. To avenge they normally hack the system of their
employee.

32
CHAPTER:6

MODE AND MANNER OF COMMITING CYBER CRIME

Unauthorized Access To Computer Systems Or Networks / Hacking

This kind of offence is normally referred as hacking in the generic sense. However the
framers of the Information Technology Act 2000 have no where used this term so to avoid
any confusion we would not interchangeably use the word hacking for unauthorized access
as the latter has wide connotation.

Theft Of Information Contained In Electronic Form

This includes information stored in computer hard disks, removable storage media etc. Theft
may be either by appropriating the data physically or by tampering them through the virtual
medium.

Email Bombing

This kind of activity refers to sending large numbers of mail to the victim, which may be an
individual or a company or even mail servers there by ultimately resulting into crashing.

Data Diddling

This kind of an attack involves altering raw data just before a computer processes it and then
changing it back after the processing is completed. The electricity board faced similar
problem of data diddling while the department was being computerised.

Salami Attacks

This kind of crime is normally prevalent in the financial institutions or for the purpose of
committing financial crimes. An important feature of this type of offence is that the
alteration is so small that it would normally go unnoticed. E.g. the Ziegler case wherein a
logic bomb was introduced in the banks system, which deducted 10 cents from every
account and deposited it in a particular account.

33
 Denial Of Service Attack-

The computer of the victim is flooded with more requests than it can handle which cause it
to crash. Distributed Denial of Service (DDS) attack is also a type of denial of service
attack, in which the offenders are wide in number and widespread. E.g. Amazon, Yahoo.

Virus / Worm Attacks

Viruses are programs that attach themselves to a computer or a file and then circulate
themselves to other files and to other computers on a network. They usually affect the data
on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host
to attach themselves to. They merely make functional copies of themselves and do this
repeatedly till they eat up all the available space on a computer's memory. E.g. love bug
virus, which affected at least 5 % of the computers of the globe. The losses were accounted
to be $ 10 million. The world's most famous worm was the Internet worm let loose on the
Internet by Robert Morris sometime in 1988. Almost brought development of Internet to a
complete halt.

Logic Bombs

These are event dependent programs. This implies that these programs are created to do
something only when a certain event (known as a trigger event) occurs. E.g. even some
viruses may be termed logic bombs because they lie dormant all through the year and
become active only on a particular date (like the Chernobyl virus).

Trojan Attacks

This term has its origin in the word Trojan horse. In software field this means an
unauthorized programme, which passively gains control over anothers system by
representing itself as an authorised programme. The most common form of installing a
Trojan is through e-mail. E.g. a Trojan was installed in the computer of a lady film director
in the U.S. while chatting. The cyber criminal through the web cam installed in the
computer obtained her photographs. He further harassed this lady.

34
 Internet Time Thefts

Normally in these kinds of thefts the Internet surfing hours of the victim are used
up by another person. This is done by gaining access to the login ID and the password. E.g.
Colonel Bajwas case- the Internet hours were used up by any other person. This was
perhaps one of the first reported cases related to cyber crime in India. However this case
made the police infamous as to their lack of understanding of the nature of cyber crime.

Web Jacking

This term is derived from the term hi jacking. In these kinds of offences the hacker
gains access and control over the web site of another. He may even mutilate or change the
information on the site. This may be done for fulfilling political objectives or for money.
E.g. recently the site of MIT (Ministry of Information Technology) was hacked by the
Pakistani hackers and some obscene matter was placed therein. Further the site of Bombay
crime branch was also web jacked. Another case of web jacking is that of the gold fish
case. In this case the site was hacked and the information pertaining to gold fish was
changed. Further a ransom of US $ 1 million was demanded as ransom. Thus web jacking
is a process where by control over the site of another is made backed by some
consideration for it.

35
 CHAPTER:7
BANKING SECTOR
The Banking Industry was once a simple and reliable business that took deposits
from investors at a lower interest rate and loaned it out to borrowers at a higher
rate.
However deregulation and technology led to a revolution in the Banking Industry
that saw it transformed. Banks have become global industrial powerhouses that have
created ever more complex products that use risk. Through technology development,
banking services have become available 24 hours a day, 365 days a week, through ATMs,
at online banking, and in electronically enabled exchanges where everything from stocks to
currency futures contracts can be traded.

The Banking Industry at its core provides access to credit. In the lenders case, this
includes access to their own savings and investments, and interest payments on those
amounts. In the case of borrowers, it includes access to loans for the creditworthy, at a
competitive interest rate.

Banking services include transactional services, such as verification of account

details, account balance details and the transfer of funds, as well as advisory services that
help individuals and institutions to properly plan and manage their finances. Online
banking channels have become a key in the last 10 years.

The collapse of the Banking Industry in the Financial Crisis, however, means that
some of the more extreme risk-taking and complex securitization activities that banks

36
increasingly engaged in since 2000 will be limited and carefully watched, to ensure that
there is not another banking system meltdown in the future.

Banking in India originated in the last decades of the 18th century. The oldest
bank in existence in India is the State Bank of India, a government-owned bank that traces
its origins back to June 1806 and that is the largest commercial bank in the country. Central
banking is the responsibility of the Reserve Bank of India, which in 1935 formally took
over these responsibilities from the then Imperial Bank of India, relegating it to
commercial banking functions. After India's independence in 1947, the Reserve Bank was
nationalized and given broader powers. In 1969 the government nationalized the 14 largest
commercial banks; the government nationalized the six next largest in 1980.

Currently, India has 88 scheduled commercial banks (SCBs) - 27 public sector

banks (that is with the Government of India holding a stake), 31 private banks (these do
not have government stake; they may be publicly listed and traded on stock exchanges) and
38 foreign banks. They have a combined network of over 53,000 branches and 17,000
ATMs. According to a report by ICRA Limited, a rating agency, the public sector banks
hold over 75 percent of total assets of the banking industry, with the private and foreign
banks holding 18.2% and 6.5% respectively.

37
CHAPTER:8

CYBER CRIME IN BANKING SECTOR

AUTOMATED TELLER MACHINE

The traditional and ancient society was devoid of any monetary instruments and the entire
exchange of goods and merchandise was managed by the barter system. The use of
monetary instruments as a unit of exchange replaced the barter system and money in
various denominations was used as the sole purchasing power. The modern contemporary
era has replaced these traditional monetary instruments from a paper and metal based
currency to plastic money in the form of credit cards, debit cards, etc. This has resulted
in the increasing use of ATM all over the world. The use of ATM is not only safe but is
also convenient. This safety and convenience, unfortunately, has an evil side as well that do
not originate from the use of plastic money rather by the misuse of the same. This evil side
is reflected in the form of ATM FRAUDS that is a global problem. The use of
plastic money is increasing day by day for payment of shopping bills, electricity bills,
school fees, phone bills, insurance premium, travelling bills and even petrol bills. The
convenience and safety that credit cards carry with its use has been instrumental in

38
increasing both credit card volumes and usage. This growth is not only in positive use of
the same but as well as the negative use of the same. The world at large is struggling to
increase the convenience and safety on the one hand and to reduce it misuse on the other.

WAYS TO CARD FRAUDS

Some of the popular techniques used to carry out ATM crime are:

Through Card Jamming ATMs card reader is tampered with in order to trap a
customers card. Later on the criminal removes the card.

Card Skimming, is the illegal way of stealing the cards security information from
the cards magnetic stripe.

Card Swapping, through this customers card is swapped for another card without
the knowledge of cardholder.

Website Spoofing, here a new fictitious site is made which looks authentic to the
user and customers are asked to give their card number. PIN and other information,
which are used to reproduce the card for use at an ATM.

Physical Attack. ATM machine is physical attacked for removing the cash.

39
HOW TO USE CASH MACHINE

Be aware of others around you. If someone close by the cash machine is behaving
suspiciously or makes you feel uncomfortable, choose another .Make sure you check the
machine before you use it for any signs of tampering. Examine the machine for stick on
boxes, stick on card entry slots etc. If you find it difficult to get your card into the slot, do not
use it, go to another machine.

40
If there is anything unusual about the cash machine report it to the bank and police or the
owner of the premises immediately. Under no circumstances should members of the public
attempt to remove a device as its possible the offender may be nearby.

HOW TO USE A CASH MACHINE

Give other users space to enter their personal identity number (PIN) in private.

Be aware of your surroundings. If someone is crowding or watching you, cancel the

transaction and go to another machine. Take your card with you.
Do not accept help from "well meaning" strangers and never allow yourself to be distracted.
Stand close to the cash machine and always shield the keypad to avoid anyone seeing you
enter your PIN.

What Precaution Should Be Taken While Leaving Cash Machine

Once you have completed a transaction, discreetly put your money and card away before
leaving the cash machine.
If you lose your card in a cash machine, cancel the card immediately with the card issuers
24-hour emergency line, which can be found on your last bank statement. Do not assume that
your bank automatically knows that the machine has withheld your card. Again, beware of
help offered by "well meaning strangers".
Dispose of your cash machine receipt, mini-statement or balance enquiry slip with care.
Tear up or preferably shred these items before discarding them.

Card Fraud Also Happens In The Home:

Cardholders should also be warned of the risks of verifying bank details at home in
unsolicited telephone conversations. Always call the person back using the advertised
customer telephone number, not the telephone number they may give you.
Do Not Click On Hyperlinks Sent To You By Email Asking You To Confirm Your Bank
Details Online:
Hyperlinks are links to web pages that have been sent to you by email and may open a
dummy website designed to steal your personal details. Phone your bank instead on their
main customer number or access your account using the bank's main website address.
Use good antivirus and firewall protection.

NEVER Write Down Your Pin:

People make life very easy for pickpockets if they write down their PIN and keep it in their
purse or wallet. Do not write down your PIN. If you have been given a number that you find
difficult to remember, take your card along to a cash machine and change the number to one
that you will be able to remember without writing it down.

41
PREVENTION FOR ATM CARDS
Most ATM frauds happen due to the negligence of customers in using, and more importantly,
negligence of banks in educating their customers about the matters that should be taken care
of while at an ATM. The number of ATM frauds in India is more in regard to negligence of
the Personal Identification Number (PIN), than by sophisticated crimes like skimming. Banks
need to develop a fraud policy the policy should be written and distributed to all employees,
borrowers and depositors.
The most important aspect for reducing ATM related fraud is to educate the customer. Here is
a compiled list of guidelines to help your customer from being an ATM fraud victim:Look
for suspicious attachments. Criminals often capture information through ATM skimming
using devices that steal magnetic strip information. At a glance, the skimmer looks just like a
regular ATM slot, but its an attachment that captures ATM card numbers. To spot one, the
attachment slightly protrudes from the machine and may not be parallel with the inherent
grooves. Sometimes, the equipment will even cut off the printed labels on the ATM. The
skimmer will not obtain PIN numbers, however. To get that, fraudsters place hidden cameras
facing the ATM screen. Theres also the helpful bystander (the criminal) who may be
standing by to kindly inform you the machine has had problems and offer to help. If you do
not feel safe at any time, press the ATM cancel button, remove your card and leave the area
immediately.
Minimize your time at the ATM. The more time you spend at the ATM, the more vulnerable
you are. If you need to update your records after a transaction, one is advised do it at home or
office, but not while at the ATM. Even when depositing a cheque at the ATM, on should not
make/sign the cheque at the ATM. After the transaction, if you think you are being followed,
go to an area with a lot of people and call the police.
Make smart deposits. Some ATMs allow you to directly deposit checks and cash into your
accounts without stuffing envelopes. As for the envelope-based deposits, make sure they go
through if it gets jammed and it doesnt fully go into the machine, the next

person can walk up and take it out. After having made the ATM deposit, compare your
records with the account statements or online banking records.

INDIAN SCENARIO
In India, where total number of installed ATMs base is far less than many developed
countries. ATM-related frauds are very less. But they could increase as more and more
ATMs will penetrate in the country, the bank should create awareness among customers
about the card- related frauds to reduce the number of frauds in future. In India, Indian Banks
Association (IBA) can take lead to kick started.
The ATM fraud is not the sole problem of banks alone. It is a big threat and it requires a
coordinated and cooperative action on the part of the bank, customers and the law
enforcement machinery. The ATM frauds not only cause financial loss to banks but they also
undermine customers confidence in the use of ATMs. This would deter a greater use of
ATM for monetary transactions. It is therefore in the interest of banks to prevent ATM
frauds. There is thus a need to take precautionary and insurance measures that give greater
protection to the ATMs, particularly those located in less secure areas. The nature and the
extent of precautionary measures to be adopted will, however, depend upon the requirements
of the respective banks.

42
CYBER MONEY LAUNDERING

During the past two decades, IT and Internet technologies have reached every nook and
corner of the world. E-commerce has come into existence due to the attributes of Internet like
ease of use, speed, anonymity and its International nature. Internet has converted the world
into a boundary less market place that never sleeps.. Computer networks and Internet, in
particular, permit transfer of funds electronically between trading partners, businesses and
consumers. This transfer can be done in many ways. They include use of credit cards, Internet
banking, e-cash, e- wallet etc. for example, smart cards like Visa Cash, Mondex card, whose
use is growing can store billions of dollars. At present, there is an upper limit imposed by the
card issuers but technically there is no limit. In some other forms of computer-based e-
money, there is no upper limit. Mobile banking and mobile commerce are growing and these
technologies have the capability to transfer any amount of money at the touch of a bottom or
click of a mouse. They can be effective tools in the hands of money launderers. First and
foremost, the anonymity offered by internet and cyber payment systems is being exploited to
the hilt by the criminal elements.
As cyber payment systems eliminate the need for face to face interactions, transfer of funds
can be done between two trading partners directly. Two individuals also can transfer funds
directly using e- wallets. This problem is further compounded by the fact that, in many
countries, non-financial institutions are also permitted to issue e-money. Monitoring the
activities of these institutions in a traditional manner is not possible. Earlier, cross-border
transactions were controlled by the central banks of respective countries. With the entry of
Internet commerce, the jurisdictional technicalities come into play and it is another area that
is being exploited by the money launderers. The capacity to transfer unlimited amounts of
money without having to go through strict checks makes cyber money laundering an
attractive proposition. From the point of view of law enforcing agencies, all the above
advantages cyber payments provide to consumers and trading partners, turn out to be great
disadvantages while investigating the crimes.

43
WHY MONEY LAUNDERING?

The most important aim of money laundering is to conceal the origin of the money, which, in
almost all cases, is from illegal activity. Criminal resort to this practice to avoid detection of
the money by law enforcement which will lead to its confiscation and also may provide leads
to the illegal activity. By laundering the money the criminals are trying to close their tracks.
Further, their aims could be to increase the profits by resorting to illegal money transfer etc.
and also of course, to support new criminal ventures. Money laundering from the point of
view of the criminal increases the profits and, at the same time, reduces the risk. While
indulging in money laundering process, the launderers also attempt to safeguard their
interests. They conceal the origin and ownership of the proceeds, maintain control over
proceeds and change the form of proceeds.

44
MONEY LAUNDERING PROCESS

Money laundering is normally accomplished by using a three-stage process. The three steps
involved are Placement, Layering and Integration. E-money and cyber payment systems
come in handy in all the three stages of the process.

PLACEMENT
The first activity is placement. Illegal activities like trafficking, extortion, generate very
volumes of money. People involved in these activities cannot explain the origin and source of
these funds to the authorities. There is a constant fear of getting caught. So the immediate
requirement is to send this money to a different location using all available means. This stage
is characterized by facilitating the process of inducting the criminal money into the legal
financial system. Normally, this is done by opening up bank accounts in the names of non-
existent people or commercial organizations and depositing the money. Online banking and
Internet banking make it very easy for a launderer to open and operate a bank account.
Placement in cyber space occurs by depositing the illegal money with some legitimate
financial institutions or businesses. This is done by breaking up the huge cash into smaller
chunks. Launderers are very careful at this stage because the chances of getting caught are
considerable here. Cyber payment systems can come in handy during this process.
LAYERING
Layering is the second sub process. In this complex layers of financial transaction are created
to disguise the audit trail and provide anonymity. This is used to distance the money from the
sources. This is achieved by moving the names from and to offshore bank accounts in the
names of shell companies or front companies by using Electronic Funds Transfer (EFT) or
by other electronic means. Every day trillions of dollars are transferred all over the world by
other legitimate business and thus it is almost impossible ton as certain whether some money
is legal or illegal. Launderers normally make use of commodity brokers, stock brokers in the
layering process. Launderers were also found to purchase high value commodities like
diamonds etc. and exporting them to a different jurisdiction. During this process, they make
use of the banks wherever possible as in the legal commercial activity.

INTEGRATION
Integration is the third sub process. This is the stage in which the cleaned money is
ploughed back. This is achieved by making it appear as legally earned. This is normally
accomplished by the launderers by establishing anonymous companies in countries where
secrecy is guaranteed. Anyone with access to Internet can start an e-business. This can look
and function like any other e-business as far as the outside world is concerned. This
anonymity is what makes Internet very attractive for the launderers. They can then take loans
from these companies and bring back the money. This way they not only convert their money
this way but also can take advantages associated with loan servicing in terms of tax relief.
Another way can be by placing false export import invoices and over valuing goods.
The entire process can be explained with the help of an example . The money launderers first
activity is to set up an online commerce company which is legal. Normally, the launderer sets
up the website for his company and accepts online payments using credit cards for the
purchases made from his companys website. As a part of the whole scheme, launderers
obtain credit cards from some banks or financial institutions located in countries with lax
rules, which are known as safe havens. The launderer sitting at home, then, makes
purchases using this credit card from his own website. As in normal transactions, the Web-
based system then sends an invoice to the customers (who happens to the launderer himself)
bank, in the safe haven. The bank then pays the money into the account of the company.

45
Cyber space provides a secure and anonymous opportunity to the criminals in money
laundering operations. It has come to light that many gangs are opening up the front
companies and hiring information technology specialists for nefarious activities. Incidents
have also come to light where the criminals are using cryptography for hiding their
transaction.

BUSINESS AREAS THAT SUPPORT OR ARE PRONE TO MONEY LAUNDERING

The banks and other financial institution are the most important intermediaries in the money
laundering chain. As far as the banks are concerned the countries that are considered safe for
launderers are Cayman Islands, Cyprus, Luxembourg, and Switzerland. The offshore
accounts of these banks are popular because they offer anonymity and also help in tax
evasion. Other financial institution like fund managers and those facilitating Electronic Fund
Transfer are also being manipulated by the launderers. Banking obviously is the most
affected sector by the money laundering operations. In fact, Berltlot Brecht said, If you want
to steal, then buy a bank. Multinational banks are more vulnerable to money laundering
operations. When BCCI bank was investigated it came to light that there were 3,000 criminal
customers and they were involved in offenses ranging from financing nuclear weapon
programs. The second area is underground banking or parallel banking. This is practiced by
different countries by different names. China follows a system called Fic Chin. Under this
system, money is deposited in one country and the depositor is handed a chit or chop. The
money is paid back in another place on production of the chit. Similar systems known as
Hundi, Hawallah are practiced in India. It is much easier to launder the money using these
methods as there is no physical movement of money. These practices mostly work on trust
and mostly controlled by mafia in many countries.
Futures and commodity markets are another area which is found to be facilitating the money
laundering. The other areas include professional advisers, financing housing schemes,
casinos, antique dealers and jewelers. Casinos are another business areas that is actively
involved in money laundering process. In all the cases the underlying factor is paperless
transactions. It was also found that launderers do take advantages of privatization in various
countries by investing in them. This was observed in UK, India and Columbia. In Columbia,
when the banks were privatized the Carli Cartel was reported to have invested heavily and
Italian mafia reportedly purchased shares in Italian banks. This only shows the extent of the
problem and also that the banks and financial institutions are the primary target of the
launderers. In some countries, even political parties organizations are known to be using
laundered money for their campaigns.

EFFECTS ON BANKS
Almost all the banks trade in foreign exchange Money laundering in any country or economy
affects the foreign exchange market directly. The money laundering reduces the legal volume
of the banks business. It also causes fluctuations in the exchange rate. Further, money
laundering can undermine the credibility of the banking system. Facilitating the activities of
launderers even inadvertently can push the banks into problems with law enforcement
agencies and also governments. In some reported cases, the banks survival has come under
threat. It is not difficult to see what effect it has on the profitability of banks

46
OTHER EFFECTS
In one incident, an Indian national in one year handled US 81.5 bn illegal transactions, before
his arrest during 1993. This incident also shows how the national economy gets affected. A
few years before that, the Indian Government was so short of foreign exchange that it had to
pledge gold in the London bank. One needs not be an economist understand the impact of
money laundering on economies of developing countries. The low regulation by central
banks will become difficult and consequently, there will be rise in inflation. Further, overall
income distribution in an economy is likely to get affected. Money laundering can help in
spread of parallel economy, which will result in loss to national income due to reduced tax
collections and lost jobs. On the social plane, this can result in increased crime rate, violence
in society. There may be attempts to gain political power either directly or indirectly like Coli
Cocoine Cartels attempt in supporting Columbian President, Samper in 1996 elections.
Because cyber money laundering can be done from anywhere in the world without any
jurisdiction, the effects are much severe.

PREVENTION
Because of the nature of Cyber money laundering, no country can effectively deal with it in
isolation. Cyber money laundering has to be dealt with at organizational [Bank or Financial
Institution], national and international levels.

AT ORGANIZATIONAL [BANK] LEVEL

The banking and other financial organizations can reduce the quantum of money laundering
by following the guidelines issued by central banks of respective countries in letter and spirit.
The old principle of Knowing the customer well will help a great deal. It is very important
to keep the records of the customer for a sufficient time, at least for 8 to 10 years. Having an
eye on suspicious deals can give early warnings on the impending trouble. Any suspicious
activities must be reported to law enforcement authorities. Developing internal control
mechanisms is very essential in this regard. Further, working in close association with other
banks and exchange of information and intelligence in this regard will be definitely helpful.
Law enforcement agencies have details of criminal elements and their transactions. By
working in close conjunction with them, bank can have early warning on such activities.
However, banks must keep in mind the legal provisions regarding privacy of individuals.

AT NATIONAL LEVEL
Some countries liken UK have taken proactive steps to control this crime, which could be
cumulated by others. In UK, deposit taking institutions (including banks) are expected to
report suspicious transactions to the law enforcement authorities. The legal provisions
regarding knowing the customer brought down the crime to a great extent. They empowered
their customs officials to seize cash consignments of 10,000 pounds or more. Courts also
permit confiscation of cash, if the investigating authorities have strong evidence that the
money has come from illegal activities of trafficking. Issue of electronic money by private
parties is another factor, as in some countries regulation of these people is not effective.
Slowly, different countries are realizing the importance of this issue and enacting suitable
rules aimed at providing transparency in transactions carried out by these institutions. The
most important issues at national level are establishing legal framework and training law
enforcing officials. The major weapon to combat this crime is controlling financial
transactions including e-transactions, through legislation. Many countries have enacted some
stringent laws to control this crime. UK, US have stringent laws in dealing with Cyber money
laundering. Many other countries are following suit. The Council of Europe has passed

47
Criminal Justice Act. Hong Kong has passed similar laws. The single most important issue is
harmonizing the terrestrial laws with cyber laws.

AT INTERNATIONAL LEVEL
The UN has taken the lead and during 1995 international community meeting signed a
convention known as UN Convention Against Illict Traffic and Psychotropic Substances.
Further, this convention made money laundering a crime and provided a model. During 2000,
the UN also organized another convention against transnational organized crime. As a result
of UN the efforts, the group of seven industrialized nations established Financial Action
Task Force (FATF). The biggest source of money laundering funds comes from trade and
the volume of money is large. In order to cover this vast amount of money they need financial
services industry. They eye financial institutions that are in the business of accepting deposits
from customers. After studying this phenomenon, Financial Action Task Force (FATF) had
noticed some critical points in the modus operandi of criminals which are difficult for the
launderers to avoid. They are points of entry of cash into financial system, transfers to and
from financial system and cross-border flows of cash. Paying attention to these issues can
help in controlling cyber laundering to a considerable extent. According to financial crimes
enforcement network of US, less than 1% money laundered in cyber space is ever detected or
criminals prosecuted. Prevention of money laundering in cyber space is proving to be really a
daunting task. Some of the suggested measures are putting an upper limit on the amount of
payment and frequency of using e-money in peer to peer transfers. The second is making it
mandatory for e- money organization to identify their clients and also to keep a track of
money movement. The third is ensuring that Internet service providers keep a log of files
involving finances for a number of years. The fourth is making audit compulsory for all
electronic merchants and ensuring that they keep transaction records for a certain period of
time. The fifth is training law enforcement agencies in dealing effectively with this crime.
Last but not the least, is international co-operation and harmonizing the national cyber and
terrestrial laws with international can help in dealing with this crime effectively.

48
CREDIT CARDS FRAUDS INTRODUCTION TO CREDIT CARDS
Credit was first used in Assyria, Babylon and Egypt 3000 years ago. The bill of exchange
the forerunner of banknotes - was established in the 14th century. Debts were settled by one-
third cash and two-thirds bill of exchange. Paper money followed only in the 17th century.
The first advertisement for credit was placed in 1730 by Christopher Thornton, who offered
furniture that could be paid off weekly.
From the 18th century until the early part of the 20th, tallymen sold clothes in return for small
weekly payments. They were called "tallymen" because they kept a record or tally of what
people had bought on a wooden stick. One side of the stick was marked with notches to
represent the amount of debt and the other side was a record of payments. In the 1990s, a
shopper's plate - a "buy now, pay later" system - was introduced in the USA. It could only be
used in the shops which issued it.

In 1950, Diners Club and American Express launched their charge cards in the USA, the first
"plastic money". In 1951, Diners Club issued the first credit card to 200 customers who
could use it at 27 restaurants in New York. But it was only until the establishment of
standards for the magnetic strip in 1970 that the credit card became part of the information
age.The first use of magnetic stripes on cards was in the early 1960's, when the London
Transit Authority installed a magnetic stripe system. San Francisco Bay Area Rapid Transit
installed a paper based ticket the same size as the credit cards in the late 1960's. The word
credit comes from Latin TRUST.

49
 CREDIT CARD FRAUD

INTRODUCTION:

Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card
or any similar payment mechanism as a fraudulent source of funds in a transaction. The
purpose may be to obtain goods without paying, or to obtain unauthorized funds from an
account. Credit card fraud is also an adjunct to identity theft. According to the Federal Trade
Commission, while identity theft had been holding steady for the last few years, it saw a 21
percent increase in 2008. However, credit card fraud, that crime which most people associate
with ID theft, decreased as a percentage of all ID theft complaints for the sixth year in a row.
The cost of credit card fraud reaches into billions of dollars annually. In 2006, fraud in the
United Kingdom alone was estimated at 535 million, or US$750-830 million at prevailing
2006 exchange rates.

50
IF CARD IS STOLEN

When a credit card is lost or stolen, it remains usable until the holder notifies the bank that
the card is lost; most banks have toll-free telephone numbers with 24-hour support to
encourage prompt reporting. Still, it is possible for a thief to make unauthorized purchases on
that card up until the card is cancelled. In the absence of other security measures, a thief
could potentially purchase thousands of dollars in merchandise or services before the card
holder or the bank realize that the card is in the wrong hands.
In the United States, federal law limits the liability of card holders to $50 in the event of theft,
regardless of the amount charged on the card; in practice, many banks will waive even this
small payment and simply remove the fraudulent charges from the customer's account if the
customer signs an affidavit confirming that the charges are indeed fraudulent. Other countries
generally have similar laws aimed at protecting consumers from physical theft of the card.

The only common security measure on all cards is a signature panel, but signatures are
relatively easy to forge. Many merchants will demand to see a picture ID, such as a driver's

license, to verify the identity of the purchaser, and some credit cards include the holder's
picture on the card itself. However, the card holder has a right to refuse to show additional
verification, and asking for such verification may be a violation of the merchant's agreement
with the credit card companies.
Self-serve payment systems (gas stations, kiosks, etc.) are common targets for stolen cards, as
there is no way to verify the card holder's identity. A common countermeasure is to require
the user to key in some identifying information, such as the user's ZIP or postal code. This
method may deter casual theft of a card found alone, but if the card holder's wallet is stolen, it
may be trivial for the thief to deduce the information by looking at other items in the wallet.
For instance, a U.S. driver license commonly has the holder's home address and ZIP code
printed on it.
Banks have a number of countermeasures at the network level, including sophisticated real-
time analysis that can estimate the probability of fraud based on a number of factors. For
example, a large transaction occurring a great distance from the card holder's home might be

51
flagged as suspicious. The merchant may be instructed to call the bank for verification, to
decline the transaction, or even to hold the card and refuse to return it to the customer.
Stolen cards can be reported quickly by card holders, but a compromised account can be
hoarded by a thief for weeks or months before any fraudulent use, making it difficult to
identify the source of the compromise. The card holder may not discover fraudulent use until
receiving a billing statement, which may be delivered infrequently.

Resources on reporting lost or stolen credit cards include:

Lost of Stolen Credit Card : gives a step by step guide to reporting those lost
or stolen cards.
Scam Busters : gives steps for users who lose their credit or debit card.
Stolen Credit Cards : offers help on things to do after a credit card's stolen.
Answers About Lost or Stolen Credit Cards : provides ways to report a lost or
stolen credit card.
Credit Net : looks at emergency services in regards to stolen and lost credit
cards.
Report Your Lost Credit Card : offers steps on reporting the loss of a credit
card.
Credit Card Information : covers the steps users should take when they lose a
credit card.
Wallet Protection Toolkit : offers steps users take to avoid losing their credit
cards.
How to Replace a Lost or Stolen Card : gives steps on talking to credit card
companies about the cards.
What do I do if my Wallet is Lost or Stolen? : covers what to do when this
situation happens.

52
Compromised Accounts

Card account information is stored in a number of formats. Account numbers are often
embossed or imprinted on the card, and a magnetic stripe on the back contains the data in
machine readable format. Fields can vary, but the most common include:
Name of card holder

Account number

Expiration date

Verification

Many Web sites have been compromised in the past and theft of credit card data is a major
concern for banks. Data obtained in a theft, like addresses or phone numbers, can be highly
useful to a thief as additional card holder verification.
Mail/Internet Order Fraud

The mail and the Internet are major routes for fraud against merchants who sell and ship
products, as well Internet merchants who provide online services. The industry term for
catalog order and similar transactions is "Card Not Present" (CNP), meaning that the card is
not physically available for the merchant to inspect. The merchant must rely on the holder (or
someone purporting to be the holder) to present the information on the card by indirect
means, whether by mail, telephone or over the Internet when the cardholder is not present at
the point of sale.
It is difficult for a merchant to verify that the actual card holder is indeed authorizing the
purchase. Shipping companies can guarantee delivery to a location, but they are not required
to check identification and they are usually are not involved in processing payments for the
merchandise. A common preventive measure for merchants is to allow shipment only to an
address approved by the cardholder, and merchant banking systems offer simple methods of
verifying this information.
Additionally, smaller transactions generally undergo less scrutiny, and are less likely to be
investigated by either the bank or the merchant, since the cost of research and prosecution
usually far outweighs the loss due to fraud. CNP merchants must take extra precaution
against fraud exposure and associated losses, and they pay higher rates to merchant banks for
the privilege of accepting cards. Anonymous scam artists bet on the fact that many fraud
prevention features do not apply in this environment.

Merchant associations have developed some prevention measures, such as single use card
numbers, but these have not met with much success. Customers expect to be able to use their
credit card without any hassles, and have little incentive to pursue additional security due to
laws limiting customer liability in the event of fraud. Merchants can implement these
prevention measures but risk losing business if the customer chooses not to use the measures.

Account Takeover

There are two types of fraud within the identity theft category:

Application Fraud
Account Takeover.

53
 Application Fraud
Application fraud occurs when criminals use stolen or fake documents to open an account in
someone else's name. Criminals may try to steal documents such as utility bills and bank
statements to build up useful personal information. Alternatively, they may create counterfeit
documents.
Account Takeover
Account takeover involves a criminal trying to take over another person's account, first by
gathering information about the intended victim, then contacting their bank or credit issuer
masquerading as the genuine cardholder asking for mail to be redirected to a new address.
The criminal then reports the card lost and asks for a replacement to be sent. The replacement
card is then used fraudulently.
Some merchants added a new practice to protect consumers and self reputation, where they
ask the buyer to send a copy of the physical card and statement to ensure the legitimate usage
of a card.

Skimming

Skimming is the theft of credit card information used in an otherwise legitimate transaction.
It is typically an "inside job" by a dishonest employee of a legitimate merchant, and can be as
simple as photocopying of receipts. Common scenarios for skimming are restaurants or bars
where the skimmer has possession of the victim's credit card out of their immediate view.
The skimmer will typically use a small keypad to unobtrusively transcribe the 3 or 4 digits
Card Security Code which is not present on the magnetic strip.
Instances of skimming have been reported where the perpetrator has put a device over the
card slot of a public cash machine (Automated Teller Machine), which reads the magnetic
strip as the user unknowingly passes their card through it. These devices are often used in
conjunction with a pinhole camera to read the user's PIN at the same time.
Skimming is difficult for the typical card holder to detect, but given a large enough sample, it
is fairly easy for the bank to detect. The bank collects a list of all the card holders who have
complained about fraudulent transactions, and then uses data mining to discover relationships
among the card holders and the merchants they use. For example, if many of the
customers used one particular merchant, that merchant's terminals (devices used to authorize
transactions) can be directly investigated.

54
SKIMMER
Sophisticated algorithms can also search for known patterns of fraud. Merchants must
ensure the physical security of their terminals, and penalties for merchants can be severe in
cases of compromise, ranging from large fines to complete exclusion from the merchant
banking system, which can be a death blow to businesses such as restaurants which rely on
credit card processing.

CARDING
Carding is a term used for a process to verify the validity of stolen card data. The thief
presents the card information on a website that has real-time transaction processing. If the
card is processed successfully, the thief knows that the card is still good. The specific item
purchased is immaterial, and the thief does not need to purchase an actual product; a Web site
subscription or charitable donation would be sufficient. The purchase is usually for a small
monetary amount, both to avoid using the card's credit limit, and also to avoid attracting the
bank's attention. A website known to be susceptible to carding is known as a cardable
website.
In the past, carders used computer programs called "generators" to produce a sequence of
credit card numbers, and then test them to see which were valid accounts. Another variation
would be to take false card numbers to a location that does not immediately process card
numbers, such as a trade show or special event. However, this process is no longer viable due
to widespread requirement by internet credit card processing systems for additional data such
as the billing address, the 3 to 4 digit Card Security Code and/or the card's expiry date, as
well as the more prevalent use of wireless card scanners that can process transactions right
away. Nowadays, carding is more typically used to verify credit card data obtained directly
from the victims by skimming or phishing.
A set of credit card details that has been verified in this way is known in fraud circles as a
phish. A carder will typically sell data files of phish to other individuals who will carry out
the actual fraud. Market price for a phish ranges from US$1.00 to US$50.00 depending on
the type of card, freshness of the data and credit status of the victim

55
PREVENTION FOR CREDIT CARD FRAUD

Credit card fraud is bad business. In 2004, credit card fraud cost US merchants 2,664.9
million dollars (Celent Communications). Credit card fraud is a significant problem in
Canada, too. The credit card loss total for 2007 was $304,255,215, according to the RCMP.
And while 'no-card' fraud is growing, most credit card frauds are still being committed using
lost, stolen or counterfeit cards. Whether you have a brick-and-mortar business or an online
one, credit card fraud is costing you money.

Credit card fraud prevention when dealing with credit card customers face-to-face
Ask for and check other identification, such as a drivers license or other photo ID.
Check to see if the ID has been altered in any way as a person trying to use a stolen
credit card may also have stolen or fake ID.
examine the signature on the card. If the signature on the credit card is smeared, it
could be that the credit card is stolen and the person has changed the signature to his
or her own.
Compare signatures. Besides comparing the signature on the credit card with the
persons signature on the credit card slip, compare the signatures as well to those on
any other ID presented.
Check the security features of the credit card.
Have another look at the cards signature panel. It should show a repetitive colour
design of the MasterCard or Visa name. Altered signature panels (those that are
discoloured, glued, painted, erased, or covered with white tape) are an indication of
credit card fraud.
Check the credit cards embossing. Ghost images of other numbers behind the
embossing are a tip-off that the card has been re-embossed. The hologram may be
damaged. (The holograms on credit cards that have not been tampered with will show
clear, three- dimensional images that appear to move when the card is tilted.
Check the presented card with recent lists of stolen and invalid credit card numbers.
Call for authorization of the credit card remembering to take both the credit card
and the sales draft with you. That way if the customer runs away while youre making
the call, you still have the credit card. Ask for a Code 10 if you have reason to
suspect a possible credit card fraud, such as a possible counterfeit or stolen card.
Destroy all carbon copies of the credit card transaction, to ensure that no one can steal
the credit card information and help prevent future credit card fraud.
Its also very important to be sure that the staff is educated about credit card fraud. One can
use the points above as a to do list for dealing with credit card transactions. For information
on the suspicious behavior that may indicate someone trying to commit credit card fraud, see
Suspicious Behaviors That May Indicate Credit Card Fraud.

56
When dealing with credit card customers over the phone or through the Internet, credit
card fraud prevention strategies such as scrutinizing the credit card arent going to work. You
can, however, be alert to suspicious behaviors and shape your credit policies to nip credit
card fraud in the bud.

Dont process credit card orders unless the information is complete.

Dont process credit card orders that originate from free e-mail addresses or from e-
mail forwarding addresses. In such a case, ask the customer for an ISP (Internet
Service Provider) or domain-based e-mail address that can be traced back.
If the shipping address and the billing address on the order are different, call the
customer to confirm the order. You may even want to make it a policy to ship only to
the billing address on the credit card.
Be wary of unusually large orders.
Be wary of orders shipped to a single address but purchased with multiple cards.
Be wary of multiple transactions made with similar card numbers in a sequence.
Be wary of orders youre asked to ship express, rush or overnight. This is the shipping
of choice for many credit card fraudsters. Call the customer to confirm the order first.\
Be wary of overseas orders especially if the order exhibits any of the characteristics
noted above.
The first is Mod10 algorithm testing. Mod10 is an algorithm that will show whether the card
number being presented is valid card number and is within the range of numbers issued by
credit card companies. It cannot give any other details like no. issued by any other company.
This test should be first to be that it is applied to any credit card number one process. If the
card fails Mod10 one can safely assume fraud.
Credit card fraud may not be entirely preventable, but by establishing and following
procedures to check every credit card transaction, you can cut down your credit card fraud
losses

57
CHAPTER:9
CASE STUDY

INDIA'S FIRST ATM CARD FRAUD

The Chennai City Police have busted an international gang involved in cyber crime, with the
arrest of Deepak Prem Manwani (22), who was caught red-handed while breaking into an
ATM in the city in June last, it is reliably learnt. The dimensions of the city cops'
achievement can be gauged from the fact that they have netted a man who is on the wanted
list of the formidable FBI of the United States. At the time of his detention, he had with him
Rs 7.5 lakh knocked off from two ATMs in T Nagar and Abiramipuram in the city. Prior to
that, he had walked away with Rs 50,000 from an ATM in Mumbai.

While investigating Manwani's case, the police stumbled upon a cyber crime involving scores
of persons across the globe.

Manwani is an MBA drop-out from a Pune college and served as a marketing executive in a
Chennai-based firm for some time.

Interestingly, his audacious crime career started in an Internet cafe. While browsing the Net
one day, he got attracted to a site which offered him assistance in breaking into the ATMs.
His contacts, sitting somewhere in Europe, were ready to give him credit card numbers of a
few American banks for $5 per card. The site also offered the magnetic codes of those cards,
but charged $200 per code. The operators of the site had devised a fascinating idea to get the
personal identification number (PIN) of the card users. They floated a new site which
resembled that of a reputed telecom companies.

That company has millions of subscribers. The fake site offered the visitors to return
$11.75 per head which, the site promoters said, had been collected in excess by mistake from
them. Believing that it was a genuine offer from the telecom company in question, several lak
subscribers logged on to the site to get back that little money, but in the process parted with
their PINs.
Armed with all requisite data to hack the bank ATMs, the gang started its systematic looting.
Apparently, Manwani and many others of his ilk entered into a deal with the gang behind the
site and could purchase any amount of data, of course on certain terms, or simply enter into a
deal on a booty-sharing basis.
Meanwhile, Manwani also managed to generate 30 plastic cards that contained necessary data
to enable him to break into ATMS.
He was so enterprising that he was able to sell away a few such cards to his contacts in
Mumbai. The police are on the lookout for those persons too.
On receipt of large-scale complaints from the billed credit card users and banks in the United
States, the FBI started an investigation into the affair and also alerted the CBI in New Delhi
that the international gang had developed some links in India too.
Manwani has since been enlarged on bail after interrogation by the CBI. But the city police
believe that this is the beginning of the end of a major cyber crime

58
CHAPTER:10

GENERAL TIPS ON AVOIDING POSSIBLE INTERNET FRAUD

SCHEMES

Don't Judge by Initial Appearances

It may seem obvious, but consumers need to remember that just because something
appears on the Internet - no matter how impressive or professional the Web site looks -
doesn't mean it's true. The ready availability of software that allows anyone, at minimal cost,
to set up a professional-looking Web site means that criminals can make their Web sites look
as impressive as those of legitimate e-commerce merchants.

Be Careful About Giving Out Valuable Personal Data Online

If you see e-mail messages from someone you don't know that ask you for personal data
such as your Social Security number, credit-card number, or password - don't just send
the data without knowing more about who's asking. Criminals have been known to send
messages in which they pretend to be (for example) a systems administrator or Internet
service provider representative in order to persuade people online that they should disclose
valuable personal data.

Be Especially Careful About Online Communications with Someone Who

Conceals His True Identity
If someone sends you an e-mail in which he refuses to disclose his full identity, or
uses an e-mail header that has no useful identifying data (e.g.,
"W6T7S8@provider.com"), that may be an indication that the person doesn't want to
leave any information that could allow you to contact them later if you have a dispute
over undelivered goods for which you paid. As a result, you should be highly wary
about relying on advice that such people give you if they are trying to persuade you to
entrust your money to them.

Watch Out for "Advance-Fee" Demands

In general, you need to look carefully at any online seller of goods or services who
wants you to send checks or money orders immediately to a post office box; before
you receive the goods or services you've been promised. Legitimate startup "dot.com"
companies, of course, may not have the brand-name recognition of long-established
companies, and still be fully capable of delivering what you need at a fair price.

SUGGESTIONS ON CYBER MONEY LAUNDERING

Because of the nature of Cyber money laundering, no country can effectively deal
with it in isolation. Cyber money laundering has to be dealt with at organizational
[Bank or Financial Institution], national.

AT ORGANIZATIONAL [BANK] LEVEL

The banking and other financial organizations can reduce the quantum of money
laundering by following the guidelines issued by central banks of respective countries
in letter and spirit. The old principle of Knowing the customer well will help a great
deal.

59
CHAPTER:11
RECENT CASES

In February 2009, a group of criminals used counterfeit ATM cards to steal $9

million from 130 ATMs in 49 cities around the world all within a time period of 30
minutes.

June 4, 2011

Cybercriminals are improving a malicious software program that can be installed on ATMs
running Microsoft's Windows XP operating system that records sensitive card details,
according to security vendor Trustwave.

The malware has been found on ATMs in Eastern European countries, according to a
Trustwave report.

The malware records the magnetic stripe information on the back of a card as well as the PIN
(Personal Identification Number), which would potentially allow criminals to clone the card
in order to withdraw cash.

The collected card data, which is encrypted using the DES (Data Encryption Standard)
algorithm, can be printed out by the ATM's receipt printer, Trustwave wrote.

The malware is controlled via a GUI that is displayed when a so-called "trigger card" is
inserted into the machine by a criminal. The trigger card causes a small window to appear
that gives its controller 10 seconds to pick one of 10 command options using the ATM's
keypad.
"The malware contains advanced management functionality allowing the attacker to fully
control the compromised ATM through a customized user interface built into the malware,"
Trustwave wrote.

A criminal can then view the number of transactions, print card data, reboot the machine and
even uninstall the malware. Another menu option appears to allow the ejection of an ATM's
cash cassette.

Trustwave has collected multiple versions of the malware. The company believes that the
particular one it analyzed is "a relatively early version of the malware and that subsequent
versions have seen significant additions to its functionality."

The company advised banks to scan their ATMs to see if they're infected.

60
CHAPTER:12
CONCLUSION

Lastly I conclude by saying that

Thieves are not born, but made out of opportunities.
This quote exactly reflects the present environment related to technology, where it is
changing very fast. By the time regulators come up with preventive measures to protect
customers from innovative frauds, either the environment itself changes or new technology
emerges. This helps criminals to find new areas to commit the fraud. Computer forensics has
developed as an indispensable tool for law enforcement. But in the digital world, as in the
physical world the goals of law enforcement are balanced with the goals of maintaining
personal liberty and privacy. Jurisdiction over cyber crimes should be standardized around
the globe to make swift action possible against terrorist whose activities are endearing
security worldwide. The National institute of justice, technical working group digital
evidence are some of the key organization involved in research.
The ATM fraud is not the sole problem of banks alone. It is a big threat and it requires a
coordinated and cooperative action on the part of the bank, customers and the law
enforcement machinery. The ATM frauds not only cause financial loss to banks but they also
undermine customers' confidence in the use of ATMs. This would deter a greater use of ATM
for monetary transactions. It is therefore in the interest of banks to prevent ATM frauds.
There is thus a need to take precautionary and insurance measures that give greater
"protection" to the ATMs, particularly those located in less secure areas. The nature and
extent of precautionary measures to be adopted will, however, depend upon the requirements
of the respective banks. Internet Banking Fraud is a fraud or theft committed using online
technology to illegally remove money from a bank account and/or transfer money to an
account in a different bank. Internet Banking Fraud is a form of identity theft and is usually
made possible through techniques such as phishing.
Credit card fraud can be committed using a credit card or any similar payment mechanism as
a fraudulent source of funds in a transaction. The purpose may be to obtain goods without
paying, or to obtain unauthorized funds from an account. Cyber space and cyber
payment methods are being abused by money launderers for converting their dirty money
into legal money. For carrying out their activities launderers need banking system. Internet,
online banking facilitates speedy financial transactions in relative anonymity and this is being
exploited by the cyber money launderers. Traditional systems like credit cards had some
security features built into them to prevent such crime but issue of e-money by unregulated
institutions may have none. Preventing cyber money laundering is an uphill task which needs
to be tackled at different levels. This has to be fought on three planes, first by banks/ financial
institutions, second by nation states and finally through international efforts. The regulatory
framework must also take into account all the related issues like development of e-money,
right to privacy of individual. International law and international co-operation will go a long
way in this regard.
Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the
cyber space. It is quite possible to check them. History is the witness that no legislation has
succeeded in totally eliminating crime from the globe. The only possible step is to make
people aware of their rights and duties (to report crime as a collective duty towards the
society) and further making the application of the laws more stringent to check crime.
Undoubtedly the Act is a historical step in the cyber world. Further I all together do not deny
that there is a need to bring changes in the Information Technology Act to make it more
effective to combat cyber crime.

61
CHAPTER:13

BIBLIOGRAPHY
The Witness by : Nora Rrobert
Cybersecurity Leadership: Powering the Modern Organization by: Mansur Hasib

WEBLIOGRAPHY

WEBSITE:
www.cybercellmumbai.com
www.britannica.com
www.agapeinc.in

SEARCH ENGINE:
www.google.com
www.yahoo.com
www.wikipedia.com

62