UNIVERSITY OF MUMBAI

A BLACK BOOK PROJECT ON

CYBER CRIME IN BANKING SECTOR

SUBMITTED BY

MR. SUYASH DHANANJAY PATIL

ROLL NO .1

SEM ‘VI’ (ACCOUTING & FINANCE)

T.Y.B.A.F. 2019-2020

UNDER THE GUIDANCE OF

PROF. Lokesh Gupta

UNIVERSITY OF MUMBAI

IN PARTIAL FULFILMENT OF THE REQUIREMENT OF THE B.A.F.

PROGRAMME FOR THE YEAR 2019-2020
 ACKNOWLEDGEMENT

This is to express my earnest gratitude and extreme joy at being bestowed with an
opportunity to get an opportunity to get an interesting and informative project on “CYBER
CRIME IN BANKING SECTOR”.

A special thanks to our coordinator Prof. Mr. LOKESH GUPTA for being a guide in
the right sense of word motivating me during the project . I would like to thanks my friends for
helping me and providing all explicit and implicit support to me during the course of my project.
 DECLARATION

I SUYASH DHANANJAY PATIL STUDENT OF DR.BABASAHEB

AMBEDKAR COLLEGE, VASAI (W), PALGHAR, STUDYING IN T.Y.BAF
HERE BY DECLARE THAT I HAVE COMPLETED THIS PROJECT ON
“CYBER CRIME IN BANKING SECTOR” DURING THE ACADEMIC YEAR
2019-2020.

THE INFORMATION SUBMITTED IS TRUE AND ORIGINAL TO THE BEST OF

MY KNOWLEDGE.

SIGNATURE OF STUDENT

SUYASH DHANANJAY PATIL

DATE:

PLACE: VASAI
 EXCECUTIVE SUMMARY

Cyber crimes are any illegal activities committed using computer target of the criminal
activity can be either a computer, network operations. Cyber crimes are genus of crimes, which
use computers and networks for criminal activities. The difference between traditional crimes
and cyber crimes is the cyber crimes can be transnational in nature. Cyber crime is a crime that is
committed online in many areas using e-commerce. A computer can be the target of an offence
when unauthorized access of computer network occurs and on other hand it affects E-
COMMERCE. Cyber crimes can be of various types such as Telecommunications Piracy,
Electronic Money Laundering and Tax Evasion, Sales and Investment Fraud, Electronic Funds
Transfer Fraud and so on…

The modern contemporary era has replaced these traditional monetary instruments from a
paper and metal based currency to “plastic money” in the form of credit cards, debit cards, etc.
This has resulted in the increasing use of ATM all over the world. The use of ATM is not only
safe but is also convenient. This safety and convenience, unfortunately, has an evil side as well
that do not originate from the use of plastic money rather by the misuse of the same. This evil
side is reflected in the form of “ATM frauds” that is a global problem.

Internet commerce has grown exponentially during the past few years and is still
growing. But unfortunately the growth is not on the expected lines because the credit card fraud
which has become common has retarded the e-commerce growth. Credit card fraud has become
regular on internet which not only affects card holders but also online merchants. Credit card
fraud can be done by taking over the account, skimming or if the card is stolen. Certain
preventive measures can be taken to becoming a credit card victim.

The term "Internet fraud" refers generally to any type of fraud scheme that uses one or
more components of the Internet - such as chat rooms, e-mail, message boards, or Web sites - to
present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to
transmit the proceeds of fraud to financial institutions or to other connected with the scheme.
Some forms of Internet fraud, include: Spam ,Scams, Spyware ,Identity theft ,Phishing ,Internet
banking fraud.

"The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be
able to do more damage with a keyboard than with a bomb".

– National Research Council, "Computers at Risk", 1991

 INDEX

SRNO. TOPICS PAGE NO

1. INTRODUCTION

2. TYPES OF CYBER CRIME

3. CLASSIFICATION OF CYBER CRIME

4. REASONS FOR CYBER CRIME

5.
CYBER CRIMINALS

6.
MODE AND MANNER OF COMMITING CYBER CRIME

7 BANKING SECTOR

CYBER CRIME IN BANKING SECTOR

8 A) ATM FRAUD
B) MONEY LAUNDERING
C) CREDIT CARD FRAUD

9 CASE STUDY

10 GENERAL TIPS ON AVOIDING POSSIBLE INTERNET FRAUD

SCHEMES

11 RECENT CASES

12 CONCLUSION

13 BIBLOGRAPHY

Page 8 of 79
 INTRODUCTION

The usage of internet services in India is growing rapidly. It has given rise to new
opportunities in every field we can think of – be it entertainment, business, sports or education.

There are many pros and cons of some new types of technology which are been invented
or discovered. Similarly the new & profound technology i.e. using of INTERNET Service, has
also got some pros & cons. These cons are named CYBER CRIME, the major disadvantages,
illegal activity committed on the internet by certain individuals because of certain loop-holes.
The internet, along with its advantages, has also exposed us to security risks that come with
connecting to a large network. Computers today are being misused for illegal activities like e-
mail espionage, credit card fraud, spams, and software piracy and so on, which invade our
privacy and offend our senses. Criminal activities in the cyberspace are on the rise.

Computer crimes are criminal activities, which involve the use of information technology
to gain an illegal or an unauthorized access to a computer system with intent of damaging,
deleting or altering computer data. Computer crimes also include the activities such as electronic
frauds, misuse of devices, identity theft and data as well as system interference. Computer
crimes may not necessarily involve damage to physical property. They rather include the
manipulation of confidential data and critical information. Computer crimes involve activities of
 software theft, wherein the privacy of the users is hampered. These criminal activities involve
the breach of human and information privacy, as also the theft and illegal alteration of system
critical information. The different types of computer crimes have necessitated the introduction
and use of newer and more effective security measures.

In recent years, the growth and penetration of internet across Asia Pacific has been
phenomenal. Today, a large number of rural areas in India and a couple of other nations in the
region have increasing access to the internet—particularly broadband. The challenges of
information security have also grown manifold. This widespread nature of cyber crime is
beginning to show negative impact on the economic growth opportunities in each of the
countries.

It is becoming imperative for organizations to take both preventive and corrective actions
if their systems are to be protected from any kind of compromise by external malicious elements.
According to the latest statistics, more than a fifth of the malicious activities in the world
originate from the Asia Pacific region. The malicious attacks included denial-of-service attacks,
spam, and phishing and bot attacks. Overall, spam made up 69% of all monitored e-mail traffic
in the Asia Pacific region. As per the National Crime Records Bureau statistics, there has been a
255% increase in cyber crime in India alone. And mind you, these are just the reported cases.

In view of this, various governmental and non-governmental agencies are working

towards reducing cyber crime activities.

Computer crime, cybercrime, e-crime, hi-tech crime or electronic crime generally refers
to criminal activity where a computer or network is the source, tool, target, or place of a crime.
These categories are not exclusive and many activities can be characterized as falling in one or
more category. Additionally, although the terms computer crime and cybercrime are more
properly restricted to describing criminal activity in which the computer or network is a
necessary part of the crime, these terms are also sometimes used to include traditional crimes,
such as fraud, theft, blackmail, forgery, and embezzlement, in which computers or networks are
used. As the use of computers has grown, computer crime has become more important.
 Computer crime can broadly be defined as criminal activity involving an information
technology infrastructure, including illegal access (unauthorized access), illegal interception (by
technical means of non-public transmissions of computer data to, from or within a computer
system), data interference (unauthorized damaging, deletion, deterioration, alteration or
suppression of computer data), systems interference (interfering with the functioning of a
computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or
suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud (Taylor,
according1999)

In 2002 the newly formed U.S. Internet Crime Complaint Center reported that more than
$54 million dollars had been lost through a variety of fraud schemes; this represented a threefold
increase over estimated losses of $17 million in 2001. The annual losses grew in subsequent
years, reaching $125 million in 2003, about $200 million in 2006 and close to $250 million in
2008.

In 2020 the IBM President and CEO Ginni Rometty described cybercrime as “the greatest threat to
every profession, every industry, every company in the world.”
According to the Ponemon Institute’s 2016 Cost of Data Breach Study, Global Analysis
organizations that suffered at least one breach in 2016 lost an average of $4 million. 48 % of data
security breaches are caused by acts of malicious intent. Cyberseurity ventures expects ransomware
costs will rise to $11.5 Billion in 2019.
The global cost of cybercrime will reach $6 Trillion by 2021. Cybercrime will more than triple the
number of unfilled cybersecurity jobs by 2021.
 LITERATURE REVIEW

Ankita P. (2011)
The author has discussed about the E commerce activities in India, the competitive and anti
competitive factors affecting the E commerce future. Major focus is on the credit card activities
affecting the E commerce. In the paper author has also discussed some international case studies.
Lastly the role of CCI in dealing these issues is discussed.
Nappinai N. S. (2010) The author in his paper “Cyber Crime Law in India has law kept pace with
Emerging Trends? An Empirical Study” highlighted some important provision of the criminal laws
in India relating to data
protection, privacy, encryption and other cyber crime activities and to the extent said provisions are
enforced to fight not just the present but future trends in Cyber Crime.
Rohas N. (2008) In this book “e commerce legal issues” author has explained about e commerce
activities, legal and
technical issues of digital signatures. Also a in depth knowledge about e certificates, electronics
contracts and step by step method to digitally sign a word document and email is provided, author
has also focused on how to obtain digital signature certificates and discussed many case studies.
Rohas N. (2008) In the book “fundamentals of cyber law” author has discussed about basics terms
and definition
related to computers and cyber space. There is detailed explanation about the IT Act 2000, Indian
Penal Code (IPL) and Indian Cyber Law. Author has also discussed almost 21 cyber crimes which
are committed in the cyber space and what are the liable punishments for these cyber crimes. There
is an overview of IP addresses, Blogs, Domain name spaces (DNS) and working of email system.
The book provides complete insight into cyber law and its basics
Satish R. and Henry D. (2012) Authors in the article “A study on implementation challenges of E
commerce in India”
have discussed about the Global and Indian E-Commerce sales statistics to show the reasons why E
Commerce is not accepted in India. The study also shows various quality issues of the websites
which are neglected and have suggested proposing Total Quality Management (TQM)
implementation as the best solution to solve the problem.
Shanju D. (2012) In this paper titled “A study on Implementation Challenges of E-Commerce in
India” author has
explained in detail about the E commerce activities, Importance of M commerce and its emergence.
Author has also mentioned about different dimensions of ecommerce. Major area of focus is
challenges faced by e commerce industry in India, Role of government in setting up ecommerce
industry and triggers and barriers for ecommerce industry in Indian Market.
V. Rajaraman (2000)
In this article the author has explained what is e commerce, different e commerce activities, there
advantages and disadvantages. There is in detail discussion with examples about B2B, B2C and
C2C transactions.
Waghmare G.T. (2012)
Prof. Waghmare in his Research Paper “A Business Review of Ecommerce in India” has mentioned
about the market scope of the country in ecommerce industry, advantages and disadvantage of
ecommerce. According to the author there is great potential in India to flourish E commerce
Industry because of Low PC cost and Availability of Internet but the same time awareness among
the people, low security and maintenance, Taxation, Vendor Management etc. Impact of
ecommerce on retailers is also discussed briefly.
Dr. Khandelwal A. (2011)
The author discusses E commerce management practices in India it is felt that there is need to
increase trust by providing additional security. In this paper author have mentioned new approach in
website security, systems build using whitelist paradigm may create secure websites. There should
little customers fear and risk associated with sensitive and vital information. There by increasing the
creditability of online shopping in market
Cassim F. (2009) In the article “Formulating specialized legislation to address the growing spectre of
cyber crime: A comparative study” author looks at the cyber legislation formulated to address
cybercrime in the
United States of America, The United Kingdom, Australia, India, The gulf Countries and South
Africa. The study reveals that the inability of national laws to address the challenges posed by
cybercrime has led to the introduction of specialized cyber legislation. It is advocated that countries
should introduce new cyber laws to respond to the rapid change in technology and cyber crimes.
There should be continuous research and training of IT security personnel, financial service sector
personnel, police officers, prosecutors and the judiciary to keep them abreast of the evolving
technology.
Shrikant A. et al. (2010)
This paper deals with the privacy issue in Indian perspective with respect to challenges in three
different dimensions like Legal, Technical and Political domain. Authors discuss about proposed
framework to deal with these challenges. In India there is no such legal framework to deal with
privacy issue. To handle major challenges we refer ITA 2003 that was built with the motivation to
facilitate e commerce and hence the privacy was not the prior concern in IT act. This paper provides
a solution as per present and future requirement of privacy in Indian Scenario.
Daniel J. (2002)
Author has mentioned about the B2B and e commerce trade activity in developing country. The
paper discuss that policies aim to promote ‘e-readiness’ are unlikely to succeed on terms that
maximise benefits for developing country. Author focuses on the positioning of firms at global
value chains to deal with operational challenges.
Nisha C. and Sangeeta G. (2012)
Authors have explored Indian E Commerce Industries and its Opportunities in upcoming years.
Paper gives overview of the future of E-Commerce in India and discusses the future growth
segments in India’s E-Commerce and represents various opportunities for retailers, wholesalers,
producers and for individuals. Paper givers only the positive aspect of e commerce and its future
growth.
Shilpan V. (2012)
In this paper “E-banking and E-Commerce in India and USA” author discusses about E Banking a
Major Field related to E commerce Activity and has shown a direct comparative study between the
developing countries like India and US. The future of E- Banking in developing Countries appears
bright but consumers and merchants face many barriers like reliable telecommunication
infrastructure, power supplies, less access to online payment mechanism.
Talwant S. (2004)
A Addl. Distt. & Sessions Judge has taken up a crucial and rare topic of discussion that is the
importance of harmony between the law enforcement agencies and computer professionals.
According to author both the parts are equally important for enabling strong cyber security in
country and make internet a safe place for its users. Author has also made a comparative study on
law definition in US and India.
Ashwini B. (2012)
Author discusses broadly about the ratio of increasing cyber crime and there effect on the society
and e business and retailers. The paper briefs about the cyber threat and frauds, it also briefs about
the internet user in India, its scope and future. Author also puts light on the governmental measures
to stop cyber crime and talks about the challenges that India needs to face to beat cyber threat.
Susheel B. and Durgesh P. (2011)
Authors in their paper “Study of Indian Banks Websites for Cyber Crime Safety Mechanism”
discusses that security plays an important role in implementation of technology specially in banking
sector. Paper talks about the cyber security required at the core banking level as the money is just
only single click away. Through this paper authors have tried to put forward different issues that
Indian banking system face and importance of cyber security mechanism.
K.T. Geetha and V. Malarvizhi (2012)
Authors talks about the factor which are affecting the acceptance of e banking services among the
customers and also indicates level of concern regarding security and privacy issues in Indian
Customers. The paper says many factors like security, privacy and awareness level increased the
acceptance of e banking among customers, If bank provide necessary guidance and ensure safety of
their accounts customers are willing to use e banking services.
Sanjay K. and Ajay Kumar B. (2010)
In this article titled “E-Governance in India – Problems and Acceptability” authors discuss about e
governance and its effective use to improve the system of governance that is in place, and thus
provide better services to the citizens. E- Governance is considered important means of taking IT to
the “Common Public”. Paper concludes developments, opportunities, problems and acceptability of
e- Governance in India.
Sanjay P. (2010)
Author discuss in detail the provisions of IT Act, 2000 and its recent amendments towards
combating cyber crime. Author has also made an attempt to analyse the current trends in cyber
crime then the analyses is made on the needs of legislation and current provisions of IT Act, lastly
paper talks about similar provisions in the world and drawing parallel laws in the country. Finally
author sums up the discussion with suggested recommendations for possible and safe cyber world.
Rohas N.(2007)
Author discusses various rules, regulations and orders that have been passed over the last 7 years.
Author then moves onto a brief discussion on the Indian law relating to cyber pornography and
features the Avnish Bajaj (CEO of bazzee.com – now part of the ebay group of companies) case.
This paper discusses 7 interesting case laws that author feels highlight the development of cyber
legal jurisprudence in India over the last 7 years
Meghna B.(2010)
Author discusses simple terms and concepts about E Commerce in the book, it is written in simple
language. Author talks about different topics like Electronic Communication, Growth of E
Commerce Industry and Factors required its development, then the discussion moves to the
technical part like protocols used for E commerce activity, Ecommerce Providers and Software
Packages.
S. Bansal (2012)
The author discusses working of Internet and its simple terms like DNS, URL’s and then extends the
discussion to browsing of web, TCP/IP Basics, electronic Mails, FTP’s Newsgroups and search
engine towards the end author discusses very important aspect of internet security, web application
and Concept of E business. The book gives an complete overview of Internet and E business
Activities.
Vijaya L. et al. (2011)
Group of Authors says that in any E commerce activity clients may be interested in buying and
selling the goods across the web. According to authors buying the goods over web is difficult task
an d hence author should have knowledge about the goods. This paper introduces E commerce
activity and then concludes with an attempt to bridge the gap between the demand and supply of
information for better E commerce activity to take place across internet from customer point of
view.
Basit D. et al. (2011)
Authors say traditional government pattern is time and money consuming, to overcome this
obstacle governments in different countries are setting up there E Governance and executing them
in the best possible manner. Further authors discuss Plan of Indian Government and there
methodology with certain data and statistics in support to their research. They also highlight the
Reasons for Non Acceptance of Local Government Websites, Ability of the citizens to use E
Governance and Satisfaction derived among them after using these Websites. They conclude saying
there is extreme need in improvement of local government strategies, policies and applications.
Muhammad Abdulhamid et al. (2011)
Authors discuss cyberspace security is crucial for maintaining the continuity of the vital services and
for preserving the public’s trust in information systems. According to authors Cyber security
issues are global happening and can be tackled globally. This research paper gives us optimism that
it is likely to create a better law enforcement in collaboration with world agencies.
M. Hasan and E. Harris (2009)
In this paper authors have explored the interaction between entrepreneurship and innovation; they
investigate the roles of organisational development in general and e commerce companies in
particular. Authors have conducted interviews to examine the perception of entrepreneur in e
commerce. The results of this study have shown that entrepreneurship and innovation is a crucial
factor for the long term sustainability of e commerce and e business.
Premkumar B. and Kalpana K. (2012)
Authors are discussing the need to develop the metrics to assess the strength of E commerce
penetration in Business and also evaluate the various E commerce platforms. According to authors
use of E business tools for data analysis, prediction and decision making has become the latest
trend.
Piscevic M. and Simic D. (2009)
Authors have discussed the reducing risk with increasing use of digital certificates. In this paper
authors talk about the open network of internet and the amount of insecurity of data. According to
authors there should be five types of security provided to the data that travels over large network
those are confidentiality, data integrity, authentication, availability and non repetition of data.
Digital certificates provide a means of proving identity in electronic transaction.
Mani A. (2012)
A lecturer discusses about the cyber crime activities and there causes, major focus of author is to
cover the topic how cyber criminal activities are affecting the growth and development of e
commerce industry. Author in his paper also talks about the various tools that are used to deal the
cyber crime activity and he concludes the paper by saying that e security is the major concern for
both consumers and business. Building trust among all the parties in online market is very crucial.
Cezar V. (2012)
This paper explores the notion of cyber attack as a concept for understanding modern conflicts.
Author elaborates a conceptual theoretical framework, observing that when it comes to cyber
attacks, cyber war and cyber defence there are no internationally accepted definitions on the subject.
Author suggests that particular attention should be given to the development of a procedure for
clearly discriminating between events( cyber attacks, cyber war and cyber crime or cyber terrorism)
and to maintain a procedure for the conduct of nation’s legitimate military/ civil cyber response
operations.
National Cyber Security Policy Govt. Of India (2011)
In this paper gives a detailed study about the cyber security, cyber space and its strategic perspective
authors also explain that legal framework, law enforcement and information sharing. Paper also
talks about the awareness created at different level of users (corporate, home users, students etc)
through training. The paper is concluded by discussing the technologies used for ensuring security.
Priti S. et al. (2012)
Group of authors explain the terms like firewall, antivirus, internet security and information system
with appropriate procedural and technological solution for safeguarding the data. Authors say as our
nation is rapidly building its Cyber-Infrastructure, it is equally important that we educate our
population to work properly with this infrastructure. Cyber-Ethics, Cyber-Safety and Cyber-Security
issues need to be integrated in the educational system.
Arief R. et al. (2011)
Group of Faculty of computer science from university of Indonesia specifically discusses about
three types of applied ethics i.e. Cyber ethics, information ethics and computer ethics. There are two
aspects of these three applied ethics that is there definitions and the issues associated with them.
Authors also say that these three applied ethics acts as a base for e-government ethics and can enrich
the e-governance of the country.
Mohit G. (2012)
Assistant Professor describes the meaning of ethics and explains different types of ethics. He then
concentrates on cyber ethics as cyber crime is increasing in the country. He also focuses on the other
countries policies and rules to curb the problem, author says that there is need for India to spread
awareness and educate its netizens to minimise the cyber criminal activities, in the end he also
focuses on different steps taken by Indian police and government authorities to minimise these
criminal activities.
Debarati H. and K. Jaishankar(2010) Authors in the article “Cyber Victimization in India” describe
since 1990’s till today India has seen
growth in IT Sector, almost every household falling in economic zone of moderate to high income
groups have internet access and people from age group of 13 to 70 years access internet regularly
but along with this there is victimization. India has an exclusive legislation dedicated for
information technology, e-governance, e-commerce and e-socialization to a certain extent, this has
hardly helped in curbing the ever increasing victimization of individual in cyberspace in India.
Samridh S. et al. (2012)
The paper proposes a curriculum for cyber safety education in schools. The proposed curriculum
covers four sections: Cyber Threats, Protecting Ourselves, Cyber Ethics and Cyber Laws. His
curriculum will be made available to schools for adoption through an open source model. As
according to authors large number of 13-14 year olds is frequent online surfers and most often these
children have very little education at schools pertaining to the right conduct in cyberspace. The
students are not given the crucial guidelines of the internet and how to stay safe while surfing it.
Hence an attempt is made by the authors to make cyberspace a safer place
Bawa D. and Marwah D. (2011)
Authors explain in this Cyber ethics refers to the code of responsible behaviour on the internet, this
paper explores the codes of online conduct that are emerging as new media gains more influence in
political and business affairs. Going beyond common sense ethical codes on the Internet, such as
honesty, accuracy and transparency, this research article attempts to explore cyber ethics from
different perspectives.
N. Vijayashankar (2004) A E business consultant and founder in his paper titled “Cyber Law for
every Netizens in India”
describes that whoever is living in this Cyber Space or is conducting business in Cyber Space
should be concerned with this branch of Law. According to author Software Professionals need to
absorb many salient features of this Law so that they keep themselves and their clients safe and
protected from the consequences of Cyber Law.
Ken T. (2010)
According to author one of the challenges of teaching pre-teens about the internet is their varying
degrees and levels of involvement. The police officer brings a solid understanding of the laws as
well as a strong knowledge of safety issues. Author focus is on the approach for effective irradiation
of cyber bullying and the impact of online behaviour on the atmosphere and climate.
Lastly author points sharply that even parents should be educated and made aware about possible
Victimization.
 RESEARCH METHODOLOGY
Statement of the problem
Internet and Computer crimes will always involve some type of computer- security breach.
“computer-security breach” and “computer crime” are not synonymous. They are related concepts,
but not identical ones. When computer professionals begin working with computer crime and
forensics, they often make the mistake of assuming the two terms mean the same thing. The earliest
days of computer crime, the 1960s and 1970s, were very insignificant from a computercrime
perspective. The majority of incidents were actually just pranks played on computer systems causes
minimal damages. There were actually few laws against such activities, so they literally were not
construed as crimes. The entire purpose of hacking, in those days, was simply to understand a given
system.
A major reason for lesser computer crime during this period was a lack of widespread access to
computers and networks. In those ‘prehistoric’ days of computer crime, there was no wide spread
public access to networks, no Internet, and no laws regarding computer activities. In fact, the only
people who had any access to computers and networks tended to be university professors, students
and researchers.
To understand the history of computer crime, one needs to understand the history of the Internet. As
the Internet grew and online communications became more commonplace, so did computer-based
crimes. Before there could be any networks, much less the Internet, there had to be some method of
moving a data packet from point A to point B. The first crime on packet switching was by Leonard
Kleinrock at Massachusetts Institute of Technology in 1961. Now, this may seem a somewhat arcane
incident, a phone system being hacked was in the early 1970s. John Draper, a former U.S. Air Force
engineer, used a whistle that generated specific tones to place free phone calls. During this time,
phones particularly pay phones used a different tone for each key pressed. Simulating the tones
would actually send specific
commands to the phone system via the phone. Mr. Draper used his engineering knowledge of
phone systems in order to exploit this feature of the phone systems.
Background of the problem
Of late, cyber space became the major domain of warfare after land, sea, air and space. The younger
generations spend more than 80 percent of their time in computers and internet, particularly in Tamil
Nadu giving more way for criminal occurrences either unknowingly or knowingly. Cyber crimes
not only affect the adult population but also the children, the pornography and the ways in which
pedophiles try to lure children on the Internet. This research agenda has a little scope to Review the
literature on cyber crimes. The literature indicates that there are many factors to consider cyber
crimes. It’s one of the major social problem confronting the society and its impact has significant
effect on the socio-cultural and economic development of the country.
Greenberg (1993) emphasized the need to more fully consider the social determinants of fairness that
were not recognized by the prevailing emphasis on the structural aspects of outcome of distributions
and procedures. He proposed a taxonomy of justice classes formed by cross-cutting the two
commonly accepted categories of justice, procedural, and distributive, with two focal determinants,
social and structural. The distinction between social and structural determinants is based on the
immediate focus of the just action. Structural determinants reflect the situation whereby justice is
sought by focusing on the environmental context in which the event occurs which include cyber
crimes and ensures fairness by structuring a decisionmaking context (Judicial). The social
determinants of justice focus on the treatment of individuals and help ensure fairness by focusing on
the interpersonal treatment one receives. Greenberg proposed classes of justice that include:
systemic (structural procedural); configural (structural-distributive); informational (social-
procedural); and interpersonal (social-distributive). The concepts of procedural and distributive
justice are relatively well accepted in the study of organizational justice.
It’s the need of the Day to identify the impact of such cyber crimes in Indian scenario particularly in
Tamil Nadu. Statistics shows that India ranks fifth in the world
in cyber crimes. The report of U.S based internet crime complaint centre states that India becomes
home to fourth highest number of Internet users in the world and the cyber crime is rising at more
than 50 percent per year. Tamil Nadu is not an exception for it and the recent incidents like bank
looting, fraud in Banks, child abuse, extortion, deceptive callers, phishing mails, internet hacking,
etc., are on the increase in Tamil Nadu and magnified as major social problem which is causing
concern for everyone.
Problem formulation
To study the issues on cyber crimes from various available literatures, surveys and discussions.
To understand positive and negative impacts of web pages on the internet.

To clarify the conceptual perception on cyber crimes to create social awareness.

To explore the issues and loop holes due to the impact of jurisprudence on cyber case by Autopsy.
To examine the sociological, psychological, impacts of various cyber crimes in Tamil Nadu,
To test the validity of the AUTOPSY- postmortem (decided relevant laws) system by developing
a prototype to demonstrate the primary features, to investigate the results, and to derive findings by
observing the results.
Describe selected cases handled by the Tamil Nadu Cyber Crime Branch Department to find out
the sequential pattern following selected personal demographic characteristics: Age, Gender, Ethnic
Group and Level of education.
To study the cases registered in cyber crime and identify the fairness and justice done to the
affected victim of the crimes.
To investigate the causes and the sequential pattern, if any in the repeated cyber crimes.
To identify the efficacy of the Legal system to curb the activities.
To discuss the counter measures for avoidance and reduction of cyber crimes.
Choice of the Subject and City
As there is no specific qualitative tool available for assessing the cause and consequences of cyber
crimes, it becomes imperative for the to collect the primary data from the cases registered in the
wing and to adopt technique - Autopsy of selected (decided relevant laws) cases and justice
rendered of the on this phenomenon.

This research work also attempts to study the significance of legal system to curb fast growing
menace of cyber crimes and the integrated approaches for mitigating the social problem.
The research has been focused mainly in the state of Tamil Nadu as the area for the research. The
present study is an attempt to study and analyze the causes of cyber crimes and its impact on the
society at large by using Autopsy .
Scope and Limitation of the Study
The research has been focused on the cases recorded and handled by the Tamil Nadu police
department as the preferred location for undergoing the study for the research, as there is dearth in
terms of research or study in the state.
Obtaining information from the cyber crime handling authorities is very difficult, as they like to keep
privacy and confidentiality in managing the cases. Due to the restrictions in providing permission to
collect information for their privacy policy, some of the offices could not cooperate due to the time
constraint. The research had some difficulties while obtaining permission for conducting even the
pilot study in their departments.
The primary data are collected only from the cases registered. The cases registered again in specific
in Tamil Nadu. The published sources of information and mimeo are the other major sources of data
collection.
Empirical methodology of study
Empirical research is a way of gaining knowledge by means of direct and indirect observation or
experience. Empirical evidence (the record of one's direct observations or experiences) can be
analyzed quantitatively or qualitatively. Through quantifying the evidence or making sense of it in
qualitative form, a researcher can answer empirical questions, which should be clearly defined and
answerable with the evidence collected. Research is based on observed and measured phenomena. It
reports research based on actual observations or experiments using quantitative
research methods and it may generate numerical data between two or more variables.
Methodology of research
The research was done using the Empirical methodology for the study. This type of research requires
that data be collected. Thus, empirical research is grounded in reality rather than in some abstract
realm. Data may be collected by observation or by experiment. The purpose of empirical research is
to explain the data collected through the development of a model or theory that hypothesizes about
the relationship between the data and relevant variables of the environment. The results of empirical
research should be able to be replicated as adherence to this method implies the use of objective,
reliable and valid research methodology and criteria.
It is more of a fact finding study based on data. In this research, the primary data of the cases
registered in the cyber crime wing from 2003-2011 are relied upon. Besides, Autopsy of the cases
(closed) also become supplementary method of research followed in the present work.

Sampling and design

One of the best ways to achieve unbiased results in a study is through random sampling. Random
sampling includes choosing subjects from a population through unpredictable means. In its simplest
form, subjects all have an equal chance of being selected out of the population being researched. In
random sampling, three methods are most common when conducting surveys. Random number
tables, more recently known as random number generators, tell researchers to select subjects at an
interval generated randomly. Mathematical algorithms for pseudo-random number generators may
also be used. Another method used is physical randomization devices, which could be as simple as a
deck of playing cards.
Radom sampling method was used to collect the data from the cases registered in the cyber crime
wing of Tamil Nadu. The registered cases from 2003- 2011 was considered for the research.

Post-facto design for Autopsy is administered to find out the sequential pattern. Post-facto design
has two main types: Prospective and Retrospective designs: find naturally occurring groups (thus,
"after the fact") and follow them forward (prospective) or trace their histories (retrospective).
It is not practically possible to collect the primary data from all the virtually accused. This has been
taken to have an in-depth study, attempting to cover any type of cyber crimes like source code
tampering, bomb threat SMS, copy rights and so on. However attempt is made to justify the design
made in this research. From this, generalization can be made by extending the findings from one to
many, from typical of universal, and from microcosm to macrocosm.
Tools of data collection
The primary data was collected by using the Questionnaire-cum-schedule method. The tool for the
data collection was constructed by the researcher which was pre tested by a pilot study. The tool was
standardized by deleting the insignificant questions and after the validation the Tool was used for
this research. As there is no standard tool available for this type of research constructed the tool
based on the review of related literature and the objectives of the study.
The instruments used during the study included a web-based survey, telephone interviews, e-mail
statements, face-to-face interviews, case studies and questionnaires.
The pilot study conducted had a number of variables to get an in-depth measurement on the research
study. The pilot study was administered in the target place by getting permission from the cyber
crime cell. But it has been conducted for 6 months without giving prior notice to the cyber criminals
so that the results are casual and true. The purpose of the study and the confidentiality of the data are
assured to the concerned.
DATA ANALYSIS
The cyber crime wing of the city police has been seeing a steady increase over the years in the
number of such complaints. Till November 2009, the cyber crime wing received 920 complaints
compared to a mere 35 in 2003. In 2005, the cyber crime wing had got 173 complaints, of which
they registered 28 cases. Subsequently, this number doubled to 350 in 2006, of which 17 cases were
booked. In 2007, the number of complaints further doubled to 702 and the cyber crime branch
booked 22 cases. In 2008, the crime branch got 852 complaints and registered 31 cases. In 2010,
while the complaints had shot up to 1269, 47 cases had been registered. It’s the highest since the
wing was formed. Below are tables listing number of cases year wise.
Jaishankar K, (Ed.) (2011), ‘Cyber Criminology: Exploring Internet Crimes and Criminal behavior’,
Boca Raton, FL, USA: CRC Press, Taylor and Francis Group
http://cybercrimeindia.org/
 CYBERCRIMES IN INDIA

Just in the last decade, the invasion of the digital world has changed the way we carry out our day-
to-day activities. This is no exception in India, the largest market for internet users after china.
The estimated 370 million India users make up about 30 percent of the country’s population. With
the global accessibility and connectivity that comes with a few pushes and swipes, it is also
important to be aware of the dangers it can bring. In China alone, 66 billion U.S. dollars-worth of
consumer loss was experienced because of cybercrime. It is a global problem that is increasingly
causing a variety of problems, from the micro to the macro levels.

India’s rapid and uncontrolled digitization combined with a young digital population and an
inadequate response mechanism make cyber-attacks easy to carry out. Frauds involving theft of
small amounts of money, social media bullying, lottery scams and sexual harassment are some of the
motives behind attacks. These made up more than 11,500 reported incidents across the country
in 2015. With increasing dependence on the use of digital files, data breaches have been making
headlines in recent years worldwide constantly. India is no exception, the most recent incident
involving the Aadhaar system which got hacked and comprised the personal information and
biometrics of over one billion Indians in January 2018. The implication of this software hack caused
concerns for national security, because this national database of IDs was supposed to have been
mandatory, from using mobile phones to accessing bank accounts. As for Indian businesses, they
seem to understand the risks of unprotected digital data. Business leaders believe in the allocation of
cyber budgets mainly to prevent this situation, in order to avoid the consequences of an attack. A
2018 survey of parents indicated a 63 percent awareness of online bullying among Indians. A
large share of people in the country agree that the responsibility for intolerant behaviour in the online
space lies with both the user as well as the social media platform; and most also believe that cyber-
bullying cannot be dealt with existing laws but need special attention

A lack of awareness among the population causes many cyber incidents to be left unreported.
In cases where it is reported, the infrastructure and process to tackle the crime is often inefficient. In
the IT capital of the country, Bangalore, one police officer was reported to handle as many as five
thousand investigations, most involving password theft. On the bright side, police departments
across the country use social media campaigns to increasing awareness among citizens; and the
presence of cyber cells in different cities increasing along with training their respective personnel,
showing that efforts are being taken in the direction of a safe digital space.
 CRIME STATISTICS

In October 2019, India’s National Crime records Bureau (NCRB) released crime statistics for the
year 2017. For the sake of appropriate comparison, the NCRB has provided crime rates in terms of
crime per lakh population. Furthermore, the Bureau has bifurcated data on crime such as Murder,
Kidnapping and Abduction, Crimes Against Women, Children, Senior Citizens, Economic Offences
and Cyber-Crimes. Bureau provides data in two sets-one on the states and one on the 19 largest
‘Metropolitan Cities’ exceeding two Million Population. The data in actuality, is on Urban
Agglomerations, and hence Kozhikode, Coimbatore, Kochi, Ghaziabad and Patna are included in the
data set. These cities are smaller than two million but cross that mark as urban agglomerations (UA).

In terms of IPC crimes, Delhi’s rate of 1,306(per lakh population) far exceeds any other UA. Kochi,
Patna, Jaipur and Lucknow follow with crime rates of 809, 751,683, and 600. The lowest crime rates
with regards to IPC crimes are in Kolkata (141), Coimbatore (144), Hyderabad (187), Mumbai (212)
and Chennai (221). The northern UAs in terms of IPC crime rates are about two times higher than
southern UAs. In terms of Fatal attacks that have resulted in deaths, Patna tops the list with crime
rate of (9) murder per lakh population. The lowest crime rates for murder are reported in Kozhikode
of (1) murder per lakh population. In Kidnappings and Abductions Delhi tops the crime rate chart for
(32) and the lowest rate is (3) recorded in Coimbatore. Regards to Crime Against Women Lucknow
has the high rate of (179) and Coimbatore has low rate of (7). For Crimes Against Children Delhi
ranks first with crime rate of(35) and lowest rate recorded is below one by Coimbatore. Bengaluru
leads in Cyber-Crime (32), followed by Jaipur (22), Mumbai (7) and Delhi and Kolkata are at the
bottom of the list with crime rates lower than two. An analysis of all the above data reveals that
Delhi, Jaipur, Lucknow, Indore and Patna has the highest average crime rates across crime categories
among top UAs of the country. At the other end are Kozhikode, Coimbatore, Chennai, Kolkata and
Kochi with the lowest average crime rates among top UAs.

It is generally acknowledged that cities have a greater propensity to crime and that megacities have a
higher crime rate than smaller cities. The 1994 Statistical Abstract of the United States, for instance,
found that metropolitan cities had 79 percent more crime than other American cities and 300 percent
more violence than rural areas. Further, New York and Los Angeles, the largest US cities, had crime
rates that were approximately four times higher than other metropolitan areas. The reasons assigned
to this phenomenon of more crime in cities are greater access to wealth, greater anonymity on
account of large-size-cum-high-density and hence lower probability of arrest and the larger urban
ability to attract crime-prone individuals.

The NCRB data confirms the greater proclivity of cities to crime. Thus, the northern UAs have crime
states to which they belong. This is true of IPC Crimes, Murders, Kidnapping and Abduction,
Crimes Against Women, Economic Offences and Cyber-Crimes. For instance, for IPC crimes, Patna,
Jaipur and Lucknow have rates of 751, 693 and 600 while Bihar, Rajasthan and UP have rates of
171,229 and 139 respectively. If we explain this by the reasoning that it is natural for urban areas to
have more crime, then this is not demonstrated by southern UAs. Tamil Nadu, Kerala, Telangana
and Karnataka have IPC crime rates of 221, 144, 235 and 187- all lower than their state averages.
This should lead us to investigate other sets of causes – propensity to criminal behaviour of different
sets of people, migratory populations, quality of policing and policemen per lakh population,
criminal justice system and such others. Establishing the causality of crime in relation to nature of its
settlements is a complex issue. India is still in the midst of urbanization,hence this is a subject
worthy of deep and wide investigation. the results may light up the path of India’s choices with
regard to the pattern of growth for its cities and towns.
 CHANGING FACE OF CRIME

The last year has seen a quantum jump not only in the quantity and quality but also the
very nature of cyber crime activities. According to Naavi, a perceptible trend being observed is
that cyber crimes are moving from 'Personal Victimization' to 'Economic Offences'. SD Mishra,
ACP, IPR and Cyber Cell, Economic Offences Wing, Delhi Police concurs that the cases that are
now coming up are more related to financial frauds. As opposed to obscenity, pornography,
malicious emails that were more prevalent in the past, now credit card frauds, phishing attacks,
online share trading, etc. are becoming more widespread. As Seth points out, initially, when the
Internet boom began, certain crimes were noticeable and cyber stalking was one of the first ones.
"However, with the little offences came the larger ones involving huge money and one has seen
this sudden jump from smaller crimes to financial crimes in the last one year," she adds.
 CYBERSPACE

As the cases of cybercrime grow; there is a growing need to prevent them. Cyberspace
belongs to everyone. ‘Cyberspace’ was first used by the cyberpunk science fiction author William
Gibson, which he later described as an “evocative and essentially meaningless “buzzword”.
Cyberspace is the electronic medium of computer network, in which online communication taken
place and where individuals can interact, exchange ideas, share information, provide social support,
conduct business, direct actions, create artistic media, play games, engage in political discussion, and
so on.

Cyberspace is the “place” where a telephone conversation appears to occur. Not inside
your actual phone, the plastic device on your desk. Not inside the other person’s phone, in some
other city. The place between the phone’s in the past twenty years, this electrical “space”, which was
once thin and dark and one dimensional -little more than a narrow speaking -tube, stretching from
phone to phone has flung itself open like a gigantic jack-in-the-box. Light has flooded upon it, the
eerie light of the glowing computer screen. This dark eclectic netherworld has become a vast
flowering, electronic landscape. Since the 1960s, the words of the telephone has cross-bred itself
with computers and television, and though there is still no substance to cyberspace, nothing you can
handle, it has a strange kind of physicality now. It makes good sense today to talk of cyberspace as a
place all its own.

Electricity was first harnessed in 1831, but it was not until 1882 that first power station
was built in 1882. Then it took another 50 years before reaching 80 percent in United States. Radio
took 38 years to be used by 50 million people. Took 16 years to reach 50 million people. However,
the internet took only 4 years to have 50 million people online; thus, increasing the horizon of
cyberspace.
 TYPES OF CYBER CRIME

1. Theft of Telecommunications Services

The "phone phreakers" of three decades ago set a precedent for what has become a major
criminal industry. By gaining access to an organization’s telephone switchboard (PBX)
individuals or criminal organizations can obtain access to dial-in/dial-out circuits and then make
their own calls or sell call time to third parties (Gold 1999). Offenders may gain access to the
switchboard by impersonating a technician, by fraudulently obtaining an employee's access
code, or by using software available on the internet. Some sophisticated offenders loop between
PBX systems to evade detection. Additional forms of service theft include capturing "calling
card" details and on-selling calls charged to the calling card account, and counterfeiting or illicit
reprogramming of stored value telephone cards.

It has been suggested that as long ago as 1990, security failures at one major
telecommunications carrier cost approximately £290 million, and that more recently, up to 5% of
total industry turnover has been lost to fraud (Schieck 1995: 2-5). Costs to individual subscribers
can also be significant in one case; computer hackers in the United States illegally obtained
access to Scotland Yard's telephone network and made £620,000 worth of international calls for
which Scotland Yard was responsible (Tendler and Nuttall 1996).

2. Communications in Furtherance of Criminal Conspiracies

Just as legitimate organizations in the private and public sectors rely upon information
systems for communications and record keeping, so too are the activities of criminal
organizations enhanced by technology.

There is evidence of telecommunications equipment being used to facilitate organized

drug trafficking, gambling, prostitution, money laundering, child pornography and trade in
weapons (in those jurisdictions where such activities are illegal). The use of encryption
technology may place criminal communications beyond the reach of law enforcement.

The use of computer networks to produce and distribute child pornography has become
the subject of increasing attention. Today, these materials can be imported across national
borders at the speed of light. The more overt manifestations of internet child pornography entail
a modest degree of organization, as required by the infrastructure of IRC and WWW, but the
activity appears largely confined to individuals.

By contrast, some of the less publicly visible traffic in child pornography activity appears
to entail a greater degree of organization. Although knowledge is confined to that conduct which
has been the target of successful police investigation, there appear to have been a number of
networks which extend cross-nationally, use sophisticated technologies of concealment, and
entail a significant degree of coordination.

Illustrative of such activity was the Wonderland Club, an international network with
members in at least 14 nations ranging from Europe, to North America, to Australia. Access to
the group was password protected, and content was encrypted. Police investigation of the
activity, codenamed "Operation Cathedral" resulted in approximately 100 arrests around the
world, and the seizure of over 100,000 images in September, 1998.

3. Telecommunications Piracy

Digital technology permits perfect reproduction and easy dissemination of print,

graphics, sound, and multimedia combinations. The temptation to reproduce copyrighted
material for personal use, for sale at a lower price, or indeed, for free distribution, has proven
irresistible to many.

This has caused considerable concern to owners of copyrighted material. Each year, it
has been estimated that losses of between US$15 and US$17 billion are sustained by industry by
reason of copyright infringement (United States, Information Infrastructure Task Force 1995,
131).

The Software Publishers Association has estimated that $7.4 billion worth of software
was lost to piracy in 1993 with $2 billion of that being stolen from the Internet (Meyer and
Underwood 1994).

Ryan (1998) puts the cost of foreign piracy to American industry at more than $10
billion in 1996, including $1.8 billion in the film industry, $1.2 billion in music, $3.8 billion in
business application software, and $690 million in book publishing.
 According to the Straits Times (8/11/99) A copy of the most recent James Bond Film
The World is Not Enough, was available free on the internet before its official release.

When creators of a work, in whatever medium, are unable to profit from their creations,
there can be a chilling effect on creative effort generally, in addition to financial loss.

4. Dissemination of Offensive Materials

Content considered by some to be objectionable exists in abundance in cyberspace. This

includes, among much else, sexually explicit materials, racist propaganda, and instructions for
the fabrication of incendiary and explosive devices. Telecommunications systems can also be
used for harassing, threatening or intrusive communications, from the traditional obscene
telephone call to its contemporary manifestation in "cyber-stalking", in which persistent
messages are sent to an unwilling recipient.

One man allegedly stole nude photographs of his former girlfriend and her new
boyfriend and posted them on the Internet, along with her name, address and telephone number.
The unfortunate couple, residents of Kenosha, Wisconsin, received phone calls and e-mails from
strangers as far away as Denmark who said they had seen the photos on the Internet.
Investigations also revealed that the suspect was maintaining records about the woman's
movements and compiling information about her family (Spice and Sink 1999).

In another case a rejected suitor posted invitations on the Internet under the name of a 28-
year-old woman, the would-be object of his affections that said that she had fantasies of rape and
gang rape. He then communicated via email with men who replied to the solicitations and gave
out personal information about the woman, including her address, phone number, details of her
physical appearance and how to bypass her home security system. Strange men turned up at her
home on six different occasions and she received many obscene phone calls. While the woman
was not physically assaulted, she would not answer the phone, was afraid to leave her home, and
lost her job (Miller 1999; Miller and Maharaj 1999).

One former university student in California used email to harass 5 female students in
1998. He bought information on the Internet about the women using a professor's credit card and
then sent 100 messages including death threats, graphic sexual descriptions and references to
their daily activities. He apparently made the threats in response to perceived teasing about his
appearance (Associated Press 1999a).

Computer networks may also be used in furtherance of extortion. The Sunday Times
(London) reported in 1996 that over 40 financial institutions in Britain and the United States had
been attacked electronically over the previous three years. In England, financial institutions were
reported to have paid significant amounts to sophisticated computer criminals who threatened to
wipe out computer systems. (The Sunday Times, June 2, 1996). The article cited four incidents
between 1993 and 1995 in which a total of 42.5 million Pounds Sterling were paid by senior
executives of the organizations concerned, who were convinced of the extortionists' capacity to
crash their computer systems (Denning 1999 233-4).

5. Electronic Money Laundering and Tax Evasion

For some time now, electronic funds transfers have assisted in concealing and in moving
the proceeds of crime. Emerging technologies will greatly assist in concealing the origin of ill-
gotten gains. Legitimately derived income may also be more easily concealed from taxation
authorities. Large financial institutions will no longer be the only ones with the ability to achieve
electronic funds transfers transiting numerous jurisdictions at the speed of light. The
development of informal banking institutions and parallel banking systems may permit central
bank supervision to be bypassed, but can also facilitate the evasion of cash transaction reporting
requirements in those nations which have them. Traditional underground banks, which have
flourished in Asian countries for centuries, will enjoy even greater capacity through the use of
telecommunications.

With the emergence and proliferation of various technologies of electronic commerce,

one can easily envisage how traditional countermeasures against money laundering and tax
evasion may soon be of limited value. I may soon be able to sell you a quantity of heroin, in
return for an untraceable transfer of stored value to my "smart-card", which I then download
anonymously to my account in a financial institution situated in an overseas jurisdiction which
protects the privacy of banking clients. I can discreetly draw upon these funds as and when I
may require, downloading them back to my stored value card (Wahlert 1996).
6. Electronic Vandalism, Terrorism and Extortion

As never before, western industrial society is dependent upon complex data processing
and telecommunications systems. Damage to, or interference with, any of these systems can lead
to catastrophic consequences. Whether motivated by curiosity or vindictiveness electronic
intruders cause inconvenience at best, and have the potential for inflicting massive harm While
this potential has yet to be realised, a number of individuals and protest groups have hacked the
official web pages of various governmental and commercial organizations for e.g.:(Rathmell
1997). http://www.2600.com/hacked_pages/ (visited 4 January 2000). This may also operate in
reverse: early in 1999 an organized hacking incident was apparently directed at a server which
hosted the Internet domain for East Timor, which at the time was seeking its independence from
Indonesia (Creed 1999).

Defence planners around the world are investing substantially in information warfare -
means of disrupting the information technology infrastructure of defence systems (Stix 1995).
Attempts were made to disrupt the computer systems of the Sri Lankan Government (Associated
Press 1998), and of the North Atlantic Treaty Organization during the 1999 bombing of Belgrade
(BBC 1999). One case, which illustrates the transnational reach of extortionists, involved a
number of German hackers who compromised the system of an Internet service provider in
South Florida, disabling eight of the ISPs ten servers. The offenders obtained personal
information and credit card details of 10,000 subscribers, and, communicating via electronic
mail through one of the compromised accounts, demanded that US$30,000 be delivered to a mail
drop in Germany. Co-operation between US and German authorities resulted in the arrest of the
extortionists (Bauer 1998).

More recently, an extortionist in Eastern Europe obtained the credit card details of
customers of a North American based on-line music retailer, and published some on the Internet
when the retailer refused to comply with his demands (Markoff 2000).

7. Sales and Investment Fraud

As electronic commerce becomes more prevalent, the application of digital technology to

fraudulent endeavours will be that much greater. The use of the telephone for fraudulent sales
pitches, deceptive charitable solicitations, or bogus investment overtures is increasingly
common. Cyberspace now abounds with a wide variety of investment opportunities, from
traditional securities such as stocks and bonds, to more exotic opportunities such as coconut
farming, the sale and leaseback of automatic teller machines, and worldwide telephone lotteries
(Cella and Stark 1997 837-844). Indeed, the digital age has been accompanied by unprecedented
opportunities for misinformation. Fraudsters now enjoy direct access to millions of prospective
victims around the world, instantaneously and at minimal cost.

Classic pyramid schemes and "Exciting, Low-Risk Investment Opportunities" are not
uncommon. The technology of the World Wide Web is ideally suited to investment solicitations.
In the words of two SEC staff "At very little cost, and from the privacy of a basement office or
living room, the fraudster can produce a home page that looks better and more sophisticated than
that of a Fortune 500 company" (Cella and Stark 1997, 822).

8. Illegal Interception of Telecommunications

Developments in telecommunications provide new opportunities for electronic

eavesdropping. From activities as time-honoured as surveillance of an unfaithful spouse, to the
newest forms of political and industrial espionage, telecommunications interception has increasing
applications. Here again, technological developments create new vulnerabilities. The
electromagnetic signals emitted by a computer may themselves be intercepted. Cables may act as
broadcast antennas. Existing law does not prevent the remote monitoring of computer radiation.

It has been reported that the notorious American hacker Kevin Poulsen was able to gain
access to law enforcement and national security wiretap data prior to his arrest in 1991 (Littman
1997). In 1995, hackers employed by a criminal organization attacked the communications
system of the Amsterdam Police. The hackers succeeded in gaining police operational
intelligence, and in disrupting police communications (Rathmell 1997).

9. Electronic Funds Transfer Fraud

Electronic funds transfer systems have begun to proliferate, and so has the risk that such
transactions may be intercepted and diverted. Valid credit card numbers can be intercepted
electronically, as well as physically; the digital information stored on a card can be
counterfeited.

Of course, we don't need Willie Sutton to remind us that banks are where they keep the
money. In 1994, a Russian hacker Vladimir Levin, operating from St Petersburg, accessed the
computers of Citibank's central wire transfer department, and transferred funds from large
corporate accounts to other accounts which had been opened by his accomplices in The United
States, the Netherlands, Finland, Germany, and Israel. Officials from one of the corporate
victims, located in Argentina, notified the bank, and the suspect accounts, located in San
Francisco, were frozen. The accomplice was arrested. Another accomplice was caught
attempting to withdraw funds from an account in Rotterdam. Although Russian law precluded
Levin's extradition, he was arrested during a visit to the United States and subsequently
imprisoned. (Denning 1999, 55).

The above forms of computer-related crime are not necessarily mutually exclusive, and
need not occur in isolation. Just as an armed robber might steal an automobile to facilitate a
quick getaway, so too can one steal telecommunications services and use them for purposes of
vandalism, fraud, or in furtherance of a criminal conspiracy.1 Computer-related crime may be
compound in nature, combining two or more of the generic forms outlined above.
 OTHER TYPES OF CYBER CRIME

1. HACKING

Hacking in simple terms means an illegal intrusion into a computer system and/or
network. There is an equivalent term to hacking i.e. cracking, but from Indian Laws perspective
there is no difference between the term hacking and cracking. Every act committed towards
breaking into a computer and/or network is hacking. Hackers write or use ready-made computer
programs to attack the target computer. They possess the desire to destruct and they get the kick
out of such destruction. Some hackers hack for personal monetary gains, such as to stealing the
credit card information, transferring money from various bank accounts to their own account
followed by withdrawal of money. They extort money from some corporate giant threatening
him to publish the stolen information which is critical in nature.

Government websites are the hot targets of the hackers due to the press coverage, it
receives. Hackers enjoy the media coverage.

Motive Behind The Crime

a. Greed

b. Power

c. Publicity

d. Revenge
 e. Adventure

f. Desire to access forbidden information

g. Destructive mindset

h. Wants to sell n/w security services

2. Child Pornography

The Internet is being highly used by its abusers to reach and abuse children sexually,
worldwide. The internet is very fast becoming a household commodity in India. Its explosion
has made the children a viable victim to the cyber crime. As more homes have access to internet,
more children would be using the internet and more are the chances of falling victim to the
aggression of pedophiles.

The easy access to the pornographic contents readily and freely available over the
internet lower the inhibitions of the children. Pedophiles lure the children by distributing
pornographic material, and then they try to meet them for sex or to take their nude photographs
including their engagement in sexual positions. Sometimes Pedophiles contact children in the
chat rooms posing as teenagers or a child of similar age, then they start becoming friendlier with
them and win their confidence. Then slowly pedophiles start sexual chat to help children shed
their inhibitions about sex and then call them out for personal interaction. Then starts actual
exploitation of the children by offering them some money or falsely promising them good
opportunities in life. The pedophiles then sexually exploit the children either by using them as
sexual objects or by taking their pornographic pictures in order to sell those over the internet.

In physical world, parents know the face of dangers and they know how to avoid & face
the problems by following simple rules and accordingly they advice their children to keep away
from dangerous things and ways. But in case of cyber world, most of the parents do not
themselves know about the basics in internet and dangers posed by various services offered over
the internet. Hence the children are left unprotected in the cyber world. Pedophiles take
advantage of this situation and lure the children, who are not advised by their parents or by their
teachers about what is wrong and what is right for them while browsing the internet.

How Do They Operate

a. Pedophiles use false identity to trap the children/teenagers.

b. Pedophiles contact children/teens in various chat rooms which are used by children/teen
to interact with other children/teen.

c. Befriend the child/teen.

d. Extract personal information from the child/teen by winning his confidence.

e. Gets the e-mail address of the child/teen and starts making contacts on the victim e-mail

address as well.

f. Starts sending pornographic images/text to the victim including child pornographic

images in order to help child/teen shed his inhibitions so that a feeling is created in the
mind of the victim that what is being fed to him is normal and that everybody does it.

g. Extract personal information from child/teen.

h. At the end of it, the pedophile set up a meeting with the child/teen out of the house and
then drag him into the net to further sexually assault him or to use him as a sex object.

In order to prevent your child/teen from falling into the trap of pedophile, read the tips under
Tips & Tricks heading.

3. Cyber Stalking

Cyber Stalking can be defined as the repeated acts harassment or threatening behavior of
the cyber criminal towards the victim by using internet services. Stalking in General terms can
be referred to as the repeated acts of harassment targeting the victim such as following the
victim, making harassing phone calls, killing the victims pet, vandalizing victims property,
leaving written messages or objects. Stalking may be followed by serious violent acts such as
physical harm to the victim and the same has to be treated and viewed seriously. It all depends
on the course of conduct of the stalker.

Both kind of Stalkers Online & Offline – have desire to control the victims life. Majority
of the stalkers are the dejected lovers or ex-lovers, who then want to harass the victim because
they failed to satisfy their secret desires. Most of the stalkers are men and victim female.

How Do They Operate

a. Collect all personal information about the victim such as name, family background,
Telephone Numbers of residence and work place, daily routine of the victim, address of
residence and place of work, date of birth etc. If the stalker is one of the acquaintances of
the victim he can easily get this information. If stalker is a stranger to victim, he collects
the information from the internet resources such as various profiles, the victim may have
filled in while opening the chat or e-mail account or while signing an account with some
website.

b. The stalker may post this information on any website related to sex-services or dating
services, posing as if the victim is posting this information and invite the people to call
the victim on her telephone numbers to have sexual services. Stalker even uses very
filthy and obscene language to invite the interested persons.

c. People of all kind from nook and corner of the World, who come across this information,
start calling the victim at her residence and/or work place, asking for sexual services or
relationships.

d. Some stalkers subscribe the e-mail account of the victim to innumerable pornographic
and sex sites, because of which victim starts receiving such kind of unsolicited e-mails.

e. Some stalkers keep on sending repeated e-mails asking for various kinds of favors or
threaten the victim.
 f. In online stalking the stalker can make third party to harass the victim.

g. Follow their victim from board to board. They “hangout” on the same BB’s as their
victim, many times posting notes to the victim, making sure the victim is aware that
he/she is being followed. Many times they will “flame” their victim (becoming
argumentative, insulting) to get their attention.

h. Stalkers will almost always make contact with their victims through email. The letters
may be loving, threatening, or sexually explicit. He will many times use multiple names
when contacting the victim.

i. Contact victim via telephone. If the stalker is able to access the victim’s telephone, he
will many times make calls to the victim to threaten, harass, or intimidate them.

j. Track the victim to his/her home.

Definition of Cyber stalking

Although there is no universally accepted definition of cyber stalking, the term is used in
this report to refer to the use of the Internet, e-mail, or other electronic communications devices
to stalk another person. Stalking generally involves harassing or threatening behavior that an
individual engages in repeatedly, such as following a person, appearing at a person’s home or
place of business, making harassing phone calls, leaving written messages or objects, or
vandalizing a person’s property. Most stalking laws require that the perpetrator make a credible
threat of violence against the victim; others include threats against the victim’s immediate
family; and still others require only that the alleged stalker’s course of conduct constitute an
implied threat. (1) While some conduct involving annoying or menacing behavior might fall
short of illegal stalking, such behavior may be a prelude to stalking and violence and should be
treated seriously.

Nature and Extent of Cyber stalking

 An existing problem aggravated by new technology. Although online harassment and
threats can take many forms, cyber stalking shares important characteristics with offline stalking.
Many stalkers – online or offline – are motivated by a desire to exert control over their victims
and engage in similar types of behavior to accomplish this end. As with offline stalking, the
available evidence (which is largely anecdotal) suggests that the majority of cyber stalkers are
men and the majority of their victims are women, although there have been reported cases of
women cyber stalking men and of same-sex cyber stalking. In many cases, the cyber stalker and
the victim had a prior relationship, and the cyber stalking begins when the victim attempts to
break off the relationship. However, there also have been many instances of cyber stalking by
strangers. Given the enormous amount of personal information available through the Internet, a
cyber stalker can easily locate private information about a potential victim with a few mouse
clicks or key strokes.

The fact that cyber stalking does not involve physical contact may create the
misperception that it is more benign than physical stalking. This is not necessarily true. As the
Internet becomes an ever more integral part of our personal and professional lives, stalkers can
take advantage of the ease of communications as well as increased access to personal
information. In addition, the ease of use and non-confrontational, impersonal, and sometimes
anonymous nature of Internet communications may remove disincentives to cyber stalking. Put
another way, whereas a potential stalker may be unwilling or unable to confront a victim in
person or on the telephone, he or she may have little hesitation sending harassing or threatening
electronic communications to a victim. Finally, as with physical stalking, online harassment and
threats may be a prelude to more serious behavior, including physical violence.

Phishing

In the field of computer security, phishing is the criminally fraudulent process of

attempting to acquire sensitive information such as usernames, passwords and credit card details
by masquerading as a trustworthy entity in an electronic communication. Communications
purporting to be from popular social web sites, auction sites, online payment processors or IT
Administrators are commonly used to lure the unsuspecting public. Phishing is typically carried
out by e-mail or instant messaging, and it often directs users to enter details at a fake website
whose look and feel are almost identical to the legitimate one. Even when using server
authentication, it may require tremendous skill to detect that the website is fake. Phishing is an
example of social engineering techniques used to fool users, and exploits the poor usability of
current web security technologies. Attempts to deal with the growing number of reported
phishing incidents include legislation, user training, public awareness, and technical security
measures.

Phishing, also referred to as brand spoofing or carding, is a variation on "fishing," the

idea being that bait is thrown out with the hopes that while most will ignore the bait, some will
be tempted into biting.

A phishing technique was described in detail in 1987, and the first recorded use of the
term "phishing" was made in 1996.

Phishing email
From: *****Bank [mailto:support@****Bank.com]
Sent: 08 June 2004 03:25
To: India
Subject: Official information from ***** Bank
Dear valued ***** Bank Customer!
For security purposes your account has been randomly chosen for verification. To verify
your account information we are asking you to provide us with all the data we are
requesting. Otherwise we will not be able to verify your identity and access to your
account will be denied. Please click on the link below to get to the bank secure
page and verify your account details. Thank you.
https://infinity.*****bank.co.in/Verify.jsp
 ****** Bank Limited

Spam

Spam is a generic term used to describe electronic 'junk mail' or unwanted messages sent
to your email account or mobile phone. These messages vary, but are essentially commercial and
often annoying in their sheer volume. They may try to persuade you to buy a product or service,
or visit a website where you can make purchases; or they may attempt to trick you into divulging
your bank account or credit card details.

More information about spam is available from the Australian Communications and
Media Authority (ACMA website).

Scams

The power of the Internet and email communication has made it all too easy for email
scams to flourish. These schemes often arrive uninvited by email. Many are related to the well-
documented Nigerian Scam or Lotto Scams and use similar tactics in one form or another.

While the actual amount of money lost by businesses and the community is unknown, the
number of people claiming to have been defrauded by these scams is relatively low.

More information about scams is available from the Australian Competition and
Consumer Commission (ACCC) SCAM watch website and the Australian Securities and
Investments Commission FIDO website.

Spyware

Spyware is generally considered to be software that is secretly installed on a computer

and takes things from it without the permission or knowledge of the user. Spyware may take
personal information, business information, bandwidth; or processing capacity and secretly gives
it to someone else. It is recognized as a growing problem.

More information about taking care of spyware is available from the Department of
Broadband, Communication, and the Digital Economy (DBCDE) website.
 4. Denial Of Service Attack

This is an act by the criminal, who floods the bandwidth of the victim’s network or fills
his email box with spam mail depriving him of the services he is entitled to access or provide.

5. Virus Dissemination

Malicious software that attaches itself to other software. (Virus,, worms,, Trojan Horse,,
Time bomb,, Logic Bomb,, Rabbit and Bacterium are the malicious software’s).

6. Software Piracy

Theft of software through the illegal copying of genuine programs or the counterfeiting
and distribution of products intended to pass for the original.

Retail revenue losses worldwide are ever increasing due to this crime.

It can be done in various ways- End user copying, Hard disk loading,, Counterfeiting,,
Illegal downloads from the internet etc

7. Spoofing

Getting one computer on a network to pretend to have the identity of another computer,
usually one with special access privileges, so as to obtain access to the other computers on the
network..

8. Net Extortion

Copying the company’s confidential data in order to extort said company for huge
amount.

9. SALAMI ATTACK

In such crime criminal makes insignificant changes in such a manner that such changes
would go unnoticed. Criminal makes such program that deducts small amount like Rs. 2.50 per
month from the account of all the customer of the Bank and deposit the same in his account. In
this case no account holder will approach the bank for such small amount but criminal gains
huge amount.

10.SALE OF NARCOTICS

• Sale & Purchase through net.

• There are web sites which offer sale and shipment off contrabands drugs.

• They may use the techniques off stenography for hiding the messages.
 CLASSIFICATION OF CYBER CRIME

Mr. Pavan Duggal, who is the President of cyber laws, net and consultant, in a report has clearly
defined the various categories and types of cybercrimes.
Cybercrimes can be basically divided into 3 major categories:

1. Cybercrimes Against Persons

Cybercrimes committed against persons include various crimes like transmission of
child-pornography, harassment of any one with the use of a computer such as e-mail. The
trafficking, distribution, posting, and dissemination of obscene material including pornography
and indecent exposure, constitutes one of the most important Cybercrimes known today. The
potential harm of such a crime to humanity can hardly be amplified. This is one Cybercrime
which threatens to undermine the growth of the younger generation as also leave irreparable
scars and injury on the younger generation, if not controlled.

A minor girl in Ahmadabad was lured to a private place through cyber chat by a man,
who, along with his friends, attempted to gang-rape her. As some passersby heard her cry, she
was rescued.

Another example wherein the damage was not done to a person but to the masses is the
case of the Melissa virus. The Melissa virus first appeared on the internet in March of 1999. It
spread rapidly throughout computer systems in the United States and Europe. It is estimated that
the virus caused 80 million dollars in damages to computers worldwide.
 In the United States alone, the virus made its way through 1.2 million computers in one-
fifth of the country's largest businesses. David Smith pleaded guilty on Dec. 9, 1999 to state and
federal charges associated with his creation of the Melissa virus. There are numerous examples
of such computer viruses few of them being "Melissa" and "love bug".

2. Cybercrimes Against Property

The second category of Cybercrimes is that of Cybercrimes against all forms of property.
These crimes include computer vandalism (destruction of others' property), transmission of
harmful programmes.

A Mumbai-based upstart engineering company lost a say and much money in the
business when the rival company, an industry major, stole the technical database from their
computers with the help of a corporate cyber spy.

3. Cybercrimes Against Government

The third category of Cybercrimes relate to Cybercrimes against Government. Cyber

terrorism is one distinct kind of crime in this category. The growth of internet has shown that the
medium of Cyberspace is being used by individuals and groups to threaten the international
governments as also to terrorize the citizens of a country. This crime manifests itself into
terrorism when an individual "cracks" into a government or military maintained website.

The Parliament of India passed its first Cyber law, the Information Technology Act in
2000. It not only provides the legal infrastructure for E-commerce in India but also at the same
time, gives draconian powers to the Police to enter and search, without any warrant, any public
place for the purpose of nabbing cybercriminals and preventing cybercrime. Also, the Indian
Cyber law talks of the arrest of any person who is about to commit a cybercrime.

The Act defines five cybercrimes damage to computer source code, hacking, publishing
electronic information which is lascivious or prurient, breach of confidentiality and publishing
false digital signatures. The Act also specifies that cybercrimes can only be investigated by an
official holding no less a rank than that of Dy. Superintendent of Police (Dy.SP).
 It is common that many systems operators do not share information when they are
victimized by crackers. They don't contact law enforcement officers when their computer
systems are invaded, preferring instead to fix the damage and take action to keep crackers from
gaining access again with as little public attention as possible.

According to Sundari Nanda, SP, CBI, "most of the times the victims do not complain,
may be because they are aware of the extent of the crime committed against them, or as in the
case of business houses, they don't want to confess their system is not secure".

As the research shows, computer crime poses a real threat. Those who believe otherwise
simply have not been awakened by the massive losses and setbacks experienced by companies
worldwide. Money and intellectual property have been stolen, corporate operations impeded,
and jobs lost as a result of computer crime.

Similarly, information systems in government and business alike have been

compromised. The economic impact of computer crime is staggering (great difficulty).
 REASONS FOR CYBER CRIME

Hart in his work “The Concept of Law” has said ‘human beings are vulnerable so rule of
law is required to protect them’. Applying this to the cyberspace we may say that computers are
vulnerable (capable of attack) so rule of law is required to protect and safeguard them against
cyber crime. The reasons for the vulnerability of computers may be said to be:

1. Capacity To Store Data In Comparatively Small Space-

The computer has unique characteristic of storing data in a very small space. This
affords to remove or derive information either through physical or virtual medium makes it
much easier.

2. Easy To Access

The problem encountered in guarding a computer system from unauthorised access is

that there is every possibility of breach not due to human error but due to the complex
technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced
voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be
utilized to get past many a security system.
 3. Complex

The computers work on operating systems and these operating systems in turn are
composed of millions of codes. Human mind is fallible and it is not possible that there might not
be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into
the computer system.

4. Negligence

Negligence is very closely connected with human conduct. It is therefore very probable
that while protecting the computer system there might be any negligence, which in turn provides
a cyber criminal to gain access and control over the computer system.

5. Loss Of Evidence

Loss of evidence is a very common & obvious problem as all the data are routinely
destroyed.
Further collection of data outside the territorial extent also paralyses this system of crime
investigation.
 CYBER CRIMINALS

The cyber criminals constitute of various groups/ category. This division may be justified on the
basis of the object that they have in their mind. The following are the category of cyber criminals-

1. Children And Adolescents Between The Age Group Of 6 – 18 Years

The simple reason for this type of delinquent (A young offender) behaviour pattern in children is
seen mostly due to the inquisitiveness to know and explore the things. Other cognate reason may be to
prove themselves to be outstanding amongst other children in their group. Further the reasons may be
psychological even. E.g. the Bal Bharati (Delhi) case was the outcome of harassment of the delinquent by
his friends.

2. Organised Hackers

These kinds of hackers are mostly organised together to fulfil certain objective. The reason may
be to fulfil their political bias, fundamentalism, etc. The Pakistanis are said to be one of the best quality
hackers in the world. They mainly target the Indian government sites with the purpose to fulfil their
political objectives. Further the NASA as well as the Microsoft sites is always under attack by the hackers.

3. Professional Hackers / Crackers

Their work is motivated by the colour of money. These kinds of hackers are mostly employed to
hack the site of the rivals and get credible, reliable and valuable information. Further they are even
employed to crack the system of the employer basically as a measure to make it safer by detecting the
loopholes.

4. Discontented Employees

This group include those people who have been either sacked by their employer or are
dissatisfied with their employer. To avenge they normally hack the system of their employee.
 MODE AND MANNER OF COMMITING CYBER CRIME

1. Unauthorized Access To Computer Systems Or Networks

/ Hacking

This kind of offence is normally referred as hacking in the generic sense. However the framers of
the Information Technology Act 2000 have no where used this term so to avoid any confusion we would
not interchangeably use the word hacking for ‘unauthorized access’ as the latter has wide connotation.

2. Theft Of Information Contained In Electronic Form

This includes information stored in computer hard disks, removable storage media etc. Theft may
be either by appropriating the data physically or by tampering them through the virtual medium.

3. Email Bombing

This kind of activity refers to sending large numbers of mail to the victim, which may be an
individual or a company or even mail servers there by ultimately resulting into crashing.

4. Data Diddling

This kind of an attack involves altering raw data just before a computer processes it and then
changing it back after the processing is completed. The electricity board faced similar problem of data
diddling while the department was being computerised.

5. Salami Attacks

This kind of crime is normally prevalent in the financial institutions or for the purpose of
committing financial crimes. An important feature of this type of offence is that the alteration is so small
that it would normally go unnoticed. E.g. the Ziegler case wherein a logic bomb was introduced in the
bank’s system, which deducted 10 cents from every account and deposited it in a particular account.
 6. Denial Of Service Attack-

The computer of the victim is flooded with more requests than it can handle which cause it to
crash. Distributed Denial of Service (DDS) attack is also a type of denial of service attack, in which the
offenders are wide in number and widespread. E.g. Amazon, Yahoo.

7. Virus / Worm Attacks

Viruses are programs that attach themselves to a computer or a file and then circulate themselves
to other files and to other computers on a network. They usually affect the data on a computer, either by
altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely
make functional copies of themselves and do this repeatedly till they eat up all the available space on a
computer's memory. E.g. love bug virus, which affected at least 5 % of the computers of the globe. The
losses were accounted to be $ 10 million. The world's most famous worm was the Internet worm let loose
on the Internet by Robert Morris sometime in 1988. Almost brought development of Internet to a
complete halt.

8. Logic Bombs

These are event dependent programs. This implies that these programs are created to do
something only when a certain event (known as a trigger event) occurs. E.g. even some viruses may be
termed logic bombs because they lie dormant all through the year and become active only on a particular
date (like the Chernobyl virus).

9. Trojan Attacks

This term has its origin in the word ‘Trojan horse’. In software field this means an unauthorized
programme, which passively gains control over another’s system by representing itself as an authorised
programme. The most common form of installing a Trojan is through e-mail. E.g. a Trojan was installed
in the computer of a lady film director in the U.S. while chatting. The cyber criminal through the web
cam installed in the computer obtained her nude photographs. He further harassed this lady.
 10. Internet Time Thefts

Normally in these kinds of thefts the Internet surfing hours of the victim are used up by another
person. This is done by gaining access to the login ID and the password. E.g. Colonel Bajwa’s case- the
Internet hours were used up by any other person. This was perhaps one of the first reported cases related
to cyber crime in India. However this case made the police infamous as to their lack of understanding of
the nature of cyber crime.

11. Web Jacking

This term is derived from the term hi jacking. In these kinds of offences the hacker gains access
and control over the web site of another. He may even mutilate or change the information on the site.
This may be done for fulfilling political objectives or for money. E.g. recently the site of MIT (Ministry
of Information Technology) was hacked by the Pakistani hackers and some obscene matter was placed
therein. Further the site of Bombay crime branch was also web jacked. Another case of web jacking is
that of the ‘gold fish’ case. In this case the site was hacked and the information pertaining to gold fish
was changed. Further a ransom of US $ 1 million was demanded as ransom. Thus web jacking is a
process where by control over the site of another is made backed by some consideration for it.
 BANKING SECTOR

The Banking Industry was once a simple and reliable business that took deposits from
investors at a lower interest rate and loaned it out to borrowers at a higher rate.

However deregulation and technology led to a revolution in the Banking Industry that
saw it transformed. Banks have become global industrial powerhouses that have created ever
more complex products that use risk. Through technology development, banking services have
become available 24 hours a day, 365 days a week, through ATMs, at online banking, and in
electronically enabled exchanges where everything from stocks to currency futures contracts can
be traded.

The Banking Industry at its core provides access to credit. In the lenders case, this
includes access to their own savings and investments, and interest payments on those amounts.
In the case of borrowers, it includes access to loans for the creditworthy, at a competitive interest
rate.

Banking services include transactional services, such as verification of account details,

account balance details and the transfer of funds, as well as advisory services that help
individuals and institutions to properly plan and manage their finances. Online banking channels
have become a key in the last 10 years.
 The collapse of the Banking Industry in the Financial Crisis, however, means that some
of the more extreme risk-taking and complex securitization activities that banks increasingly
engaged in since 2000 will be limited and carefully watched, to ensure that there is not another
banking system meltdown in the future.

Banking in India originated in the last decades of the 18th century. The oldest bank in
existence in India is the State Bank of India, a government-owned bank that traces its origins
back to June 1806 and that is the largest commercial bank in the country. Central banking is the
responsibility of the Reserve Bank of India, which in 1935 formally took over these
responsibilities from the then Imperial Bank of India, relegating it to commercial banking
functions. After India's independence in 1947, the Reserve Bank was nationalized and given
broader powers. In 1969 the government nationalized the 14 largest commercial banks; the
government nationalized the six next largest in 1980.

Currently, India has 94 scheduled commercial banks (SCBs) - 27 public sector banks
(that is with the Government of India holding a stake), 22 private banks (these do not have
government stake; they may be publicly listed and traded on stock exchanges) and 45 foreign
banks.
 CYBER CRIME IN BANKING SECTOR

AUTOMATED TELLER MACHINE

The traditional and ancient society was devoid of any monetary instruments and the
entire exchange of goods and merchandise was managed by the “barter system”. The use of
monetary instruments as a unit of exchange replaced the barter system and money in various
denominations was used as the sole purchasing power. The modern contemporary era has
replaced these traditional monetary instruments from a paper and metal based currency to
“plastic money” in the form of credit cards, debit cards, etc. This has resulted in the increasing
use of ATM all over the world. The use of ATM is not only safe but is also convenient. This
safety and convenience, unfortunately, has an evil side as well that do not originate from the use
of plastic money rather by the misuse of the same. This evil side is reflected in the form of
“ATM FRAUDS” that is a global problem. The use of plastic money is increasing day by day
for payment of shopping bills, electricity bills, school fees, phone bills, insurance premium,
travelling bills and even petrol bills. The convenience and safety that credit cards carry with its
use has been instrumental in increasing both credit card volumes and usage. This growth is not
only in positive use of the same but as well as the negative use of the same. The world at large is
struggling to increase the convenience and safety on the one hand and to reduce it misuse on the
other.
 WAYS TO CARD FRAUDS

Some of the popular techniques used to carry out ATM crime are:

1. Through Card Jamming ATM’s card reader is tampered with in order to trap a

customer’s card. Later on the criminal removes the card.

2. Card Skimming, is the illegal way of stealing the card’s security information from the
card’s magnetic stripe.

3. Card Swapping, through this customer’s card is swapped for another card without the
knowledge of cardholder.

4. Website Spoofing, here a new fictitious site is made which looks authentic to the user
and customers are asked to give their card number. PIN and other information, which are
used to reproduce the card for use at an ATM.

5. Physical Attack. ATM machine is physical attacked for removing the cash.

HOW TO USE A CASH MACHINE

Give other users space to enter their personal identity number (PIN) in private.

1. Be aware of your surroundings. If someone is crowding or watching you, cancel the

transaction and go to another machine. Take your card with you.

2. Do not accept help from "well meaning" strangers and never allow yourself to be
distracted.

3. Stand close to the cash machine and always shield the keypad to avoid anyone seeing you
enter your PIN.

4. Stand close to the cash machine and always shield the keypad to avoid anyone seeing you
enter your Pin.
What Precaution Should Be Taken While Leaving Cash Machine

Once you have completed a transaction, discreetly put your money and card away before
leaving the cash machine.

If you lose your card in a cash machine, cancel the card immediately with the card
issuer’s 24-hour emergency line, which can be found on your last bank statement. Do not assume
that your bank automatically knows that the machine has withheld your card. Again, beware of
help offered by "well meaning strangers".

Dispose of your cash machine receipt, mini-statement or balance enquiry slip with care.
Tear up or preferably shred these items before discarding them.

Card Fraud Also Happens In The Home:

Cardholders should also be warned of the risks of verifying bank details at home in
unsolicited telephone conversations. Always call the person back using the advertised customer
telephone number, not the telephone number they may give you.

1. Do Not Click On Hyperlinks Sent To You By Email Asking You To

Confirm Your Bank Details Online:

Hyperlinks are links to web pages that have been sent to you by email and may open a
dummy website designed to steal your personal details. Phone your bank instead on their main
customer number or access your account using the bank's main website address.

Use good antivirus and firewall protection.

NEVER Write Down Your Pin:

People make life very easy for pickpockets if they write down their PIN and keep it in
their purse or wallet. Do not write down your PIN. If you have been given a number that you
find difficult to remember, take your card along to a cash machine and change the number to one
that you will be able to remember without writing it down.
PREVENTION FOR ATM CARDS

Most ATM frauds happen due to the negligence of customers in using, and more
importantly, negligence of banks in educating their customers about the matters that should be
taken care of while at an ATM. The number of ATM frauds in India is more in regard to
negligence of the Personal Identification Number (PIN), than by sophisticated crimes like
skimming. Banks need to develop a fraud policy – the policy should be written and distributed
to all employees, borrowers and depositors.

The most important aspect for reducing ATM related fraud is to educate the customer.
Here is a compiled list of guidelines to help your customer from being an ATM fraud victim:

1. Look for suspicious attachments. Criminals often capture information through ATM
skimming – using devices that steal magnetic strip information. At a glance, the skimmer
looks just like a regular ATM slot, but it‘s an attachment that captures ATM card
numbers. To spot one, the attachment slightly protrudes from the machine and may not
be parallel with the inherent grooves. Sometimes, the equipment will even cut off the
printed labels on the ATM. The skimmer will not obtain PIN numbers, however. To get
that, fraudsters place hidden cameras facing the ATM screen. There‘s also the helpful
bystander (the criminal) who may be standing by to kindly inform you the machine has
had problems and offer to help. If you do not feel safe at any time, press the ATM cancel
button, remove your card and leave the area immediately.

2. Minimize your time at the ATM. The more time you spend at the ATM, the more
vulnerable you are. If you need to update your records after a transaction, one is advised
do it at home or office, but not while at the ATM. Even when depositing a cheque at the
ATM, on should not make/sign the cheque at the ATM. After the transaction, if you
think you are being followed, go to an area with a lot of people and call the police.

3. Make smart deposits. Some ATMs allow you to directly deposit checks and cash into
your accounts without stuffing envelopes. As for the envelope-based deposits, make sure
they go through – if it gets jammed and it doesn‘t fully go into the machine, the next
 person can walk up and take it out. After having made the ATM deposit, compare your
records with the account statements or online banking records.

INDIAN SCENARIO

In India, where total number of installed ATM’s base is far less than many developed
countries. ATM-related frauds are very less. But they could increase as more and more ATM’s
will penetrate in the country, the bank should create awareness among customers about the card-
related frauds to reduce the number of frauds in future. In India, Indian Banks Association (IBA)
can take lead to kick started.

The ATM fraud is not the sole problem of banks alone. It is a big threat and it requires a
coordinated and cooperative action on the part of the bank, customers and the law enforcement
machinery. The ATM frauds not only cause financial loss to banks but they also undermine
customers’ confidence in the use of ATMs. This would deter a greater use of ATM for monetary
transactions. It is therefore in the interest of banks to prevent ATM frauds. There is thus a need
to take precautionary and insurance measures that give greater “protection” to the ATMs,
particularly those located in less secure areas. The nature and the extent of precautionary
measures to be adopted will, however, depend upon the requirements of the respective banks.
 CYBER MONEY LAUNDERING

During the past two decades, IT and Internet technologies have reached every nook and
corner of the world. E-commerce has come into existence due to the attributes of Internet like
ease of use, speed, anonymity and its International nature. Internet has converted the world into a
boundary less market place that never sleeps. Drug peddlers and organized criminals found a
natural and much sought after ally in Internet. Computer networks and Internet, in particular,
permit transfer of funds electronically between trading partners, businesses and consumers. This
transfer can be done in many ways. They include use of credit cards, Internet banking, e-cash, e-
wallet etc. for example, smart cards like Visa Cash, Mondex card, whose use is growing can
store billions of dollars. At present, there is an upper limit imposed by the card issuers but
technically there is no limit. In some other forms of computer-based e-money, there is no upper
limit. Mobile banking and mobile commerce are growing and these technologies have the
capability to transfer any amount of money at the touch of a bottom or click of a mouse. They
can be effective tools in the hands of money launderers. First and foremost, the anonymity
offered by internet and cyber payment systems is being exploited to the hilt by the criminal
elements.

As cyber payment systems eliminate the need for face to face interactions, transfer of
funds can be done between two trading partners directly. Two individuals also can transfer funds
directly using e- wallets. This problem is further compounded by the fact that, in many countries,
non-financial institutions are also permitted to issue e-money. Monitoring the activities of these
institutions in a traditional manner is not possible. Earlier, cross-border transactions were
controlled by the central banks of respective countries. With the entry of Internet commerce, the
jurisdictional technicalities come into play and it is another area that is being exploited by the
money launderers. The capacity to transfer unlimited amounts of money without having to go
through strict checks makes cyber money laundering an attractive proposition. From the point of
view of law enforcing agencies, all the above advantages cyber payments provide to consumers
and trading partners, turn out to be great disadvantages while investigating the crimes.
WHY MONEY LAUNDERING?

The most important aim of money laundering is to conceal the origin of the money,
which, in almost all cases, is from illegal activity. Criminal resort to this practice to avoid
detection of the money by law enforcement which will lead to its confiscation and also may
provide leads to the illegal activity. By laundering the money the criminals are trying to close
their tracks. Further, their aims could be to increase the profits by resorting to illegal money
transfer etc. and also of course, to support new criminal ventures. Money laundering from the
point of view of the criminal increases the profits and, at the same time, reduces the risk. While
indulging in money laundering process, the launderers also attempt to safeguard their interests.
They conceal the origin and ownership of the proceeds, maintain control over proceeds and
change the form of proceeds.
MONEY LAUNDERING PROCESS

Money laundering is normally accomplished by using a three-stage process. The three

steps involved are Placement, Layering and Integration. E-money and cyber payment systems
come in handy in all the three stages of the process.

1. PLACEMENT

The first activity is placement. Illegal activities like drug trafficking, extortion, generate
very volumes of money. People involved in these activities cannot explain the origin and source
of these funds to the authorities. There is a constant fear of getting caught. So the immediate
requirement is to send this money to a different location using all available means. This stage is
characterized by facilitating the process of inducting the criminal money into the legal financial
system. Normally, this is done by opening up bank accounts in the names of non-existent people
or commercial organizations and depositing the money. Online banking and Internet banking
make it very easy for a launderer to open and operate a bank account. Placement in cyber space
occurs by depositing the illegal money with some legitimate financial institutions or businesses.
This is done by breaking up the huge cash into smaller chunks. Launderers are very careful at
this stage because the chances of getting caught are considerable here. Cyber payment systems
can come in handy during this process.

2. LAYERING

Layering is the second sub process. In this complex layers of financial transaction are
created to disguise the audit trail and provide anonymity. This is used to distance the money
from the sources. This is achieved by moving the names from and to offshore bank accounts in
the names of shell companies or front companies by using Electronic Funds Transfer (EFT) or
by other electronic means. Every day trillions of dollars are transferred all over the world by
other legitimate business and thus it is almost impossible ton as certain whether some money is
legal or illegal. Launderers normally make use of commodity brokers, stock brokers in the
layering process. Launderers were also found to purchase high value commodities like diamonds
etc. and exporting them to a different jurisdiction. During this process, they make use of the
banks wherever possible as in the legal commercial activity.
 3. INTEGRATION

Integration is the third sub process. This is the stage in which the ‘cleaned’ money is
ploughed back. This is achieved by making it appear as legally earned. This is normally
accomplished by the launderers by establishing anonymous companies in countries where
secrecy is guaranteed. Anyone with access to Internet can start an e-business. This can look and
function like any other e-business as far as the outside world is concerned. This anonymity is
what makes Internet very attractive for the launderers. They can then take loans from these
companies and bring back the money. This way they not only convert their money this way but
also can take advantages associated with loan servicing in terms of tax relief. Another way can
be by placing false export import invoices and over valuing goods.

The entire process can be explained with the help of an example . The money launderers
first activity is to set up an online commerce company which is legal. Normally, the launderer
sets up the website for his company and accepts online payments using credit cards for the
purchases made from his company’s website. As a part of the whole scheme, launderers obtain
credit cards from some banks or financial institutions located in countries with lax rules, which
are known as safe havens. The launderer sitting at home, then, ‘makes purchases’ using this
credit card from his own website. As in normal transactions, the Web-based system then sends
an invoice to the customer’s (who happens to the launderer himself) bank, in the safe haven. The
bank then pays the money into the account of the company. Cyber space provides a secure and
anonymous opportunity to the criminals in money laundering operations. It has come to light that
many gangs are opening up the front companies and hiring information technology specialists
for nefarious activities. Incidents have also come to light where the criminals are using
cryptography for hiding their transaction.
BUSINESS AREAS THAT SUPPORT OR ARE PRONE TO MONEY
LAUNDERING

The banks and other financial institution are the most important intermediaries in the
money laundering chain. As far as the banks are concerned the countries that are considered safe
for launderers are Cayman Islands, Cyprus, Luxembourg, and Switzerland. The offshore
accounts of these banks are popular because they offer anonymity and also help in tax evasion.
Other financial institution like fund managers and those facilitating Electronic Fund Transfer are
also being manipulated by the launderers. Banking obviously is the most affected sector by the
money laundering operations. In fact, Berltlot Brecht said, ‘If you want to steal, then buy a
bank.’ Multinational banks are more vulnerable to money laundering operations. When BCCI
bank was investigated it came to light that there were 3,000 criminal customers and they were
involved in offenses ranging from financing nuclear weapon programs to narcotics. The second
area is underground banking or parallel banking. This is practiced by different countries by
different names. China follows a system called ‘Fic Chin’. Under this system, money is
deposited in one country and the depositor is handed a chit or chop. The money is paid back in
another place on production of the chit. Similar systems known as Hundi, Hawallah are practiced
in India. It is much easier to launder the money using these methods as there is no physical
movement of money. These practices mostly work on trust and mostly controlled by mafia in
many countries.

Futures and commodity markets are another area which is found to be facilitating the
money laundering. The other areas include professional advisers, financing housing schemes,
casinos, antique dealers and jewelers. Casinos are another business areas that is actively involved
in money laundering process. In all the cases the underlying factor is paperless transactions. It
was also found that launderers do take advantages of privatization in various countries by
investing in them. This was observed in UK, India and Columbia. In Columbia, when the banks
were privatized the ‘Carli Cartel’ was reported to have invested heavily and Italian mafia
reportedly purchased shares in Italian banks. This only shows the extent of the problem and also
that the banks and financial institutions are the primary target of the launderers. In some
countries, even political parties organizations are known to be using laundered money for their
campaigns.
EFFECTS ON BANKS

Almost all the banks trade in foreign exchange Money laundering in any country or
economy affects the foreign exchange market directly. The money laundering reduces the legal
volume of the banks business. It also causes fluctuations in the exchange rate. Further, money
laundering can undermine the credibility of the banking system. Facilitating the activities of
launderers even inadvertently can push the banks into problems with law enforcement agencies
and also governments. In some reported cases, the banks survival has come under threat. It is not
difficult to see what effect it has on the profitability of banks.

OTHER EFFECTS

In one incident, an Indian national in one year handled US 81.5 bn illegal transactions,
before his arrest during 1993. This incident also shows how the national economy gets affected.
A few years before that, the Indian Government was so short of foreign exchange that it had to
pledge gold in the London bank. One needs not be an economist understand the impact of money
laundering on economies of developing countries. The low regulation by central banks will
become difficult and consequently, there will be rise in inflation. Further, overall income
distribution in an economy is likely to get affected. Money laundering can help in spread of
parallel economy, which will result in loss to national income due to reduced tax collections and
lost jobs. On the social plane, this can result in increased crime rate, violence in society. There
may be attempts to gain political power either directly or indirectly like Coli Cocoine Cartel’s
attempt in supporting Columbian President, Samper in 1996 elections. Because cyber money
laundering can be done from anywhere in the world without any jurisdiction, the effects are
much severe.
PREVENTION

Because of the nature of Cyber money laundering, no country can effectively deal with it
in isolation. Cyber money laundering has to be dealt with at organizational [Bank or Financial
Institution], national and international levels.

AT ORGANIZATIONAL [BANK] LEVEL

The banking and other financial organizations can reduce the quantum of money
laundering by following the guidelines issued by central banks of respective countries in letter
and spirit. The old principle of ‘Knowing the customer’ well will help a great deal. It is very
important to keep the records of the customer for a sufficient time, at least for 8 to 10 years.
Having an eye on suspicious deals can give early warnings on the impending trouble. Any
suspicious activities must be reported to law enforcement authorities. Developing internal
control mechanisms is very essential in this regard. Further, working in close association with
other banks and exchange of information and intelligence in this regard will be definitely
helpful. Law enforcement agencies have details of criminal elements and their transactions. By
working in close conjunction with them, bank can have early warning on such activities.
However, banks must keep in mind the legal provisions regarding privacy of individuals.

AT NATIONAL LEVEL

Some countries liken UK have taken proactive steps to control this crime, which could be
cumulated by others. In UK, deposit taking institutions (including banks) are expected to report
suspicious transactions to the law enforcement authorities. The legal provisions regarding
‘knowing the customer’ brought down the crime to a great extent. They empowered their
customs officials to seize cash consignments of 10,000 pounds or more. Courts also permit
confiscation of cash, if the investigating authorities have strong evidence that the money has
come from illegal activities of drug trafficking. Issue of electronic money by private parties is
another factor, as in some countries regulation of these people is not effective. Slowly, different
countries are realizing the importance of this issue and enacting suitable rules aimed at providing
transparency in transactions carried out by these institutions. The most important issues at
national level are establishing legal framework and training law enforcing officials. The major
weapon to combat this crime is controlling financial transactions including e-transactions,
through legislation. Many countries have enacted some stringent laws to control this crime. UK,
US have stringent laws in dealing with Cyber money laundering. Many other countries are
following suit. The Council of Europe has passed Criminal Justice Act. Hong Kong has passed
similar laws. The single most important issue is harmonizing the terrestrial laws with cyber laws.

AT INTERNATIONAL LEVEL

The UN has taken the lead and during 1995 international community meeting signed a
convention known as ‘UN Convention Against Illict Traffic in Narcotic Drugs and Psychotropic
Substances’. Further, this convention made money laundering a crime and provided a model.
During 2000, the UN also organized another convention against transnational organized crime.
As a result of UN the efforts, the group of seven industrialized nations established ‘Financial
Action Task Force’ (FATF). The biggest source of money laundering funds comes from drug
trade and the volume of money is large. In order to cover this vast amount of money they need
financial services industry. They eye financial institutions that are in the business of accepting
deposits from customers. After studying this phenomenon, Financial Action Task Force (FATF)
had noticed some critical points in the modus operandi of criminals which are difficult for the
launderers to avoid. They are points of entry of cash into financial system, transfers to and from
financial system and cross-border flows of cash. Paying attention to these issues can help in
controlling cyber laundering to a considerable extent. According to financial crimes enforcement
network of US, less than 1% money laundered in cyber space is ever detected or criminals
prosecuted. Prevention of money laundering in cyber space is proving to be really a daunting
task. Some of the suggested measures are putting an upper limit on the amount of payment and
frequency of using e-money in peer to peer transfers. The second is making it mandatory for e-
money organization to identify their clients and also to keep a track of money movement. The
third is ensuring that Internet service providers keep a log of files involving finances for a
number of years. The fourth is making audit compulsory for all electronic merchants and
ensuring that they keep transaction records for a certain period of time. The fifth is training law
enforcement agencies in dealing effectively with this crime. Last but not the least, is
international co-operation and harmonizing the national cyber and terrestrial laws with
international can help in dealing with this crime effectively.
 CREDIT CARDS FRAUDS
INTRODUCTION TO CREDIT CARDS
Credit was first used in Assyria, Babylon and Egypt 3000 years ago. The bill of exchange
- the forerunner of banknotes - was established in the 14th century. Debts were settled by one-
third cash and two-thirds bill of exchange. Paper money followed only in the 17th century. The
first advertisement for credit was placed in 1730 by Christopher Thornton, who offered furniture
that could be paid off weekly.

From the 18th century until the early part of the 20th, tallymen sold clothes in return for
small weekly payments. They were called "tallymen" because they kept a record or tally of what
people had bought on a wooden stick. One side of the stick was marked with notches to
represent the amount of debt and the other side was a record of payments. In the 1920s, a
shopper's plate - a "buy now, pay later" system - was introduced in the USA. It could only be
used in the shops which issued it.

In 1950, Diners Club and American Express launched their charge cards in the USA, the
first "plastic money". In 1951, Diners Club issued the first credit card to 200 customers who
could use it at 27 restaurants in New York. But it was only until the establishment of standards
for the magnetic strip in 1970 that the credit card became part of the information age.The first
use of magnetic stripes on cards was in the early 1960's, when the London Transit Authority
installed a magnetic stripe system. San Francisco Bay Area Rapid Transit installed a paper based
ticket the same size as the credit cards in the late 1960's. The word credit comes from Latin,
meaning “TRUST”.
 CREDIT CARD FRAUD
INTRODUCTION

Credit card fraud is a wide-ranging term for theft and fraud committed using a credit
card or any similar payment mechanism as a fraudulent source of funds in a transaction. The
purpose may be to obtain goods without paying, or to obtain unauthorized funds from an
account. Credit card fraud is also an adjunct to identity theft. However, credit card fraud, that
crime which most people associate with ID theft, decreased as a percentage of all ID theft
complaints for the sixth year in a row.

The cost of credit card fraud reaches into billions of dollars annually. In 2018, fraud in
the United Kingdom alone was estimated at £844.8 million. Where banks and card companies
prevented £1.66 billion in unauthorised fraud in 2018. That is the equivalent to £2 in every £3 of
attempted fraud being stopped.

The fraud begins with either the theft of the physical card or the compromise of data
associated with the account, including the card account number or other information that would
routinely and necessarily be available to a merchant during a legitimate transaction. The compromise
can occur by many common routes and can usually be conducted without tipping off the card holder,
the merchant or the bank, at least until the account is ultimately used for fraud.
A simple example is that of a store clerk copying sales receipts for later use.
growth of credit card use on the Internet has made database security lapses particularly costly; in
some cases, millions of accounts have been compromised.

IF CARD IS STOLEN

When a credit card is lost or stolen, it remains usable until the holder notifies the bank
that the card is lost; most banks have toll-free telephone numbers with 24-hour support to
encourage prompt reporting. Still, it is possible for a thief to make unauthorized purchases on
that card up until the card is cancelled. In the absence of other security measures, a thief could
potentially purchase thousands of dollars in merchandise or services before the card holder or
the bank realize that the card is in the wrong hands.

In the United States, federal law limits the liability of card holders to $50 in the event of
theft, regardless of the amount charged on the card; in practice, many banks will waive even this
small payment and simply remove the fraudulent charges from the customer's account if the
customer signs an affidavit confirming that the charges are indeed fraudulent. Other countries
generally have similar laws aimed at protecting consumers from physical theft of the card.

The only common security measure on all cards is a signature panel, but signatures are
relatively easy to forge. Many merchants will demand to see a picture ID, such as a driver's
 license, to verify the identity of the purchaser, and some credit cards include the holder's picture
on the card itself. However, the card holder has a right to refuse to show additional verification,
and asking for such verification may be a violation of the merchant's agreement with the credit
card companies.

Self-serve payment systems (gas stations, kiosks, etc.) are common targets for stolen
cards, as there is no way to verify the card holder's identity. A common countermeasure is to
require the user to key in some identifying information, such as the user's ZIP or postal code.
This method may deter casual theft of a card found alone, but if the card holder's wallet is stolen,
it may be trivial for the thief to deduce the information by looking at other items in the wallet.
For instance, a U.S. driver license commonly has the holder's home address and ZIP code printed
on it.

Banks have a number of countermeasures at the network level, including sophisticated

real-time analysis that can estimate the probability of fraud based on a number of factors. For
example, a large transaction occurring a great distance from the card holder's home might be
flagged as suspicious. The merchant may be instructed to call the bank for verification, to
decline the transaction, or even to hold the card and refuse to return it to the customer.

Stolen cards can be reported quickly by card holders, but a compromised account can be
hoarded by a thief for weeks or months before any fraudulent use, making it difficult to identify
the source of the compromise. The card holder may not discover fraudulent use until receiving a
billing statement, which may be delivered infrequently.

Compromised Accounts

Card account information is stored in a number of formats. Account numbers are often
embossed or imprinted on the card, and a magnetic stripe on the back contains the data in
machine readable format. Fields can vary, but the most common include:

 Name of card holder


 Account number
  Expiration date

 Verification

Many Web sites have been compromised in the past and theft of credit card data is a
major concern for banks. Data obtained in a theft, like addresses or phone numbers, can be
highly useful to a thief as additional card holder verification.

Mail/Internet Order Fraud

The mail and the Internet are major routes for fraud against merchants who sell and ship
products, as well Internet merchants who provide online services. The industry term for catalog
order and similar transactions is "Card Not Present" (CNP), meaning that the card is not
physically available for the merchant to inspect. The merchant must rely on the holder (or
someone purporting to be the holder) to present the information on the card by indirect means,
whether by mail, telephone or over the Internet when the cardholder is not present at the point of
sale.

It is difficult for a merchant to verify that the actual card holder is indeed authorizing the
purchase. Shipping companies can guarantee delivery to a location, but they are not required to
check identification and they are usually are not involved in processing payments for the
merchandise. A common preventive measure for merchants is to allow shipment only to an
address approved by the cardholder, and merchant banking systems offer simple methods of
verifying this information.

Additionally, smaller transactions generally undergo less scrutiny, and are less likely to
be investigated by either the bank or the merchant, since the cost of research and prosecution
usually far outweighs the loss due to fraud. CNP merchants must take extra precaution against
fraud exposure and associated losses, and they pay higher rates to merchant banks for the
privilege of accepting cards. Anonymous scam artists bet on the fact that many fraud prevention
features do not apply in this environment.
 Merchant associations have developed some prevention measures, such as single use
card numbers, but these have not met with much success. Customers expect to be able to use
their credit card without any hassles, and have little incentive to pursue additional security due to
laws limiting customer liability in the event of fraud. Merchants can implement these prevention
measures but risk losing business if the customer chooses not to use the measures.

Account Takeover

There are two types of fraud within the identity theft category:

1. Application Fraud

2. Account Takeover.

1. Application Fraud
Application fraud occurs when criminals use stolen or fake documents to open an
account in someone else's name. Criminals may try to steal documents such as utility bills and
bank statements to build up useful personal information. Alternatively, they may create
counterfeit documents.

2. Account Takeover

Account takeover involves a criminal trying to take over another person's account, first
by gathering information about the intended victim, then contacting their bank or credit issuer —
masquerading as the genuine cardholder — asking for mail to be redirected to a new address.
The criminal then reports the card lost and asks for a replacement to be sent. The replacement
card is then used fraudulently.

Some merchants added a new practice to protect consumers and self reputation, where
they ask the buyer to send a copy of the physical card and statement to ensure the legitimate
usage of a card.
Skimming

Skimming is the theft of credit card information used in an otherwise legitimate

transaction. It is typically an "inside job" by a dishonest employee of a legitimate merchant, and
can be as simple as photocopying of receipts. Common scenarios for skimming are restaurants or
bars where the skimmer has possession of the victim's credit card out of their immediate view.
The skimmer will typically use a small keypad to unobtrusively transcribe the 3 or 4 digits Card
Security Code which is not present on the magnetic strip.

Instances of skimming have been reported where the perpetrator has put a device over
the card slot of a public cash machine (Automated Teller Machine), which reads the magnetic
strip as the user unknowingly passes their card through it. These devices are often used in
conjunction with a pinhole camera to read the user's PIN at the same time.

Skimming is difficult for the typical card holder to detect, but given a large enough
sample, it is fairly easy for the bank to detect. The bank collects a list of all the card holders who
have complained about fraudulent transactions, and then uses data mining to discover
relationships among the card holders and the merchants they use. For example, if many of the
customers used one particular merchant, that merchant's terminals (devices used to authorize
transactions) can be directly investigated.
SKIMMER

Sophisticated algorithms can also search for known patterns of fraud. Merchants must
ensure the physical security of their terminals, and penalties for merchants can be severe in cases
of compromise, ranging from large fines to complete exclusion from the merchant banking
system, which can be a death blow to businesses such as restaurants which rely on credit card
processing.

CARDING

Carding is a term used for a process to verify the validity of stolen card data. The thief
presents the card information on a website that has real-time transaction processing. If the card is
processed successfully, the thief knows that the card is still good. The specific item purchased is
immaterial, and the thief does not need to purchase an actual product; a Web site subscription or
charitable donation would be sufficient. The purchase is usually for a small monetary amount,
both to avoid using the card's credit limit, and also to avoid attracting the bank's attention. A
website known to be susceptible to carding is known as a cardable website.
 In the past, carders used computer programs called "generators" to produce a sequence of
credit card numbers, and then test them to see which were valid accounts. Another variation
would be to take false card numbers to a location that does not immediately process card
numbers, such as a trade show or special event. However, this process is no longer viable due to
widespread requirement by internet credit card processing systems for additional data such as the
billing address, the 3 to 4 digit Card Security Code and/or the card's expiry date, as well as the
more prevalent use of wireless card scanners that can process transactions right away.
Nowadays, carding is more typically used to verify credit card data obtained directly from the
victims by skimming or phishing.

A set of credit card details that has been verified in this way is known in fraud circles as a
phish. A carder will typically sell data files of phish to other individuals who will carry out the
actual fraud. Market price for a phish ranges from US$1.00 to US$50.00 depending on the type
of card, freshness of the data and credit status of the victim

PREVENTION FOR CREDIT CARD FRAUD

Credit card fraud is bad business. In 2004, credit card fraud cost US merchants 2,664.9 million
dollars (Celent Communications). Credit card fraud is a significant problem in Canada, too. The credit
card loss total for 2007 was $304,255,215, according to the RCMP. And while 'no-card' fraud is growing,
most credit card frauds are still being committed using lost, stolen or counterfeit cards. Whether you have
a brick-and-mortar business or an online one, credit card fraud is costing you money.

Credit card fraud prevention when dealing with credit card customers face-to-face

1. Ask for and check other identification, such as a driver’s license or other photo ID.
Check to see if the ID has been altered in any way as a person trying to use a stolen
credit card may also have stolen or fake ID.

2. Examine the signature on the card. If the signature on the credit card is smeared, it could
be that the credit card is stolen and the person has changed the signature to his or her
own.
 3. Compare signatures. Besides comparing the signature on the credit card with the person’s
signature on the credit card slip, compare the signatures as well to those on any other ID
presented.

4. Check the security features of the credit card.

i. Have another look at the card’s signature panel. It should show a repetitive colour design of the
MasterCard or Visa name. Altered signature panels (those that are discoloured, glued, painted,
erased, or covered with white tape) are an indication of credit card fraud.

ii. Check the credit card’s embossing. “Ghost images” of other numbers behind the embossing are a
tip-off that the card has been re-embossed. The hologram may be damaged. (The holograms on
credit cards that have not been tampered with will show clear, three-dimensional images that
appear to move when the card is tilted.)

5. Check the presented card with recent lists of stolen and invalid credit card numbers.

6. Call for authorization of the credit card – remembering to take both the credit card and
the sales draft with you. That way if the customer runs away while you’re making the
call, you still have the credit card. Ask for a “Code 10” if you have reason to suspect a
possible credit card fraud, such as a possible counterfeit or stolen card.

7. Destroy all carbon copies of the credit card transaction, to ensure that no one can steal
the credit card information and help prevent future credit card fraud.

It’s also very important to be sure that your staff is educated about credit card fraud. You
can use the points above as a “to do” list for dealing with credit card transactions. For
information on the suspicious behavior that may indicate someone trying to commit credit card
fraud, see Suspicious Behaviors That May Indicate Credit Card Fraud.
When dealing with credit card customers over the phone or through the Internet, credit
card fraud prevention strategies such as scrutinizing the credit card aren’t going to work. You
can, however, be alert to suspicious behaviors and shape your credit policies to nip credit card
fraud in the bud.

1. Don’t process credit card orders unless the information is complete.

2. Don’t process credit card orders that originate from free e-mail addresses or from e-mail
forwarding addresses. In such a case, ask the customer for an ISP (Internet Service
Provider) or domain-based e-mail address that can be traced back.

3. If the shipping address and the billing address on the order are different, call the
customer to confirm the order. You may even want to make it a policy to ship only to the
billing address on the credit card.

4. Be wary of unusually large orders.

5. Be wary of orders shipped to a single address but purchased with multiple cards.

6. Be wary of multiple transactions made with similar card numbers in a sequence.

7. Be wary of orders you’re asked to ship express, rush or overnight. This is the shipping of
choice for many credit card fraudsters. Call the customer to confirm the order first.

8. Be wary of overseas orders – especially if the order exhibits any of the characteristics
noted above.

9. The first is Mod10 algorithm testing. Mod10 is an algorithm that will show whether the
card number being presented is valid card number and is within the range of numbers
issued by credit card companies. It cannot give any other details like no. issued by any
other company. This test should be first to be that it is applied to any credit card number
one process. If the card fails Mod10 one can safely assume fraud.
 Credit card fraud may not be entirely preventable, but by establishing and
following procedures to check every credit card transaction, you can cut down your
credit card fraud losses.

CASE STUDY
Maharashtra has most number of ATM frauds in India with an increase in the number of ATM frauds in
the country, the assessment year 2018-19 recorded 980 cases of ATM frauds around the country, the
highest number till today. Inspite of the government taking precautionary actions in such cases, this
number has increased significantly since the past 2 years.

Maharashtra beats the Delhi and holds the highest number of ATM frauds in the country, with a solid
number of 233 cases in 2018-19. Delhi and Tamil Nadu mark 179 and 147frauds cases, respectively.
Assam, Arunachal Pradesh and Tripura were the only states with zero fraud cases. In Maharashtra, people
lost Rs 4.8 crore to bank fraud, while in Delhi people lost Rs 2.9 crore. Tamil Nadu acing too, lost more
money than Delhi, Rs 3.36 crore.

This year, the number of fraud cases has increased largely, as compared to 2017-2018, which recorded
911 fraud cases. However, despite more number of fraud cases recorded, the amount of money lost in
such frauds have come down. It has been recorded to beRs 21.4 crore in 2018-19, while the AY 2017-18,
even though recorded lesser number of fraud cases, lost Rs65.3 crore to such frauds. It has been reported
that this number,980 has been finalized at the count when only amounts greater than Rs1 lakh was
considered. It’s just scratching the surface.
 INDIA'S FIRST ATM CARD FRAUD

The Chennai City Police have busted an international gang involved in cyber crime,
with the arrest of Deepak Prem Manwani (22), who was caught red-handed while breaking
into an ATM in the city in June last, it is reliably learnt. The dimensions of the city cops'
achievement can be gauged from the fact that they have netted a man who is on the wanted
list of the formidable FBI of the United States. At the time of his detention, he had with him
Rs 7.5 lakh knocked off from two ATMs in T Nagar and Abiramipuram in the city. Prior to
that, he had walked away with Rs 50,000 from an ATM in Mumbai.

While investigating Manwani's case, the police stumbled upon a cyber crime
involving scores of persons across the globe.

Manwani is an MBA drop-out from a Pune college and served as a marketing

executive in a Chennai-based firm for some time.

Interestingly, his audacious crime career started in an Internet cafe. While browsing
the Net one day, he got attracted to a site which offered him assistance in breaking into the
ATMs. His contacts, sitting somewhere in Europe, were ready to give him credit card
numbers of a few American banks for $5 per card. The site also offered the magnetic codes
of those cards, but charged $200 per code. The operators of the site had devised a fascinating
idea to get the personal identification number (PIN) of the card users. They floated a new site
which resembled that of a reputed telecom companies.

That company has millions of subscribers. The fake site offered the visitors to return
$11.75 per head which, the site promoters said, had been collected in excess by mistake from
them. Believing that it was a genuine offer from the telecom company in question, several
lakh
subscribers logged on to the site to get back that little money, but in the process parted with their
PINs.

Armed with all requisite data to hack the bank ATMs, the gang started its systematic
looting. Apparently, Manwani and many others of his ilk entered into a deal with the gang
behind the site and could purchase any amount of data, of course on certain terms, or simply
enter into a deal on a booty-sharing basis.

Meanwhile, Manwani also managed to generate 30 plastic cards that contained necessary
data to enable him to break into ATMS.

He was so enterprising that he was able to sell away a few such cards to his contacts in
Mumbai. The police are on the lookout for those persons too.

On receipt of large-scale complaints from the billed credit card users and banks in the United
States, the FBI started an investigation into the affair and also alerted the CBI in New Delhi that
the international gang had developed some links in India too.

Manwani has since been enlarged on bail after interrogation by the CBI. But the city police
believe that this is the beginning of the end of a major cyber crime.
GENERAL TIPS ON AVOIDING POSSIBLE INTERNET FRAUD
SCHEMES
1. Don't Judge by Initial Appearances

It may seem obvious, but consumers need to remember that just because something
appears on the Internet - no matter how impressive or professional the Web site looks - doesn't
mean it's true. The ready availability of software that allows anyone, at minimal cost, to set up a
professional-looking Web site means that criminals can make their Web sites look as impressive
as those of legitimate e-commerce merchants.

2. Be Careful About Giving Out Valuable Personal Data Online

If you see e-mail messages from someone you don't know that ask you for personal data -
such as your Social Security number, credit-card number, or password - don't just send the data
without knowing more about who's asking. Criminals have been known to send messages in
which they pretend to be (for example) a systems administrator or Internet service provider
representative in order to persuade people online that they should disclose valuable personal
data.

3. Be Especially Careful About Online Communications with Someone Who Conceals His
True Identity

If someone sends you an e-mail in which he refuses to disclose his full identity, or uses
an e-mail header that has no useful identifying data (e.g., "W6T7S8@provider.com"), that may
be an indication that the person doesn't want to leave any information that could allow you to
contact them later if you have a dispute over undelivered goods for which you paid. As a result,
you should be highly wary about relying on advice that such people give you if they are trying to
persuade you to entrust your money to them.
4. Watch Out for "Advance-Fee" Demands

In general, you need to look carefully at any online seller of goods or services who wants
you to send checks or money orders immediately to a post office box; before you receive the
goods or services you've been promised. Legitimate startup "dot.com" companies, of course,
may not have the brand-name recognition of long-established companies, and still be fully
capable of delivering what you need at a fair price. Even so, using the Internet to research online
companies that aren't known to you is a reasonable step to take before you decide to entrust a
significant amount of money to such companies.

5. SUGGESTIONS ON CYBER MONEY LAUNDERING

Because of the nature of Cyber money laundering, no country can effectively deal with it
in isolation. Cyber money laundering has to be dealt with at organizational [Bank or Financial
Institution], national.

AT ORGANIZATIONAL [BANK] LEVEL

The banking and other financial organizations can reduce the quantum of money
laundering by following the guidelines issued by central banks of respective countries in letter
and spirit. The old principle of ‘Knowing the customer’ well will help a great deal.

AT NATIONAL LEVEL

Some countries liken UK have taken proactive steps to control this crime, which could be
cumulated by others. In UK, deposit taking institutions (including banks) are expected to report
suspicious transactions to the law enforcement authorities.
 RECENT TRENDS
Cyber Attack on Cosmos Bank

In august 2018, the Pune branch of Cosmos bank was drained of Rs 94

crores, in an extremely bold cyber attack. By hacking into the main server, the thieves were able to
transfer the money to a bank in Hong Kong. Along with this, the hackers made their way into the
ATM server, to gain details of various VISA and RUPAY debit card. The switching system i.e. the
link between the centralized system and the payment gateway was attacked, meaning neither the
bank nor the account holders caught wind of the money being transferred.

According to the cybercrime case study internationally were carried out,

spanning across 28 countries using 450 cards. Nationally, 2,800 transactions using 400 cards were
carried out. This was one of its kinds, and in fact, the first malware attack that stopped all
communication between the bank and the payment gateway.

BPO Fraud

In another incident involving Mphasis, India, four call centre employees

gained the PIN codes, from four of the MphasiS’s client, Citi Group, in spite of not being authorized
to do so. Various accounts were opened in Indian banks, under false names and within two months,
they managed to transfer money to these accounts from Citigroup customers accounts using their
PINs and other personal information.

This cyber fraud case occurred in December 2004, but it wasn’t until April
2005 that the Indian police were able to identify the individuals to make an arrest. It was made
possible with a tip provided by a U.S. bank when the accused tried to withdraw cash from these fake
accounts. From the $426,000 that was stolen, only $230,000 were recovered. The accused were
charged under section 43(a), unauthorised access involved to carry transactions.
 CONCLUSION

Lastly I conclude by saying that

“Thieves are not born, but made out of opportunities.”

This quote exactly reflects the present environment related to technology, where it is
changing very fast. By the time regulators come up with preventive measures to protect
customers from innovative frauds, either the environment itself changes or new technology
emerges. This helps criminals to find new areas to commit the fraud. Computer forensics has
developed as an indispensable tool for law enforcement. But in the digital world, as in the
physical world the goals of law enforcement are balanced with the goals of maintaining personal
liberty and privacy. Jurisdiction over cyber crimes should be standardized around the globe to
make swift action possible against terrorist whose activities are endearing security worldwide.
The National institute of justice, technical working group digital evidence are some of the key
organization involved in research.

The ATM fraud is not the sole problem of banks alone. It is a big threat and it requires a
coordinated and cooperative action on the part of the bank, customers and the law enforcement
machinery. The ATM frauds not only cause financial loss to banks but they also undermine
customers' confidence in the use of ATMs. This would deter a greater use of ATM for monetary
transactions. It is therefore in the interest of banks to prevent ATM frauds. There is thus a need
to take precautionary and insurance measures that give greater "protection" to the ATMs,
particularly those located in less secure areas. The nature and extent of precautionary measures
to be adopted will, however, depend upon the requirements of the respective banks. Internet
Banking Fraud is a fraud or theft committed using online technology to illegally remove money
from a bank account and/or transfer money to an account in a different bank. Internet Banking
Fraud is a form of identity theft and is usually made possible through techniques such as
phishing.

Credit card fraud can be committed using a credit card or any similar payment
mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods
without paying, or to obtain unauthorized funds from an account. Cyber space and cyber
payment methods are being abused by money launderers for converting their dirty money into
legal money. For carrying out their activities launderers need banking system. Internet, online
banking facilitates speedy financial transactions in relative anonymity and this is being exploited
by the cyber money launderers. Traditional systems like credit cards had some security features
built into them to prevent such crime but issue of e-money by unregulated institutions may have
none. Preventing cyber money laundering is an uphill task which needs to be tackled at different
levels. This has to be fought on three planes, first by banks/ financial institutions, second by
nation states and finally through international efforts. The regulatory framework must also take
into account all the related issues like development of e-money, right to privacy of individual.
International law and international co-operation will go a long way in this regard.

Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from
the cyber space. It is quite possible to check them. History is the witness that no legislation has
succeeded in totally eliminating crime from the globe. The only possible step is to make people
aware of their rights and duties (to report crime as a collective duty towards the society) and
further making the application of the laws more stringent to check crime. Undoubtedly the Act is
a historical step in the cyber world. Further I all together do not deny that there is a need to bring
changes in the Information Technology Act to make it more effective to combat cyber crime.
 BIBLIOGRAPHY

WEBSITE:
www.cybercellmumbai.com
www.agapeinc.in
www.britannica.com

SEARCH ENGINE:
www.google.com
www.yahoo.com
www.wikipedia.com