Professional Documents
Culture Documents
BACHELOR OF COMMERCE
BANKING & INSURANCE
SEMESTER V
(2012-13)
SUBMITTED BY:
ROLL NO.17
PROJECT GUIDE:
CERTIFICATE
This is to certify that
of
B.Com.
Banking
&
_________________
_______________
Course Coordinator
Principal
_________________
________________
Internal Examiner
External Examiner
___________________
(Mrs. SMITA DAYAL)
Project Guide
DECLARATION
I,
Wherever the data/information has been taken from any book or other
sources have been mentioned in bibliography. The information submitted is
true and original to the best of my knowledge.
Students signature
________________
ACKNOWLEDGEMENT
Student Signature
_________________
INDEX
S.NO
1
2
3
4
5
6
7
8
9
10
TOPIC
SUMMARY
INTRODUCTION
CYBER CRIMES IN INDIA
CRIME STASTICS
CHANGING FACE OF CRIME
CYBER SPACE
TYPES OF CYBER CRIME
CLASSIFICATION OF CYBER CRIME
REASONS FOR CYBER CRIME
CYBER CRIMINALS
11
12
13
14
15
16
17
18
19
PAGE NO
EXCECUTIVE SUMMARY
Cyber Crimes are any illegal activities committed using computer target of the criminal
can be either a computer or network operations. Cyber crimes are genus of crimes, which use
computers and networks for criminal activities. The difference between traditional crimes and
cyber crimes is the cyber crimes can be transnational in nature. Cyber crime is a crime that is
committed online in many areas using e-commerce. A computer can be the target of an offence
when unauthorized access of computer network occurs and on other hand it affects E-commerce.
Cyber crimes can be of various types such as Telecommunications Piracy, Electronic
Money Laundering and Tax Evasion, Sales and Investment Fraud, Electronic Funds, Transfer
Fraud and so on.
The modern contemporary Era has replaced these traditional monetary instruments from
a paper and metal based currency to plastic money in the form of credit cards, debit cards, etc.
This has resulted in the increasing use of ATM all over the world. The use of ATM is not only
safe but is also convenient. This safety and convenience, unfortunately, has an evil side as well
that do not originate from the use of plastic money rather by the misuse of the same. This evil
side is reflected in the form of ATM frauds that is a global problem.
Internet commerce has grown exponentially during the past few years and is still
growing. But unfortunately the growth is not on the expected lines because the credit card fraud
which has become common has retarded the e-commerce growth. Credit card fraud has become
regular on internet which not only affects card holders but also online merchants. Credit card
fraud can be done by taking over the account, skimming or if the card is stolen. Certain
preventive measures can be taken to becoming a credit card victim.
"The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may
be able to do more damage with a keyboard than with a bomb".
National Research Council, "Computers at Risk", 1991
INTRODUCTION
8
The usage of internet services in India is growing rapidly. It has given rise to new
opportunities in every field we can think of be it entertainment, business, sports or education.
There are many pros and cons of some new types of technology which are been invented or
discovered. Similarly the new & profound technology i.e. using of INTERNET Service, has also
got some pros & cons. These cons are named CYBER CRIME, the major disadvantages, illegal
activity committed on the internet by certain individuals because of certain loop-holes. The
internet, along with its advantages, has also exposed us to security risks that come with
connecting to a large network. Computers today are being misused for illegal activities like email
espionage, credit card fraud, spams, and software piracy and so on, which invade our privacy and
offend our senses. Criminal activities in the cyberspace are on the rise. Computer crimes are
criminal activities, which involve the use of information technology to gain an illegal or an
unauthorized access to a computer system with intent of damaging, deleting or altering computer
data.
Computer crimes also include the activities such as electronic frauds, misuse of devices,
identity theft and data as well as system interference. Computer crimes may not necessarily
involve damage to physical property. They rather include the manipulation of confidential data
and critical information. Computer crimes involve activities of software theft, wherein the
9
10
11
12
CRIME STATISTICS
As per the National Crime Records Bureau statistics, during the year 2005, 179 cases
were registered under the IT Act as compared to 68 cases during the previous year, thereby
reporting a significant increase of 163.2% in 2005 over 2004. During 2005, a total of 302 cases
were registered under IPC sections as compared to 279 such cases during 2004, thereby reporting
an increase of 8.2% in 2005 over 2004. NCRB is yet to release the statistics for 2006. In 2006,
206 complaints were received in comparison with only 58 in 2005, a 255% increase in the total
number of complaints received in the Cyber Cell/EOW over the last year. In terms of cases
registered and investigated in 2006 (up to 22.12.06), a total of 17 cases, where the computer was
the victim, a tool or a repository of evidence, have been registered in the Cyber Cell/EOW as
compared to 12 cases registered in 2005, and note the fact that, these are just the reported cases.
While the number of cyber crime instances has been constantly growing over the last few
years, the past year and a half, in particular, has seen a rapid spurt in the pace of cyber crime
activities. Cyber lawyers, Mr Pavan Duggal, advocate with the Supreme Court of India and
Karnika Seth, partner, Seth Associates, Advocates and Legal Consultants, testify to this, pointing
out that they have seen a jump in the number of cyber crime cases that they've been handling in
the last one year. One also should remember that the term 'Cyber Crime' should be applied to all
offences committed with the use of 'Electronic Documents'. Hence, cyber crimes must grow at
the same rate as the use of the Internet, mobile phone, ATM, credit cards or perhaps even faster.
"With the little offences came the larger ones involving huge money, and one has seen
this sudden jump from smaller crimes to financial crimes in the last one year"
According to Captain Raghu Raman, CEO, Mahindra Special Services Group (SSG), the
contributing factors are high volume of data processing, rapid growth and major migration into
13
14
15
CYBER SPACE
As the cases of cybercrime grow; there is a growing need to prevent them. Cyberspace
belongs to everyone. There should be electronic surveillance which means investigators tracking
down hackers often want to monitor a cracker as he breaks into a victim's computer system. The
two basic laws governing real-time electronic surveillance in other criminal investigations also
apply in this context, search warrants which means that search warrants may be obtained to gain
access to the premises where the cracker is believed to have evidence of the crime. Such
evidence would include the computer used to commit the crime, as well as the software used to
gain unauthorized access and other evidence of the crime.
Researchers must explore the problems in greater detail to learn the origins, methods, and
motivations of this growing criminal group. Decision-makers in business, government, and law
enforcement must react to this emerging body of knowledge. They must develop policies,
methods, and regulations to detect incursions, investigate and prosecute the perpetrators, and
prevent future crimes. In addition, Police Departments should immediately take steps to protect
their own information systems from intrusions (Any entry into an area not previously occupied).
Internet provides anonymity: This is one of the reasons why criminals try to get away easily
when caught and also give them a chance to commit the crime again. Therefore, we users should
be careful. We should not disclose any personal information on the internet or use credit cards
and if we find anything suspicious in e-mails or if the system is hacked, it should be immediately
reported to the Police officials who investigate cyber-crimes rather than trying to fix the problem
by ourselves.
Computer crime is a multi-billion dollar problem. Law enforcement must seek ways to
keep the drawbacks from overshadowing the great promise of the computer age. Cybercrime is a
16
17
3. Telecommunications Piracy
Digital technology permits perfect reproduction and easy dissemination of print, graphics,
sound, and multimedia combinations. The temptation to reproduce copyrighted material for
personal use, for sale at a lower price, or indeed, for free distribution, has proven irresistible to
many. This has caused considerable concern to owners of copyrighted material. Each year, it
has been estimated that losses of between US$15 and US$17 billion are sustained by industry by
19
20
21
23
24
25
26
2. Child Pornography
The Internet is being highly used by its abusers to reach and abuse children sexually,
worldwide. The internet is very fast becoming a household commodity in India. Its explosion has
made the children a viable victim to the cyber crime. As more homes have access to internet,
more children would be using the internet and more are the chances of falling victim to the
aggression of pedophiles. The easy access to the pornographic contents readily and freely
available over the internet lowers the inhibitions of the children. Pedophiles lure the children by
distributing pornographic material, and then they try to meet them for sex or to take their nude
photographs including their engagement in sexual positions. Sometimes Pedophiles contact
children in the chat rooms posing as teenagers or a child of similar age, and then they start
becoming friendlier with them and win their confidence. Then slowly pedophiles start sexual
chat to help children shed their inhibitions about sex and then call them out for personal
interaction. Then starts actual exploitation of the children by offering them some money or
falsely promising them good opportunities in life. The pedophiles then sexually exploit the
children either by using them as sexual objects or by taking their pornographic pictures in order
to sell those over the internet.
In physical world, parents know the face of dangers and they know how to avoid & face
the problems by following simple rules and accordingly they advice their children to keep away
from dangerous things and ways. But in case of cyber world, most of the parents do not
themselves know about the basics in internet and dangers posed by various services offered over
the internet.
27
3. Cyber Stalking
Cyber Stalking can be defined as the repeated acts harassment or threatening behavior of
the cyber criminal towards the victim by using internet services. Stalking in General terms can be
referred to as the repeated acts of harassment targeting the victim such as following the victim,
making harassing phone calls, killing the victims pet, vandalizing victims property, leaving
written messages or objects. Stalking may be followed by serious violent acts such as physical
harm to the victim and the same has to be treated and viewed seriously. It all depends on the
course of conduct of the stalker.
Both kind of Stalkers Online & Offline have desire to control the victims life. Majority
of the stalkers are the dejected lovers or ex-lovers, who then want to harass the victim because
they failed to satisfy their secret desires. Most of the stalkers are men and victim female.
4. Phishing
In the field of computer security, phishing is the criminally fraudulent process of
attempting to acquire sensitive information such as usernames, passwords and credit card details
by masquerading as a trustworthy entity in an electronic communication. Communications
purporting to be from popular social web sites, auction sites, online payment processors or IT
Administrators are commonly used to lure the unsuspecting public. Phishing is typically carried
out by e-mail or instant messaging, and it often directs users to enter details at a fake website
whose look and feel are almost identical to the legitimate one. Even when using server
authentication, it may require tremendous skill to detect that the website is fake. Phishing is an
example of social engineering techniques used to fool users, and exploits the poor usability of
current web security technologies. Attempts to deal with the growing number of reported
phishing incidents include legislation, user training, public awareness, and technical security
measures.
Phishing, also referred to as brand spoofing or carding, is a variation on "fishing," the
idea being that bait is thrown out with the hopes that while most will ignore the bait, some will
be tempted into biting. A phishing technique was described in detail in 1987, and the first
recorded use of the term "phishing" was made in 1996.
29
5. Spam
Spam is a generic term used to describe electronic 'junk mail' or unwanted messages sent
to your email account or mobile phone. These messages vary, but are essentially commercial and
often annoying in their sheer volume. They may try to persuade you to buy a product or service,
or visit a website where you can make purchases; or they may attempt to trick you into divulging
your bank account or credit card details. More information about spam is available from the
Australian Communications and Media Authority (ACMA website).
6. Scams
The power of the Internet and email communication has made it all too easy for email
scams to flourish. These schemes often arrive uninvited by email. Many are related to the well
documented Nigerian Scam or Lotto Scams and use similar tactics in one form or another.
While the actual amount of money lost by businesses and the community is unknown, the
number of people claiming to have been defrauded by these scams is relatively low. More
information about scams is available from the Australian Competition and Consumer
Commission (ACCC) SCAM watch website and the Australian Securities and Investments
Commission FIDO website.
7. Spyware
Spyware is generally considered to be software that is secretly installed on a computer
and takes things from it without the permission or knowledge of the user. Spyware may take
personal information, business information, bandwidth; or processing capacity and secretly gives
it to someone else. It is recognized as a growing problem. More information about taking care of
spyware is available from the Department of Broadband, Communication, and the Digital
Economy (DBCDE) website.
30
9. Virus Dissemination
Malicious software that attaches itself to other software. (Virus, worms, Trojan Horse,
Time bomb, Logic Bomb, Rabbit and Bacterium are the malicious softwares).
10. Software
Piracy
Theft of software through the illegal copying of genuine programs or the counterfeiting
and distribution of products intended to pass for the original. Retail revenue losses worldwide are
ever increasing due to this crime. It can be done in various ways- End user copying, Hard disk
loading, Counterfeiting,, Illegal downloads from the internet etc
11. Spoofing
Getting one computer on a network to pretend to have the identity of another computer,
usually one with special access privileges, so as to obtain access to the other computers on the
network..
12. Net
Extortion
Copying the companys confidential data in order to extort said company for huge
amount.
31
32
33
35
The computer has unique characteristic of storing data in a very small space. This affords to
remove or derive information either through physical or virtual medium makes it much easier.
2. Easy To Access
The problem encountered in guarding a computer system from unauthorised access is that there is
every possibility of breach not due to human error but due to the complex technology. By secretly
implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers
etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security
system.
3. Complex
The computers work on operating systems and these operating systems in turn are composed of
millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any
stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system.
4. Negligence
Negligence is very closely connected with human conduct. It is therefore very probable that while
protecting the computer system there might be any negligence, which in turn provides a cyber criminal to
gain access and control over the computer system.
5. Loss Of Evidence
Loss of evidence is a very common & obvious problem as all the data are routinely destroyed.
36
CYBER CRIMINALS
The cyber criminals constitute of various groups/ category. This division may be justified on the
basis of the object that they have in their mind. The following are the category of cyber criminals1. Children And Adolescents
The simple reason for this type of delinquent (A young offender) behaviour pattern in children is
seen mostly due to the inquisitiveness to know and explore the things. Other cognate reason may be to
prove themselves to be outstanding amongst other children in their group. Further the reasons may be
psychological even. E.g. the Bal Bharati (Delhi) case was the outcome of harassment of the delinquent by
his friends.
2. Organised Hackers
These kinds of hackers are mostly organised together to fulfil certain objective. The reason may
be to fulfil their political bias, fundamentalism, etc. The Pakistanis are said to be one of the best quality
hackers in the world. They mainly target the Indian government sites with the purpose to fulfil their
political objectives. Further the NASA as well as the Microsoft sites is always under attack by the hackers.
4. Discontented Employees
This group includes those people who have been either sacked by their employer or are
dissatisfied with their employer. To avenge they normally hack the system of their employee.
37
3. Email Bombing
This kind of activity refers to sending large numbers of mail to the victim, which may be an
individual or a company or even mail servers there by ultimately resulting into crashing.
4. Data Diddling
This kind of an attack involves altering raw data just before a computer processes it and then
changing it back after the processing is completed. The electricity board faced similar problem of data
diddling while the department was being computerised.
5. Salami Attacks
This kind of crime is normally prevalent in the financial institutions or for the purpose of
committing financial crimes. An important feature of this type of offence is that the alteration is so small
that it would normally go unnoticed. E.g. the Ziegler case wherein a logic bomb was introduced in the
banks system, which deducted 10 cents from every account and deposited it in a particular account.
6. Denial Of Service AttackThe computer of the victim is flooded with more requests than it can handle which cause it to
crash. Distributed Denial of Service (DDS) attack is also a type of denial of service attack, in which the
offenders are wide in number and widespread. E.g. Amazon, Yahoo.
38
8. Logic Bombs
These are event dependent programs. This implies that these programs are created to do
something only when a certain event (known as a trigger event) occurs. E.g. even some viruses may be
termed logic bombs because they lie dormant all through the year and become active only on a particular
date (like the Chernobyl virus).
9. Trojan Attacks
This term has its origin in the word Trojan horse. In software field this means an unauthorized
Programme, which passively gains control over anothers system by representing itself as an authorised
Programme. The most common form of installing a Trojan is through e-mail. E.g. a Trojan was installed
in the computer of a lady film director in the U.S. while chatting. The cyber criminal through the web cam
installed in the computer obtained her nude photographs. He further harassed this lady.
39
40
BANKING SECTOR
The Banking Industry was once a simple and reliable business that took deposits from
investors at a lower interest rate and loaned it out to borrowers at a higher rate. However
deregulation and technology led to a revolution in the Banking Industry that saw it transformed.
Banks have become global industrial powerhouses that have created ever more complex products
that use risk. Through technology development, banking services have become available 24
hours a day, 365 days a week, through ATMs, at online banking, and in electronically enabled
exchanges where everything from stocks to currency futures contracts can be traded.
The Banking Industry at its core provides access to credit. In the lenders case, this
includes access to their own savings and investments, and interest payments on those amounts.
In the case of borrowers, it includes access to loans for the creditworthy, at a competitive interest
rate. Banking services include transactional services, such as verification of account details,
account balance details and the transfer of funds, as well as advisory services that help
individuals and institutions to properly plan and manage their finances. Online banking channels
have become a key in the last 10 years.
The collapse of the Banking Industry in the Financial Crisis, however, means that some
of the more extreme risk-taking and complex securitization activities that banks increasingly
engaged in since 2000 will be limited and carefully watched, to ensure that there is not another
banking system meltdown in the future.
Banking in India originated in the last decades of the 18th century. The oldest bank in
existence in India is the State Bank of India, a government-owned bank that traces its origins
back to June 1806 and that is the largest commercial bank in the country. Central banking is the
responsibility of the Reserve Bank of India, which in 1935 formally took over these
41
42
43
Through Card Jamming ATMs card reader is tampered with in order to trap a
Customers card. Later on the criminal removes the card.
2.
Card Skimming, is the illegal way of stealing the cards security information from the
Cards magnetic stripe.
3.
Card Swapping, through this customers card is swapped for another card without the
Knowledge of cardholder.
4.
Website Spoofing, here a new fictitious site is made which looks authentic to the user
and customers are asked to give their card number. PIN and other information, which are
used to reproduce the card for use at an ATM.
5.
Physical Attack. ATM machine is physical attacked for removing the cash.
Give other users space to enter their personal identity number (PIN) in private.
2.
Do not accept help from "well meaning" strangers and never allow yourself to be
distracted.
4.
Stand close to the cash machine and always shield the keypad to avoid anyone seeing you
enter your PIN.
45
Look for suspicious attachments. Criminals often capture information through ATM
skimming using devices that steal magnetic strip information. At a glance, the skimmer
looks just like a regular ATM slot, but its an attachment that captures ATM card
numbers. To spot one, the attachment slightly protrudes from the machine and may not be
parallel with the inherent grooves. Sometimes, the equipment will even cut off the printed
labels on the ATM. The skimmer will not obtain PIN numbers, however. To get that,
fraudsters place hidden cameras facing the ATM screen. Theres also the helpful
bystander (the criminal) who may be standing by to kindly inform you the machine has
46
Minimize your time at the ATM. The more time you spend at the ATM, the more
vulnerable you are. If you need to update your records after a transaction, one is advised
do it at home or office, but not while at the ATM. Even when depositing a cheque at the
ATM, on should not make/sign the cheque at the ATM. After the transaction, if you think
you are being followed, go to an area with a lot of people and call the police.
3.
Make smart deposits. Some ATMs allow you to directly deposit checks and cash into
your accounts without stuffing envelopes. As for the envelope-based deposits, make sure
they go through if it gets jammed and it doesnt fully go into the machine, the next
person can walk up and take it out. After having made the ATM deposit, compare your
records with the account statements or online banking records.
INDIAN SCENARIO
In India, where total number of installed ATMs base is far less than many developed
countries. ATM-related frauds are very less. But they could increase as more and more ATMs
will penetrate in the country, the bank should create awareness among customers about the
cardrelated frauds to reduce the number of frauds in future. In India, Indian Banks Association
(IBA) can take lead to kick started.
The ATM fraud is not the sole problem of banks alone. It is a big threat and it requires a
Co-ordinated and cooperative action on the part of the bank, customers and the law enforcement
machinery. The ATM frauds not only cause financial loss to banks but they also undermine
customers confidence in the use of ATMs. This would deter a greater use of ATM for monetary
47
48
49
The most important aim of money laundering is to conceal the origin of the money, which, in
almost all cases, is from illegal activity. Criminal resort to this practice to avoid detection of the
money by law enforcement which will lead to its confiscation and also may provide leads to the
illegal activity. By laundering the money the criminals are trying to close their tracks. Further,
their aims could be to increase the profits by resorting to illegal money transfer etc. and also of
course, to support new criminal ventures. Money laundering from the point of view of the
criminal increases the profits and, at the same time, reduces the risk. While indulging in money
laundering process, the launderers also attempt to safeguard their interests.
They conceal the origin and ownership of the proceeds, maintain control over proceeds and
change the form of proceeds.
Money laundering is normally accomplished by using a three-stage process. The three steps
involved are Placement, Layering and Integration. E-money and cyber payment systems come in
handy in all the three stages of the process.
1. PLACEMENT
The first activity is placement. Illegal activities like drug trafficking, extortion generate
very volumes of money. People involved in these activities cannot explain the origin and source
of these funds to the authorities. There is a constant fear of getting caught. So the immediate
50
2. LAYERING
Layering is the second sub process. In this complex layers of financial transaction are
created to disguise the audit trail and provide anonymity. This is used to distance the money from
the sources. This is achieved by moving the names from and to offshore bank accounts in the
names of shell companies or front companies by using Electronic Funds Transfer (EFT) or by
other electronic means. Every day trillions of dollars are transferred all over the world by other
legitimate business and thus it is almost impossible ton as certain whether some money is legal
or illegal. Launderers normally make use of commodity brokers, stock brokers in the layering
process. Launderers were also found to purchase high value commodities like diamonds etc. and
exporting them to a different jurisdiction. During this process, they make use of the banks
wherever possible as in the legal commercial activity.
51
3. INTEGRATION
Integration is the third sub process. This is the stage in which the cleaned money is
ploughed back. This is achieved by making it appear as legally earned. This is normally
accomplished by the launderers by establishing anonymous companies in countries where
secrecy is guaranteed. Anyone with access to Internet can start an e-business. This can look and
function like any other e-business as far as the outside world is concerned. This anonymity is
what makes Internet very attractive for the launderers. They can then take loans from these
companies and bring back the money. This way they not only convert their money this way but
also can take advantages associated with loan servicing in terms of tax relief. Another way can
be by placing false export import invoices and over valuing goods.
The entire process can be explained with the help of example .The money launderers first
activity is to set up an online commerce company which is legal. Normally, the launderer sets up
the website for his company and accepts online payments using credit cards for the purchases
made from his companys website. As a part of the whole scheme, launderers obtain credit cards
from some banks or financial institutions located in countries with lax rules, which are known as
safe havens. The launderer sitting at home, then, makes purchases using this credit card from
his own website. As in normal transactions, the Web-based system then sends an invoice to the
customers (who happens to the launderer himself) bank, in the safe haven. The bank then pays
the money into the account of the company. Cyber space provides a secure and anonymous
opportunity to the criminals in money laundering operations. It has come to light that many
gangs are opening up the front companies and hiring information technology specialists for
nefarious activities. Incidents have also come to light where the criminals are using cryptography
for hiding their transaction.
52
EFFECTS ON BANKS
Almost all the banks trade in foreign exchange Money laundering in any country or
economy affects the foreign exchange market directly. The money laundering reduces the legal
volume of the banks business. It also causes fluctuations in the exchange rate. Further, money
laundering can undermine the credibility of the banking system. Facilitating the activities of
launderers even inadvertently can push the banks into problems with law enforcement agencies
and also governments. In some reported cases, the banks survival has come under threat. It is not
difficult to see what effect it has on the profitability of banks.
OTHER EFFECTS
In one incident, an Indian national in one year handled US 81.5 being illegal transactions,
before his arrest during 1993. This incident also shows how the national economy gets affected.
A few years before that, the Indian Government was so short of foreign exchange that it had to
pledge gold in the London bank. One needs not be an economist understands the impact of
money laundering on economies of developing countries. The low regulation by central banks
will become difficult and consequently, there will be rise in inflation. Further, overall income
54
PREVENTION
Because of the nature of Cyber money laundering, no country can effectively deal with it in
isolation. Cyber money laundering has to be dealt with at organizational [Bank or Financial
Institution], national and international levels.
2. AT NATIONAL LEVEL
Some countries liken UK have taken proactive steps to control this crime, which could be
cumulated by others. In UK, deposit taking institutions (including banks) are expected to report
suspicious transactions to the law enforcement authorities. The legal provisions regarding
knowing the customer brought down the crime to a great extent. They empowered their
customs officials to seize cash consignments of 10,000 pounds or more. Courts also permit
confiscation of cash, if the investigating authorities have strong evidence that the money has
come from illegal activities of drug trafficking. Issue of electronic money by private parties is
another factor, as in some countries regulation of these people is not effective. Slowly, different
countries are realizing the importance of this issue and enacting suitable rules aimed at providing
transparency in transactions carried out by these institutions.
The most important issues at national level are establishing legal framework and training law
enforcing officials. The major weapon to combat this crime is controlling financial transactions
including e-transactions, through legislation. Many countries have enacted some stringent laws
to control this crime. UK,
US have stringent laws in dealing with Cyber money laundering. Many other countries are
following suit. The Council of Europe has passed Criminal Justice Act. Hong Kong has passed
similar laws. The single most important issue is harmonizing the terrestrial laws with cyber laws.
3. AT INTERNATIONAL LEVEL
The UN has taken the lead and during 1995 international community meeting signed a
convention known as UN Convention Against Illict Traffic in Narcotic Drugs and Psychotropic
Substances. Further, this convention made money laundering a crime and provided a model.
During 2000, the UN also organized another convention against transnational organized crime.
56
57
Credit was first used in Assyria, Babylon and Egypt 3000 years ago. The bill of exchange the
forerunner of banknotes - was established in the 14th century. Debts were settled by one third
cash and two-thirds bill of exchange. Paper money followed only in the 17th century. The first
advertisement for credit was placed in 1730 by Christopher Thornton, who offered furniture that
could be paid off weekly.
From the 18th century until the early part of the 20th, tallymen sold clothes in return for
small weekly payments. They were called "tallymen" because they kept a record or tally of what
people had bought on a wooden stick. One side of the stick was marked with notches to represent
the amount of debt and the other side was a record of payments. In the 1920s, a shopper's plate a "buy now, pay later" system - was introduced in the USA. It could only be used in the shops
which issued it.
In 1950, Diners Club and American Express launched their charge cards in the USA, the first
"plastic money". In 1951, Diners Club issued the first credit card to 200 customers who could
use it at 27 restaurants in New York. But it was only until the establishment of standards for the
magnetic strip in 1970 that the credit card became part of the information age. The first use of
magnetic stripes on cards was in the early 1960's, when the London Transit Authority installed a
magnetic stripe system. San Francisco Bay Area Rapid Transit installed a paper based ticket the
same size as the credit cards in the late 1960's. The word credit comes from Latin, meaning
TRUST.
Credit card fraud is a wide-ranging term for theft and fraud committed using a credit
card or any similar payment mechanism as a fraudulent source of funds in a transaction. The
58
IF CARD IS STOLEN
When a credit card is lost or stolen, it remains usable until the holder notifies the bank that
the card is lost; most banks have toll-free telephone numbers with 24-hour support to encourage
prompt reporting. Still, it is possible for a thief to make unauthorized purchases on that card up
until the card is cancelled. In the absence of other security measures, a thief could potentially
purchase thousands of dollars in merchandise or services before the card holder or the bank
realize that the card is in the wrong hands.
59
60
Compromised Accounts
Card account information is stored in a number of formats. Account numbers are often
embossed or imprinted on the card, and a magnetic stripe on the back contains the data in
machine readable format. Fields can vary, but the most common include:
Name
of card holder
Account
number
Expiration
date
Verification
Many Web sites have been compromised in the past and theft of credit card data is a
major concern for banks. Data obtained in a theft, like addresses or phone numbers, can be
highly useful to a thief as additional card holder verification.
THEFT CATEGORY
There are two types of fraud within the identity theft category:
1. Application Fraud
2. Account Takeover.
62
1. Application Fraud
Application fraud occurs when criminals use stolen or fake documents to open an account
in someone else's name. Criminals may try to steal documents such as utility bills and bank
statements to build up useful personal information. Alternatively, they may create counterfeit
documents.
2. Account Takeover
Account takeover involves a criminal trying to take over another person's account, first
by gathering information about the intended victim, then contacting their bank or credit issuer
masquerading as the genuine cardholder asking for mail to be redirected to a new address.
The criminal then reports the card lost and asks for a replacement to be sent. The replacement
card is then used fraudulently.
Some merchants added a new practice to protect consumers and self reputation, where
they ask the buyer to send a copy of the physical card and statement to ensure the legitimate
usage of a card.
Skimming
Skimming is the theft of credit card information used in an otherwise legitimate transaction.
It is typically an "inside job" by a dishonest employee of a legitimate merchant, and can be as
simple as photocopying of receipts. Common scenarios for skimming are restaurants or bars
where the skimmer has possession of the victim's credit card out of their immediate view.
The skimmer will typically use a small keypad to unobtrusively transcribe the 3 or 4 digits
Card Security Code which is not present on the magnetic strip. Instances of skimming have been
reported where the perpetrator has put a device over the card slot of a public cash machine
(Automated Teller Machine), which reads the magnetic strip as the user unknowingly passes
63
CARDING
Carding is a term used for a process to verify the validity of stolen card data. The thief
presents the card information on a website that has real-time transaction processing. If the card is
processed successfully, the thief knows that the card is still good. The specific item purchased is
immaterial, and the thief does not need to purchase an actual product; a Web site subscription or
charitable donation would be sufficient. The purchase is usually for a small monetary amount,
both to avoid using the card's credit limit, and also to avoid attracting the bank's attention. A
website known to be susceptible to carding is known as a cardable website.
In the past, carders used computer programs called "generators" to produce a sequence of
credit card numbers, and then test them to see which valid accounts were. Another variation
64
1.
2.
Ask for and check other identification, such as a drivers license or other photo ID.
Check to see if the ID has been altered in any way as a person trying to use a stolen
3.
65
Compare signatures. Besides comparing the signature on the credit card with the
persons signature on the credit card slip, compare the signatures as well to those on
5.
i.
ii.
6.
7.
clear, three dimensional images that appear to move when the card is tilted.)
Check the presented card with recent lists of stolen and invalid credit card numbers.
Call for authorization of the credit card remembering to take both the credit card
and the sales draft with you. That way if the customer runs away while youre making
the call, you still have the credit card. Ask for a Code 10 if you have reason to
8.
suspect a possible credit card fraud, such as a possible counterfeit or stolen card.
Destroy all carbon copies of the credit card transaction, to ensure that no one can steal
the credit card information and help prevent future credit card fraud. Its also very
important to be sure that your staff is educated about credit card fraud. You can use
the points above as a to do list for dealing with credit card transactions. For
information on the suspicious behavior that may indicate someone trying to commit
credit card fraud, see Suspicious Behaviors That May Indicate Credit Card Fraud.
When dealing with credit card customers over the phone or through the Internet,
66
2.
Dont process credit card orders that originate from free e-mail addresses or from e-mail
forwarding addresses. In such a case, ask the customer for an ISP (Internet Service
Provider) or domain-based e-mail address that can be traced back.
3.
If the shipping address and the billing address on the order are different, call the
customer to confirm the order. You may even want to make it a policy to ship only to the
billing address on the credit card.
4.
5.
Be wary of orders shipped to a single address but purchased with multiple cards.
6.
7.
Be wary of orders youre asked to ship express, rush or overnight. This is the shipping of
choice for many credit card fraudsters. Call the customer to confirm the order first.
8.
Be wary of overseas orders especially if the order exhibits any of the characteristics
noted above.
9.
The first is Mod10 algorithm testing. Mod10 is an algorithm that will show whether the
card number being presented is valid card number and is within the range of numbers
issued by credit card companies. It cannot give any other details like no. issued by any
other company. This test should be first to be that it is applied to any credit card number
one process. If the card fails Mod10 one can safely assume fraud.
67
CASE STUDY
INDIA'S FIRST ATM CARD FRAUD
68
69
70
71
CONCLUSION
72
73
74
BIBLIOGRAPHY
WEBSITE:
75
www.cybercellmumbai.com
www.agapeinc.in
www.britannica.com
SEARCH ENGINE:
www.google.com
www.yahoo.com
www.wikipedia.com
76