UNIVERSITY OF LUCKNOW

PROJECT ON
CYBER CRIME IN BANKING SECTOR

SUBMITTED BY
PRAVEEN SINGH POKHARIA

PROJECT GUIDE
Dr. KRISHNA ROHIT MISHRA

MASTER IN VOCATIONAL STUDIES

BANKING AND STOCK INSURANCE
SEMESTER I (2016-17)
NATIONAL POST GRADUATE COLLEGE
LUCKNOW 226001

Declaration

1
I Praveen Singh Pokharia Student of Master in
Vocational Studies (Banking and Stock Insurance)
Semester Ist here by declare that I have competed this
project on Cyber Crime in Banking Sector.

The information submitted is true and original to the

best of my knowledge.

..
Student signature

Student Name
(Praveen Singh Pokharia)

ACKNOWLEDGEMENT

2
 I am using this opportunity to express my gratitude to everyone who
supported me throughout the course of this M. Voc (B.S.I)project. I am
thankful for their aspiring guidance, invaluably constructive criticism and
friendly advice during the project work. I am sincerely grateful to them for
sharing their truthful and illuminating views on a number of issues related to
the project.
I express my warm thanks to my project external guide Dr. Krishna
Rohit Mishra who has given an opportunity to work on such an interesting
project. He proved to be a constant source of inspiration to me and provided
constructive comments on how to make this report better. Credit also goes to
my friends whose constant encouragement kept me in good stead. Lastly
without fail I would thank all my faculties for providing all explicit and
implicit support to me during the course of my project.

EXCECUTIVE SUMMARY

Cyber crimes are any illegal activities committed using computer target of
the criminal activity can be either a computer, network operations. Cyber crimes

3
are genus of crimes, which use computers and networks for criminal
activities. The difference between traditional crimes and cyber crimes is the
cyber crimes can be transnational in nature. Cyber crime is a crime that is
committed online in many areas using e-commerce. A comput er can be
the target of an offence w h e n u n a u t h o r i z e d a c c e s s o f c o m p u t e r
n e t w o r k o c c u r s a n d o n o t h e r h a n d i t a f f e c t s E - C OM M E R C E .
C y b e r c ri me s c a n be of v a r io u s ty pe s s uc h a s Tel e c o m m un ic a ti o ns
P ir a c y , Electronic Money Laundering and Tax Evasion, Sales and
Investment Fraud, Electronic Funds Transfer Fraud and so on

Online banking or e-banking refers to the banking facility through

information and communication technology. Traditionally, banking
required a customer to stand in a long queue even to withdraw his money
or to perform other ancillary functions. Now banking facility is available
247 through ATMs (Automated Teller Machines), internet banking,
transfer through NEFT and RTGS etc., which has narrowed down the gap
between the bank and the customer. E-banking is not only limited to
banking facility through computer related systems. In the modern era,
with the increase of users of smartphones e-banking covers mobile
banking also. Because of liberalization, privatization and globalization it
became necessary for the banks to start with e-banking facility.

The term "Internet fraud" refers generally to any type of fraud

scheme that uses one or more components of the Internet - such as chat rooms,
e-mail, message boards, or Web sites - to present fraudulent solicitations to
prospective victims, to conduct fraudulent transactions, or to transmit the
proceeds of fraud to financial institutions or to other connected with the
scheme.
Some forms of Internet fraud, include:Spam ,Scams, Spyware,Identity
theft ,Phishing,Internet banking fraud.

4
 "The modern thief can steal more with a computer than with a gun.
Tomorrow's terrorist may beable to do more damage with a keyboard than with a
bomb".
National Research Council, "Computers at Risk", 1991.

INDEX

5
SR.NO. TOPICS PEGE NO.

1. CYBER CRIME 1-10

2. TYPES OF CYBER CRIME 11-28

3. CLASSIFICATION OF CYBER CRIME 29-31

4. REASONS OF CYBER CRIME 32-33

5. CYBER CRIMINALS 34-35

6. MODE AND MANNER OF COMMITING CYBER CRIME 36-38

7. BANKING SECTOR 39-40

8. CYBER CRIME IN BANKING SECTOR

A). A.T.M FRUD
B).MONEY LAUNDERING 41-70
C).CREDIT CARD FRUD

9. CASE STUDY 71-72

10. GENERAL TIPS ON AVOIDING POSSIBLE INTERNET 73-74

FRAUD SCHEEMS

11. RECENT CASES 75-76

12. CONCLUSION 77-78

13. BIBLOGRAPHY 79

CYBER CRIME

6
INTRODUCTION

The usage of internet ser vi ces in Indi a is growi ng

r api dly. It has given ri se t o new opportunities in every field we can
think of be it entertainment, business, sports or education.

There are many pros and cons of some new types of technology
which are been invented or discovered. Similarly the new & profound
technology i.e. using of INTERNET Service, has also got some pros &
cons. These cons are named CYBER CRIME, the major
disadvantages, illegal activity committed on the internet by certain
individuals because of certain loop-holes. The internet, along with
its advantages, has also exposed us to security risks that come with
connecting to a large network. Computers today are being misused
for illegal activities like e-mail espi onage, cr edit car d fr aud,
spams, and softwar e piracy and so on, which i nvade
our privacy and offend our senses. Criminal activities in the cyberspace are
on the rise.
Computer crimes are criminal activities, which involve the use of
information technology t o gain an il legal or an unauthori zed

7
access t o a comput er sy st em wi th i nt ent of damagi ng, deleting
or altering computer data. Computer crimes also include the activities such
as electronic frauds, mi suse of devices, i dent ity t heft and dat a as
wel l as sy st em int er ference. Comput er cri mes may not
nec essar i ly involv e damage to phy sic al pro perty. They rat her
i nc lude t he manipulation of confidential data and critical information.
Computer crimes involve activities software theft, wherein the privacy
of the users is hampered. These criminal activities involve the
breach of human and information privacy, as also the theft and
illegal alteration of system critical information. The different types
of computer crimes have necessitated the introducti on and use of
newer and more effective security measures.
In r ecent year s, the gr owth and penet rati on of i nt ernet
acr oss Asi a P acific has been phenomenal. Today, a large number
of rural areas in India and a couple of other nations in the regi on
have incr ea si n g acc ess to the i nt er net part ic ul arly
br oadband. The chal lenges of infor mati on sec uri ty have also
gr own mani fold. Thi s wi d esp read nat ur e of cyber cri me
i s beginni ng t o show negati ve i mpact on the econom ic gr owth
opport unit ies i n each of the countries.
It is becoming imperative for organizations to take both preventive
and corrective actions if their systems are to be protected from any kind of
compromise by external malicious elements. According to t he l at est
stati st ics, mor e than a fi ft h of the mali ci ous acti vi ties in the
worl d originate from the Asia Pacific region. The malicious attacks
included denial-of-service attacks, spam, and phishing and both attacks.

8
 In vi ew of thi s, var ious gove rnment al and non-
government al agenci es ar e wor kin g towards reducing cyber crime
activities.
Computer crime, cyber crime, e-crime, hi-tech crime or electronic
crime generally refers to criminal activity where a computer or network is
the source, tool, target, or place of a crime. These categories are not
exclusive and many activities can be characterized as falling in one
or mor e cat egor y. Addi ti o nal ly, alt hough t he terms comput er
crime and cyb er cri me are mor e pr operly rest r i ct ed to
describing cri minal acti vi ty i n which the com put er or net work
i s a necessary part of the crime, these terms are also sometimes
used to include traditional crimes, such
as fraud, theft, blackmail, forgery, and embezzlement, in which computers
or networks are used. As the use of computers has grown, computer crime
has become more important.
Computer crime can broadly be defined as criminal activity involving
an information technology infrastructure, including illegal access
(unauthorized access), illegal interception (by technical means of non-public
transmissions of computer data to, from or within a computer system), data
interference (unauthorized damaging, deletion, deterioration, alteration
or suppression of computer data), systems interference (interfering with the
functioning of a computer system by inputting, transmitting, damaging,
deleting, deteriorating, altering or suppressing computer data), misuse of
devices, forgery (ID theft), and electronic fraud (Taylor,1999)

In the last three years, public sector banks (PSBs) in India have lost a
total of Rs. 22,743 crore, on account of various banking frauds. With various
measures initiated by the RBI, numbers of banking fraud cases have

9
declined, but amount of money lost has increased in these years. Prima
facie, an initial investigation in these cases has revealed involvement of not
only mid-level employees, but also of the senior most management as was
reflected in the case of Syndicate Bank and Indian Bank. This raises serious
concern over the effectiveness of corporate governance at the highest
echelons of these banks. In addition, there has been a rising trend of non-
performing assets (NPAs), especially for the PSBs, thereby severely
impacting their profitability. Several causes have been attributed to risky
NPAs, including global and domestic slowdown, but there is some evidence
of a relationship between frauds and NPAs as well.

CYBER CRIMES IN INDIA

As India become the fourth highest number of Internet users in the world,
cyber crimes in India has also increased 50 percent in 2007 over the previous
year. According to the Information Technology (IT) Act, the majority of
offenders were under 30 years of age. Ar ound 46 percent of cyber

10
cri mes wer e rel at ed to inci dent s of cyber pornogr aphy,
followed by hacking. According to recent published 'Crime in 2007
report', published by the Nat ional Cr i me Record Bureau
(NCRB) , in over 60 percent of t hese cases, offender s
wer e between 18 and 30. These cyber-crimes are punishable under
two categories; the IT Act 2000and the Indi an Penal Code (IPC) .
Accor di ng to the report, 217 cases of cyber-cr ime were
registered under the IT Act in 2007, which is an increase of 50
percent from the previous year. Under the IPC section, 339 cases were
recorded in 2007 compared to 311 cases in 2006. Out of 35 mega cities, 17
cities have reported around 300 cases of cyber-crimes under both categories
that is an increase of 32.6 percent in a year. The report also shows
that cyber crime is not only limited to metro cities but it also moved
to small cities like Bhopal. According to the report, Bhopal, the
capital of Madhya Pradesh has reported the highest incidence of cyber
crimes in the country. In or der t o t ackl e wit h cy ber cr ime, Delhi
P oli ce have trained 100 of its offi cer s in handling cyber crime
and placed them in its Economic Offences Wing. These officers
were trained for six weeks in computer hardware and software,
computer networks comprising data communication networks, network
protocols, wireless networks and network security.

CRIME STATISTICS
As per the National Crime Records Bureau statistics, during
the year 2005, 179 cases were registered under the IT Act as
compared to 68 cases during the previous year, there by reporting a

11
significant increase of 163.2% in 2005 over 2004. During 2005, a total of
302 cases were r egist er ed und er IPC sect i ons as com pared to
279 such cases duri ng 2004, t here b y reporting an increase of 8.2%
in 2005 over 2004. In fact, the National Crime Records Bureau data reveals
that in the three years up to 2013, registered cases of cyber crime were up
350%, from 966 to 4356. Dubious distinctions both, and give banks and the
financial sector in India cause for worry.
Keeping in mind the dramatic swell in online economic crimes,
Indias central bank Reserve Bank of India (RBI) issued a
comprehensive circular in mid-2016 to all banks in India urging them to
implement a cybersecurity framework. It prescribes the ideal approach for
banks on taking concrete measures to combat cybercrime, fraudulent
activities online and thereby retain customer confidence, reduce financial
losses and ensure business continuity.
However, actual numbers continue to include, considering the fact that
a majority of the cases go unreported. Most victims, especially the corporate,
continue to downplay on account of the fear of negative publicity thereby
failing to give a correct picture of the cyber crime scene in the country. It is
diffi cul t t o measur e t he gr owth of Cy ber Cr i mes by any
stati st ics, t he reason bei ng that a majority of cyber crimes don't
get reported. "If we, therefore, focus on the number of cases
registered or number of convictions achieved, we only get diverted
from real facts," With increasing internet penetration, cyber crimes have
also increased in the last few years. Between 2011 and 2015, the number of
cyber crimes registered in the country has gone up 5 times. Maharashtra &
Uttar Pradesh alone accounted for 1/3rd of these crimes.
With increasing mobile and internet penetration in the country, cyber
crimes have also increased proportionately. Between 2011 and 2015, more

12
than 32000 cyber crimes were reported across the country. More than 24000
of these cases are registered under the IT Act and the remaining under the
various sections of IPC and other State Level Legislations (SLL).

CHANGING FACE OF CRIME

In past few years it has seen a quantum jump not only in the
quantity and quality but also the very nature of cyber crime activities. A
perceptible trend being observed is that cyber crimes are moving from
'Personal Victimization' to 'Economic Offences'. SD Mishra, ACP, IPR and
Cyber Cell, Economic Offences Wing, Delhi Police concurs that the cases
that are now coming up are more related to financial frauds. As

13
opposed to obscenity, pornography, malicious emails that were more
prevalent in the past, now credit card frauds, phishing attacks ,online share
trading, etc. are becoming more widespread. As Seth points out, initially,
when the Internet boom began, certain crimes were noticeable and cyber
stalking was one of the first ones."However, with the little offences came the
larger ones involving huge money and one has seen this sudden jump from
smaller crimes to financial crimes in previous years".

CYBERSPACE

As the cases of cyber crime grow; there is a growing need to prevent

them. Cyberspace belongs to everyone. There should be electronic
surveillance which means investigators tracking down hackers often want to
monitor a cracker as he breaks into a victim's computer system. The two
basic laws governing real-time electronic surveillance in other criminal
investigations also apply in this context, search warrants which means that

14
search warrants may be obtained to gain access to t he premi ses wher e
t he cracker i s bel ieved to have evi dence of t he cri me. Such
evidence would include the computer used to commit the crime, as well as
the software used to gain unauthorized access and other evidence of the
crime.
Researchers must explore the problems in greater detail to learn the
origins, methods, and motivations of this growing criminal group. Decision-
makers in business, government, and law enforcement must r eact to
t hi s emergi ng body of knowledge. They must devel op
pol icies, methods, and regulations to detect incursions, investigate
and prosecute the perpetrators, and prevent future crimes. In addition,
Police Departments should immediately take steps to protect their own
information systems from intrusions (Any entry into an area not previously
occupied).
Internet provides anonymity: This is one of the reasons why
criminals try to get away easily when caught and also give them a chance
to commit the crime again. Therefore, we users should be careful. We should
not disclose any personal information on the internet or use credit cards
and i f we find anyt hing suspicious in e-mail s or if the system
i s hacked, it should be immediately reported to the Police
officials who investigate cyber-crimes rather than trying to fix the
problem by our selves.
Computer crime is a multi-billion dollar problem. Law
enforcement must seek ways to keep the drawbacks from overshadowing
the great promise of the computer age. Cyber crime is a menace that has to
be tackled effectively not only by the official but also by the users
by co-operating with the law. The founding fathers of internet

15
 wanted it to be a boon to the whole world and it is upon us to keep this
tool of modernization as a boon and not make it a bane to the society.

TYPES OF CYBER CRIME

1. Theft of Telecommunications Services:

The "phone phreakers" of three decades ago set a precedent for what has
become a major c r i m in a l in d us t ry. By ga i n in g access to an
o rg a ni z a ti on s te l e p ho ne s w i tc hb oa r d ( PB X ) individuals or criminal
organizations can obtain access to dial-in/dial-out circuits and then make their
own calls or sell call time to third parties (Gold 1999). Offenders may
gain access to the switch board by impersonating a technician, by

16
 fraudulently obtaining an employee's access code, or by using software
available on the internet. Some sophisticated offenders loop between PBX
systems to evade detection. Additional forms of service theft include
capturing "calling card" details and on-selling calls charged to the calling card
account, and counterfeiting or illicit reprogramming of stored value telephone
cards.
It has been suggested that as long ago as 1990,
security failures at one m a j o r telecommunications carrier cost
approximately 290 million, and that more recently, up to 5% of total industry
turnover has been lost to fraud (Schieck 1995: 2-5). Costs to individual subscriber
scan also be significant in one case; computer hackers in the United
States illegally obtained access to Scotland Yard's telephone network and made
620,000 worth of international calls for which Scotland Yard was responsible
(Tendler and Nuttall 1996).

2. Communications in Furtherance of Criminal

Conspiracies:

Just as legitimate organizations in the private and public sectors

rely upon information s y s t e m s f o r c o m m u n i c a t i o n s a n d r e c o r d
k e e p i n g , s o t o o a r e t h e a c t i v i t i e s o f c r i m i n a l organizations
enhanced by technology.
There is evidence of telecommunications equipment being used to
facilitate organized drug trafficking, gambling, prostitution, money
laundering, child pornography and trade in w e a po ns ( in t hos e
j u ris di c t io n s w he re s uc h a c t i vi ti e s a r e il l e g a l ). The us e of
e n c ry p t io n technology may place criminal communications beyond the reach of
law enforcement.
The use of computer networks to produce and distribute child
pornography has become th e s u bj e c t of in c r e a s i ng a t te n ti on . Toda y,
t he s e ma te r ia ls c a n b e i mp or te d a c ro s s na ti on a l borders at the speed of
light. The more overt manifestations of internet child pornography entail a
modest degree of organization, as required by the infrastructure of IRC
and WWW, but the activity appears largely confined to individuals.

17
 By contrast, some of the less publicly visible traffic in child pornography
activity appears to entail a greater degree of organization. Although knowledge is
confined to that conduct which has been the target of successful police
investigation, there appear to have been a number of networks which
extend cross-nationally, use sophisticated technologies of concealment,
and entail a significant degree of coordination.
Illustrative of such activity was the Wonderland Club, an
international network with members in at least 14 nations ranging from
Europe, to North America, to Australia. Access to th e gr o u p w a s pa s s w o r d
p ro t e c t e d , a nd c o nt e n t w a s e n c ry p te d . P ol i c e i nv e s t ig a t io n o f t he
activity, codenamed "Operation Cathedral" resulted in approximately 100
arrests around the world, and the seizure of over 100,000 images in September,
1998.

3. Telecommunications Piracy

D ig it a l te c h no l o gy pe r mi t s p e r fe c t re p r od uc ti on a nd e a s y
d is s e m i na ti on of p ri nt , gr a p hi c s , s ou nd, and mu lt im e d i a
c o mb in a t i o ns . The t e m pt a t io n t o re pr od uc e c opy r ig h te d material
for personal use, for sale at a lower price, or indeed, for free
distribution, has proven irresistible to many.
This has caused considerable concern to owners of copyrighted
material. Each year, It has been estimated that losses of between US$15 and
US$17 billion are sustained by industry by reason of copyright infringement
(United States, Information Infrastructure Task Force 1995, 131).
The Software Publishers Association has estimated that $7.4
billion worth of software was lost to piracy in 1993 with $2 billion of
that being stolen from the Internet (Meyer and Underwood 1994).
Ryan (1998) puts the cost of foreign piracy to American industry at more
than $10 billion in 1996, including $1.8 billion in the film industry, $1.2 billion in
music, $3.8 billion in business application software, and $690 million in book
publishing.

18
 According to the Straits Times (8/11/99) A copy of the most recent James Bond
Film The World is Not Enough, was available free on the internet before its
official release. When creators of a work, in whatever medium, are unable to profit
from their creations, there can be a chilling effect on creative effort generally, in
addition to financial loss.

4. Dissemination of Offensive Materials

Content considered by some to be objectionable exists in abundance in

cyberspace. This includes, among much else, sexually explicit materials,
racist propaganda, and instructions for the fabrication of incendiary and
explosive devices. Telecommunications systems can also be us e d fo r
ha r a s s i ng , th re a te ni ng or i nt ru s i ve c om mu ni c a t io ns , fr om t he
t ra di t io n a l o bs c e n e te l e p h o ne call to it s c o nt e m p o ra ry
m a n if e s t a t io n i n " c y be r - s t a l k i ng ", i n w hi c h pe r s is te n t messages are
sent to an unwilling recipient.
One man allegedly stole nude photographs of his former girlfriend and her new
boyfriend a nd p os te d t he m on t he In te rn e t , a lo ng w it h he r na me ,
a d dr e s s a nd te le p ho ne n um be r. The unfortunate couple, residents of
Kenosha, Wisconsin, received phone calls and e-mails from s t r a n g e r s
as far away as Denmark who said they had seen the photos
o n t h e I n t e r n e t . In v e s t ig a t io ns a ls o re ve a l e d t ha t th e s us pe c t
wa s m a i nt a i ni ng r e c o rd s a b ou t the w om a n' s movements and compiling
information about her family (Spice and Sink 1999).
In another case a rejected suitor posted invitations on the Internet under the
name of a 28-year-old woman, the would-be object of his affections that said that
she had fantasies of rape and gang rape. He then communicated via email with
men who replied to the solicitations and gave out personal information about the
woman, including her address, phone number, details of her physical appearance
and how to bypass her home security system. Strange men turned up at her home

19
 on six different occasions and she received many obscene phone calls.
While the woman was not physically assaulted, she would not answer the phone,
was afraid to leave her home, and lost her job (Miller 1999; Miller and Maharaj
1999).
One former university student in California used email to harass 5
female students in1998. He bought information on the Internet about the women
using a professor's credit card and then sent 100 messages including death
threats, graphic sexual descriptions and references to their daily
activities. He apparently made the threats in response to percei ved
teasing about his appearance (Associated Press 1999a).
Computer networks may also be used in furtherance of extortion. The
Sunday Times (London) reported in 1996 that over 40 financial institutions in
Britain and the United States had been attacked electronically over the previous
three years. In England, financial institutions were reported to have paid
significant amounts to sophisticated computer criminals who threatened to wipe
out computer systems. (The Sunday Times, June 2, 1996). The article cited
four incidents between 1993 and 1995 in which a total of 42.5 million
Pounds Sterling were paid by senior executives of the organizations
concerned, who were convinced of the extortionists' capacity to crash their
computer systems (Denning 1999 233-4).

5. Electronic Money Laundering and Tax Evasion

For some time now, electronic funds transfers have assisted in concealing and
in moving the proceeds of crime. Emerging technologies will greatly assist in
concealing the origin of ill-gotten gains. Legitimately derived income may
also be more easily concealed from taxation authorities. Large financial
institutions will no longer be the only ones with the ability to achieve

20
electronic funds transfers transiting numerous jurisdictions
a t t h e s p e e d o f l i g h t . T h e development of informal banking
institutions and parallel banking systems may permit central bank
supervision to be bypassed, but can also facilitate the evasion of cash transaction
reporting requirements in those nations which have them. Traditional
underground banks, which have flourished in Asian countries for
centuries, will enjoy even greater capacity through the use
of telecommunications.
With the emergence and proliferation of various technologies of
electronic commerce, one can easily envisage how traditional
countermeasures against money laundering and tax evasion may soon be
of limited value. I may soon be able to sell you a quantity of heroin, in
return for an untraceable transfer of stored value to my "smart-card",
which I then download anonymously to my account in a financial institution
situated in an overseas jurisdiction which protects the privacy of banking
clients. I can discreetly draw upon these funds as and when I may require,
downloading them back to my stored value card (Wahlert 1996).

6. Electronic Vandalism, Terrorism and Extortion

As never before, western industrial society is dependent upon

complex data processing and telecommunications systems. Damage to, or
interference with, any of these systems can lead to c a t a s t r op h ic
c o ns e qu e nc e s . Whe th e r m ot iv a t e d by c ur io s ity o r vi n di c t ive ne s s
e le c tr on i c intruders cause inconvenience at best, and have the potential for
inflicting massive harm While this potential has yet to be realized, a number of
individuals and protest groups have hacked the official web pages of various
governmental and commercial organizations for e.g.: (Rathmell 1997).
http://www.2600.com/hacked_pages/ (visited 4 January 2000). This may also
operate in reverse: early in 1999 an organized hacking incident was
apparently directed at a server which hosted the Internet domain for East
Timor, which at the time was seeking its independence from Indonesia (Creed
1999).
Defence planners around the world are investing substantially in
information warfare -means of disrupting the information technology
infrastructure of defence systems (Stix 1995). Attempts were made to disrupt
the computer systems of the Sri Lankan Government (Associated Press 1998), and
of the North Atlantic Treaty Organization during the 1999 bombing of
Belgrade(BBC 1999). One case, which illustrates the transnational reach

21
of extortionists, involved a number of German hackers who compromised
the system of an Internet service provider in S o u t h F l o r i d a ,
disabling eight of the ISPs ten servers. The offenders
o b t a i n e d p e r s o n a l information and credit card details of 10,000
subscribers, and, communicating via electronic mail through one of the
compromised accounts, demanded that US$30,000 be delivered to a mail drop in
Germany. Co-operation between US and German authorities resulted in the arrest
of the extortionists (Bauer 1998).

7. Sales and Investment Fraud

As electronic commerce becomes more prevalent, the application of digital

technology to fraudulent endeavors will be that much greater. The use of
the telephone for fraudulent sales p i t c h e s , de c e p ti ve c ha r i ta bl e
s o li c i ta ti on s , or b og u s i nv e s t me n t ov e r tu re s is inc re a s in gly
c o m mo n. C y b e rs pa c e no w a bo u n ds w i t h a w i d e va ri e t y of
i nv e s t me n t o pp or t un i t ie s , fr o m traditional securities such as stocks
and bonds, to more exotic opportunities such as coconut farming, the sale
and leaseback of automatic teller machines, and worldwide telephone lotteries
(Cella and Stark 1997 837-844). Indeed, the digital age has been accompanied by
unprecedented opportunities for misinformation. Fraudsters now enjoy direct
access to millions of prospective victims around the world, instantaneously and at
minimal cost.
Classic pyramid schemes and "Exciting, Low-Risk Investment
Opportunities" are not uncommon. The technology of the World Wide Web is
ideally suited to investment solicitations. In the words of two SEC staff "At very
little cost, and from the privacy of a basement office or living room, the fraudster
can produce a home page that looks better and more sophisticated than that of a
Fortune 500 company" (Cella and Stark 1997, 822).

8. Illegal Interception of Telecommunications

22
 Developments in telecommunications provide new
o p p o r t u n i t i e s f o r e l e c t r o n i c eavesdropping. From activities as time-
honoured as surveillance of an unfaithful spouse, to the ne w e s t f or ms of
p ol it ic a l a nd in dus t r ia l e s p i on a ge , te l e c o m mu ni c a t io ns
i nt e rc e pt io n ha s increasing applications. Here again, technological
developments create new vulnerabilities. The electromagnetic signals emitted by a
computer may themselves be intercepted. Cables may act as broadcast antennas.
Existing law does not prevent the remote monitoring of computer radiation.
It has been reported that the notorious American hacker Kevin Poulsen was
able to gain access to law enforcement and national security wiretap data prior to
his arrest in 1991 (Littman1997). In 1995, hackers employed by a criminal
organization attacked the communications s y s t e m o f t h e A m s t e r d a m
Police. The hackers succeeded in gaining police operational
intelligence, and in disrupting police communications (Rathmell 1997).

9. Electronic Funds Transfer Fraud

Electronic funds transfer systems have begun to proliferate, and so has the risk
that such transactions may be intercepted and diverted. Valid credit card
numbers can be intercepted e l e c t r o n i c a l l y , a s w e l l a s p h y s i c a l l y ;
t h e d i g i t a l i n f o r m a t i o n s t o r e d o n a c a r d c a n b e counterfeited.
Of course, we don't need Willie Sutton to remind us that banks are
where they keep the money. In 1994, a Russian hacker Vladimir Levin,
operating from St Petersburg, accessed the comput ers of Citibank's
central wire transfer department, and transferred funds from large
corporate accounts to other accounts which had been opened by his
accomplices in The United St a t e s , t he N e t he rl a n ds , Fi n la nd,
Ge r ma n y, a n d I s r a e l. O ffic ia ls fr om one of t he c o r po ra te vi c t im s ,
l oc a te d in Ar ge n t in a , n ot if i e d t he ba n k, a n d t he s us pe c t a c c ou nt s ,
l oc a te d in S a n F r a n c i s c o , w e r e f r o z e n . T h e a c c o m p l i c e w a s

23
 arrested. Another accomplice was caught attempting to
withdraw funds from an account in Rotterdam. Although Russian law
precluded L e v in' s e x tr a d it io n, he w a s a r re s te d d ur i ng a v is it to t he
U ni te d S ta te s a nd s ubs e q ue n tly imprisoned. (Denning 1999, 55).
The above forms of computer-related crime are not necessarily mutually
exclusive, and need not occur in isolation. Just as an armed robber might
steal an automobile to facilitate a quick getaway, so too can one steal
telecommunications services and use them for purposes of vandalism,
fraud, or in furtherance of a criminal conspiracy.1 Computer-related
crime may be compound in nature, combining two or more of the generic forms
outlined above.

OTHER TYPES OF CYBER CRIME

1. HACKING
24
 H a c k in g in s im p le te r ms me a ns a n i ll e g a l i nt r us io n in to a
c o mp ut e r s y s t e m a n d/ or network. There is an equivalent term to hacking i.e.
cracking, but from Indian Laws perspective there is no difference between the
term hacking and cracking. Every act committed towards breaking into a
computer and/or network is hacking. Hackers write or use ready-made
computer programs to attack the target computer. They possess the desire to
destruct and they get the kick out of such destruction. Some hackers hack for
personal monetary gains, such as to stealing the credit card information,
transferring money from various bank accounts to their own account
followed by withdrawal of money. They extort money from some
corporate giant threatening him to publish the stolen information which is
critical in nature.
G ove rn me nt w e bs it e s a re t he h ot ta rge ts o f th e ha c ke r s due
t o t he pr e s s c o ve ra ge , i t receives. Hackers enjoy the media coverage.

Motive Behind The Crime

a) Greed
b) Power
c) Publicity
d) Revenge
e) Adventure
f) Desire to access forbidden information
g) Destructive mindset
h) Wants to sell n/w security services
2. Child Pornography
The Internet is being highly used by its abusers to reach and abuse
children sexually, worldwide. The internet is very fast becoming a household
commodity in India. Its explosion has made the children a viable victim to
the cyber crime. As more homes have access to internet, more children

25
would be using the internet and more are the chances of falling victim to
the aggression of pedophiles.
T he e a s y a c c e s s t o the po r n og ra ph ic c on t e n t s re a d ily a n d
f re e ly a v a i la bl e o ve r t he in t e rne t lo w e r t he i nh ib i t i o ns o f the
c h i ld re n. P e d op hi le s lu r e th e c h i l dr e n by di s t ri bu ti ng pornographic
material, and then they try to meet them for sex or to take their nude photographs
including their engagement in sexual positions. Sometimes Pedophiles
contact children in the chat rooms posing as teenagers or a child of similar age,
then they start becoming friendlier with them and win their confidence. Then
slowly pedophiles start sexual chat to help children shed their inhibitions
about sex and then call them out for personal interaction. Then starts
actual e x pl oi ta ti on of t he c h il dr e n by offe ri ng the m s o me mo ne y
o r fa ls e ly p ro mi s i ng t he m go od opportunities in life. The pedophiles
then sexually exploit the children either by using them as sexual objects or
by taking their pornographic pictures in order to sell those over the internet.
In physical world, parents know the face of dangers and they know how to
avoid & face the problems by following simple rules and accordingly they advice
their children to keep away f ro m da nge ro us th in gs a nd w a y s . B u t i n
c a s e of c y be r w or ld , m os t of t he p a r e n ts d o n ot themselves know
about the basics in internet and dangers posed by various services offered over t he
i nt e r ne t . H e n c e the c h il dr e n a re le f t un pr o te c te d i n t he c y b e r
w or ld . Pe do ph i l e s ta k e advantage of this situation and lure the children, who
are not advised by their parents or by their teachers about what is wrong and what
is right for them while browsing the internet.

How Do They Operate

a) Pedophiles use false identity to trap the children/teenagers.

b) Pedophiles contact children/teens in various chat rooms which are
used by children/teen to interact with other children/teen.

26
 c) Befriend the child/teen.
d) Extract personal information from the child/teen by winning his
confidence.
e) Gets the e-mail address of the child/teen and starts making contacts on the
victim e-mail address as well.
f) Starts sending pornographic images/text to the victim
including child pornographic images in order to help
child/teen shed his inhibitions so that a feeling is created in the
mind of the victim that what is being fed to him is normal and that
everybody does it.
g) Extract personal information from child/teen.
h ) A t t he e nd of it , t he p e d op hi le s e t u p a me e t i ng w i th th e
c h il d /t e e n o ut of t he h ous e a n d then drag him into the net to further
sexually assault him or to use him as a sex object.
In order to prevent your child/teen from falling into the trap of pedophile,
read the tips under Tips & Tricks heading.

3. Cyber Stalking

Cyber Stalking can be defined as the repeated acts harassment or

threatening behavior of the cyber criminal towards the victim by using internet
services. Stalking in General terms can be referred to as the repeated acts of
harassment targeting the victim such as following the victim, making
harassing phone calls, killing the victims pet, vandalizing victims
property, leaving written messages or objects. Stalking may be followed
by serious violent acts such as physical harm to the victim and the same
has to be treated and viewed seriously. It all depends on the course of
conduct of the stalker.
Both kind of Stalkers Online & Offline have desire to control the victims
life. Majority of the stalkers are the dejected lovers or ex-lovers, who then
want to harass the victim because they failed to satisfy their secret desires.
Most of the stalkers are men and victim female.

27
How Do They Operate
a ) C ol le c t a ll pe r s o na l i nf or ma ti on a b ou t th e v ic t im s uc h a s
na me , f a m ily ba c kg ro un d , Telephone Numbers of residence and
work place, daily routine of the victim, address of residence and place of
work, date of birth etc. If the stalker is one of the acquaintances of the
victim he can easily get this information. If stalker is a stranger to victim,
he collects the information from the internet resources such as various
profiles, the victim may have filled in while opening the chat or e-mail
account or while signing an account with some website.
b ) T he s ta lk e r ma y p os t th is in fo rm a ti on on a ny w e bs i t e r e l a te d
t o s e x -s e r vi c e s o r da ti ng services, posing as if the victim is
posting this information and invite the people to call the victim on
her telephone numbers to have sexual services. Stalker even uses
very filthy and obscene language to invite the interested persons.
c) People of all kind from nook and corner of the Worl d, who come
across this information, start calling the victim at her residence
and/or work place, asking for sexual services or relationships.
d ) S om e s ta lk e r s s ubs c r ib e th e e - ma i l a c c o un t of the v ic t im to
i nn um e r a b le po rn og ra p h ic and sex sites, because of which victim
starts receiving such kind of unsolicited e-mails.
e ) S om e s ta lk e rs k e e p o n s e nd i n g re pe a te d e - m a il s a s ki n g f or
va ri ou s k in ds of fa vo rs or threaten the victim.
f) In online stalking the stalker can make third party t o harass the
victim.
g ) F ol l ow t he ir vic t im f ro m bo a r d to b oa r d. The y h a n go ut o n
t he s a m e B B s a s t he i r victim, many times posting notes to the
victim, making sure the victim is aware that h e / s h e i s b e i n g
followed. Many times they will flame their victim
( b e c o m i n g argumentative, insulting) to get their attention.

28
 h ) S ta lk e rs w i ll a l mo s t a lw a y s m a ke c on t a c t w i th th e i r vic ti m s
t hr o ug h e ma i l. The le t t e rs may be loving, threatening, or sexually
explicit. He will many times use multiple names when contacting the
victim.
i) Contact victim via telephone. If the stalker is able to access the
victims telephone, he will many times make calls to the victim to
threaten, harass, or intimidate them.
j) Track the victim to his/her h ome.

Definition of Cyber stalking

Although there is no universally accepted definition of cyber stalking, the

term is used in this report to refer to the use of the Internet, e-mail, or other
electronic communications devices to stalk another person. Stalking
generally involves harassing or threatening behavior that an individual
engages in repeatedly, such as following a person, appearing at a
persons home or p l a c e of b us i ne s s , ma k i ng ha ra s s in g p ho ne c a l ls ,
l e a v in g w r it t e n m e s s a g e s or obj e c t s , or vandalizing a persons property.
Most stalking laws require that the perpetrator make a credible threat of violence
against the victim; others include threats against the victi ms immediate
family; and still others require only that the alleged stalkers course of
conduct constitute an implied threat. (1) While some conduct involving
annoying or menacing behavior might fall short of illegal stalking, such
behavior may be a prelude to stalking and violence and should be treated seriously.

Nature and Extent of Cyber stalking

An existing problem aggravated by new technology. Although
online harassment and threats can take many forms, cyber stalking shares
important characteristics with offline stalking. Many stalkers online or offline
are motivated by a desire to exert control over their victims and engage in
similar types of behavior to accomplish this end. As with offline

29
stalking, the available evidence (which is largely anecdotal) suggests
that the majority of cyber stalkers are men and the majority of their
victims are women, although there have been reported cases of women
cyber stalking men and of same-sex cyber stalking. In many cases, the cyber
stalker and the victim had a prior relationship, and the cyber stalking
begins when the victim attempts to break off the relationship. However,
there also have been many instances of cyber stalking by strangers. Given
the enormous amount of personal information available through the Internet, a
cyber stalker can easily locate private information about a potential
victim with a few mouse clicks or key strokes.

The fact that cyber stalking does not involve physical contact may create the
misperception that it is more benign than physical stalking. This is not necessarily
true. As the Internet becomes an ever more integral part of our personal and
professional lives, stalkers can take advantage of the ease of communications as
well as increased access to personal information. In addition, the ease of use and
non-confrontational, impersonal, and sometimes anonymous nature of Internet
communications may remove disincentives to cyber stalking. Put another way,
whereas a potential stalker may be unwilling or unable to confront a victim
in person or on the telephone, he or she may have little hesitation sending
harassing or threatening electronic communications to a victim. Finally, as with
physical stalking, online harassment and threats may be a prelude to more serious
behavior, including physical violence.

Phishing
I n the fi e l d o f c om pu t e r s e c ur ity, Phishing is t he c r i m i na ll y
f ra u du l e n t p ro c e s s of attempting to acquire sensitive information such as
usernames, passwords and credit card details by masquerading as a
trustworthy entity in an electronic communication.
Communications purporting to be from popular social web sites, auction

30
sites, online payment processors or IT Administrators are commonly used to
lure the unsuspecting public. Phishing is typically carried out by e-mail or
instant messaging, and it often directs users to enter details at a fake
website w h o s e l o o k a n d f e e l a r e a l m o s t i d e n t i c a l t o t h e
l e g i t i m a t e o n e . E v e n w h e n u s i n g s e r v e r authentication, it may
require tremendous skill to detect that the website is fake. Phishing is an example
of social engineering techniques used to fool users, and exploits the poor
usability of c u r re n t w e b s e c u ri ty t e c h no l o gi e s . Att e mp ts t o de a l
w it h t he gr o w i ng nu mb e r of r e p or t e d phishing incidents include
legislation, user training, public awareness, and technical security
measures.
Phishing, also referred to as brand spoofi ng or carding, is a
variation on "fishing," the idea being that bait is thrown out with the hopes that
while most will ignore the bait, some will be tempted into biting.
A phishing technique was described in detail in 1987, and the first
recorded use of the term "phishing" was made in 1996.

Phishing email
From: *****Bank [mailto:support@****Bank.com]
Sent: 08 June 2004 03:25
To: IndiaSubject:
Official information from ***** Bank
Dear valued ***** Bank Customer!
For security purposes your account has been
randomly chosen for verification. To verify
your account information we are asking you to
provide us with all the data we are requesting.
Otherwise we will not be able to verify your identity
and access to your account will be denied. Please click
on the link below to get to the bank secure
page and verify your account details. Thank you.

31
 https://infinity.*****bank.co.in/Verify.jsp
****** Bank Limited

Spam
Spam is a generic term used to describe electronic 'junk mail' or unwanted
messages sent to your email account or mobile phone. These messages vary, but
are essentially commercial and often annoying in their sheer volume. They may try
to persuade you to buy a product or service, or visit a website where you can make
purchases; or they may attempt to trick you into divulging your bank account or
credit card details.M o re in fo rm a t io n a b ou t s pa m is a v a i la b le fr om t he
Aust ralian Communications and Media Authority (ACMA website).

Scams
The power of the Internet and email communication has made it all
too easy for email scams to flourish. These schemes often arrive uninvited by
email. Many are related to the well-documented Nigerian Scam or Lotto Scams
and use similar tactics in one form or another. While the actual amount of money
lost by businesses and the community is unknown, the number of people claiming
to have been defrauded by these scams is relatively low. M or e i nf or ma ti on
a b ou t s c a ms i s a va i la b l e fr o m th e Aus t ra li a n C om pe t it io n a n d
Consumer Commission (ACCC)SC A M watch w e b s it e and the
A us t ra li a n S e c u r it i e s a n d Investments Commission FIDO website.

Spyware
Spyware is generally considered to be software that is secretly
installed on a computer and takes things from it without the permission
or knowledge of the user. Spyware may take personal information, business
information, bandwidth; or processing capacity and secretly gives it to someone
else. It is recognized as a growing problem. M or e in fo rm a t io n a bo ut ta ki ng

32
 c a re o f s py w a re is a v a i la b le f ro m t he Department of Broadband,
Communication, and the Digital Economy (DBCDE) website.

4. D e n ia l O f Se r vi c e At t ac k

This is an act by the criminal, who floods the bandwidth of the victims
network or fills his email box with spam mail depriving him of the services he is
entitled to access or provide.

5. Vir us D is s e min a ti on

Malicious software that attaches itself to other software (Virus,, worms,,

Trojan Horse,, Time bomb,, Logic Bomb,, Rabbit and Bacterium are the malicious
softwares).

6. Software Piracy

Theft of software through the illegal copying of genuine programs or the

counterfeiting and distribution of products intended to pass for the original.
Retail revenue losses worldwide are ever increasing due to this crime.
It can be done in various ways- End user copying, Hard disk
loading,, Counterfeiting,, Illegal downloads from the internet etc.

7. Spoofing
Getting one computer on a network to pretend to have the identity
of another computer, usually one with special access privileges, so as to
obtain access to the other computers on the network..

8. Net Extortion

C opy i ng the c o mpa ny s c on fi de nt ia l da ta i n or de r t o e xt or t

s a id c om pa ny fo r hu ge amount.

9. SALAMI ATTACK

33
 I n s uc h c r im e c r im in a l ma ke s i ns i gn if ic a n t c ha nge s i n s uc h
a ma nne r t ha t s uc h c h a n ge s would go unnoticed. Criminal makes such
program that deducts small amount like Rs. 2.50 per month from the account of all
the customer of the Bank and deposit the same in his account. In this case no
account holder will approach the bank for such small amount but
criminal gains huge amount.

10. SALE OF NARCOTICS

Sale & Purchase through net.
There are web sites which offer sale and shipment off contrabands drugs.
They may use the techniques off stenography for hiding the messages.

34
 CLASSIFICATION OF CYBER CRIME

Classification of
Cyber Crime

Cyber Crime Cyber Crime Cyber Crime

Against Person Against Property Against Government

1. Cybercrimes Against Persons

Cybercrimes committed against persons include various crimes
like transmission of c h il d- p or no gr a p hy, ha ra s s me nt o f a ny on e w i th
t he us e o f a c om pu te r s uc h a s e - ma i l. The trafficking, distribution,
posting, and dissemination of obscene material including pornography and
indecent exposure, constitutes one of the most important Cybercrimes
known today. The potential harm of such a crime to humanity can hardly
be amplified. This is one Cybercrime which threatens to undermine the
growth of the younger generation as also leave irreparable scars and injury
on the younger generation, if not controlled.
A minor girl in Ahmadabad was lured to a private place through
cyber chat by a man, who, along with his friends, attempted to gang-rape
her. As some passersby heard her cry, she was rescued.
Another example wherein the damage was not done to a person but
to the masses is the case of the Melissa virus. The Melissa virus first

35
 appeared on the internet in March of 1999. It spread rapidly throughout
computer systems in the United States and Europe. It is estimated that the virus
caused 80 million dollars in damages to computers worldwide.
In the United States alone, the virus made its way through 1.2
million computers in one-fifth of the country's largest businesses. David Smith
pleaded guilty on Dec. 9, 1999 to state and federal charges associated with his
creation of the Melissa virus. There are numerous examples of such computer
viruses few of them being "Melissa" and "love bug".

2. Cybercrimes Against Property

The second category of Cybercrimes is that of Cybercrimes against all
forms of property. These crimes include computer vandalism (destruction
of others' property), transmission of harmful programmers.
A M um ba i - ba s e d ups ta rt e n g i ne e ri n g c o mp a ny l os t a s a y a n d
m uc h m on e y in the business when the rival company, an industry
major, stole the technical database from their computers with the help of a
corporate cyber spy.

3. Cybercrimes Against Government

The third category of Cybercrimes relate to Cybercrimes against
Government. Cyber terrorism is one distinct kind of crime in this category. The
growth of internet has shown that the medium of Cyberspace is being used by
individuals and groups to threaten the international g ove rn me nt s a s
a ls o t o te r ro ri z e th e c it iz e ns of a c o un t ry . Thi s c r i m e ma n if e s t s
i ts e lf i nt o terrorism when an individual "cracks" into a government or military
maintained website.
The Parliament of India passed its first Cyber law, the Information
Technology Act in2000. It not only provides the legal infrastructure for
E-commerce in India but also at the same time, gives draconian powers to the
Police to enter and search, without any warrant, any public place for the

36
purpose of nabbing cybercriminals and preventing cybercrime. Also,
the Indian C y b e r l a w t a l k s o f t h e a r r e s t o f a n y p e r s o n
who is about to commit a cyber crime.
The Act defines five cybercrimes damage to computer source code,
hacking, publishing electronic information which is lascivious or prurient, breach
of confidentiality and publishing false digital signatures. The Act also
specifies that cybercrimes can only be investigated by an official holding
no less a rank than that of Dy. Superintendent of Police (Dy.SP).
It is c o mm on t ha t ma ny s y s te ms o pe ra to rs d o no t s ha r e
i nf or ma ti on w he n th e y a re vi c ti mi z e d by c r a c ke rs . The y do n' t
c o nt a c t l a w e n fo rc e me nt o ffic e rs w he n t he ir c om pu te r systems are
invaded, preferring instead to fix the damage and take action to keep crackers from
gaining access again with as little public attention as possible.
According to Sundari Nanda, SP, CBI, "most of the times the
victims do not complain, may be because they are aware of the extent of
the crime committed against them, or as in the case of business houses, they
don't want to confess their system is not secure".
As the research shows, computer crime poses a real threat. Those who
believe otherwise simply have not been awakened by the massive losses
and setbacks experienced by companies worldwide. Money and intellectual
property have been stolen, corporate operations impeded, and jobs lost as a result
of computer crime.
Similarly, information systems in government and
b u s i n e s s a l i k e h a v e b e e n c om p ro mi s e d. The e c on om ic i mp a c t
o f c om pu te r c ri me is s t a g ge r in g (g re a t di ffi c ul t y ).

37
 REASONS FOR CYBER CRIME
Hart in his work The Concept of Law has said human beings are
vulnerable so rule of law is required to protect them. Applying this to the
cyberspace we may say that computers are vulnerable (capable of attack)
so rule of law is required to protect and safeguard them against cyber
crime. The reasons for the vulnerability of computers may be said to be:

1. Capacity To Store Data In Comparatively Small Space-

The computer has unique characteristic of storing data in a very
small space. This affords to remove or derive information either through
physical or virtual medium makes it much easier.

2. E a s y To Ac c e s s

38
 The problem encountered in guarding a computer system from
unauthorized access is that there is every possibility of breach not due to
human error but due to the complex technology. By secretly implanted
logic bomb, key loggers that can steal access codes, advanced voice recorders;
retina imagers etc. that can fool biometric systems and bypass firewalls
can be utilized to get past many a security system.

3. Complex
The computers work on operating systems and these operating systems in
turn are composed of millions of codes. Human mind is fallible and it is not
possible that there might not be a lapse at any stage. The cyber criminals
take advantage of these lacunas and penetrate into the computer system.

4. Negligence
Negligence is very closely connected with human conduct. It is
therefore very probable that while protecting the computer system there
might be any negligence, which in turn provides a cyber criminal to gain
access and control over the computer system.

5. Loss Of Evidence
Loss of evidence is a very common & obvious problem as all the data are
routinely destroyed. Further collection of data outside the territorial extent also
paralyses this system of crime investigation.

39
 CYBER CRIMINALS
The cyber criminals constitute of various groups/ category. This division
may be justified on the basis of the object that they have in their mind. The
following are the category of cyber criminals-

1. Children And Adolescents Between The Age Group Of 6 18

Years:
The simple reason for this type of delinquent (A young offender) behavior
pattern in children is seen mostly due to the inquisitiveness to know and explore
the things. Other cognate reason may be to prove themselves to be
outstanding amongst other children in their group. Further the reasons
may be psychological even. E.g. the Bal Bharati(Delhi) case was the outcome of
harassment of the delinquent by his friends.

2. O r g a n i z e d H a c k e r s
These kinds of hackers are mostly organized together to fulfill certain
objective. The reason may be to fulfill their political bias, fundamentalism, etc.
The Pakistanis are said to be one of the best quality hackers in the world. They
mainly target the Indian government sites with the purpose to fulfill
their political objectives. Further the NASA as well as the Microsoft sites is always
under attack by the hackers.

40
3. P r o fe s s io n al Ha c k e r s / C r ac ke r s
Their work is motivated by the colour of money. These kinds of hackers are
mostly employed to hack the site of the rivals and get credible, reliable and
valuable information. Further they are even employed to crack the
system of the employer basically as a measure to make it safer by
detecting the loopholes.

4. Discontented Employees
T h i s gr o up i n c lu de s th os e pe o pl e w ho h a v e be e n e i the r
s a c ke d by th e i r e mp loy e r o r a re dissatisfied with their employer. To
avenge they normally hack the system of their employee.

41
MODE AND MANNER OF COMMITING CYBER CRIME

1. Unauthorized Access To Computer Systems Or

Networks /Hacking
This kind of offence is normally referred as hacking in the generic sense.
However the framers of the Information Technology Act 2000 have no where used
this term so to avoid any confusion we would not interchangeably use the word
hacking for unauthorized access as the latter has wide connotation.

2. Theft Of Information Contained In Electronic Form

This includes information stored in computer hard disks,
removable storage media etc. Theft may be either by appropriating the data
physically or by tampering them through the virtual medium.

3. Email Bombing

This kind of activity refers to sending large numbers of mail to the

victim, which may be an individual or a company or even mail servers
there by ultimately resulting into crashing.

4 . D a ta Diddling

This kind of an attack involves altering raw data just before a

computer processes it and then changing it back after the processing is

42
 completed. The electricity board faced similar problem of data diddling
while the department was being computerized.

5. Salami Attacks

This kind of crime is normally prevalent in the financial

institutions or for the purpose of committing financial crimes. An
important feature of this type of offence is that the alteration is so small
that it would normally go unnoticed. E.g. the Ziegler case wherein a
logic bomb was introduced in the banks system, which deducted 10
cents from every account and deposited it in a particular account.

6. Denial of Service Attack

The computer of the victim is flooded with more requests than it
can handle which cause it to crash. Distributed Denial of Service (DDS) attack
is also a type of denial of service attack, in which the offenders are wide in number
and widespread. E.g. Amazon, Yahoo.

7 . V i r u s / W o r m At t a c k s
Viruses are programs that attach themselves to a computer or a file and then
circulate themselves to other files and to other computers on a network. They
usually affect the data on a computer, either by altering or deleting it. Worms,
unlike viruses do not need the host to attach themselves to. They merely make
functional copies of themselves and do this repeatedly till they eat up all the
available space on a computer's memory. E.g. love bug virus, which affected at
least 5 % of the computers of the globe. The losses were accounted to be $ 10
million. The world's most famous worm was the Internet worm let loose o n t he
I nt e r ne t by Robert Morris sometime in 1988. Almost brought
development of Internet to a complete halt.

8. Logic Bombs
43
 T he s e a re e v e n t de pe nd e n t pr og ra ms . Th is im p l ie s t ha t th e s e
p ro g ra ms a r e c re a te d t o do something only when a certain event (known as
a trigger event) occurs. E.g. even some viruses may be termed logic bombs
because they lie dormant all through the year and become active only on a
particular date (like the Chernobyl virus).

9 . Tro j a n At t a c k s
This term has its origin in the word Trojan horse. In software field this
means an unauthorized programme, which passively gains control over anothers
system by representing itself as an authorized programme. The most common
form of installing a Trojan is through e-mail. E.g. a Trojan was installed in the
computer of a lady film director in the U.S. while chatting. The cyber criminal
through the webcam installed in the computer obtained her personal data. He
further harassed this lady.

10. Internet Time Thefts

Normally in these kinds of thefts the Internet surfing hours of the victim are
used up by another person. This is done by gaining access to the login ID and the
password. E.g. Colonel Bajwas case- the Internet hours were used up by any other
person. This was perhaps one of the first reported cases related to cyber crime in
India. However this case made the police infamous as to their lack of
understanding of the nature of cyber crime.

11. Web Jacking

44
 This term is derived from the term hi jacking. In these kinds of offences the
hacker gains access and control over the web site of another. He may even
mutilate or change the information on the site. This may be done for
fulfilling political objectives or for money. E.g. recently the site of MIT (Ministry
of Information Technology) was hacked by the Pakistani hackers and some
obscene matter was placed therein. Further the site of Bombay crime branch
was also web jacked. Another case of web jacking is that of the gold
fish case. In this case the site was hacked and the information pertaining to gold
fish was changed. Further a ransom of US $ 1 million was demanded as
ransom. Thus web jacking is a process where by control over the site of
another is made backed by some consideration for it.

BANKING SECTOR
The Banking Industry was once a simple and reliable business that took
deposits from investors at a lower interest rate and loaned it out to borrowers at a
higher rate.
However deregulation and technology led to a revolution in the Banking
Industry that saw it transformed. Banks have become global industrial
powerhouses that have created ever more complex products that use risk.
Through technology development, banking services have become
available 24 hours a day, 365 days a week, through ATMs, at online
banking, and in electronically enabled exchanges where everything from stocks
to currency futures contracts can be traded.

45
The Banking Industry a t its c or e p ro vi de s a c c e s s to c re d it. In t he
l e n de r s c a s e , th is includes access to their own savings and investments, and
interest payments on those amounts. In the case of borrowers, it includes access to
loans for the creditworthy, at a competitive interest rate.
Banking services include transactional services, such as verification of account
details, account balance details and the transfer of funds, as well as advisory
services that help individuals and institutions to properly plan and manage their
finances. Online banking channels have become a key in the last 10 years.
The collapse of the Banking Industry in the Financial Crisis, however,
means that some of the more extreme risk-taking and complex
securitization activities that banks increasingly engaged in since 2000 will
be limited and carefully watched, to ensure that there is not another banking
system meltdown in the future.
Banking in India originated in the last decades of the 18th century.
The oldest bank inexistence in India is the State Bank of India, a
government-owned bank that traces its origins back to June 1806 and that is
the largest commercial bank in the country. Central banking is the
responsibility of the Reserve Bank of India, which in 1935
formally took over these r e s p on s ib il it ie s fr om the th e n

46
I mp e ri a l B a n k o f I nd ia , r e l e g a t in g it to c o m me rc ia l b a n ki ng
functions. After India's independence in 1947, the Reserve Bank was
nationalized and given broader powers. In 1969 the government
nationalized the 14 largest commercial banks; the government nationalized
the six next largest in 1980.Currently, India has 88 scheduled commercial
banks (SCBs) - 27 public sector banks (t ha t is w it h the G ov e r nm e n t of
I nd ia ho ld in g a s ta ke ) , 3 1 p ri va te b a n ks ( th e s e d o n ot ha ve
government stake; they may be publicly listed and traded on stock
exchanges) and 38 foreign banks. Total numbers of ATMs in India have
increased to 189,189 by the end of August15 and are further expected to double
over the next few years, thereby taking the number of ATMs per million
population from 105 in 2012, to about 300 in 2017. In 2015,with the Financial
Inclusion Plan, 390387 villages were covered with 14207 branches. In April 2014,
after 12 years of its last issuance of bank license, RBI granted in-principle licenses
to IDFC and Bandhan Microfinance to promote rural expansion.

CYBER CRIME IN BANKING SECTOR

AUTOMATED TELLER MACHINE

47
 The traditional and ancient society was devoid of any monetary
instruments and the entire exchange of goods and merchandise was
managed by the barter system. The use of monetary instruments as a
unit of exchange replaced the barter system and money in various
de n o mi na t i ons w a s us e d a s t he s ol e pu rc ha s i ng pow e r. The
m od e r n c on te m po r a ry e ra h a s re p l a c e d th e s e tr a d it io n a l mo ne t a ry
i ns t ru me n ts f ro m a pa pe r a nd me ta l ba s e d c u rr e n c y to plastic
money in the form of credit cards, debit cards, etc. This has resulted in the
increasing use of ATM all over the world. The use of ATM is not only safe
but is also convenient. This safety and convenience, unfortunately, has an evil
side as well that do not originate from the use o f pla s ti c m one y r a t he r by
t he m is us e of t he s a m e . Th is e vi l s i de is r e f le c te d i n t he fo rm
of ATM FRAUDS that is a global problem. The use of plastic money is
increasing day by day for payment of shopping bills, electricity bills,
school fees, phone bills, insurance premium, travelling bills and even petrol
bills. The convenience and safety that credit cards carry with its use has been
instrumental in increasing both credit card volumes and usage. This
growth is not only in positive use of the same but as well as the negative use of

48
 the same. The world at large is struggling to increase the convenience and safety
on the one hand and to reduce it misuse on the other.

WAYS TO CARD FRAUDS

Some of the popular techniques used to carry out ATM crime are:

1. T h r o u g h C a r d J a m m i n g AT M s c a r d r e a d e r i s t a m p e r e d w i t h
i n o r d e r t o t r a p a customers card. Later on the criminal removes the card.
2. Card Skimming, is the illegal way of stealing the cards security
information from the cards magnetic stripe.
3. Card Swapping, through this customers card is swapped for another card
without the knowledge of cardholder.
4. Website Spoofing, here a new fictitious site is made which looks
authentic to the user and customers are asked to give their card number. PIN
and other information, which are used to reproduce the card for use at an ATM.
5. Physical Attack. ATM machine is physical attacked for removing the cash.

HOW TO USE CASH MACHINE

49
 B e a w a r e o f ot he r s a ro un d y ou. If s ome one c l os e by t he c a s h
m a c h ine is be ha vi ng s us p ic io u s ly or ma ke s y ou fe e l
u nc o mf o rt a b l e , c h oos e a no t he r . M a ke s ur e y ou c he c k th e machine
before you use it for any signs of tampering. Examine the machine for stick on
boxes, stick on card entry slots etc. If you find it difficult to get your card into the
slot, do not use it, go to another machine. Anything unusual about the cash
machine report it to the bank and police or the owner of the premises
immediately. Under no circumstances should members of the public attempt to
remove a device as its possible the offender may be nearby.

HOW TO USE A CASH MACHINE

1. Give other users space to enter their personal identity number (PIN) in
private.
2. B e a w a r e of y ou r s u rr o un di ng s . If s ome one is c r ow di ng or
wa t c h i ng y ou, c a nc e l t he transaction and go to another machine. Take your
card with you.
3. Do not accept help from "well meaning" strangers and never
a l l o w y o u r s e l f t o b e distracted.

50
4. Stand close to the cash machine and always shield the keypad to avoid
anyone seeing you enter your PIN.

What Precaution Should Be Taken While Leaving Cash Machine

51
 Once you have completed a transaction, discreetly put your money and card
away before leaving the cash machine.
I f y ou l os e y our c a rd in a c a s h ma c hi ne , c a nc e l t he c a r d
i mm e d ia t e ly w i th t he c a rd issuers 24-hour emergency line, which can be
found on your last bank statement. Do not assume that your bank automatically
knows that the machine has withheld your card. Again, beware of help offered by
"well meaning strangers".
Dispose of your cash machine receipt, mini-statement or balance enquiry
slip with care. Tear up or preferably shred these items before discarding them.

Card Fraud Also Happens In The Home:

C a rd ho ld e r s s h ou ld a ls o be w a r ne d o f the ri s k s o f ve ri fy in g
ba nk d e ta il s a t ho me i n unsolicited telephone conversations. Always call the
person back using the advertised customer telephone number, not the telephone
number they may give you.
i. Do Not Click On Hyperlinks Sent To You By Email Asking You To Confirm
Your Bank Details Online:
Hyperlinks are links to web pages that have been sent to you by
email and may open a dummy website designed to steal your personal
details. Phone your bank instead on their main customer number or access
your account using the bank's main website address. Use good antivirus and
firewall protection.
ii. NEVER Write Down Your Pin:
People make life very easy for pickpockets if they write down their
PIN and keep it in their purse or wallet. Do not write down your PIN. If
you have been given a number that you find difficult to remember, take your
card along to a cash machine and change the number to onethat you will be able to
remember without writing it down.

52
PREVENTION FOR ATM CARDS
M os t ATM f ra ud s ha p pe n d ue t o the n e g li ge n c e of c us t om e rs
i n us in g, a nd mo re importantly, negligence of banks in educating their
customers about the matters that should bet a ke n c a r e of w hi le a t a n ATM .
T he n um be r of ATM fr a u ds i n In di a is mo re in r e ga rd to negligence
of the Personal Identification Number (PIN), than by sophisticated
crimes like skimming. Banks need to develop a fraud policy the policy should
be written and distributed to all employees, borrowers and depositors.
The most important aspect for reducing ATM related fraud is to educate the
customer. Here is a compiled list of guidelines to help your customer from being
an ATM fraud victim:

1. Lo o k fo r s u s p ic i o us a t ta c hme nts . C ri mi na ls o ft e n c a p t u re
in fo r ma ti on t hr ou g h ATM skimming using devices that steal
magnetic strip information. At a glance, the skimmer l oo ks j us t l ik e a
re gu la r ATM s l ot, b ut i t s a n a t ta c hme nt tha t c a p tu re s ATM
c a r d numbers. To spot one, the attachment slightly protrudes from
the machine and may not be parallel with the inherent grooves.
Sometimes, the equipment will even cut off the printed labels on the
ATM. The skimmer will not obtain PIN numbers, however. To get that,
fraudsters place hidden cameras facing the ATM screen. Theres
also the helpful bystander (the criminal) who may be standing by to
kindly inform you the machine has had problems and offer to help. If you
do not feel safe at any time, press the ATM cancel button, remove your
card and leave the area immediately.
2. M in im iz e y ou r t im e a t t he ATM . The m or e t im e y ou s pe n d
a t the ATM , t he mo re vulnerable you are. If you need to update your
records after a transaction, one is advised do it at home or office, but not
while at the ATM. Even when depositing a cheque at the ATM, on should

53
 not make/sign the cheque at the ATM. After the transaction, if you
think you are being followed, go to an area with a lot of people and call the
police.
3. Make smart deposits. Some ATMs allow you to directly deposit
checks and cash into your accounts without stuffing envelopes. As for
the envelope-based deposits, make sure they go through if it gets
jammed and it doesnt fully go into the machine, the next person
can walk up and take it out. After having made the ATM deposit,
compare your records with the account statements or online banking
records.

INDIAN SCENARIO
In India, where total number of installed ATMs base is far less
than many developed countries. ATM-related frauds are very less. But they
could increase as more and more ATMs will penetrate in the country, the bank
should create awareness among customers about the card-related frauds to reduce
the number of frauds in future. In India, Indian Banks Association (IBA)can take
lead to kick started.
The ATM fraud is not the sole problem of banks alone. It is a big threat and
it requires a coordinated and cooperative action on the part of the bank,
customers and the law enforcement machinery. The ATM frauds not only
cause financial loss to banks but they also undermine customers
confidence in the use of ATMs. This would deter a greater use of ATM for
monetary transactions. It is therefore in the interest of banks to prevent ATM
frauds. There is thus a need to ta k e p re c a u t i on a ry a n d i ns u ra nc e
m e a s u r e s tha t gi ve g re a te r pr ot e c t i o n to the ATM s , pa rt i c ul a rl y
t ho s e loc a te d in l e s s s e c u re a re a s . The na t ur e a n d the e xt e nt of
p re c a u t i on a ry measures to be adopted will, however, depend upon the
requirements of the respective banks.

54
CYBER MONEY LAUNDERING

During the past three decades, IT and Internet technologies have

reached every nook and corner of the world. E-commerce has come into
existence due to the attributes of Internet like ease of use, speed, anonymity
and its International nature. Internet has converted the world into a boundary less
market place that never sleeps. Drug peddlers and organized criminals
found a natural and much sought after ally in Internet. Computer
networks and Internet, in particular, permit transfer of funds electronically
between trading partners, businesses and consumers. This transfer can be done in
many ways. They include use of credit cards, Internet banking, e-cash, e-wallet
etc. for example, smart cards like Visa Cash, Mondex card, whose use is
growing can store billions of dollars. At present, there is an upper limit
imposed by the card issuers but technically there is no limit. In some other
forms of computer-based e-money, there is no upper l im it . M o bi le ba n ki ng
a n d mo bi le c om me r c e a re gr ow in g a n d the s e te c hn ol og ie s ha ve
t he capability to transfer any amount of money at the touch of a bottom
or click of a mouse. They c a n be e ffe c t iv e to ol s in t he ha nds o f
m on e y la un de r e r s . Fi rs t a n d fo re mo s t, t he a n ony m ity offered by
internet and cyber payment systems is being exploited to the hilt by the
criminal elements.
As cyber payment systems eliminate the need for face to face
interactions, transfer of funds can be done between two trading partners
directly. Two individuals also can transfer funds directly using e- wallets. This
problem is further compounded by the fact that, in many countries, non-financial
institutions are also permitted to issue e-money. Monitoring the activities of these
i ns t it u ti ons in a t ra di ti on a l ma n ne r is n ot p os s ib le . Ea r li e r, c r os s -
b or de r tr a ns a c ti ons w e r e controlled by the central banks of respective

55
countries. With the entry of Internet commerce, the jurisdictional technicalities
come into play and it is another area that is being exploited by the
money launderers. The capacity to transfer unlimited amounts of money
without having to go through strict checks makes cyber money laundering an
attractive proposition. From the point of view of law enforcing agencies, all the
above advantages cyber payments provide to consumers and trading partners, turn
out to be great disadvantages while investigating the crimes.

WHY MONEY LAUNDERING?

T he m os t im po rt a n t a i m of m on e y la un de ri ng is to c o nc e a l
t he or ig in o f t he mo ne y, w hic h, i n a lm os t a l l c a s e s , is fr om i ll e ga l
a c ti vi ty. C ri mi na l re s or t to th is p ra c t ic e to a vo id detection of the
money by law enforcement which will lead to its confiscation and also
may provide leads to the illegal activity. By laundering the money the
criminals are trying to close their tracks. Further, their aims could be to
increase the profits by resorting to illegal money transfer etc. and also of
course, to support new criminal ventures. Money laundering from
the point of view of the criminal increases the profits and, at the same time,
reduces the risk. While indulging in money laundering process, the launderers also
attempt to safeguard their interests. They conceal the origin and ownership of
the proceeds, maintain control over proceeds and change the form of
proceeds.

56
MONEY LAUNDERING PROCESS
Money laundering is normally accomplished by using a three-stage
process. The three steps involved are Placement, Layering and
Integration. E-money and cyber payment systems come in handy in all the
three stages of the process.

1. PLACEMENT
The first activity is placement. Illegal activities like drug trafficking,
extortion, generate very volumes of money. People involved in these activities
cannot explain the origin and source of these funds to the authorities. There
is a constant fear of getting caught. So the immediate requirement is to
send this money to a different location using all available means. This stage is
characterized by facilitating the process of inducting the criminal money into the
legal financial system. Normally, this is done by opening up bank accounts in the
names of non-existent people or commercial organizations and depositing
the money. Online banking and Internet banking make it very easy for a
launderer to open and operate a bank account. Placement in cyber space occurs by
depositing the illegal money with some legitimate financial institutions or

57
businesses. This is done by breaking up the huge cash into smaller chunks.
Launderers are very careful at this stage because the chances of getting caught
are considerable here. Cyber payment system scan come in handy during this
process.

2. LAYERING
Layering is the second sub process. In this complex layers of
financial transaction are created to disguise the audit trail and provide
anonymity. This is used to distance the money from the sources. This is
achieved by moving the names from and to offshore bank accounts in the names
of shell companies or front companies by using Electronic Funds
Transfer (EFT) or by other electronic means. Every day trillions of
dollars are transferred all over the world by other legitimate business and
thus it is almost impossible ton as certain whether some money is legal or
illegal. Launderers normally make use of commodity brokers, stock
brokers in the layering process. Launderers were also found to purchase high
value commodities like diamonds etc. and exporting them to a different
jurisdiction. During this process, they make use of the banks wherever
possible as in the legal commercial activity.

3. INTEGRATION

Integration is the third sub process. This is the stage in which the
cleaned money is p l o ug he d b a c k. Thi s i s a c hi e ve d by m a k in g it
a p pe a r a s le ga l l y e a r ne d. Thi s i s no r m a l ly a c c om pl is he d by th e
l a u nde r e rs by e s t a b l is h in g a n ony m ous c o mp a n i e s in c o u nt r ie s
w he r e secrecy is guaranteed. Anyone with access to Internet can start an e-
business. This can look and function like any other e-business as far as the
outside world is concerned. This anonymity is what makes Internet very
attractive for the launderers. They can then take loans from these
companies and bring back the money. This way they not only convert their money

58
this way but also can take advantages associated with loan servicing in terms of
tax relief. Another way can be by placing false export import invoices and over
valuing goods.
The entire process can be explained with the help of an example. The
money launderers first activity is to set up an online commerce company
which is legal. Normally, the launderer s e ts u p the w e bs ite f or h is
c o mp a ny a n d a c c e p ts o nl in e pa y me nt s us in g c re d it c a rds fo r
t he purchases made from his companys website. As a part of the whole scheme,
launderers obtain credit cards from some banks or financial institutions located in
countries with lax rules, which are known as safe havens. The launderer
sitting at home, then, makes purchases using this credit card from his own
website. As in normal transactions, the Web-based system then sends an invoice to
the customers (who happens to the launderer himself) bank, in the safe haven.
The bank then pays the money into the account of the company. Cyber
space provides a secure and anonymous opportunity to the criminals in money
laundering operations. It has come to light that many gangs are opening up the
front companies and hiring information technology specialists fo r
ne fa r io us a c t iv i t ie s . I nc ide nts h a ve a ls o c o me t o li gh t w he re t he
c ri mi na ls a re us i ng cryptography for hiding their transaction.

BUSINESS AREAS THAT SUPPORT OR ARE PRONE TO

MONEYLAUNDERING
The banks and other financial institution are the most important
intermediaries in the money laundering chain. As far as the banks are concerned
the countries that are considered safe f or l a u nde re r s a r e C a y m a n Is l a n d s ,
C y p ru s , L ux e mb ou rg, a nd Sw it z e r la nd. The o ffs ho re accounts of
these banks are popular because they offer anonymity and also help in tax evasion.
Other financial institution like fund managers and those facilitating Electronic
Fund Transfer are also being manipulated by the launderers. Banking obviously is

59
the most affected sector by the money laundering operations. In fact, Berltlot
Brecht said, If you want to steal, then buy a bank. Multinational banks
are more vulnerable to money laundering operations. When BCCI bank
was investigated it came to light that there were 3,000 criminal
customers and they were involved in offenses ranging from financing nuclear
weapon programs to narcotics. The second area is underground banking or
parallel banking. This is practiced by different countries by di f fe re nt
na m e s . C h in a f ol lo w s a s y s t e m c a l le d F ic C h i n . U nd e r th i s
s y s te m, m on e y i s deposited in one country and the depositor is handed
a chit or chop. The money is paid back in another place on production of the
chit. Similar systems known as Hundi, Hawallah are practiced in India. It is
much easier to launder the money using these methods as there is no
physical movement of money. These practices mostly work on trust and
mostly controlled by mafia in many countries.
Futures and commodity markets are another area which is found to
be facilitating the money laundering. The other areas include
professional advisers, financing housing schemes, casinos, antique dealers
and jewelers. Casinos are another business areas that is actively involved in
money laundering process. In all the cases the underl ying factor is
paperless transactions. It w a s a ls o fo un d tha t l a u nde re rs do ta k e
a d va nta ge s o f pr iv a t iz a ti on in va ri ou s c o un tr ie s by investing in them.
This was observed in UK, India and Columbia. In Columbia, when the banks
we r e p ri va ti z e d t he C a r li C a r te l w a s r e p or t e d to ha v e i nv e s t e d
he a v il y a n d I t a li a n m a f ia reportedly purchased shares in Italian banks. This
only shows the extent of the problem and also th a t the ba nks a nd fi na nc i a l
i ns t it ut io ns a r e t he p ri ma ry t a rge t of t he l a u nde re rs . In s o me
countries, even political parties organizations are known to be using laundered
money for their campaigns.

EFFECTS ON BANKS

60
 A lm os t a l l t he ba n ks t ra de in fo re ig n e xc h a n ge M o ne y
l a u nde ri ng i n a ny c ou nt ry or economy affects the foreign exchange market
directly. The money laundering reduces the legal volume of the banks
business. It also causes fluctuations in the exchange rate. Further, money
laundering can undermine the credibility of the banking system.
Facilitating the activities of launderers even inadvertently can push the banks
into problems with law enforcement agencies and also governments. In some
reported cases, the banks survival has come under threat. It is not difficult to see
what effect it has on the profitability of banks.

OTHER EFFECTS
In one incident, an Indian national in one year handled US 81.5 bn
illegal transactions, before his arrest during 1993. This incident also shows how
the national economy gets affected. A few years before that, the Indian
Government was so short of foreign exchange that it had to pledge gold in the
London bank. One needs not be an economist understand the impact of money
laundering on economies of developing countries. The low regulation by
central banks will be c o me di f fi c u lt a n d c o n s e q ue n t ly, th e r e w il l b e
r is e in i nf la ti on . F ur t he r, o ve r a ll inc om e distribution in an economy
is likely to get affected. Money laundering can help in spread of parallel
economy, which will result in loss to national income due to reduced tax
collections and lost jobs. On the social plane, this can resul t in increased
crime rate, violence in society. There may be attempts to gain political
power either directly or indirectly like Coli Cocoine Cartels attempt in
supporting Columbian President, Samper in 1996 elections. Because
cyber money laundering can be done from anywhere in the world without
any jurisdiction, the effects are much severe.

61
PREVENTION
Because of the nature of Cyber money laundering, no country can
effectively deal with it in isolation. Cyber money laundering has to be dealt
with at organizational [Bank or Financial Institution], national and
international levels.

62
AT ORGANIZATIONAL [BANK] LEVEL

The banking and other financial organizations can

reduce the quantum of money laundering by following the
guidelines issued by central banks of respective countries in letter and
spirit. The old principle of Knowing the customer well will help a great

63
deal. It is very important to keep the records of the customer for a
sufficient time, at least for 8 to 10 years. H a v in g a n e y e o n s us pic io us
de a ls c a n gi ve e a r ly w a r ni ng s on t he im pe nd in g tr ou bl e . Any
s us pi c i ou s a c ti vi ti e s mu s t be re p o rt e d to la w e nf or c e me n t
a u t ho r it i e s . D e v e l op in g in t e rn a l control mechanisms is very essential
in this regard. Further, working in close association with o th e r ba nks
a n d e xc ha n ge o f in fo rm a t io n a nd i nte ll ig e n c e in t hi s re ga r d w il l
be d e f in it e ly helpful. Law enforcement agencies have details of criminal
elements and their transactions. By w or k in g in c los e c onj u nc t io n w i t h
t he m, ba nk c a n h a ve e a r ly w a r n in g on s u c h a c t iv it ie s . However,
banks must keep in mind the legal provisions regarding privacy of individuals.

AT NATIONAL LEVEL

Some countries liken UK have taken proactive steps to control this crime,
which could be cumulated by others. In UK, deposit taking institutions (including
banks) are expected to report s us pi c i ou s tr a ns a c ti ons to th e la w
e n fo rc e me n t a u th or it ie s . The l e g a l pr ov is io n s r e g a r di ng k no w i ng

64
t he c us t om e r br ou gh t do w n the c r im e t o a gr e a t e xt e n t. The y
e mp ow e re d t he i r customs officials to seize cash consignments of
10,000 pounds or more. Courts also permit confiscation of cash, if the
investigating authorities have strong evidence that the money has come
from illegal activities of drug trafficking. Issue of electronic money by
private parties is another factor, as in some countries regulation of these people
is not effective. Slowly, different countries are realizing the importance of this
issue and enacting suitable rules aimed at providing transparency in
transactions carried out by these institutions. The most important issues
at national level are establishing legal framework and training law
enforcing officials. The major w e a po n t o c om ba t th i s c r im e is
c o nt r ol l in g fi na nc ia l tr a ns a c t i o ns in c l ud in g e - t r a n s a c t io ns , through
legislation. Many countries have enacted some stringent laws to control this crime.
UK,US have stringent laws in dealing with Cyber money laundering.
Many other countries are following suit. The Council of Europe has passed
Criminal Justice Act. Hong Kong has passed similar laws. The single most
important issue is harmonizing the terrestrial laws with cyber laws.

AT INTERNATIONAL LEVEL

The UN has taken the lead and during 1995 international

community meeting signed a convention known as UN Convention against
Illicit Traffic in Narcotic Drugs and Psychotropic Substances. Further, this
convention made money laundering a crime and provided a model.
During 2000, the UN also organized another convent ion against
transnational organized crime. As a result of UN the efforts, the group of
seven industrialized nations established Financial Action Task Force
(FATF). The biggest source of money laundering funds comes from drug
trade and the volume of money is large. In order to cover this vast
amount of money they need financial services industry. They eye
financial institutions that are in the business of accept ing deposits from

65
customers. After studying this phenomenon, Financial Action Task Force
(FATF)had noticed some critical points in the modus operandi of
criminals which are difficult for the launderers to avoid. They are points of
entry of cash into financial system, transfers to and from financial system and
cross-border flows of cash. Paying attention to these issues can help in
controlling cyber laundering to a considerable extent. According to financial
crimes enforcement ne t w o rk of U S, l e s s tha n 1% mo ne y la u nde re d in
c y be r s pa c e is e v e r de te c t e d or c ri mi na l s prosecuted. Prevention of
money laundering in cyber space is proving to be really a daunting task.
Some of the suggested measures are putting an upper limit on the amount
of payment and frequency of using e-money in peer to peer transfers. The
second is making it mandatory for e-money organization to identify their
clients and also to keep a track of money movement. The t hi rd is
e n s u ri ng th a t In te rn e t s e r vi c e p ro vi de rs ke e p a l og o f f il e s
i nv ol vi ng fi na nc e s fo r a n um be r of y e a rs . The f ou rt h is ma ki ng
a u di t c o mp ul s o ry f or a l l e le c tr on ic me r c ha nt s a nd ensuring that they
keep transaction records for a certain period of time. The fifth is training law
enforcement agencies in dealing effectively with this
c r i m e . L a s t b u t n o t t h e l e a s t , i s in t e rna ti on a l c o - o pe r a t i on a n d
ha r mo ni z i ng th e na ti on a l cyber a nd te rr e s tr i a l la w s with
international can help in dealing with this crime effectively.

CREDIT CARDS FRAUDS

INTRODUCTION TO CREDIT CARDS

66
 Credit was first used in Assyria, Babylon and Egypt 3000 years ago. The
bill of exchange- the forerunner of banknotes - was established in the 14th
century. Debts were settled by one-third cash and two-thirds bill of exchange.
Paper money followed only in the 17th century. The first advertisement for credit
was placed in 1730 by Christopher Thornton, who offered furniture that could be
paid off weekly.
From the 18th century until the early part of the 20th, tallymen sold clothes
in return for small weekly payments. They were called "tallymen" because they
kept a record or tally of what pe op le ha d bo ug ht o n a w o ode n s ti c k. O ne
s i de o f th e s ti c k w a s ma rk e d w it h n otc he s t o re pr e s e n t th e a mo un t
o f de bt a n d th e ot he r s id e w a s a r e c or d of pa y me nts . I n t he 19 20s ,
a shopper's plate - a "buy now, pay later" system - was introduced in the
USA. It could only be used in the shops which issued it.

In 1950, Diners Club and American Express launched their charge cards in
the USA, the first "plastic money". In 1951, Diners Club issued the first credit card
to 200 customers who could use it at 27 restaurants in New York. But it was
only until the establishment of standards for the magnetic strip in 1970 that
the credit card became part of the information age. The first use of
magnetic stripes on cards was in the early 1960's, when the London

67
Transit Authority installed a magnetic stripe system. San Francisco Bay Area
Rapid Transit installed a paper based ticket the same size as the credit cards
in the late 1960's. The word credit comes from Latin, meaning TRUST.

CREDIT CARD FRAUD

INTRODUCTION

Credit card fraud is a wide-ranging term for theft and fraud

committed using a credit card or any similar payment mechanism as a
fraudulent source of funds in a transaction. The pu rp os e m a y be t o
o bt a i n go ods w it ho ut p a y in g, or t o o bta in u na ut ho ri z e d f un ds
f ro m a n account. Credit card fraud is also an adjunct to identity theft.
According to the Federal Trade Commission, while identity theft had
been holding steady for the last few years, It here has been an annual
increase of more than 40% in Credit Card fraud cases registered in the country
during the past two-three years, a Home Ministry official said. However, credit
card fraud, that crime which most people associate with ID theft, decreased
as a percentage of all ID theft complaints for the sixth year in a row. The fraud
begins with either the theft of the physical card or the compromise of
data associated with the account, including the card account number or other
information that would r ou t in e ly a n d n e c e s s a ri l y be a va il a b le to a
m e r c ha nt d ur in g a le gi ti ma te tr a n s a c t io n. The compromise can
occur by many common routes and can usually be conducted without
tipping off the card holder, the merchant or the bank, at least until the
account is ultimately used for fraud. A simple example is that of a store
clerk copying sales receipts for later use. The rapid growth of credit card
use on the Internet has made database security lapses particularly costly; in some
cases, millions of accounts have been compromised.

68
IF CARD IS STOLEN

When a credit card is lost or stolen, it remains usable until the

holder notifies the bank th a t the c a r d is l os t ; mos t ba nk s ha ve t ol l-
f re e te le ph one nu mb e r s w it h 2 4- ho ur s u pp or t to encourage prompt
reporting. Still, it is possible for a thief to make unauthorized purchases
on that card up until the card is cancelled. In the absence of other
security measures, a thief could potentially purchase thousands of dollars in
merchandise or services before the card holder or the bank realize that the card is
in the wrong hands.
In the United States, federal law limits the liability of card holders to $50 in
the event of theft, regardless of the amount charged on the card; in practice, many
banks will waive even this small payment and simply remove the fraudulent
charges from the customer's account if the customer signs an affidavit
confirming that the charges are indeed fraudulent. Other countries
generally have similar laws aimed at protecting consumers from physical theft of
the card.
The only common security measure on all cards is a signature
panel, but signatures are relatively easy to forge. Many merchants will
demand to see a picture ID, such as a driver's license, to verify the identity
of the purchaser, and some credit cards include the holder's picture on the card
itself. However, the card holder has a right to refuse to show additional
verification, and asking for such verification may be a violation of the
merchant's agreement with the credit card companies.
Self-serve payment systems (gas stations, kiosks, etc.) are common
targets for stolen cards, as there is no way to verify the card holder's
identity. A common countermeasure is to require the user to key in some
identifying information, such as the user's ZIP or postal code. This
method may deter casual theft of a card found alone, but if the card holder's wallet
is stolen, it may be trivial for the thief to deduce the information by

69
looking at other items in the wallet. For instance, a U.S. driver license
commonly has the holder's home address and ZIP code printed on it.
Banks have a number of countermeasures at the network level,
including sophisticated real-time analysis that can estimate the
probability of fraud based on a number of factors. For example, a large
transaction occurring a great distance from the card holder's home might
be fl a g ge d a s s us pi c i ous . The me rc ha n t ma y be in s t ru c te d to c a ll
t he ba nk f or ve r if ic a t io n, t o decline the transaction, or even to hold the
card and refuse to return it to the customer.
Stolen cards can be reported quickly by card holders, but a compromised
account can be hoarded by a thief for weeks or months before any fraudulent use,
making it difficult to identify the source of the compromise. The card holder may
not discover fraudulent use until receiving a billing statement, which may be
delivered infrequently.

Compromised Accounts:

Card account information is stored in a number of formats.

Account numbers are often e mb os s e d or i mp ri nt e d o n t he c a rd, a n d a
m a g ne t ic s t ri pe o n th e ba c k c on ta i ns th e da t a in machine readable
format. Fields can vary, but the most common include:
Name of card holder
Account number
Expiration date
Verification
Many Web sites have been compromised in the past and theft of
credit card data is a ma j o r c o nc e r n f or ba nks . D a ta ob ta ine d in a
t he ft, li ke a dd re s s e s o r ph one nu mb e rs , c a n be highly useful to a thief
as additional card holder verification.

70
Mail/Internet Order Fraud
The mail and the Internet are major routes for fraud against merchants who
sell and ship products, as well Internet merchants who provide online services.
The industry term for catalog or d e r a nd s i m il a r tr a ns a c ti ons is "C a r d
N ot P re s e n t" ( C N P) , me a ni n g t ha t th e c a r d is no t phy s i c a l ly
a v a i la b le fo r th e me rc ha n t to ins pe c t. The m e r c ha nt mu s t re ly on
t he ho lde r (o r someone purporting to be the holder) to present the
information on the card by indirect means, whether by mail, telephone or
over the Internet when the cardholder is not present at the point of sale.
It is difficult for a merchant to verify that the actual card holder is indeed
authorizing the purchase. Shipping companies can guarantee delivery to a location,
but they are not required to c he c k i de nt i f i c a t i o n a n d t he y a re u s ua ll y
a re no t i nv o lv e d in pr oc e s s i ng p a y me n ts f or the merchandise. A
common preventive measure for merchants is to allow shipment only to
an address approved by the cardholder, and merchant banking systems
offer simple methods of verifying this information.
Additionally, smaller transactions generally undergo less scrutiny, and are
less likely to be investigated by either the bank or the merchant, since the
cost of research and prosecution usually far outweighs the loss due to
fraud. CNP merchants must take extra precaution against fr a u d
e x po s u re a n d a s s oc ia t e d l os s e s , a n d th e y pa y hi gh e r r a t e s to
m e r c ha nt ba n ks fo r the privilege of accepting cards. Anonymous scam artists
bet on the fact that many fraud prevention features do not apply in this
environment.
Merchant associations have developed some prevention measures, such as
single use card numbers, but these have not met with much success.
Customers expect to be able to use their credit card without any hassles, and
have little incentive to pursue additional security due to laws limiting customer

71
 liability in the event of fraud. Merchants can implement these prevention
measures but risk losing business if the customer chooses not to use the measures.

Account Takeover
There are two types of fraud within the identity theft category:

1. Application Fraud
2. Account Takeover

1. Application Fraud
A pp li c a t io n f ra ud oc c ur s w he n c r im in a l s us e s to le n o r fa k e
d oc u me nts to op e n a n account in someone else's name. Criminals may
try to steal documents such as utility bills and ba n k s ta te me n t s to
b ui ld up us e fu l pe r s o na l in f or ma ti on . Alt e r n a t i ve ly, the y m a y
c re a te counterfeit documents.

2. Account Takeover
Account takeover involves a criminal trying to take over another
person's account, first by gathering information about the intended victim, then
contacting their bank or credit issuer masquerading as the genuine
cardholder asking for mail to be redirected to a new address. The
criminal then reports the card lost and asks for a replacement to be sent.
The replacement card is then used fraudulently. Some merchants added a
new practice to protect consumers and self reputation, where they ask the
buyer to send a copy of the physical card and statement to ensure the
legitimate usage of a card.

Skimming

72
 Skimming is the theft of credit card information used in an otherwise
legitimate transaction. It is typically an "inside job" by a dishonest employee of a
legitimate merchant, and can be as simple as photocopying of receipts. Common
scenarios for skimming are restaurants or bars where the skimmer has possession
of the victim's credit card out of their immediate view. The skimmer will typically
use a small keypad to unobtrusively transcribe the 3 or 4 digits Card Security Code
which is not present on the magnetic strip.
Instances of skimming have been reported where the perpetrator has put a
device over the card slot of a public cash machine (Automated Teller Machine),
which reads the magnetic strip as the user unknowingly passes their card through
it. These devices are often used in conjunction with a pinhole camera to read the
user's PIN at the same time.
Skimming is difficult for the typical card holder to detect, but given a large
enough sample, it is fairly easy for the bank to detect. The bank collects a list of all
the card holders who have complained about fraudulent transactions, and then uses
data miningto discover relationships among the card holders and the merchants
they use. For example, if many of the customers used one particular merchant, that
merchant's terminals (devices used to authorize transactions) can be directly
investigated.

73
SKIMMER
Sophisticated algorithms can also search for known patterns of
fraud. Merchants must ensure the physical security of their terminals, and
penalties for merchants can be severe in cases of compromise, ranging from
large fines to complete exclusion from the merchant banking system,
which can be a death blow to businesses such as restaurants which rely
on credit card processing.

CARDING

Carding is a term used for a process to verify the validity of stolen card
data. The thief presents the card information on a website that has real-time
transaction processing. If the card is processed successfully, the thief knows that
the card is still good. The specific item purchased is immaterial, and the thief does
not need to purchase an actual product; a Web site subscription or charitable
donation would be sufficient. The purchase is usually for a small monetary
amount, both to avoid using the card's credit limit, and also to avoid attracting the
bank's attention. A website known to be susceptible to carding is known as a
cardable website.
In the past, carders used computer programs called "generators" to produce
a sequence of credit card numbers, and then test them to see which were valid
accounts. Another variation would be to take false card numbers to a location that

74
does not immediately process card numbers, such as a trade show or special event.
However, this process is no longer viable due to widespread requirement by
internet credit card processing systems for additional data such as the billing
address, the 3 to 4 digit Card Security Code and/or the card's expiry date, as well
as the more prevalent use of wireless card scanners that can process transactions
right away. Nowadays, carding is more typically used to verify credit card data
obtained directly from the victims by skimming or phishing.
A set of credit card details that has been verified in this way is known in
fraud circles as a phish. A carder will typically sell data files of phish to other
individuals who will carry out the actual fraud. Market price for a phish ranges
from US$1.00 to US$50.00 depending on the type of card, freshness of the data
and credit status of the victim

PREVENTION FOR CREDIT CARD FRAUD

Credit card issuers in the country are stepping up efforts to prevent
swindlers from gaining access to customers card details. The move follows rising
instances of phishing and skimming attacks, through which fraudsters steal card
information and make purchases using those details.
American Express is introducing a new solution, ezeClick, for its
customers in India to ensure their card data is not shared with merchants while
making online transactions. Currently, an individual has to share information such
as card number, expiry date and card verification value during online credit
card transactions.
With ezeClick, our customers can conduct all online transactions with a
single unique user ID. The new solution eliminates the need to share card details
on e-commerce sites. The scope of fraud is much less when card data is not shared
or stored on merchant servers, Sanjay Rishi, president at American Express India,
told Business Standard.

75
DIFFERENT MEASURES FOR DETECTING AND
REVENTING CREDIT CARD FRAUDS
There are different key measures, which are used for detecting and preventing
credit card frauds. Some of them are as follows:
1. Address Verification Service (AVS): This technique matches the cardholders
billing address and ZIP code information given for delivering the purchases
against the bank record. This system is available in the USA and in a few countries
of Europe. However, this technique has different weaknesses i.e. the address
information is available online; it makes the bankers work boring in preventing the
fraud; it cannot check the entire informational card. Only American Express bank
has the facility to check all the international frauds through its AVVS system.
2. Credit Verification Values (CVV): This technology checks 3-4 digit number
embossed codes on credit card. This technology has advantage that it requires
physical possession of card but this advantage can be nullified by phasing. It also
cannot protect the merchant from transactions placed on physically stolen cards.
3. Negative Databases: This technology checks the order against fraud attempts.
4. Fraud Rates: This technology checks for recognized patterns associated with the
fraud. It carries the advantage that it is easy to configure and understand, but the
disadvantage is that in case the fraud patterns are changed. A new fraud pattern
may not be recognized.
5. Relocation: This technology checks the consumers geographic location based
on IP addresses. It is advantageous as it can block or flag orders originating from
high-risk countries. However, negative aspect is non-applicability on IP proxies
and satellite.
6. 3D-Secure: This technology works on the principle of authenticating the
consumer via previously established password. The positive side of this system is
that the fraudster needs legitimate cardholders password to complete the
transaction. However, this advantage can also be neglected as the passwords can
be hacked.

76
7. Chip and PIN: The smart cards introduced to prevent credit card fraud by using
this technology. The credit card has an encrypted EMV chip storing all
information and a PIN instead of a signature, which are used to prove that you are
the genuine cardholder. Thus, this technique minimizes fraud.
8. Biometrics: This is the most recent and sophisticated technology to prevent
credit card frauds. It records a unique characteristic of the cardholder like
fingerprints, voice, signature, iris, and other similar biological components so that
a computer can read it. Then the computer compares the stored characteristics with
that person who presents the card for ensuring that he/she is the legitimate
cardholder. Negative aspect of this technology is that it carries additional costs and
customers are still reluctant to accept it.
9. Expertise: A team, having the responsibility of managing the infrastructure,
handling over verification, processing of charge back, analyzing the transactions,
etc., is required to ensure that the technology is well managed.
10. Collaboration: The whole industry has to work in collaboration to prevent
fraud. This is the right time when a united group is required to combat fraud and
safeguard the business.

When dealing with credit card customers over the phone or through the
Internet, credit card fraud prevention strategies such as scrutinizing the
credit card arent going to work. You can, however, be alert to suspicious
behaviors and shape your credit policies to nip credit card fraud in the bud.
1. Dont process credit card orders unless the information is
complete.
2. Dont process credit card orders that originate from free e-mail addresses or
from e-mail fo rw a r di ng a dd re s s e s . In s u c h a c a s e , a s k t he
c u s t ome r fo r a n I S P ( In te rn e t S e r vi c e Provider) or domain-based
e-mail address that can be traced back.
3. If the shipping address and the billing address on the
o r d e r a r e d i f f e r e n t , c a l l t h e customer to confirm the order. You

77
 may even want to make it a policy to ship only to the billing address on the
credit card.
4. B e w a ry of u nus ua lly l a rge o r de rs .
5. Be wary of orders shipped to a single address but purchased with
multiple cards.
6. Be wary of multiple transactions made with similar card numbers
in a sequence.
7. Be wary of orders youre asked to ship express, rush or overnight.
This is the shipping of choice for many credit card fraudsters. Call the
customer to confirm the order first.
8. B e w a ry of ov e rs e a s o rd e r s e s p e c ia l l y i f the or d e r e xh ib i ts
a ny o f the c ha ra c te ri s t ic s noted above.
9. The first is Mod10 algorithm testing. Mod10 is an algorithm that
will show whether the card number being presented is valid card
number and is within the range of numbers issued by credit card
companies. It cannot give any other details like no. issued by any
other company. This test should be first to be that it is applied to any credit
card number one process. If the card fails Mod10 one can safely assume
fraud.

Credit card fraud may not be entirely preventable, but by establishing and
following procedures to check every credit card transaction, you can
cut down your credit card fraud losses
.

78
 CASE STUDY
INDIA'S FIRST ATM CARD FRAUD

The Chennai City Police have busted an international gang involved in

cyber crime, with the arrest of Deepak Prem Manwani (22), who was caught red-
handed while breaking into an ATM in the city in June last, it is reliably learnt.
The dimensions of the city cops' achievement can be gauged from the fact
that they have netted a man who is on the wanted list of the formidable FBI of the
United States.
At the time of his detention, he had with him Rs 7.5 lakh knocked off from
two ATMs in T Nagar and Abiramipuram in the city. Prior to that, he had walked
away with Rs 50,000 from an ATM in Mumbai.
While investigating Manwani's case, the police stumbled upon a cyber
crime involving scores of persons across the globe. Manwani is an MBA drop-out
from a Pune college and served as a marketing executive in a Chennai-based firm

79
for some time. Interestingly, his audacious crime career started in an Internet cafe.
While browsing the Net one day, he got attracted to a site which offered him
assistance in breaking into the ATMs. His contacts, sitting somewhere in Europe,
were ready to give him credit card numbers of a few American banks for $5 per
card. The site also offered the magnetic codes of those cards, but charged $200 per
code.
The operators of the site had devised a fascinating idea to get the personal
identification number (PIN) of the card users. They floated a new site which
resembled that of a reputed telecom company's. That company has millions of
subscribers. The fake site offered the visitors to return $11.75 per head which, the
site promoters said, had been collected in excess by mistake from them. Believing
that it was a genuine offer from the telecom company in question, several lakh
subscribers logged on to the site to get back that little money, but in the process
parted with their PINs. Armed with all requisite data to hack the bank ATMs, the
gang started its systematic looting.
Apparently, Manwani and many others of his ilk entered into a deal with
the gang behind the site and could purchase any amount of data, of course on
certain terms, or simply enter into a deal on a booty-sharing basis. Meanwhile,
Manwani also managed to generate 30 plastic cards that contained necessary data
to enable him
to break into ATMS.
He was so enterprising that he was able to sell away a few such cards to his
contacts in Mumbai. The police are on the lookout for those persons too.
On receipt of large-scale complaints from the billed credit card users and banks in
the United States, the FBI started an investigation into the affair and also alerted
the CBI in New Delhi that the international gang had developed some links in
India too.
Manwani has since been enlarged on bail after interrogation by the CBI.
But the city police believe that this is the beginning of the end of a major cyber
crime.

80
 GENERAL TIPS ON AVOIDING POSSIBLE
INTERNET FRAUDSCHEMES
1. Don't Judge by Initial Appearances
I t ma y s e e m ob vi ou s , b ut c ons um e r s ne e d t o re me m be r t ha t j us t
be c a us e s o me t hi ng appears on the Internet - no matter how impressive
or professional the Web site looks - doesn't mean it's true. The ready
availability of software that allows anyone, at minimal cost, to set up
a professional-looking Web site means that criminals can make their Web sites
look as impressive as those of legitimate e-commerce merchants.

2. Be Careful About Giving Out Valuable Personal Data Online

If you see e-mail messages from someone you don't know that ask you for
personal data -such as your Social Security number, credit-card number, or
password - don't just send the data without knowing more about who's
asking. Criminals have been known to send messages in which they
pretend to be (for example) a systems administrator or Internet service
provider representative in order to persuade people online that they
should disclose valuable personal data.

81
3. Be Especially Careful About Online Communications with
Someone Who Conceals His True Identity
If someone sends you an e-mail in which he refuses to disclose his full
identity, or uses an e-mail header that has no useful identifying data (e.g.,
"W6T7S8@provider.com"), that may be an indication that the person doesn't
want to leave any information that could allow you to contact them later if
you have a dispute over undelivered goods for which you paid. As a result, you
should be highly wary about relying on advice that such people give you if they
are trying to persuade you to entrust your money to them.

4. Watch Out for "Advance-Fee" Demands

In general, you need to look carefully at any online seller of goods or services
who wants you to send checks or money orders immediately to a post
office box; before you receive the goods or services you've been
promised. Legitimate startup "dot.com" companies, of course, m a y n ot
ha ve t he br a n d- na me r e c o gn it io n o f lo ng - e s ta bl is h e d c o mp a n ie s ,
a n d s ti ll be fu lly capable of delivering what you need at a fair price. Even so,
using the Internet to research online companies that aren't known to you is a
reasonable step to take before you decide to entrust a significant amount of
money to such companies.

5. SUGGESTIONS ON CYBER MONEY LAUNDERING

Because of the nature of Cyber money laundering, no country can

effectively deal with It in isolation. Cyber money laundering has to be dealt
with at organizational [Bank or Financial Institution], national.

AT ORGANIZATIONAL [BANK] LEVEL

The banking and other financial organizations can reduce

t h e q u a n t u m o f m o n e y laundering by following the guidelines issued
by central banks of respective countries in letter and spirit. The old
principle of Knowing the customer well will help a great deal.

AT NATIONAL LEVEL

82
 Some countries liken UK have taken proactive steps to control this crime, which
could be cumulated by others. In UK, deposit taking institutions (including banks)
are expected to report suspicious transactions to the law enforcement authorities.

RECENT TRENDS

In February 2009, a group of criminals used counterfeit ATM cards to steal $9

millionfrom 130 ATMs in 49 cities around the world all within a time period of 30
minutes.
June 4, 2009, 10:00 AM IDG News Service
Cybercriminals are improving a malicious software program that can be installed
onATMs running Microsoft's Windows XP operating system that records sensitive
card details,according to security vendor Trustwave.
The malware has been found on ATMs in Eastern European countries,
according to aTrustwave report.
The malware records the magnetic stripe information on the back of a card
as well as thePIN (Personal Identification Number), which would potentially allow
criminals to clone the cardin order to withdraw cash.

83
 The collected card data, which is encrypted using the DES (Data
Encryption Standard)algorithm, can be printed out by the ATM's receipt printer,
Trustwave wrote.
The malware is controlled via a GUI that is displayed when a so-called
"trigger card" isinserted into the machine by a criminal. The trigger card causes a
small window to appear thatgives its controller 10 seconds to pick one of 10
command options using the ATM's keypad."
The malware contains advanced management functionality allowing the
attacker to fullycontrol the compromised ATM through a customized user interface
built into the malware,"Trustwave wrote.
A criminal can then view the number of transactions, print card data, reboot
the machineand even uninstall the malware. Another menu option appears to allow
the ejection of an ATM'scash cassette.
Trustwave has collected multiple versions of the malware. The company
believes that the particular one it analyzed is "a relatively early version of the
malware and that subsequentversions have seen significant additions to its
functionality."
The company advised banks to scan their ATMs to see if they're
infected.IDG News Service.

In October ,2016 ,32 lakh debit cards compromised: Finance ministry seeks
information from banks on security breach

84
CONCLUSION

85
Lastly I conclude by saying that

Thieves are not born, but made out of opportunities.

This quote exactly reflects the present environment related to

technology, where it is c ha ng in g ve ry f a s t. B y the t im e re gu la to rs
c o m e up w i t h pr e ve nt i ve me a s u r e s t o p ro t e c t customers from
innovative frauds, either the environment itself changes or new
technology emerges. This helps criminals to find new areas to commit
the fraud. Computer forensics has de v e l ope d a s a n in di s pe ns a b le t oo l
f or la w e nf or c e me n t. B u t in t he d ig it a l w or ld, a s i n th e physical
world the goals of law enforcement are balanced with the goals of maintaining
personal liberty and privacy. Jurisdiction over cyber crimes should be
standardized around the globe to make swift action possible against terrorist
whose activities are endearing security world wide. The National institute of
justice, technical working group digital evidence are some of the key
organization involved in research.
The ATM fraud is not the sole problem of banks alone. It is a big threat and
it requires a coordinated and cooperative action on the part of the bank,
customers and the law enforcement machinery. The ATM frauds not only
cause financial loss to banks but they also undermine customers'
confidence in the use of ATMs. This would deter a greater use of ATM for
monetary transactions. It is therefore in the interest of banks to prevent ATM
frauds. There is thus a need to ta k e p re c a u ti o na r y a n d i ns u ra nc e
m e a s u r e s t ha t gi v e g re a te r "p r ot e c t i o n" to th e ATM s , particularly
those located in less secure areas. The nature and extent of precautionary measures
to be adopted will, however, depend upon the requirements of the
respective banks. Internet Banking Fraud is a fraud or theft committed using
online technology to illegally remove money from a bank account and/or
transfer money to an account in a different bank. Internet Banking Fr a u d
is a f or m of i de n ti ty t he f t a nd is u s ua lly m a de pos s ib le th ro ug h
t e c h ni que s s uc h a s phishing.
Credit card fraud can be committed using a credit card or any similar
payment mechanism as a fraudulent source of funds in a transaction. The purpose
may be to obtain goods w i t h ou t pa y i ng, o r to ob t a i n una ut ho ri z e d
f un ds f ro m a n a c c o un t . C y b e r s pa c e a nd c y b e r payment methods are
being abused by money launderers for converting their dirty money into
legal money. For carrying out their activities launderers need banking
system. Internet, online banking facilitates speedy financial transactions in

86
relative anonymity and this is being exploited by the cyber money launderers.
Traditional systems like credit cards had some security features built into them to
prevent such crime but issue of e-money by unregulated institutions may have
none. Preventing cyber money laundering is an uphill task which needs to be
tackled at different levels. This has to be fought on three planes, first by
banks/ financial institutions, second by nation states and finally through
international efforts. The regulatory framework must also take into account all
the related issues like development of e-money, right to privacy of
individual. International law and international co-operation will go a long way in
this regard.
Capacity of human mind is unfathomable. It is not possible to eliminate
cyber crime from the cyber space. It is quite possible to check them. History is the
witness that no legislation has succeeded in totally eliminating crime from the
globe. The only possible step is to make people aware of their rights and
duties (to report crime as a collective duty towards the society) and
further making the application of the laws more stringent to check crime.
Undoubtedly the Act is a historical step in the cyber world. Further I all together
do not deny that there is a need to bring changes in the Information Technology
Act to make it more effective to combat cyber crime.

87
 BIBLIOGRAPHY
WEBSITE:

www.cybercellmumbai.com
www.agapeinc.in
www.britannica.com
http://economictimes.indiatimes.com
https://www.rbi.org.in
http://ncrb.nic.in
https://factly.in

SEARCH ENGINE:
www.google.com
www.yahoo.com
www.wikipedia.com

88