CASE 1

BY: Shivani Gupta

SMALL BUSINESS EMPLOYEE FORGED CHEQUES

Mr. C owned an automotive parts store where he employed an administrative

assistant with responsibility for payroll, bank statement reconciliations, and other
accounting functions. Over a period of four years, she embezzled $80,000 by
writing company cheques to herself or fictitious third parties, depositing them into
her personal account using her bank's automated bank machine (ABM).
She hid the transactions from management by manipulating the company's
financial records. An independent audit by the bank eventually discovered the
fraud and the employee pled guilty to criminal charges.
Mr. C asked his bank (the same one used by his employee) to refund the money
that she had stolen. While he admitted that he should have been more vigilant in
monitoring his company's finances Mr. C believed the bank shared some

responsibility as it did not verify the endorsements. He argued that had the bank
attempted to verify the endorsements, the fraud would have been discovered
sooner and losses minimized.
The bank agreed that Mr. C was a victim of fraud but declined to refund the stolen
amounts, citing the account agreement with Mr. C's business. The provisions held
Mr. C responsible for the action of his employees and required him to have
reasonable controls to monitor, detect, and prevent losses due to fraud. The bank
nonetheless offered the Mr. C $5,000 as a goodwill gesture, which he declined. He
then brought his complaint to OBSI.
Complaint upheld
We reviewed the correspondences between Mr. C and the bank as well as relevant
laws, court decisions, bank procedures, industry best practices, and other
documents including the account agreement. All parties agreed that Mr. C failed in
his obligations as outlined in the account agreement. At issue was whether the bank
shared responsibility in the losses when it failed to confirm the presence or validity
of the cheques endorsements.
Small business account agreements frequently contain provisions that hold the
business owner responsible for the actions of their employees, including fraudulent
acts. Such provisions must be clear and define each party's responsibilities. Courts
have generally interpreted such agreements strictly and, in situations of ambiguity,
favour the accountholder.

In reviewing the account agreement, we found provisions relating to forged or

authorized signatures but none on forged or unauthorized endorsements.
Furthermore, the bank's internal procedures noted it must verify the legitimacy of
the endorsement" when negotiating a third party cheque." The procedures also

instructed employees not to accept a cheque if its endorsement could not be

verified.
While we understand the bank's business decision to allow third party cheques via
ABM deposit for convenience, in our view the bank's responsibility to confirm or
verify endorsements remained in place. If the bank intended to limit its liability for
missing or forged endorsements it should have been clearly included in its account
agreement.
As a result, we concluded that Mr. C and the bank shared responsibility for the
losses. The client was responsible for the actions of his employees, monitoring
account activities, and taking responsible fraud prevention steps. For its part, the

bank had an obligation to verify the validity of the endorsements on cheques

written to third parties irrespective. We apportioned responsibility equally and the
bank agreed to compensate Mr. C $40,000, representing half of the loss.

CASE 2
BY: VISHAL CHATURVEDI
Case: Online banking fraud again, woman duped of Rs 35,000

Another case of cyber crime in March has come to light and the victim is again a
woman, like the previous case that reportedly took place the same month.
According to the woman who has filed a complaint with police, online transfer of
money was carried out without her knowledge. Police have booked a suspect, who
is believed to have called up the woman to get her to divulge information
pertaining to the bank account to later transfer money without her consent. The
victim of the latest cyber crime is 33-year-old Sayara Pathan of Pimple Nilakh who

has registered a complaint with Sangvi police. Police, acting on her complaint has
booked Amankumar Gupta (a fictitious name suspected to have been used by the
fraudster to evade detection.) The cops have invoked section 420 (cheating) of the
Indian Penal Code and sections of the Information Technology (IT) Act in the case.
Assistant police inspector S V Gade is investigating the case.

Police said Sayara got a call from the man on her cell phone last month. He
claimed to be a bank officer and asked details of ATM cards she had for her
accounts with the State Bank of India and the Bank of Maharashtra. She shared the
information with him and he allegedly misused it to withdraw Rs 34,890 from her
bank account without her consent through illegal online transactions. Police said
the crime took place on March 16-17. Police suspect Amankumar Gupta is not the
real name of the fraudster. Earlier, in a similar case, another woman, Kalpana
Mahajan (53), of Akurdi was cheated of Rs 1.1 lakh by unidentified online
fraudsters. She lodged a complaint at Nigdi police station. Police said a man
claiming to be a bank officer called Mahajan on her cell phone on March 8, 2015.
He asked Mahajan to part with personal information and details of her bank
account. Using these details he allegedly transferred Rs 1.10 lakh from Mahajans
account without her consent through illegal online transaction. Police said people
should be aware of such fraudulent phone calls and avoid sharing personal details
with anybody. Police said anybody getting such calls should cross-check with bank
officials whether the calls are authentic, before sharing personal information.
Police said Sayara got a call from the man on her cell phone last month. He
claimed to be a bank officer and asked details of ATM cards she had for her
accounts with the State Bank of India and the Bank of Maharashtra.

CRUX OF THE CASE

The case is of internet fraud in which a lady is the victim and suffers loss of
34000/The woman lodged a complaint with the police and a suspect is been taken into
custody. It was mentioned that some anonymous call was attended by the woman

and the caller called as a bank officer and asked the details regarding her ATM
cards.
After sometime money was tranfered using her internet banking without her
consent for which she filed the case.

HOW THE FRAUD COULD HAVE BEEN PREVENTED?

At the very beginning the fraud could have been prevented if the victim would
have known that banks do not call or communicate in any manner and ask for a
customer personal details like card number, cvv no. etc.
The fraudster must have planned this in a fool proof manner. The customer should
always take care of there passwords, and registered phone numbers.
As internet transfer is not possible without the otp send to the customers registered
phone number, one should not disclose any sensitive information which may led to
the duplicity.

CASE 3
BY: RIDDHI SINGHAL

Case: CREDIT CARD FRAUDS

Amit Tiwari had many names, bank accounts and clients. None of them
were for real. With a plan that was both ingenious and nave, the 21-yearold engineering student from Pune tried to defraud a Mumbai-based credit
card processing company, CC Avenue, of nearly Rs 900,000.He was
arrested by the Mumbai Police on August 21, 2003 after nearly an year of
hide and seek with CC Avenue. He's been charged for cheating under
Section 420. Amit will remain in custody till Friday, August 29.
Here's how it happened
CC Avenue verifies and validates credit cards of buyers for over a
thousand e-commerce Web sites. It conducts checks like IP mapping, zip
code mapping and reverse lookup of telephone numbers. Amit Tiwari
found a way to bypass

them.In May 2002, Col Vikram Tiwari signed up for CC Avenue's services.
In November, he requested the company to deal with his son, Amit, who
offered Web designing services on www.mafiaz.com. CC Avenue's
security team confirmed his credentials through bank signature
verification, driving license and his HDFC Bank debit card. Everything
was genuine. Amit processed several transactions, worth Rs 311,508, via
CC Avenue from November 2002 to February 2003. Then the transactions

CRUX OF THE CASE

The case was of a fraud which was done with a credit card company by using
the credit card details of their existing customers that were found on the
internet.
The fraud was done not only once but thrice and that too with a similar modus
operandi.
The trap was laid at the fourth time when a similar pattern of fraud was found
out.

HOW THE FRAUD COULD HAVE BEEN PREVENTED EARLIER?

The content of the web designing site of the first case should have been
checked unlike it was checked for the second and the third case.

Moreover, the credit card details that were found on the internet should be
secured enough that it would not be easy for a normal person to detect the
pattern of these details.
And the usage of proxy servers to the internet should have been restricted so
that the verification checks could not have been bypassed.
Moreover, the pattern of transactions of the previous person should also have
been monitored to check any similarities, if any, with the pattern of
transactions in the first attempt of fraud.

CASE 4
BY: SHIV AGARWAL
Case: Single mum duped out of savings

Ms W was called by someone who said they worked at Visa. She was told that her
account had been compromised and that she must phone her bank immediately
using the number on the back of her card. Fearing for the safety of her savings
which were many thousands of pounds Ms W went on to make an online bank
transfer to a safe account under the instruction of the fraudster. By the time she
realised that she had been scammed there was no money left in the recipient
account. Ms W, a single mum, had been saving for essential repairs to her home.
Not only were these repairs impossible following the fraud, she was also left in
financial difficulty. The bank offered Ms W 100 for the distress it had caused by
suggesting, at an early stage, that she might get her money back.

Issues: It was explained to Ms W that because she had made the online transfer
herself, the bank could not have known the transaction was fraudulent and
therefore the bank was not to be blamed.
The distressing impact of these no hang-up frauds isnt only down to the size of the
sums of money involved. It is often made worse because, due to the way the fraud
is carried out, it may be extremely difficult (or impossible) for consumers to get the
money back.
Vishing (voice phishing) is the criminal practice of using the phone to defraud,
dupe or mislead someone. A particular form of vishing thats caused concern is the
no hang-up scam. Here, fraudsters usually posing as the police or a bank
persuade consumers that their account is

at immediate risk. Fraudsters tell consumers that they need to move or withdraw
their money urgently to keep it safe, using a technical trick on the phone line to add

to the plausibility of the scam and to gain access to consumers private personal
and financial information.

Ques. Do you think the fraud could have been prevented?

Ans. Yes, the fraud could have been prevented if Ms. W should have asked the
bank or should have confirm with the bank about whether her account was actually
at risk or was that call a genuine call.
Many tricks are involved in phishing scams. The most common method is sending
you a spoofed email purporting to be from your bank, Credit Card Company or
service provider. The email will usually use one of the following tactics to trick
you into acting on their instructions:
"Your account is currently being updated as we are introducing a new security
system. Follow the instructions below to reactivate your account."

 "Your credit card is the subject of a police investigation for fraud. Please
follow the instructions below."
"Our records indicate that payment for your Internet account is due. We are
also currently introducing a new e-payment service. Please follow the
instructions below."
"You are the lucky winner of our lucky draw. Please submit your credit card
details so that we can verify your identity."
The following are examples of the instructions you may be asked to follow:
"Please provide a return email with your account details, PIN, OTP or credit
card number. We will reactivate your account as soon as we receive your
email."
"Please click on the hyperlink below to update your personal details."
"Please click on the attachment below. This will automatically generate an
alert on our side. We will update your account and inform you."
The motive of these instructions is to make you disclose your personal details such
as your PIN, OTP or credit card number, which the fraudsters can use to access
your account. If you follow the links or attachments in the email, you may be
directed to a fake website that looks almost identical to the website of your bank or
credit card company. These fake websites are created to trick you into divulging

your login credentials and personal information. There are also some emails with
attachments containing viruses, worms, spyware or trojans which may infect your
PC and allow fraudsters to monitor your every keystroke and capture your personal
information.
Tips to protect yourself

Your bank will never send you emails asking you to divulge any confidential
or personal information. You should report such emails to your bank and then
discard them.
You should never reveal your PIN or OTP to anyone. No bank should ever
ask you for your PIN or OTP for whatever reasons.

 Do not click on any link to log on to bank websites or open attachments in

emails purportedly sent to you by your bank, credit card company or service
provider.
Always enter the full URL or domain name of your bank or credit card
company into your browser address bar. If you are unsure of their web
address, contact them for the information.
Always check your credit card and bank account statements for any
suspicious or unauthorized transactions. If you detect anything unusual,
contact your bank immediately.
Do check your bank's website for more information on Internet security. In
the event that you think you have become a victim of phishing scam, contact
your bank immediately.
Install firewall, anti-virus and anti-spyware in your computer and update
them regularly.
Avoid performing online banking using computers in public areas such as
cybercafs.

Remember to log off each time you finished your online banking activities.
Select passwords that are difficult to guess and change your passwords
regularly.
You can protect yourself from phishing scams if you take the necessary precautions
to safeguard your personal information.

CASE 5
BY: PRATIBHA SHARMA
Case: Case study on Forged Cheque

ICICI Bank Limited vs Sri Vallabhaneni Mohan Rao

The facts of the case are that Vallabhaneni Mohan Rao is holding saving bank
account with the ICICI bank. On 23.march.2005 the respondent received a
message on his mobile phone from the bank that an amount of `45,000/- was
withdrawn from his account through cheque bearing No.658033. Vallabhaneni
Mohan Rao immediately made enquiry with the bank about the withdrawal of the
amount. On his request the bank issued photo copy of cheque and he realized that
the cheque was encashed by Ch.Srinivas by forging his signature on the cheque.
Vallabhaneni Mohan Rao had not issued the cheque to Ch.Srinivas or any other
person and questioned the bank as to honouring the cheque without verifying his
specimen signature and there was no response from the bank. Vallabhaneni Mohan
Rao lodged complaint with the police Machavaram and the police rejected his
request to register the complaint and suggested him to approach the bank.
Vallabhaneni Mohan Rao filed complaint C.C.No.151 of 2005 before the District
Forum and the bank failed to appear as a result of which the District Forum set the
bank exparte and after hearing the respondent reserved the matter for orders.
The District Forum directed the appellant bank to submit the cheque. The cheque
was sent to the District Forum by bank and on verification of the signatures on the

cheque and admitted signatures of Vallabhaneni Mohan Rao, the District Forum
directed the appellant to furnish the specimen signature of the Mr. rao for which
there was no response from the bank. The District Forum directed the respondent
to file complaint before the police, Machavaram and it has directed SHO of
Machavaram PS to register the complaint and conduct investigation and the
District Forum had given liberty to the respondent to file fresh complaint in case it
is found that cheque was forged.

The police Machavaram failed to register the complaint and the respondent filed
P.P.No.73 of 2007 whereon the Police, Machavaram registered case in Cr.No.504
of 2007 for offence u/s 420 of IPC against the Manager of the appellant bank. The
District Forum closed the PP proceedings on 30.11.2007. During the course of
investigation the police had sent the cheque along with the respondents admitted
signature to A.P. Forensic Science Laboratory Hyderabad which gave its opinion
on 5.9.2008 that the signature on the cheque is different from the signature of the
respondent.
The bank without verifying the signature of the Vallabhaneni Mohan Rao on the
cheque with his specimen signature, honoured the cheque and paid the amount to
the drawee of the cheque which amounts to deficiency in service on the part of the
appellant bank.
The District Forum allowed the complaint on the premise that the cheque in
question is forged and the appellant bank honoured the cheque without verifying
the signature on the cheque with his specimen signature which amounts to
deficiency in service on the part of the appellant bank.
The District Forum held the bank liable to pay the amount covered under the
cheque and after payment of the amount it can recover the same amount from the
person who presented the cheque.