Documente Academic
Documente Profesional
Documente Cultură
DISSERTATION
i
Department of Economics, Planning and Development
School of Humanities and Social Sciences
I hereby declare that the dissertation entitled, “submitted in partial fulfilment of the requirements for the award of
the degree of Master of Arts is a record of bona-fide research work carried out by me under the supervision of Dr.
Roopali Srivastava”.
This is an original work and this dissertation fulfils the requirements as per the regulation of this University and
meets the necessary standard for submission. I, further declare that the work reported in this dissertation has not
been submitted either in part or in full for the award of any degree or any diploma of this University or any other
University.
Date: Anita
ii
Department of Economics, Planning and Development
School of Humanities and Social Sciences
Certificate
This is to certify that the dissertation entitled “An analytical study about impact of Cyber crime on banking
sector in India, by Anita is submitted in partial fulfilment of the requirements for the award of the degree of
Master of Arts in Economics, Planning and Development under the supervision of Dr. Roopali Srivastava,
School of Humanities and Social Sciences, Gautam Buddha University, Greater Noida, U.P. (India).
This is an original work and this dissertation fulfilled the requirements as per the regulations of this
university and meets the necessary standard for submission. The content of this dissertation have not been
submitted either in part or full for the award of any other degree or diploma in this or any other University.
iii
Department of Economics, Planning and Development
School of Humanities and Social Sciences
This is to certify that the dissertation entitled “An analytical study about impact of Cyber crime on banking
sector in India ”submitted by Ms. Anita in partial fulfilment of the requirements for the award of the degree of
Master of Arts is a record of bona-fide research work carried out by her under my supervision. This
dissertation fulfils the requirements as per the regulations of this university and meets the necessary standard
for submission. The content of this dissertation have not been submitted either in part or full for the award of
any degree or diploma in this or any other University.
Signature
iv
Acknowledgement
This study has been carried out in the Department of economics, Planning and Development, School of
Humanities and Social Sciences, Gautam Buddha University, Greater Noida, Uttar Pradesh, from January 2018
to April 2018. I have received great help and assistance from many people. It is difficult to acknowledgements
it adequately in short and formal manner here.
My Teacher and guide, Dr. Roopali Srivastava trained and exposed me to the vast world of academics. Her
guidance and direction opened new avenues in my life. She taught me how the academic work can be a
pleasure. I never felt that I was under any work pressure. I am privileged to have worked under her and also
grateful to her for her hospitality, affection and concern bestowed.
I must thank all the teacher of my department for their valuable suggestions. I express my sincere thanks to my
friend without those help and cooperation; I would not have been able to complete my research work.
I am greatly indebted to my parents and grandparents who have been the source of constant encouragement and
support at all times. Some of my relatives also provided me all the assistance in the completion of work.
v
ACRONYMS
vi
LIST OF FIGURES
vii
LIST OF TABLES
Table 4.2 Comparison of bank services between traditional and modern mobile
viii
CONTENT
Chapter 1 Introduction
Bibliography 43
x
ABSTRACT
Everybody know, with the advancement of technology Cyber crime increase. A lot people in the India have limited
knowledge of Cyber crime in cyber space, known as Cyber crime. Cyber crime happen in the world of computer
and internet, this kind of crime has a serve impact on economy, society and lives . use the statically data to show
the performance of Cyber crime in India. The study about impact of Cyber crime banking sector become very
dangerous and loss full .Government take various action against the crime ,they make strong policy protect the
customer.
All over say that the Cyber crime are any illegal activity committed using computer and network for criminal
activities , study the types of crime in India like ATM fraud, credit card fraud, spam etc.
The modern contemporary era has replaced these traditional instrument from paper and metal based currency to
plastic money which we called debit card, credit card etc. this has resulted in the increasing use of ATM all over
the world. The use ATM not only safe but it also convenient.
The paper will be provide a introduction to the concept on e-banking and its drawback by explaining the list of
fraud in banking focusing on information technology Act, 2000 with the help of statistic on Cyber crime reported
in last years .some of the banking Cyber crime in banking sector phishing, hacking, skimming, pharming etc.
Internet commerce grown exponentially during the past few year and is still growing. but unfortunately the growth
is not done because the credit card fraud which has become common has retarded the e-commerce growth.
The term internet fraud refers generally to any type of fraud scheme that uses one or more component the internet-
such as chat room, e-mail, or web sites-to present fraudulent solicitation to prospective victims, to conduct
fraudulent transaction.
“The modern thief can steal more with a computer then with a gun. Tomorrow terrorist may be able to do more
damage with a keyboard than with a bomb.
The financial loss suffered from the cyber incident .it can also lead higher risk such as disruption in banking
continuity, loss of reputation customer trust.
.
xi
Chapter-1
INTRODUCTION
Technology is growing rapidly day by day. It is not about in any particular field but it spreads in all
directions i.e., in the field of education, Entertainment, Sport, Business etc. As we know that everything in
the world has pros and cons. So the technology also has
many pros and cons. But in topic have to be discuss about
cons due to technology that is called as CYBER CRIME.
Source: imagebay.com
India is a fourth highest number of internet user in the world, Cyber crime in India also increased 50% in
2007 over the previous year. According to information technology (IT) Act, the majority of offenders
were under 30 years of age.
Around 46% of Cyber crime were related to incident of cyber pornography, following by hacking,
according to recent published 2017 by national crime record bureau (NCRB), in over 80 the cases,
offender between 18 and 30.These Cyber crime are punished under two categories; the IT Act 2000 and
Indian panel cod. According the report, 217cases of Cyber crime were registered under IT Act in 2017
compared to 2016.
1
1.2 History of Cyber crime:
Cybercrime was started with hackers who were trying to break a computer network. Some of the hackers
did it for the thrill of accessing high level security network and also to gain sensitive informations. So,
hackers started to ,infect computer systems with computer viruses which led breakdowns on personal and
business computer. They made virus in the form of program codes and uses malware programs that can
damage, destroy and steal the data of another computer.
In India, People are committed with cybercrimes day by day. This is all about lack of awareness about the
crimes that could be dined through the internet.
The banking industry was once a simple and reliable business that deposit from investor at a lower interest
rate and borrows the money from this sector at minimum return interest. The deregulation and technology
revaluation in banking sector the business industry as main aim is provided credit. The banking sector
collapse of in industry this become financial crisis means some more complex securitization activities and
more extreme risk. Banking in India originated in last decades of 18th century the oldest bank is state bank
of India. The first bank of India BANK OF HINDUSTAN.
2
1.4 Types of Cyber crime
We can classify Cyber crimes into following types:
Cyber crime affects both a virtual and a real body. This phenomenon is clearest in the case of
identity theft. For example, if you have to buy a mobile sim card and you visits a service center of
any telecommunication operator. Then they demand to you for an Identity Card middle man like a
worker at there may get yours information very easily. Even they can sell your information to any
other company and get money
A hacker may easily get that information by paying to
that company and a hacker can start to track you
because they have some precious information like your
mobile number, your address and other information.
Then hacker will start to find some more information
by which they could damage you physically and
virtually.[2]
Source: shutterlock.com
2. Cyber Terrorism:
Cyber Terrorism is use of internet to conduct violent acts that results in, or threaten, loss of life or
significant bodily the harm, in order to achieve political gains through
intimidations. On the way if understanding cyber terrorism is the idea
that terrorist could cause massive loss of life, worldwide economic
chaos and environmental damage by hacking into critical infrastructure
system.
Source: pixbay.in
3
3. Cyber warfare:
Cyberwarfare involves the battlespace use and targeting of computers and networks in warfare. It involves
both offensive and defensive operations pertaining to the threat of cyber-attack, espionage and sabotage.
4. ATM Fraud:
Take the automated teller machines(ATM) through which many people now get cash. In order to access
an account, a user supplies a card and personal identification
number (PIN). Criminal have developed means to intercept
both the data on card’s magnetic strip as well as the user’s PIN.
In turn, the information is used to create fake cards that are then
used to withdraw funds from the unsuspected individual’s
account.
The Cyber Space is increasingly used by organized criminal groups to target credit cards, banks account
and other financial instruments for fraudulent transactions. Most of the online banking fraud conducted
either through phishing, stealing of banking informations or
through cloning of credit/debit cards. In phishing, a fraudster
will have sent an email pretended to be sent from the Bank to
the victim asking for their personal details including banking
informations like PIN code or Banking user name and
password. Once the person reveals such crucial information, the
4
fraudster may withdraw or transfer the money from the victim’s account.
Online fraud is considered to be third amongst economic crimes prevalent in India. According to the
Global Economic Crime Survey 2011, conducted by Price House Water which reveals the propensity of
such crimes in India.
1.5 Cyberspace:
Cases of cybercrime grow; there is a growing need to prevent them. Cyberspace belongs to everyone.
There should be electronic surveillance which means investigators tracking down hackers often want to
monitor a cracker as he breaks into a victim's computer system. The two basic laws governing real-time
electronic surveillance in other criminal investigations also apply in this context, search warrants which
means that search warrants may be obtained to gain. S u c h evidence would include the computer used to
commit the crime, as well as the software used to gain unauthorized access and other evidence of the
crime. Researchers must explore the problems in greater detail to learn the origins, methods, and
motivations of this growing criminal group. Decision-makers in business, government .[1]
5
1.6 Classifications of Cyber crime
Cybercrimes can be basically divided into 3 major categories
Classification Of
Cyber crime
Cybercrimes committed against persons include various crimes like transmission of child-pornography,
harassment of any one with the use of a computer such as e-mail. The trafficking, distribution, posting,
and dissemination of obscene material including pornography and indecent exposure, constitutes one of
the most important Cybercrimes known today. This is one Cybercrime which threatens to undermine the
growth of the younger generation as also leave irreparable scars and injury on the younger generation, if
not controlled.
6
Cybercrimes Against Government
The third category of Cybercrimes relate to Cybercrimes against Government. Cyber terrorism is one
distinct kind of crime in this category. The growth of internet has shown that the medium of Cyberspace is
being used by individuals and groups to threaten the international governments as also to terrorize the
citizens of a country. This crime manifests itself into terrorism when an individual "cracks" into a
government or military maintained website
7
References
2. Ahuja vashumal, (2009) “Cyber crime in banking sector” ,Page No. 17-25.
8
Chapter-2
REVIEW OF LITERATURE
In this chapter the existing literature on impact of Cyber crime on baking sector in India, comparison
between traditional and modern mobile internet banking and security system of bank has been reviewed.
The study conducted in this field in last decades. This chapter cover the studies of Cyber crime in banking
sector in India.
A study presented by Simran(2018)1 ,The world is fast moving online with 46.1% of total world
population now connected to the web according to internetlivestats.com (as on July 1, 2016). A
remarkable instance of this phenomena has been experienced in India with a notable increase in the past
three years i.e. 18% of the Indian population online in 2014, 27% in 2015 and 34.8% in 2016 (as on July
1, 2016).
According to Agrawal Sanchi (2017)2 Indian banking sector cannot avoid banking activities carried out
through electronic medium as the study suggest that there has been an increase in the number of payments
in e-banking. However, the change in the banking industry must be such which suits the Indian market.
The Origin of Knowledge Page 19 Banks are required to be updated and ahead with the latest
developments in the IT Act, 2000 and the rules, regulations, notifications and orders issued therein
pertaining to bank transactions and emerging legal standards on digital signature, electronic signature,
data protection, cheque truncation, electronic fund transfer etc. as part of overall operational risk
management process.
A study presented by Raghavan A. R (2014)3, Banks in order to enhance their customer base introduced
many platforms through which transactions could be done without much effort . These technologies
enabled the customer to access their bank finances 24*7 and year around through, ATMs and Online
banking procedures. the problem of cybercrime in the banking sector and its impact on the banks finances.
It assesses the cybercrime scenario and identifies the actors involved in the scenario.
9
A study conducted Rao Shankar (2015)4, cyber security make impossible for maintaining the continuity
this vital services and for preserving public trust in IT sector. Some example of cybercrime likes stealing
personal information (identity theft),. theft the data through the computer view (hacking) , making internet
service unavailable for the user, tricking someone into revealing their personal information , software and
plagrism privacy , free fraud advanced so many crime are committed in India. Therefor awarenance of
cybercrime need to be presented the by full view and analysed.
According economic times banking (2017)5, NEW DELHI: India was among the 99 countries affected
by a global cyber-attack that took down, among others, health services in the UK, a telecom network in
Spain and government computer systems in Russia this weekend. As many as 102 computer systems of
Andhra Pradesh police were hacked on Saturday. The malware reportedly halted production at a Nissan-
Renault Alliance plant on the outskirts of Chennai, but the company did not comment on the issue.
As Per RBI Report (2017)6, they measured to check the Cyber crime in banking sector. As per the RBI,
a number of Cyber crimes like ATM fraud, debit card and internet banking these showed as rises to 4.4%
from 13,653 in 2016-2017. The RBI has issued cyber security structure to banks and mentioned to put in
place to approved cyber security policy. So they covers the risk from cyber threats and their measures to
meet. The RBI provided the instruction to bank for reversal of fraud for debit or other transaction also.
Digpal and Karan(2015)7, a cybercrime in digital wrong doing the ICT (Information communication
technology had revolute in different aspect for the people and made our lives simpler and has also implied
on the industrial and has made simple business process by sorting, summarizing, customizing and coding.
Cybercrime affected different sectors among which banking sector is most affected and witnessed in
different forms of cybercrime. Today we know that the importance and facilities of baking sector like
Debit and Credit Card facility and net banking etc.
PWC's Global Economic Crime Survey (2016)8, there is no causes that the Cyber crime is all time high.
It seen that not a single day goes without the any organisation suffering a security of customer of the
major bank having money theft from their account. In fact cybercrime jump to second most reported crime
globally and that is 54% of companies have hit with Cyber crime in last two year. this is highlighting
10
because of the big business hacking has become, however some organisation are more target than others
including cyberattack.
Tesco Bank, which hacker stolen over 2 million from customer account while their various threats target
are the part of the system and their customer. Still success of Cyber crime because our financial institution
shifts to digital channel online.
Das Sumanjit (2013)9 The government still has an important role to play, but most of the prevention
needs to be done by commercial entities producing software and those with the ability to stop fraud.
Relying on consumer education programs will only affect a percentage of possible victims. The others
need to be automatically protected through measures that do not stress and require considerable
participation. Security needs to be easy and effective if it is doing work.
Neena (2013)10 A bigger share of private and foreign banks in frauds related to online banking, ATM,
cards and other digital banking transactions. Even with the reducing number of cases, the value of such
cases did not come down proportionately. Banking cyber frauds in the country are the result of
introductory phase of banking technology like ATM, online banking, mobile banking, EFT etc. which
need time for people, market and technology to get matured. Regulatory framework also gets stronger by
experience. Recently RBI has issued guidelines suggesting measures and reporting methods of cyber fraud
cases to be followed by the banks.
11
References
1. Simran,2018, “Cyber crime;- a growing threat to Indian banking sector” ,ISSN 2394-3386,
volume 5 .
2. Agarwal Sanchi,2016 “Cyber crime in banking sector”, ISSN 2455-2488,volume 3
3. Raghavan A.R,2014, “The effect of Cyber crime on a bank’s finance, ISSN 2347-3215,
volume 2.
4. Rao shanker,2014 “effect of Cyber crime of Indian economy, ISSN 2348-1439.
5. The e- newspaper “economic times banking,2017.
6. As per RBI report 2017
7. Digpal and Karan,2011 “Cyber crime in banking sector” ,ISSN 2321-6417.
8. PWC’s global economic crime survey ,2016.
9. Das Sumanjit,2013 “Cyber crime issue and challenge”, ISSN 2231-6604, volume 6.
10. Neena soni,2013 “banking cyber fraud in India special reference to private and public
banks” ,ISSN 2319-1171, volume 2.
12
Chapter-3
In this chapter objective of the study has been elaborated. The impact of Cyber crime on banking sector in
India has been discussed in this chapter. The main objective of the study to know about cyber security in
banking sector, its prevention, policy types, classification etc.
The study is basically on secondary data. This data has been collected various Journals, manual and
source published by government of India. The study cover period between 2008 to 2017 to analyse to
increase the number of Cyber crime on banking in India. Main source of data are the website like
Economic survey, RBI reports.
3.3 METHODOLOGY
The study analyses the available secondary information and literature of background of Cyber crime on
banking sector in India. Cause of Cyber crime on banking sector in India has been analysed. To measure
the impact of Cyber crime on banking in India has been taken from published “Cyber crime on baking
sector in India. With the view of accomplish the afore said objective of the study trend growth have been
studied.
13
Chapter-4
Impact of cyber crime on banking sector in India
Cyber crime can be simply started as crime that involves the use of computer and a network as a medium
of source, instrument, and target place of a crime. With the growing aspect of e-commerce and e-
transaction, the economic crime has dirtied towards the digital world. Cyber crimes are increasing globally
and Indian too has been witness a sharp increase in cyber related case in recent years. Various types of
crime become in banking sector such as cracking, software piracy, and pornography etc.in this chapter
what are the impact Of Cyber crime on banking sector is analysed .The current status of Indian bank and
traditional bank system have been analysed in this chapter.
Analysis of data types of cyber -crime happen in banking sector, their security hack by criminals, and their
percentage
1.CRACKING SA 29 52.7
A 24 43.6
U 1 1.8
14
SD 1 1.8
TOTOAL 55 100
2.SOFTWARE SA 29 52.7
PIRACY
A 17 30.9
U 1 3.6
D 5 9.1
SD 1 1.8
MISSING 1 1.6
TOTAL 55 100
3.PORNOGRPHY SA 22 40
A 18 32.7
U 4 7.3
D 4 7.3
SD 5 9.1
MISSING 2 3.6
TOTAL 55 100
A 17 30.9
U 2 3.6
D 2 3.6
15
SD 4 7.3
MISSING 1 1.8
TOTAL 55 100
5.YAHOO SA 25 45.5
/EXTARTIAN
A 21 38.2
U 1 1.8
D 2 3.6
SD 5 9.1
MISSING 1 1.8
TOTAL 55 100
16
banking to traditional as evident from the table below for transaction in April – November 2015 (in
million).
If we look rise E-banking it is clear that people have started using this facility are in comparison to
traditional for banking as evident from the table
below for transaction in April-November 2015(million)
.
Table 4.2 Banks Services Between 2014to 2016
In this paper we take five Indian bank and try to find out the security features using by bank for online
transaction. This collect data various forms like newspaper website and the other media. for every security
features we provide 5 points
17
Table 4.4 status of bank
SBI 4 4 4 3 0 15
PNB 4 4 3 4 0 15
CBI 3 4 3 2 0 12
BOB 4 4 3 4 0 15
ALLAHABAD 3 4 4 3 0 14
status of bank
6
0
SBI PNB CBI BOB ALLAHABAD
1.PE-password encryption
2-VK-virtual keyboard
3-SSL-secure socket layer
4-SMS-short message service alert
5-UPA-user awareness program
18
In this study found that the all feature for his website. The all are providing password encryption facilities
with virtual keyboard we provide 5 marks for each feature but no bank has full fill the feature and
aggregate total of every bank is vary between the 12 to15 out of 25. One the interesting thing is that in
future this technology increase rapidly . It mean the user will have to use these facility therefor we need to
make our
system more secure regarding to this security mechanism we have to aware this technology and also need
to increase secure humankind.
Financial Cyber crime India has been steadily increasing over the years. For the year 2015-2016 the
Reserve Bank of Indian (RBI) Reported 16,468 Cyber crime related to ATM, debit card ,credit card and
net banking fraud. The number of frauds reported by RBI was 13,083 in the year 2014-15 and 9500 in the
year 2014. Minister of state for electronic and information technology. He added additional information
from national collect and record bureau (NCRB) collected and maintain statistical data of police recorded
cognizable crime. RBI set up the Reserve bank information technology Private Ltd to take care of its IT
requirement, including the cyber security needs of the bank and its regulated entities .ReBIT WILL
FOCUS ON it and cyber security including research for the financial sector and assist in IT system audit
and assessment of RBI regulated entities, in addition to implement and manage internal or system wide IT
project management.
The ministry of electronics and information technology has also issued a consultation paper which calls
for developing a framework for security of digital wallets operating in the country .the government will
CERT.
In shall notify the categories of incidents and breaches that a require to be reported mandatorily.
With digital payment on the rise digital heists and fraud becoming common. In India most notably over
3.2 million debit card details were stolen by hackers from ATM and POS machine in October 2016 the
national payment corporation of India said that the complaints of fraudulent withdrawal are limited to card
of 19 banks and 641 customers. The total amount involved is 1.2 crore .more recently bank of marashtra
reported a loss of rupees 25 crore I march as fraud exploited a bug in their UPI application and core
banking.
India registered over 100 per cent increase in Cyber crime during 2016-17, a two-day conference on
cyber laws and cyber security being held in Srinagar .As per the statistics made available to the
participants of the conference, there has been a significant rise in attacks on government and private
19
sector, particularly financial sector. “In government sector, there has been 136 percent increase in cyber
crimes while the private sector has seen 119 percent in 2016-17,” said Prof Yasir Latif Handoo, assistant
professor, Kashmir Law College. He added that there is need for International Court on cyber crime on the
lines of International Court of Justice to deal with such crimes.
“After IT Act 2000 was enacted, many amendments have been brought in to cope with growing
challenges in terms of privacy and theft in cyber world but we are far behind,” he said asserting “Our
“The scale of cyber crimes in India is negligent, mostly dealing with privacy issues, while huge cyber
scams have been reported globally. Keeping this in mind, we have to be proactive in evolving an effective,
since most of offences defined in IT Act 2000 are bailable,” he said.
“Securing data is a big issue. In today’s world, most people don’t know importance of cyber laws, which
are meant to protect your information. There is need to educate people on cyber laws,” he said.
Source: Pexel.com
20
The number of cyber security incidents has gradually increased in India over the last few
years.
for Electronics and IT, Mr. PP Chaudhary stated that as per the information collected by India’s Computer
Emergency Response Team (CERT-in), 44,679, 49,455 and 50,362 cyber security incidents took place in
India during the years 2014, 2015 and 2016, respectively. These incidents include phishing, website
intrusions and defacements, virus and denial of service attacks amongst others.
As per the ‘2016 Cost of Data Breach Study India’ the average total cost of a data breach paid
by Indian companies increased by 9.5 percent, while the per capita cost increased by 8.7 percent
and the average size of a breach grew by 8.1 percent. Although, the government has taken certain
cyber security initiatives as discussed below, more expansive and aggressive measures are required
to meet the rising challenge.
1. Information technology (IT) has exposed the user to a huge data bank of information
regarding everything and anything. However, it has also added a new dimension to terrorism.
Recent reports suggest that the terrorist is also getting equipped to utilize cyber space to
carryout terrorist attacks. The possibility of such attacks in future cannot be denied.
Terrorism related to cyber is popularly known as ‘cyber terrorism’.
2. As brought out earlier India has carried a niche for itself in the IT Sector. India's reliance on
technology also reflects from the fact that India is shifting gears by entering into facets of e-
governance. India has already brought sectors like income tax, passports visa under the realm
of e -governance. Sectors like police and judiciary are to follow. The travel sector is also
heavily reliant on this. Most of the Indian banks have gone on full-scale computerization.
3. This has also brought in concepts of e-commerce and e-banking. The stock markets have also
not remained immune. To create havoc in the country these are lucrative targets to paralyze
the economic and financial institutions. The damage done can be catastrophic and
irreversible. Some challenges and concerns are highlighted below:
Lack of awareness and the culture of cyber security at individual as well as institutional level.
21
Lack of trained and qualified manpower to implement the counter measures.
Too many information security organizations which have become weak due to 'turf wars' or
Financial compulsions, A weak IT Act which has become redundant due to non-exploitation and
age old cyber laws. No e-mail account policy especially for the defiance forces, police and the
agency personnel. Cyber-attacks have come not only from terrorists but also from neighbouring
countries inimical to our National interests.
Cyber security, in the near future, will be the main component of the state’s overall national security and
economic security strategies. Recently, Government made public a report by the working group to set up
the Computer Emergency Response Team in the Financial Sector (Cert-Fin) RBI released guidelines on
customer liability in case of unauthorized electronic banking transactions.
They represent different aspects of the cyber security problem—the technical and the economic
framework. Push for a less-cash economy is increasing the digital density of India’s financial services
space. The cyber-attacks getting audacious Government’s response thus far has focused only on the
technical aspects of the problem.
There is a risk that Cert-Fin will become deadwood given that sectoral regulators RBI, SEBI and IRDA
are already working on cybersecurity issues. So proper coordination across the sector is necessary.
Companies and institutions will rarely expend the resources necessary for the collective security needed to
protect the sector, until the right economic incentives are found. In case of a complex system, attackers
will always have the edge over defenders. The number of potential bugs and vulnerable points in any
system mean that the mathematical odds favor the attackers. No code can be perfect enough to
compensate for human error.
Example: A bank might have robust cybersecurity architecture, but it will still be vulnerable if the systems
of other networks that carry pertinent information are not secure.
In software industry, the more people use a particular software, the more valuable it becomes- has led to a
“release first, patch later” approach In case of ATM frauds, in US, burden of proof lay with the banks,
fared much better than Britain, Norway and the Netherlands, where burden of proof lay with the customer.
22
4.6 The three big problems in India’s banking sector, according to the RBI
The country’s banking system in India , the Reserve Bank of India (RBI) warned that the sector is under
severe stress, with mounting bad loans and an increase in bank fraud, among other issues. All this, the RBI
says, could drag down India’s economy. “Weak investment demand, partly emanating from the twin
balance sheet problem (a leveraged corporate sector alongside a stressed banking sector) is a major
challenge,” the report said.
The key problems plaguing India’s banking sector, according to the RBI:
Bad loans
At nearly Rs10 lakh crore, India’s pile of bad loans is bigger than the gross domestic products of at
least 137 countries. But so far, the RBI’s attempts to reduce Non-Performing Assets (NPAs) in the
banking sector have yielded little result.
The share of gross NPAs in India could inch up to 10.2% by March 2018, from 9.6% in March 2017,
according to the FSR. In September 2016, gross NPAs were at 9.2%.
Currently, the worst-hit are the state-owned banks, which dominate the Indian banking system. In March
2017, the average bad loans of PSBs stood at 75% of their net worth. These bad loans are squeezing
banks’ profitability and capital positions, threatening the health of some of India’s biggest banks. In the
report, the RBI cautioned that the situation could get woe with any for seen stress in the economy.
Cyber Threats
An estimated 95% of transactions in India are paid for in cash but with the growing penetration of
computers and smartphones, and increasing access to the internet, Indians are taking to digital channels
for their banking needs. Cybercrime is becoming a greater threat as a result.
The FSR labelled cyber-attacks as a high-risk zone for India’s banking sector. The RBI classifies bank
fraud as transactions involving any cheating, negligence, misappropriation of funds, or forged documents.
“Not only simple attacks using phishing, vishing and social engineering, but also increasingly audacious
attacks by organized gangs with or without backing by state players have come to light,” the RBI said.
The clamours to secure India’s banking system increased following a massive data breach of 3.2 million
debit and credit cards last year, one of the biggest attacks in the country. Another red flag was the recent
global ransomware attack that affected the computer systems of governments and several companies in
23
various countries, including India. The RBI recommended that banks invest in preventive software and
frequently assess the risks at hand, not just for in-house operations but also for the external vendors that
the lenders employ.
BANK FRAUD
Another pressing concern for the banking regulator is the increased number of fraudulent transactions at
Indian banks. What’s adding to the concerns is that banks often seem reluctant to report these cases.
“Almost all corporate loan-related fraud cases get seasoned for two to three years as NPAs before they are
reported as fraud, the RBI said in the report. In the last five years, the volume of bank fraud has increased
by 19.6% to 5,064 cases.
Reserve Bank of India recently released statistics on Cyber Frauds pertaining to Internet Banking, ATMs,
Debit Cards and Credit Cards for past 4 years and even after all the security and policies introduced, cyber
fraud in terms of total amount is on the rise.
Source: www.bankcybercerimeindina.com
24
As per the report, in 2010, cyber frauds accounted for close to 40.5 crore rupees as compared 52.7 crores in
2012. On the other hand, the cases reported have seen a decrease from 15018 cases reported in 2010 as
compared to 8322 cases reported in 2012. This also show that average value per cyber fraud case has also
increased alarmingly.[1]
ICICI FRAUDS
ICICI Bank customers have been the biggest victims of Cyber Frauds. In last 4 years (from 2009 to 2012)
ICICI Bank alone reported 34918 cases amounting to 74.25 crore rupees. Though, ICICI Bank is one of
the biggest private commercial Banks in India, the number of cases are relatively very high. With the
measures that ICICI Bank has taken over the years, the number of cases as well as the value of cyber
frauds in dropping. In 2009, ICICI Bank had 15,666 cases, 9811 in 2010, 6013 in 2011 and 3428 in 2012.
Even the value has been progressively down.
Source: www.bankcybercrimeindia.com
American Express ranked 2nd based on the value of cyber frauds with 4 years (2009 to 2012) amounting
to 26 crore rupees nearly 3 times less than ICICI Bank. Citibank came in at 3rd reporting 24 crores worth
of cyber frauds followed by Axis (15.9 crore) and HSBC (13.8 crore).
25
The surprising aspect is low number of cyber fraud cases witnessed by HDFC Bank. In past 4 years, they
witnessed only 1330 cases valued 9.77 crore rupees. Given that it is one of the largest bank in India, the
have effectively managed the security of their customers against cyber frauds.
This kind of offenses normally referred as the hacking generic sense the farmer act 2002 have nowhere
used this term so to avoid them
We all know the all information stored in computer hard disk ,so the data theft by the physically or
tempering them through virtual medium.
3. Email Bombing
This type of activity refers to sending large no of mail to the victim which may be single or in group or
even ultimately resulting into crashing.
4. Salami attack
This type of crime basically in the financial institution for the purpose of committing financial crime.
Example Ziegler case wherein a logic bomb was introduced the banking system which deposit 10% from
every account and deposited in particular account[2].
5. Data diddling
This kind of crime attack involves alerting row data just before computer process it and then changing
after completed. The electricity board forced problem of data diddling while the department was being
computerized.
The computer of the victim is flooded with more request than it which cause it to crash distributed denial
of service (DDS) attack is also a type of denial of service attack.
Virus is a program that joint with the computer or a file and it circulate them others file and computer on a
network. They usually affect the data of computer either by entering or deleting.
For example, love bug virus, which affect 5% global.
26
8. Logic bomb
These are program depend on programs. These are related to the events.
For example, Chernobyl virus.
9. Trojan attack
This term origin tins the word Trojan horse. In the software field it means unauthorized program, which
specially focus on another computer by representing itself as a authorized program the most special
example email.
Normally in these kinds of theft the internet suffering hours of the victim are used by another person.
These access profit purpose such a login id and account. There are various causes of Cyber crime on
banking sector every cause have different to others, so we should analysis this cause thoroughly.
Table 4.4 National Crime Record Bureau (NCRB) collects and maintaining statistical data of
Policy records.
27
According to the table 4.5 crime record have increased gradually i.e. in 2008 national crime record was
288,in 2009 it increased to 420,and in 2012 it increased to 2,876.
Year Cases
2008 288
2009 420
2010 966
2011 1,791
2012 2,876
Year cases
2011 308
2012 371
2013 781
Source: Cyber crime in banking sector” ,ISSN 2321-6417
Source:
According to this table 4.6 Indian computer team record gradually increase the number of Cyber crime i.e.
2011 Indian computer team record was 308,in 2012 it increased to 371 and in 2013 it increased to 781.
28
References
1. Kumar Shubham, Kumar Uday, (2015) “ present scenario of Cyber crime India”.
2. Agrawal Sanchi (2016), Cyber crime in banking sector, Issn- no 2455-2488, Page No 8
29
Chapter- 5
The number of cyber security incident has gradually rise in India in over last few years. Ministry Of State
For Electronic and IT , Mr. PP Chaudhry started that as per information collected by India emergency
response team(CERT),44679,49679 and 50362 cyber security incident took place in India during the tear
2014,2015 and 2016, respectively. These incidences include ATM fraud virus Cyber Attacks.
USB Patriot”, was also launched by the government which , Union IT and Electronic Minister
Ravi Shankar Prasad states is aimed at controlling the unauthorized usage of removable USB
storage media of device like pen drive and USB supported mass storage device. One app also
launched, an app called “samivd”.it is desktop based Application whitelisting solution for window
operating system.it allow only preapproved set of executable files for execution protect desktop
from suspicious application from running.
30
The one most important device m-Kavach, this for security of android mobile device has also
been developed. this provide security against issue related to malware that steal personal data and
credentials, misuse Wi-Fi and Bluetooth resource, this was lost and stolen mobile device, spam
SMSs, premium rate SMS and unwanted income calls.
Browser, is the tool which serve as a browser extension which detect and defends malicious
HTMAL and java script attacks made through the web browser based on heuristics. It is alert the
user when he visits malicious web pages and provides a detailed analysis threat repot of the web
page. RBI strongly providing bank to take step up the awareness against Cyber crime, because this
is very dangerous for customer. Bank take direct step, specially place a security policy enlisting
the strategy to combat such threats, duly approval by the board.
Although, bank have tell to set up a security operation centre and beef up the role of the chief
information security officer (CISO) within individual bank, besides, the need to leverage the CISO forum
under RBI institute for development and research in banking technology(IDRBT) for exchanging
information among banks and generating quick response to cyber incident has been stipulated by the
bank .The security imperative is even more compelling with regard to preventing data theft and Spate of
cyber-attack have been turning highly.
RBI, IT Act with regard to Indian Banking Sector. Section 43A of IT Act provide for compensation in the
situation that a company or bank fail to use responsible security practice in order to protect sensitive
personal data and negligence in wrongful profit and loss.
31
5.3 National policy of 2013
There are various ongoing activities and programs of the government to address the cyber security
challenges which have significantly contributed to the creation of a platform that is now capable of
supporting and sustaining the efforts in securing the cyber space. Due to the dynamic nature of
cyberspace, there is now a need for these actions to be unified under a National Cyber Security Policy,
with an integrated vision and a set of sustained & coordinated strategies for implementation.
The cyber security policy is an evolving task and it caters to the whole spectrum of ICT users and
providers including home users and small, medium and large enterprises and government & non-
government entities. It serves as an umbrella framework for defining and guiding the actions related to
security of cyberspace. It also enables the individual sectors and organizations in designing appropriate
cyber security policies to suit their needs. The policy provides an overview of what it takes to effectively
protect information, information systems & networks and gives an insight into the government’s approach
and strategy for protection of cyber space in the country. It also outlines some pointers to enable
collaborative working of all key players in public & private to safeguard country’s information and
information systems. This policy, therefore, aims to create a cyber security framework, which leads to
specific actions and programmers to enhance the security posture of country’s cyber.
Vision : To build a secure and resilient cyberspace for citizens, businesses and government.
Objectives
To create a secure cyber ecosystem in the country, generate adequate trust & confidence in IT systems and
transactions in cyberspace and thereby enhance adoption of IT in all sectors of the economy.
To create an assurance framework for design of security policies and for promotion and enabling
actions for compliance to global security standards and best practices by way of conformity
assessment (product, process, technology & people).
32
To strengthen the Regulatory framework for ensuring a Secure Cyberspace ecosystem.
To enhance and create National and Sectoral level 24 x 7 mechanisms for obtaining strategic
information regarding threats to ICT infrastructure, creating scenarios for response, resolution and
crisis management through effective predictive, preventive, protective, response and recovery
actions.
RRTo improve visibility of the integrity of ICT products and services by establishing
infrastructure for testing & validation of security of such products.
To create a workforce of 500,000 professionals skilled in cyber security in the next 5 years through
capacity building, skill development and training.
To provide fiscal benefits to businesses for adoption of standard security practices and processes.
To enable protection of information while in process, handling, storage & transit so as to safeguard
privacy of citizen's data and for reducing economic losses due to Cyber crime or data theft.
To enable effective prevention, investigation and prosecution of Cyber crime and enhancement of
law enforcement capabilities through appropriate legislative intervention.
To create a culture of cyber security and privacy enabling responsible user behavior & actions
through an effective communication and promotion strategy.
33
To develop effective public private partnerships and collaborative engagements through technical
and operational cooperation and contribution for enhancing the security of cyberspace.
4) To ensure that all organizations earmark a specific budget for implementing cyber security
initiatives and for meeting emergency response arising out of cyber incidents.
5) To provide fiscal schemes and incentives to encourage entities to install, strengthen and
upgrade information infrastructure with respect to cyber security.
7) To establish a mechanism for sharing information and for identifying and responding to
cyber security incidents and for cooperation in restoration efforts.
34
8) To encourage entities to adopt guidelines for procurement of trustworthy ICT products and
provide for procurement of indigenously manufactured ICT products that have security
implications.
B. Creating an assurance framework
1) To promote adoption of global best practices in information security and compliance and
thereby enhance cyber security posture.
3) To enable implementation of global security best practices in formal risk assessment and risk
management processes, business continuity management and cyber crisis management plan by all
entities within Government and in critical sectors, to reduce the risk of disruption and improve the
security posture.
4) To identify and classify information infrastructure facilities and assets at entity level with
respect to risk perception for undertaking commensurate security protection measures.
7) To encourage all entities to periodically test and evaluate the adequacy and effectiveness of
technical and operational security control measures implemented in IT systems and in networks.[1]
1) To encourage use of open standards to facilitate interoperability and data exchange among
different products or services.
35
2) To promote a consortium of Government and private sector to enhance the availability of tested
and certified IT products based on open standards.
1) To develop a dynamic legal framework and its periodic review to address the cyber security
challenges arising out of technological developments in cyber space (such as cloud computing,
mobile computing, encrypted services and social media) and its harmonization with international
frameworks including those related to Internet governance.
2) To mandate periodic audit and evaluation of the adequacy and effectiveness of security of
information infrastructure as may be appropriate, with respect to regulatory framework.
E. Creating mechanisms for security threat early warning, vulnerability management and response to
security threats
1) To create National level systems, processes, structures and mechanisms to generate necessary
situational scenario of existing and potential cyber security threats and enable timely information
sharing for proactive, preventive and protective actions by individual entities.
2) To operate a 24x7 National Level Computer Emergency Response Team (CERT-In) to function
as a Nodal Agency for coordination of all efforts for cyber security emergency response and crisis
management. CERT-In will function as an umbrella organization in enabling creation and
operationalization of sectoral CERTs as well as facilitating communication and coordination
actions in dealing with cyber crisis situations.
3) To operationalize 24x7 sectoral CERTs for all coordination and communication actions within
the respective sectors for effective incidence response & resolution and cyber crisis management.
4) To implement Cyber Crisis Management Plan for dealing with cyber related incidents impacting
critical national processes or endangering public safety and security of the Nation, by way of well-
coordinated, multi-disciplinary approach at the National, Sectoral as well as entity levels.
36
5) To conduct and facilitate regular cyber security drills & exercises at National, sectoral and
entity levels to enable assessment of the security posture and level of emergency preparedness in
resisting and dealing with cyber security incidents.
2) To encourage wider usage of Public Key Infrastructure (PKI) within Government for trusted
communication and transact.
Creating Cyber Security Awareness
2) To sustain security literacy awareness and publicity campaign through electronic media to help
citizens to be aware of the challenges of cyber security.
3) To conduct, support and enable cyber security workshops / seminars and certifications.
1) To facilitate collaboration and cooperation among stakeholder entities including private sector, in the
area of cyber security in general and protection of critical information infrastructure in particular for
actions related to cyber threats, vulnerabilities, breaches, potential protective measures, and adoption of
best practices.
2) To create models for collaborations and engagement with all relevant stakeholders.
3) To create a think tank for cyber security policy inputs, discussion and deliberations. Information
sharing and cooperation
37
4) To develop bilateral and multi-lateral relationships in the area of cyber security with other countries.
5) To enhance National and global cooperation among security agencies, CERTs, Defence agencies and
forces, Law Enforcement Agencies and the judicial systems.
6) To create mechanisms for dialogue related to technical and operational aspects with industry in order to
facilitate efforts in recovery and resilience of systems including critical information infrastructure.
N. Prioritized approach for implementation
To adopt a prioritized approach to implement the policy so as to address the most critical areas in the first
instance. [2]
We know that that prevention is always better then cure. A netzines should take certain precaution
while operating the internet and should follow certain prevention measure for Cyber crime.
You identify of exposure through education will assist responsible companies and firms to meet
the issue.
One most important thing should avoid disclosing personal data to stranger via e- mail or while
chatting.
One most not spending any photograph to the stranger by online as misusing of photo incidence
day by day.
An upgrade antivirus software to guard against virus attacks should be used by all the netzines and
should keep back volume.
38
Any person should send credit cards number to any site because that is not secure
It is better to use security programmers by the body corporate to control information on sites.
Do not use multiple types of account because they take your information by their coding language.
Monitor your account regularly and notify the bank of any unusual activity as early as possible .Update
your computer’s operating system and software and protect it with a good security solution .Do not open
suspicious emails or attachments, and do not share your SPI with strangers .Exercise caution when
clicking on social media links and do not post your SPI on social media .Never access online banking
from a public computer or over a public Wi-Fi. Withdraw money from ATMs located in secure areas and
use your card only with trust worth merchants.
If your account is compromised, report it immediately to your bank and the local police. Swift action can
help you minimize the damage and bring the cybercriminals to justice
39
References
40
CONCLUSION
It is clear by the study and records with the increment of technology Cyber crime have increased
among qualified people commit crime more. There is need about their principles and computer ethics
for their use in proper manner. Cyber Attack in the current era have become more specialized and
concentrated in nature t6argeting specific organization and individual. Cyber security is among the top
challenge being faced by many organizations in the country.
The national institute of justice, technical working group digital evidence are some of the key
organization involved in research. The ATM fraud is not the sole problem of bank alone, it is a big
threat and it require a coordinate and cooperation action on part of bank ,customer and the law
enforcement machinery . The ATM fraud not only cause financial loss to bank but they also
undermine customer confidence use of ATM.
Capacity of human mind is unfathomable. It is not possible to eliminate Cyber crime from the cyber
space. History is the witness that no legislation has succeeded in totally eliminating crime from the
India. The only possible step is make people aware of their rights and duties and further making the
application of the laws more stringent to check crime. Undoubtedly the act is a historical step in the
cyber world.
There is a need to bring changes in the information technology Act to make effective to combat Cyber
crime. Preventing cyber money laundering is an uphill task which needs to be tacked at different
levels. This has to be fought on three planes , first by banks/financial institution , second by nation
states account all the related issue like development of e-money , right to privacy of individual .
Therefore there is need for holistic approach to combat these crimes in all ramification our proposal
therefore is the need for cyber policy who are to be trained specially to handle cybercrimes in India.In
additional, the policy should have central computer crime investigation agencies to guide and
coordinate computer crime investigation. Also proposing that the country should set up national
computer crime resource centre, a body which will comprise expert and professional to establish rules,
regulation and standard of authentication of each citizen record and the staff of establishment and
recognized organization, firms, industries etc. forensics commission should be established .
41
FRUITFUL SUGGESTIONS AND DIRECTIONS
It is always necessary to take some preventive measure to prevent banking transaction from
banking fraud and other threats. For this, the following suggestion can be made.
Make sure with a protection that gives power over cookies that forward information back sites.
Make sure web servers in row public site are physically separate and individually confined from
in-house corporate network
Bring into lay latest anti-virus software, operating system, web browsers and email Programme.
Forward credit card information just to safe and sound web sites.
If web site serves up active content from a database, consider putting that database behind a
second interface on your firewall, with tighter access rules than the interface to your serve.
Systematically confirm out the site you are doing business carefully
42
BIBLIOGRAPHY
Ahuja vashumal (2009to 10) “Cyber crime in banking sector, page no 17 to 25.
Goel Seema Cyber crime (2016) “A growing threat to Indian banking sector” Issn no 978-93-
86171
Simran,2018, “Cyber crime;- a growing threat to Indian banking sector” ,ISSN 2394-3386,
volume 5 .
Raghavan A.R,2014, “The effect of Cyber crime on a bank’s finance, ISSN 2347-3215,
volume 2.
43
Das Sumanjit,2013 “Cyber crime issue and challenge”, ISSN 2231-6604, volume 6.
Neena soni,2013 “banking cyber fraud in India special reference to private and public banks”
,ISSN 2319-1171, volume 2.
44