Sunteți pe pagina 1din 42


Bad loans, cyber threats and bank frauds

Submitted to
Dr. Hanumant Yadav
(Faculty of Economics)

Submitted By
Shantanu Vaishnav
B.A. LL.B (Hons.)
Semester – III
Section – B
Roll No. - 142


Uparwara, Naya Raipur, Chhattisgarh

Date of Submission: 16.08.2018


Certificate of Declaration

I, Shantanu Vaishnav, hereby declare that, the project work entitled, ‘Bad loans, cyber
threats and bank frauds submitted to H.N.L.U., Raipur is record of an original work done by
me under the guidance of Dr. Hanumant Yadav, Economics Faculty Member, H.N.L.U.,
Raipur. This work represents my own ideas, and where others ideas or words have been
included, I have adequately cited and referenced the original sources. I also declare that I
have adhered to all principles of academic honesty and integrity and have not misrepresented
or fabricated or falsified any idea / data / fact / source in my submission

Shantanu Vaishnav


Roll no.-142


1.Introduction ........................................................................................................................ 1-2

3. Review of Literature .......................................................................................................... 3-5

4.Objectives ............................................................................................................................. 6

5. Research Methodology ......................................................................................................... 7

6. Chapterisation

Chapter 1: Demographic Dividend and its various aspects ........................................... 8-14

Chapter 2: Demographic Dividend of India .................................................................15-22

Chapter 3: What is Demographic Dividend and how it is related to Education ............23-25

Chapter 4: Demographic Dividend - A Debatable Issue ............................................... 26-31

Chapter 5: India’s demographic dividend: A double-edged sword .............................. 32-36

8..Conclusion ..................................................................................................................... 37-38

9. References ........................................................................................................................ 39


I, Shantanu Vaishnav, would like to thank God for keeping me in good health and senses to
complete this project. And I, hereby humbly present this project to Dr. Hanumant Yadav. I
would like to express my most sincere gratitude to Dr. Hanumant Yadav for his
encouragement and guidance regarding several aspects of this project. I am thankful for being
given the opportunity of doing a project on ‘Bad loans, cyber threat and bank fraud’.

I am thankful to the library staff as well as the IT lab staff for all the conveniences they have
provided me with, which have played a major role in the completion of this paper.

Last but definitely not the least, I am thankful to my seniors for all their support, tips and
valuable advice whenever needed. I present this project with a humble heart.

Sakshi Verma
Semester III (A)
Roll no. 133

Bad loans

The accumulation of huge non-performing assets in banks has assumed great importance. The
depth of the problem of bad debts was first realized only in early 1990s. The magnitude of
NPAs in banks and financial institutions is over Rs.1,50,000 crores.

While gross NPA reflects the quality of the loans made by banks, net NPA shows the actual
burden of banks. Now it is increasingly evident that the major defaulters are the big borrowers
coming from the non-priority sector. The banks and financial institutions have to take the
initiative to reduce NPAs in a time bound strategic approach.

Public sector banks figure prominently in the debate not only because they dominate the
banking industries, but also since they have much larger NPAs compared with the private sector
banks. This raises a concern in the industry and academia because it is generally felt that NPAs
reduce the profitability of a banks, weaken its financial health and erode its solvency.

For the recovery of NPAs a broad framework has evolved for the management of NPAs under

which several options are provided for debt recovery and restructuring. Banks and FIs have the

freedom to design and implement their own policies for recovery and write-off incorporating

compromise and negotiated settlements.

Cyber threats
Cyber threats are evolving everyday thus increasing the need to develop and tighten security
measures to ensure the protection of everyone using the cyber space. Increasing use of cyber
space throughout the world coupled with globalization has increased the complexity of cyber
threats. Cyber security threats continue to escalate in frequency and variation. This has led to
major security threats thus the need for installation of better security measures to prevent the
occurrence of these threats. Typically, the threats could be categorized into three; malicious
codes network abuses, and network attacks. Malicious codes include worms, viruses, spyware,
trojan horses, BOTs, and key loggers. According to Cavelty (2008), network abuses include
phishing, pharming SPAM, and network related forgery. Lastly network attacks include DoS
attacks, intrusions and web defacement. This paper looks into such cyber security threats and
how they could be counter attacked

Bank frauds
Fraud can be seen as the intentional misrepresentation, concealment, or omission of the truth for
the purpose of deception or manipulation to the financial detriment of an individual or an
organization (such as a bank) which also includes embezzlement, theft or any attempt to steal or
unlawfully obtain, misuse or harm the asset of a bank. Fraud and its management have been the
main factor. In the distress of banks, and as much as various measures have been taken to
minimize the incidence of fraud, it still rises by the day because fraudsters always device
strategic ways of committing fraud. This has become a point of great attention in the Srural
banking sector as well as every organization in Ghana. Although this phenomenon is not unique
to the rural banking industry or peculiar to Ghana alone, the high incidence of fraud within the
banking industry has become a problem to which solution must be provided in view of the large
sums of money involved and its adverse implications on the economy. Fraud in its effects
reduces the assets and increases the liability of any company. In the case of rural banks, this
may result in the loss of potential customers or crisis of confidence of banking public and in the
long run end up in another failed bank situation. It is instructive to know that many banking
operatives have different reasons for joining various banks. Many have the intention of working
for a short time in the banking industry (get whatever they could and find another job that is
less demanding), some are in the industry because of their love for banking and all it stands for,
while majority are there to enrich themselves by fraudulent means.

Due to the upsurge of great viability in the rural banking sector, its dynamic and fast expanding
level of activities, rural banks are faced with different kinds of challenges, among which is
trying to prevent various fraudulent intentions of both staff and customers As it were frauds
seem to have increased as new technology is born and more advanced techniques of enhancing
business transactions have been developed. Fraudsters are constantly devising new plans,
updating old methods and trying out new techniques of bypassing these electronic systems
meant to ensure high security of banking operations. The introductions of automated systems
that lose handwriting and fingerprint trails have not helped matters either. In view of the
staggering sums lost to fraudsters by the Ghanaian financial sector, in these recent times and the
rate at which fraudsters appear to have shifted their attention and directed their energies to
banks, devising all unimaginable tactics to exploit loopholes in the control measures and
capitalize on carelessness of the staff and customers, fraud in the industry has prevented many
banks from achieving their goals. Some banks were just seen in the physical as body and
building whilst in reality they were already liquidated and many were already into distress.
Taking a walk down memory lane. The banking sector plays a very significant role in the

development of any economy. Banks in most economies are the principal depositories of the
public’s monetary savings, the nerve centre of the payment system, the vessel endowed with the
ability of money creation and allocation of financial resources and conduit through which
monetary and credit policies are implemented. The success of monetary policy, to a large
extent, depends on the health of the banking institutions through which the policies are
implemented. Whatever problems which militate against the proper functioning of the banking
sector will invariably have multiplier effects on the other sectors of the economy. This is one of
the reasons why it is essential to quickly diagnose any factor which may hamper the smooth
functioning of the rural banking sector and urgently address such issues
Review of literature

Bad loans

1) Amandeep (1991) attempted to estimate profit and profitability of Indian Nationalized

banks and to study the impact of priority sector lending, credit policies, geographical
expansion, industrial sickness, competition, deposit composition, establishment
expenses, ancillary income, [read and burden on bank profitability. For this purpose,
trend analysis, ratio analysis and regression analysis were used.

2) Dr. Amitabh Joshi (2003) conducted a survey on “Analysis of NPA of IFCI ltd.” The
study found that profitability and viability of development financial institutions are
directly affected by quality and performance of advances. The basic element of sound
NPA management system is quick identification of Non- performing advances their
containment at minimum levels and ensuring that their impingement on the financial is
at low level. Excessive reliance on collaterals has led institutions to long drawn
litigations and hence it should not be sole criteria for sanction. Banks should manage
their exposure limit to few borrowers and linkage should be placed with net owned
funds for developing control over high leverages of borrower level. Study also revealed
that exchange of credit information among banks would be immense help to them to
avoid possible NPAs. Management information system and market intelligence should
be utilized to their full potential.

Bank frauds

1) Aggarwal, (1979), has conducted a study on nationalized banks with special reference to
their social obligations. The main recommendations of the study were: (i) providing
more branch office to the public particularly in the semi-urban and rural areas and in the
lead districts, (ii) providing greater credit facilities to the public as well as to the priority
and neglected sectors, (iii) helping generation and maintenance of employment
opportunities in the country, (iv) financing the government securities and (v)
popularizing the bill form of credit.

2) Amandeep, (1983), studies various factors which effect the profitability of commercial
banks with the help of multiple regression analysis. She has tried to determine the share
of each factor which determines the profitability of commercial banks. The trend
analysis, ratio analysis, multiple regression analysis was effectively used to know the
profitability of commercial banks.

Cyber threats

1. Ganesan R. (2010) The author, writes about what are the cyber trends for 2010-11. The
author defines “drive-by download” such as Malware, Worms, and Trojan horses - The
author says that Botnets and zombies - will continue to proliferate. The author
introduces a term “Scareware” - Scareware is fake/rogue security software. Be cautious
about all communications; Do not open attachments from un-trusted sources.

2. Balasubramanian S. – Honeywell (2010) The author says that one of the key inhibitors
for organizations to adopt Cloud Computing practices is the perceived risks around
information security. As Cloud Computing requires organizations to source their IT
needs outside of their corporate network, the traditional enterprise security practices are
being challenged & it demands alternate security models. This paper describes the
security risks identified in the Cloud Environment and the solution offered by Jericho
security model to approach those risks.

Objectives of the study

To study about Bad loans, cyber threats and bank frauds

To know about condition of India in respect bad loans ,cyber threats and bank frauds

To know whether Demographic dividend is really beneficial to the country.

To observe both side of Demographic Dividend that is Myth and Reality.


Research Methodology


The Research conducted is Descriptive in nature, data from secondary sources have een
employed to make the project.


Secondary sources of data have been used in this study. The data have been obtained through
books, journals and internet.

Mode of Citation

The project follows uniform mode of citation . The 19th bluebook citation for footnotes has
been followed.

Chapter – 1 Bad loans

The three letters “NPA” Strike terror in banking sector and business circle today. NPA is short
form of “Non-Performing Asset”. The dreaded NPA rule says simply this: when interest or
other due to a bank remains unpaid for more than 90 days, the entire bank loan automatically
turns a non-performing asset. The recovery of loan has always been problem for banks and
financial institution. To come out of these first we need to think is it possible to avoid NPA, no
cannot be then left is to look after the factor responsible for it and managing those factors.


An asset, including a leased asset, becomes non-performing when it ceases to generate income
for the bank.

A ‘non-performing asset’ (NPA) was defined as a credit facility in respect of which the interest
and/ or instalment of principal has remained ‘past due’ for a specified period of time.

With a view to moving towards international best practices and to ensure greater transparency,
it has been decided to adopt the ‘90 days’ overdue’ norm for identification of NPAs, from the
year ending March 31, 2004. Accordingly, with effect from March 31, 2004, a non-performing
asset (NPA) shall be a loan or an advance where;

Interest and/ or instalment of principal remain overdue for a period of more than 90 days in
respect of a term loan,

The account remains ‘out of order’ for a period of more than 90 days, in respect of an
Overdraft/Cash Credit (OD/CC),

The bill remains overdue for a period of more than 90 days in the case of bills purchased and

Interest and/or instalment of principal remains overdue for two harvest seasons but for a period
not exceeding two half years in the case of an advance granted for agricultural purposes, and
Any amount to be received remains overdue for a period of more than 90 days in respect of
other accounts.

As a facilitating measure for smooth transition to 90 days norm, banks have been advised to
move over to charging of interest at monthly rests, by April 1, 2002. However, the date of
classification of an advance as NPA should not be changed on account of charging of interest at
monthly rests. Banks should, therefore, continue to classify an account as NPA only if the
interest charged during any quarter is not serviced fully within 180 days from the end of the
quarter with effect from April 1, 2002 and 90 days from the end of the quarter with effect from
March 31, 2004

History of Indian Banking

A bank is a financial institution that provides banking and other financial services. By the term
bank is generally understood an institution that holds a Banking Licenses. Banking licenses are
granted by financial supervision authorities and provide rights to conduct the most fundamental
banking services such as accepting deposits and making loans. There are also financial
institutions that provide certain banking services without meeting the legal definition of a bank,
a so-called Non-bank. Banks are a subset of the financial services industry.

The word bank is derived from the Italian banca, which is derived from German and means
bench. The terms bankrupt and "broke" are similarly derived from banca rotta, which refers to
an out of business bank, having its bench physically broken. Moneylenders in Northern Italy
originally did business in open areas, or big open rooms, with each lender working from his
own bench or table. Typically, a bank generates profits from transaction fees on financial
services or the interest spread on resources it holds in trust for clients while paying them
interest on the asset. Development of banking industry in India followed below stated steps.

➢ Banking in India has its origin as early as the Vedic period. It is believed that the
transition from money lending to banking must have occurred even before Manu, the
great Hindu Jurist, who has devoted a section of his work to deposits and advances and
laid down rules relating to rates of interest.

➢ Banking in India has an early origin where the indigenous bankers played a very
important role in lending money and financing foreign trade and commerce. During the
days of the East India Company, was the turn of the agency houses to carry on the
banking business. The General Bank of India was first Joint Stock Bank to be
established in the year 1786. The others which followed were the Bank Hindustan and
the Bengal Bank.

1.Comprises balance of expired loans, compensation and other bonds such as National Rural
Development Bonds and Capital Investment Bonds. Annuity certificates are excluded.

2. These represent mainly non- negotiable non- interest-bearing securities issued to

International Financial Institutions like International Monetary Fund, International Bank for
Reconstruction and Development and Asian Development Bank.

3. At book value.

4. Comprises accruals under Small Savings Scheme, Provident Funds, Special Deposits of Non-

➢ In the post-nationalization era, no new private sector banks were allowed to be set up.
However, in 1993, in recognition of the need to introduce greater competition which
could lead to higher productivity and efficiency of the banking system,
➢ new private sector banks were allowed to be set up in the Indian banking system. These
new banks had to satisfy among others, the following minimum requirements:

1. It should be registered as a public limited company;

2. The minimum paid-up capital should be Rs 100 crore;
3. The shares should be listed on the stock exchange;
4. The headquarters of the bank should be preferably located in a center which does not
have the headquarters of any other bank; and
5. The bank will be subject to prudential norms in respect of banking operations,
accounting and other policies as laid down by the RBI. It will have to achieve capital
adequacy of eight per cent from the very beginning.

Categories of Non-Performing Assets (NPAs)

Based upon the period to which a loan has remained as NPA, it is classified into 3 types:

Categories of NPAs Criteria

· Substandard
Assets An asset which remains as NPAs for less than or equal to 12 months.
· Doubtful
Assets An asset which remained in the above category for 12 months.
Asset where loss has been identified by the bank or the RBI, however,
there may be some value remaining in it. Therefore loan has not been
· Loss Assets not completely written off.

How serious is India’s NPA issue?

• More than Rs. 7 lakh crore worth loans are classified as Non-Performing Loans in India.
This is a huge amount.
• The figure roughly translates to near 10% of all loans given.
• This means that about 10% of loans are never paid back, resulting in substantial loss of
money to the banks
• When restructured and unrecognised assets are added the total stress would be 15-20% of
total loans.
• NPA crisis in India is set to worsen.
• Restructuring norms are being misused.
• This bad performance is not a good sign and can result in crashing of banks as happened in
the sub-prime crisis of 2008 in the United States of America.

• Also, the NPA problem in India is worst when comparing other emerging economies in

What can be the possible reasons for NPAs?

1. Diversification of funds to unrelated business/fraud.

2. Lapses due to diligence.
3. Business losses due to changes in business/regulatory environment.
4. Lack of morale, particularly after government schemes which had written off loans.
5. Global, regional or national financial crisis which results in erosion of margins and
profits of companies, therefore, stressing their balance sheet which finally results into
non-servicing of interest and loan payments. (For example, the 2008 global financial
6. The general slowdown of entire economy for example after 2011 there was a slowdown
in the Indian economy which resulted in the faster growth of NPAs.
7. The slowdown in a specific industrial segment, therefore, companies in that area bear
the heat and some may become NPAs.
8. Unplanned expansion of corporate houses during boom period and loan taken at low
rates later being serviced at high rates, therefore, resulting into NPAs.
9. Due to mal-administration by the corporates, for example, wilful defaulters.

10. Due to mis governance and policy paralysis which hampers the timeline and speed of
projects, therefore, loans become NPAs. For example, Infrastructure Sector.
11. Severe competition in any particular market segment. For example, Telecom sector in
12. Delay in land acquisition due to social, political, cultural and environmental reasons.
13. A bad lending practice which is a non-transparent way of giving loans.
14. to natural reasons such as floods, droughts, disease outbreak, earthquakes, tsunami etc.
15. Cheap import due to dumping leads to business loss of domestic companies. For
example, Steel sector in India.

What is the impact of NPAs?

1. Lenders suffer lowering of profit margins.
2. Stress in banking sector causes less money available to fund other projects, therefore,
negative impact on the larger national economy.
3. Higher interest rates by the banks to maintain the profit margin.
4. Redirecting funds from the good projects to the bad ones.
5. As investments got stuck, it may result in it may result in unemployment.
6. In the case of public sector banks, the bad health of banks means a bad return for a
shareholder which means that government of India gets less money as a dividend.
Therefore, it may impact easy deployment of money for social and infrastructure
development and results in social and political cost.
7. Investors do not get rightful returns.
8. Balance sheet syndrome of Indian characteristics that is both the banks and the corporate
sector have stressed balance sheet and causes halting of the investment-led development
9. NPAs related cases add more pressure to already pending cases with the judiciary.
What are the various steps taken to tackle NPAs?
NPAs story is not new in India and there have been several steps taken by the GOI on legal,
financial, policy level reforms. In the year 1991, Narsimham committee recommended many

The Debt Recovery Tribunals (DRTs) – 1993

To decrease the time required for settling cases. They are governed by the provisions of the
Recovery of Debt Due to Banks and Financial Institutions Act, 1993.However, their number is
not sufficient therefore they also suffer from time lag and cases are pending for more than 2-3
years in many areas.

Credit Information Bureau – 2000

A good information system is required to prevent loan falling into bad hands and therefore
prevention of NPAs. It helps banks by maintaining and sharing data of individual defaulters and
willful defaulters.

Lok Adalats – 2001

They are helpful in tackling and recovery of small loans however they are limited up to 5 lakh
rupees loans only by the RBI guidelines issued in 2001. They are positive in the sense that they
avoid more cases into the legal system.

Compromise Settlement – 2001

It provides a simple mechanism for recovery of NPA for the advances below Rs. 10 Crores. It
covers lawsuits with courts and DRTs (Debt Recovery Tribunals) however willful default and
fraud cases are excluded.

SARFAESI Act – 2002

The Securitization and Reconstruction of Financial Assets and Enforcement of Security Interest
(SARFAESI) Act, 2002 – The Act permits Banks / Financial Institutions to recover their NPAs
without the involvement of the Court, through acquiring and disposing of the secured assets in
NPA accounts with an outstanding amount of Rs. 1 lakh and above. The banks have to first
issue a notice. Then, on the borrower’s failure to repay, they can:
➢ Take ownership of security and/or
➢ Control over the management of the borrowing concern.
➢ Appoint a person to manage the concern.
Further, this act has been amended last year to make its enforcement faster.

ARC (Asset Reconstruction Companies)

The RBI gave license to 14 new ARCs recently after the amendment of the SARFAESI Act of
2002. These companies are created to unlock value from stressed loans. Before this law came,
lenders could enforce their security interests only through courts, which was a time-consuming

Corporate Debt Restructuring – 2005

It is for reducing the burden of the debts on the company by decreasing the rates paid and
increasing the time the company has to pay the obligation back.

5:25 rule – 2014

Also known as, Flexible Structuring of Long Term Project Loans to Infrastructure and Core
Industries. It was proposed to maintain the cash flow of such companies since the project
timeline is long and they do not get the money back into their books for a long time, therefore,
the requirement of loans at every 5-7 years and thus refinancing for long term projects.

Joint Lenders Forum – 2014

It was created by the inclusion of all PSBs whose loans have become stressed. It is present so as
to avoid loan to same individual or company from different banks. It is formulated to prevent
the instances where one person takes a loan from one bank to give a loan of the other bank.

Mission Indra Dhanush – 2015

The Indradhanush framework for transforming the PSBs represents the most comprehensive
reform effort undertaken since banking nationalization in the year 1970 to revamp the Public
Sector Banks (PSBs) and improve their overall performance by ABCDEFG.

A-Appointments: Based upon global best practices and as per the guidelines in the companies
act, separate post of Chairman and Managing Director and the CEO will get the designation of
MD & CEO and there would be another person who would be appointed as non-Executive
Chairman of PSBs.

B-Bank Board Bureau: The BBB will be a body of eminent professionals and officials, which
will replace the Appointments Board for appointment of Whole-time Directors as well as non-
Executive Chairman of PSBs

C-Capitalization: As per finance ministry, the capital requirement of extra capital for the next
four years up to FY 2019 is likely to be about Rs.1,80,000 crore out of which 70000 crores will
be provided by the GOI and the rest PSBs will have to raise from the market.

Financial Year Total Amount

FY15-16 25,000 Crore

FY16-17 25,000 Crore

FY17-18 10,000 Crore

FY18-19 10,000 Crore

Total 70,000 Crore


D-DE stressing: PSBs and strengthening risk control measures and NPAs disclosure.

E-Employment: GOI has said there will be no interference from Government and Banks are
encouraged to take independent decisions keeping in mind the commercial the organizational

F-Framework of Accountability: New KPI (key performance indicators) which would be linked
with performance and also the consideration of ESOPs for top management PSBs.

G-Governance Reforms: For Example, Gyan Sangam, a conclave of PSBs and financial
institutions. Bank board Bureau for transparent and meritorious appointments in PSBs

Strategic debt restructuring (SDR) – 2015

Under this scheme banks who have given loans to a corporate borrower gets the right to convert
the complete or part of their loans into equity shares in the loan taken company. Its basic
purpose is to ensure that more stake of promoters in reviving stressed accounts and providing
banks with enhanced capabilities for initiating a change of ownership in appropriate cases.

Asset Quality Review – 2015

Classify stressed assets and provisioning for them so as the secure the future of the banks and
further early identification of the assets and prevent them from becoming stressed by
appropriate action.

Sustainable structuring of stressed assets (S4A) – 2016

It has been formulated as an optional framework for the resolution of largely stressed
accounts. It involves the determination of sustainable debt level for a stressed borrower and
bifurcation of the outstanding debt into sustainable debt and equity/quasi-equity instruments
which are expected to provide upside to the lenders when the borrower turns around.

Insolvency and Bankruptcy code Act-2016

It has been formulated to tackle the Chakravyuaha Challenge (Economic Survey) of the exit
problem in India. The aim of this law is to promote entrepreneurship, availability of credit, and
balance the interests of all stakeholders by consolidating and amending the laws relating to
reorganization and insolvency resolution of corporate persons, partnership firms and individuals
in a time bound manner and for maximization of value of assets of such persons and matters
connected therewith or incidental thereto.

Pubic ARC vs. Private ARC – 2017

This debate is recently in the news which is about the idea of a Public Asset Reconstruction
Companies (ARC) fully funded and administered by the government as mooted by this year’s
Economic Survey Vs. the private ARC as advocated by the deputy governor of RBI Mr. Viral
Acharya. Economic survey calls it as PARA (Public Asset Rehabilitation Agency) and the
recommendation is based on the similar agency being used during the East Asian crisis of 1997
which was a success.

Bad Banks – 2017

Economic survey 16-17, also talks about the formation of a bad bank which will take all the
stressed loans and it will tackle it according to flexible rules and mechanism. It will ease
the balance sheet of PSBs giving them the space to fund new projects and continue the funding
of development projects.

Chapter – 2 Cyber threats

What is a Cyber Threat?

For a cybersecurity expert, the Oxford Dictionary definition of cyber threat is a little lacking:
"the possibility of a malicious attempt to damage or disrupt a computer network or system."
This definition is incomplete without including the attempt to access files and infiltrate or
steal data.

In this definition, the threat is defined as a possibility. However, in the cybersecurity

community, the threat is more closely identified with the actor or adversary attempting to gain
access to a system. Or a threat might be identified by the damage being done, what is being
stolen or the Tactics, Techniques and Procedures (TTP) being used.

Types of Cyber Threats

In 2012, Roger A. Grimes provided this list, published in InfoWorld, of the top five
most common cyber threats:
• Social Engineered Trojans
• Unpatched Software (such as Java, Adobe Reader, Flash)
• Phishing
• Network traveling worms
• Advanced Persistent Threats

But since the publication of this list, there has been widespread adoption of several different
types of game-changing technology: cloud computing, big data, and adoption of mobile
device usage, to name a few

In September 2016, Bob Gourley shared a video containing comments from Rand Corporation
testimony to the House Homeland Security Committee, Subcommittee on Cybersecurity,
Infrastructure Protection and Security Technologies regarding emerging cyber threats and
their implications. The video highlights two technology trends that are driving the cyber
threat landscape in 2016:

1. Internet of things – individual devices connecting to internet or other networks

2. Explosion of data – stored in devices, desktops and elsewhere

Today, the list of cyber threats may look more like this, and cyber threats are typically
composed of a combination of these:

1. Advanced Persistent Threats

2. Phishing
3. Trojans
4. Botnets
5. Ransomware
6. Distributed Denial of Service (DDoS)
7. Wiper Attacks
8. Intellectual Property Theft

9. Theft of Money
10. Data Manipulation
11. Data Destruction
12. Spyware/Malware
13. Man, in the Middle (MITM)
14. Drive-By Downloads
15. Malvertising
16. Rogue Software
17. Unpatched Software

Unpatched software, seemingly the simplest vulnerability, can still lead to the largest leaks,
such as the case of Panama Papers.

Sources of Cyber Threats

In identifying a cyber threat, more important than knowing the technology or TTP, is knowing
who is behind the threat. The TTPs of threat actors are constantly evolving. But the sources of
cyber threats remain the same. There is always a human element; someone who falls for a
clever trick. But go one step further and you will find someone with a motive. This is the real
source of the cyber threat.

For example, in June of 2016, SecureWorks revealed tactical details of Russian Threat Group-
4127 attacks on Hillary Clinton's presidential campaign emails. Then, in September, Times
reported on another cyber-attack on Hillary Clinton's emails, presumed to be the work of
"hostile foreign actors," likely from either China or Russia. There currently exists a U.S.
policy on foreign cyber threats known as "deterrence by denial." In this case, denial means
preventing foreign adversaries from accessing data in the U.S.

But not all cyber threats come from foreign countries. Recently, Pierluigi Paganini @security
affairs reported that police arrested two North Carolina men who are alleged to be members
of the notorious hacking group called 'Crackas With Attitude' which leaked personal details of
31,000 U.S. government agents and their families.

Most Common Sources of Cyber Threats

1. Nation states or national governments
2. Terrorists
3. Industrial spies
4. Organized crime groups
5. Hacktivists and hackers
6. Business competitors
7. Disgruntled insiders

Cyber Threat Intelligence is Necessary for Enterprises

Advanced threat actors such as nation-states, organized cybercriminals and cyber espionage
actors represent the greatest information security threat to enterprises today. Many
organizations struggle to detect these threats due to their clandestine nature, resource
sophistication, and their deliberate "low and slow" approach to efforts. For enterprises, these
more sophisticated, organized and persistent threat actors are seen only by the digital traces they
leave behind. For these reasons, enterprises need visibility beyond their network borders into
advanced threats specifically targeting their organizations and infrastructure. This is known
as threat intelligence.

Cyber threat researchers can begin by knowing a background profile of assets beyond the
network border and being aware of offline threats such as those reported here by Luke
Rodenheffer of Global Risk Insights. They should then monitor mission-critical IP addresses,
domain names and IP address ranges (e.g., CIDR blocks). This can grant advanced warning
while adversaries are in the planning stages. With this enhanced visibility, you can gain
improved insight into ongoing exploits, identification of cyber threats and the actors behind
them. This allows you to take proactive steps to defend against these threats with an appropriate

SecureWorks Counter Threat Unit (CTU)™ is made up of a team of professionals with

backgrounds in private security, military and intelligence communities, and has been publishing
threat analyses since 2005. The CTU uses threat visibility across thousands of customer
networks to identify emerging threats as well as many other resources including:
Attack telemetry from clients

1. Malware samples
2. Investigations
3. Public & private information sources
4. Website monitoring
5. Social media
6. Communication channels used by threat actors
7. Security community
8. Government agencies

Data from these sources is fed into a threat intelligence management system that distils threat
indicators such as:

1. Attack signatures
2. Domain names
3. Host names
4. IP addresses
5. File names
6. Registry data
7. Vulnerabilities
8. Catalogued malware

Threat indicators are then enriched with contextual Meta data to identify how they relate to
threat actors and attack methods. The system then helps researchers identify relationships that
would be impossible to find manually. Their research reveals who is attacking, how and why.
This information then leads to actionable insights, such as:

1. What does the threat mean?

2. How do you resist?
3. What action should you take?

Intelligence knowledge-sharing occurs among leading cyber threat organizations, in both the
public and private sectors. SecureWorks considers these to be the most informed and active
organizations and is in constant communication with them. A partial list of these organizations
is provided below:

1. Forum of Incident Response and Security Teams (FIRST)

2. National Cyber-Forensics & Training Alliance (NCFTA)
3. Microsoft Active Protections Program (MAPP)
4. Financial Services Information Sharing and Analysis Center (FS-ISAC)
5. National Health Information Sharing & Analysis Center (NH-ISAC)

Cyber Threat Level

A Cyber Security Index (or threat level indicator) can be found on a variety of publicly
available sources. Some of these indexes such as are updated via
monthly surveys. Others such as NH-ISAC Threat Level or MS-ISAC Alert Level are updated
more frequently based on shared global threat intelligence.

Most of these indexes follow the same format as the original SecureWorks CTU Cyber Security
Index. It is evaluated daily by the CTU and updated as appropriate based on current threat
activity. A reason provided for the index's current status will typically include reliable and
actionable information about a threat targeting software, networks, infrastructures or key assets.

While the primary decision point for the Cyber Security Index is a "Daily Security Roundup
and CSI Threat Level" discussion, the CTU can make decisions (with input from other senior
security personnel from our Security Operations Centers, our CISO and other individuals) at
any time day or night, depending on what events we see occurring or imminent.

When there is significant debate on what threat activity corresponds to which Cyber Security
Index level, the CTU will utilize the criteria in the Cyber Security Index definitions in making
decisions. The CTU takes a very serious and judicious approach when determining the Cyber
Security Index

The SecureWorks Cyber Security Index was previously published publicly, but is now only
accessible to clients via the customer portal.

Threat Analyses
CTU research on cyber security threats, known as threat analyses, are publicly available. Of
course, these are only released after the information is no longer helpful to the threat actors
behind it. It is important not to show your cards when hunting down threat actors.

Emerging Threats
Threat advisories announce new vulnerabilities that can lead to emerging incidents. These are
published as soon as possible in order to help anyone better secure their devices or systems.

Best Practices for Defense and Protection

Today's best practices for cyber security are a hybrid approach. Keeping up with rapid
advancements in cyber threats roles that go beyond what is feasible for an in house security
team to provide.

In-House IT Security Efforts:

1. Strong end user education – compliance based practices for handling data, recognizing
phishing attempts and procedures to counteract human engineering attempts
2. Up to date software
3. Firewall and anti-virus*
4. IDS/IPS* – intrusion detection systems and intrusion prevention systems
5. Security event monitoring*
6. Incident response plan*

Security Partner Efforts:

1. Penetration testing and vulnerability scanning
2. Advanced threat monitoring of endpoints
3. Always up to date threat intelligence
4. Emergency incident response staff and investigators on call

*If resources are not available in-house, any of these efforts can be pushed to a managed
security services provider.

Chapter – 3 Bank fraud

Banks are considered as necessary equipment for the Indian economy. This particular sector has
been tremendously growing in the recent years after the nationalization of Banks in 1969 and
the liberalization of economy in 1991.Due to the nature of their daily activity of dealing with
money, and even after having such a supervised and well-regulated system it is very tempting
for those who are either associated the system or outside to find faults in the system and to
make personal gains by fraud. A bank fraud includes a considerable proportion of white collar
crimes being investigated by the authorities. These frauds, unlike ordinary crimes, the amount
misappropriated in these crimes runs into lakhs and crores of rupees. Bank fraud is a federal
crime in many countries, defined as planning to obtain property or money from any federally
insured financial institution. It is sometimes considered a white-collar crime.

Banking has been defined under section 5(b) of the Banking Regulations Act 19491. According
to it banking means accepting, for the purpose of lending or investment, of deposits of money
from the public, repayable on demand or otherwise.
To understand the concept of Bank Fraud, we need to understand the concept of fraud and the
various types of frauds and the ways to detect the same and the prevention of the same.


Generally, A dishonest act or behavior through which one-person gains or tries to gain an
advantage over another which results in the loss of the victim, directly or indirectly is called as
Under the IPC, fraud has not been defined directly under any particular section, but it provides
for punishments for various acts which lead to commission of fraud. However, sections dealing
with cheating, concealment, forgery, counterfeiting, misappropriation and breach of trust cover
the same adequately. The contract Act under section 17states fraud means and includes any of
the acts by a party to a contract or with his connivance or by his agents with the intention to
deceive another party or his agent or to induce him to enter in to a contract:

1. The suggestion, as a fact of that which is not true or by one who doesn’t believe it to be true;
2. The active concealment of a fact by one having knowledge or belief of the fact;
3. A promise made without any intention of performing it;
4. Any other act fitted to deceive; and
5. Any such act or omission as the law specially declares to be fraudulent.

By reading the relevant IPC provisions and Contract Act, the essential requirements for fraud

Bank Frauds and elements: As stated earlier, the amount of loss sustained as outcome fraud
exceeds the losses due any other crime(s) put together. With the rising banking business, cheats
in banks are additionally expanding and the fraudsters are turning out to be increasingly
complex and shrewd. In an offer to keep pace with the evolving times, the banking segment has
differentiated its business complex. Substitution of the theory of class banking with mass
banking in the post-nationalization period has tossed a great deal of difficulties to the
administration on accommodating the social duty with financial reasonability

The four most important elements for constituting fraud are; the active involvement of the
staff, failure to follow the instructions and guidelines of the bank by the staff, collusion between
businessman, executives and politicians to bend the rules and regulations and any other external


“Offences related to banking activities are not only confined to banks but have a harmful impact
on their customers and society at large”

Many recent fraud incidents reported are related to fix deposits, loan disbursements, and credit
and debit card frauds and ATM based frauds. All these frauds show that not only they
undermine the profits, reliability of services and operating efficiencies but can also have an
impact on the society and the organization itself. With the increase in the gravity of such
instances it is impacting the profitability of the sector and there is an increase in the NPAs. This
rise in the NPA is a serious threat to the Indian Banking Industry as the sturdiness of a
country’s banking and financial sector determines the quality of products and services. It is also
a direct indicator of the living standards and wellbeing of people. Thus, if there is high level of
NPAs in the banking system, then it reflects the distress of borrower and the inefficiencies in
the transmission mechanism. The Indian economy suffers greatly due to these incidents.

Fraud has also hampered the growth of this establishment/ industry. It is a huge killer for the
business sector and underlying factor to all human endeavors. It also increases the corruption
level of a country. Even after there are various measures taken by the RBI to limit or decrease
the frequency of frauds, the amount of money lost is still on the rise.


To maintain uniformity in fraud reporting, frauds have been classified on the basis of types and
provisions of the Indian Penal Code, and the reporting guidelines for the same has been
prescribed by RBI The Reserve Bank of India classifies Bank frauds in the following

1. Misappropriation and criminal breach of trust.

2. Fraudulent encashment through forged instruments, manipulation of books of account or
through fictitious accounts and conversion of property.
3. Unauthorized credit facilities extended for reward or for illegal gratification.
4. Negligence and cash shortages.
5. Cheating and forgery.
6. Irregularities in foreign exchange transactions.
7. Any other type of fraud not coming under the specific heads as above.



The following types of frauds are generally committed;

a) Value inflation of cheques deposited
b) Changing the nature of the cheques (Crossed to bearer)
c) Operating a dormant account fraudulently
d) Non-deposition and misappropriation by agents

Preventive Measures:
a) Careful and systematic examination procedures of cheques and other transactions.
b) Separation of book keeping and Cash handling operations.
c) Using Black light, adhesive tapes and pathfinders to ensure that originality and prevent
material alteration


These are generally expensive and can take the following forms:

a) Discount on Stolen or Fake Railways Receipts and motor receipts along with other necessary
b) Forged/ fake bills with inflated value, drawn on sister concern are discounted.
c) Fake/ Forged bills for valueless goods are discounted.

Preventive Measures:
a) Examining the receipts properly and strictly by confirming from the concerned authorities.
b) In case of auction, inform the authorities regarding the interest of the bank in the property so
as to get information in case of non-collection of goods.
c) Establishing a better connection between the purchaser and the seller in case of dispatch of
d) Strict examination before discounting the bill.

6.3. HYPOTHECATION FRAUD: Cash advances, against pledged goods, as security are
fertile field for frauds.
a) Unauthorized removal of hypothecated good from the god owns.
b) Some of the stocked goods in large quantity may have less value
c) Inflation of stock statements.
d) Valueless and meaningless stocks are offered as security.
e) Hypothecating same goods in favor of different banks.

Preventive Measures:
a) Strict examination of the bank representative’s and borrower’s credential
b) Only marketable goods to be accepted as security
c) Proper evaluation of stocks
d) Verification of statements of stocks

6.4. LOAN FRAUD: The following types of frauds are generally committed;

a) Two different person taking loan on the same item or product

b) People taking loan without a providing actual address and disappearing at the time of
c) Loan taken for one purpose but used for a different purpose i.e. loan taken for agriculture but
used for personal purposes
d) Borrowing is denied when the particular person is alleged of nonpayment.


a) Proper verification of documents and the purpose for taking the loan
b) Including the local authorities as to verify the ethnicity of the loan purpose and
c) In case of a substantial amount of loan taken, it should be checked by the competent


To provide efficient and fast service, most of the branches of the banks except the ones in the
rural and remote areas have been computerized. Not many frauds relating to computers have yet
been reported so far as computerization in the Indian banks is of recent origin. But in the
western countries where virtually everything is computerized, a large number of cybercrimes in
the banking sector are reported on a regular basis. There is a need to analyze the nature of such
crimes so that appropriate preventive measures may be devised. Normally following types of
frauds are committed-

(a) Spy software is devised by the cyber criminals to crack the passwords. They enter into the
computer system of the banks and manipulate the data to transfer the money from other’s

(b) Computer virus is created by the mischief mongers who find way into the computer system
by way of e-mails. These viruses destroy the data stored in the computers and slow down the
entire computer system. It is sometimes alleged that the manufacturers of anti-virus software
themselves create virus so that their product may be sold in the market.

(c) Hackers are computer experts who steal the passwords and access the classified information
stored in the computer system. They do not even fear to “raid” the government departments
including military establishments to carry out their nefarious design to destroy and mutilate the
date stored in the computer systems. Such acts are committed normally not for any material
gain but to derive mental satisfaction out of other’s sufferings.

(d) Wiretapping is a crime committed by tapping the wire of the ATMs of the banks to
withdraw money out of another person’s account. The fraudster, in this case, attaches a wireless
microphone to the telephone line connecting the ATM with the bank’s computer and records
signals through wiretapping while a customer is using the ATM. These signals are later on
utilized for withdrawing money.

The Government of India enacted the Information Technology Act, 2000 to provide for
punishment and penalties in respect of frauds committed in respect of computers. Section 43 of
the said Act provides for hefty damages up to rupees ten lakhs payable by the offender to the
person affected in case there are unauthorized acts committed in respect of another person’s
computer system like access, downloads or taking copies of the information or data stored,
introduction of computer contaminant or computer virus, damages to the computer or its system
etc. Further, the said Act also provides for punishment with imprisonment up to three years for
tampering with computer source documents and for hacking the computer systems.


This constitutes the biggest volume of bank frauds. This crime is done in the following forms:

a) Cheques are stolen, filled and signed spuriously and uncashed.

b) The signed cheques are stolen and are uncashed with alterations, if needed
c) Cheques issued by organizations for employees are duplicated
d) Alteration of cheques to increase the amount or change the beneficiary or add an additional
e) Cheque Kitting: Cheque Kiting exploits a system in which, when a cheque is deposited to a
bank account, the money is made available immediately even though it is not removed from the
account on which the cheque is drawn until the cheque actually clears.

Preventive Measure:

a) The instrument must contain a proper date

b) The cheque must be checked thoroughly and the character should be verified
c) Checking the signatures which should be genuine.
d) The amount should be checked that it should be written in both numerical and words.
e) Checking cheque kitting


Dishonor of cheques or cheque bounces are a very serious problem and it is becoming even bigger. To
cope with this issue which was affecting the smooth business transactions, the Government of India has
introduced the Negotiable Instruments Act, 1881 which provides for provisions to deal with cases of
cheque bounce under section 138 to 142. The Supreme Court of India in a landmark judgement7 has also
provided with new guidelines to deal with cheque bounce cases.

Section 138 of the Negotiable Instruments Act, 1881 “Where any cheque drawn by a person on
an account maintained by him with a banker for payment of any amount of money to another
person from out of that account for the discharge, in whole or in part, of any debt or other
liability, is returned by the bank unpaid, either because of the amount of money standing to the
credit of that account is insufficient to honour the cheque or that it exceeds the amount arranged
to be paid from that account by an agreement made with that bank, such person shall be deemed
to have committed an offence and shall, without prejudice to any other provisions of this Act,
be punished with imprisonment for 1[a term which may be extended to two years], or with fine
which may extend to twice the amount of the cheque, or with both: Provided that nothing
contained in this section shall apply unless--

(a) the cheque has been presented to the bank within a period of six months from the date on
which it is drawn or within the period of its validity, whichever is earlier;

(b) the payee or the holder in due course of the cheque, as the case may be, makes a demand for
the payment of the said amount of money by giving a notice in writing, to the drawer of the
cheque,2[within thirty days] of the receipt of information by him from the bank regarding the
return of the cheque as unpaid; and

(c) the drawer of such cheque fails to make the payment of the said amount of money to the
payee or, as the case may be, to the holder in due course of the cheque, within fifteen days of
the receipt of the said notice.”


The introduction of plastic money also brought in the frauds as a natural evil fall out. As a
greater number of people using them there is more and more chances of fraud in the related
sector. The case is much worse in foreign countries where the general usage is much higher
than in India.

The various modes of credit/ debit card fraud are:

a) Abuse of genuine cards: The genuine cards are stolen while in transit from the institution to
the user or from the owners and sometimes the card is stolen, and there is a misuse of the stolen
cards. Even in some cases the cardholders falsely report about their card being stolen and go on
a shopping spree before the acquirer bank suspends the transactions or block the card.

b) Altered Cards An altered card is an original card only which is altered by the fraudster by
giving a new name and if replaces the signature strip also then he gets genuine account number
from a bunco bankster. It is very abnormal and can damage the security features of the card
provided by the bank.

c) White Plastics The duplicate fraudulent cards are called as white plastics. They are the copy
of the original genuine cards. They have pictorial similarities but doesn’t have the safety

d) Impersonation frauds These are also called as application frauds. The fraudster assumes the
name and address of some well know personality and collects the card.

Preventive Measures:

• Speeding up the transmission of information about the stolen or altered card through a
dedicated website.
• Appointing trained operators to recognize and differentiate between genuine and
original cards
• Monitoring the working of the sale terminals periodically to detect unscrupulous


Bank frauds are done to make money by cheating the banks. There are several loopholes in
banking system that has been used by fraudsters. The number of bank frauds has been
increasing year on year along with that, RBI also engaged in making the banking system
accurate and secure. IT in banking sector is much more advanced than the traditional banking.
Online transactions are widely used than the manual transactions. Due to the frauds the profit of
the company is getting affected.

Bank fraud is the use of potentially illegal means to obtain money, assets, or other property
owned or held by a financial institution, or to obtain money from depositors by fraudulently
posing as a bank or other financial institution. Bank frauds concern all citizens. It has become a
big business today. Bank frauds are the creation of professional criminals, desperate customers
or of errant bankers or their collusion inter se. However, the prima donna in the drama is the
insider or the banker. He opens the purse. He is often the target and at times the tool.
Occasionally, he is the victim of the temptations. There are internal factors and external factors
which are responsible for banking frauds and scams. There are two categories of banking frauds
i.e. banking frauds done insiders and frauds done outsiders. There are some effects of these
frauds on banks like public loss confidence in banks, loss of bank money, it helps to increase
the operating cost of banks, low asset quality, reduced the amount of profit, creditability etc.
But there are also bank rules to prevent the banking frauds and scams. The Reserve Bank of
India (RBI) has drawn up new rules for banks aimed at preventing frauds and irregularities.
Banks take actions to minimize these bank frauds. There are always new challenges in banking
sector but they are competent to deals with that challenge.


❖ Websites: -

7. Jabbour, K., & Devendorf, E. (2017). Cyber Threat Characterization. The Cyber
Defense Review, 2(3), 79-94.
8. Henry, S., & Brantly, A. (2018). Countering the Cyber Threat. The Cyber Defense
Review, 3(1), 47-56.
9. Outlook Business magazine (May 20, 2008) [3] A Report by
eTechnology Group@IMRB for Internet and Mobile Association In India From
Wikipedia, the free encyclopedia [5] Survey by the Nielsen Company, India