UNIVERSITY OF MUMBAI

PROJECT ON CYBER CRIME IN BANKING SECTOR

SUBMITTED BY BHAVN YOGESH SHAH ROLL NO.34

PROJECT GUIDE Prof. Mr. NAVIN SARAF

BACHELOR OF COMMERCE BANKING AND INSURANCE

SEMESTER V (2010-11)

SHANKAR NARAYAN COLLEGE OF ARTS ,COMMERCE BHAYANDER (EAST) 401105

Declaration I Mr. Bhavin Yogesh Shah student of B.COM. Banking & Insurance Semester V (2010-11) hereby declare that I have completed the project on Cyber Crime in Banking The information submitted is true and original to the best of my knowledge.

SIGNATURE OF STUDENT

ACKNOWLEDGEMENT
This is to express my earnest gratitude and extreme joy at being bestowed with an opportunity to get an opportunity to get an interesting and informative project on CYBER CRIME IN BANKING SECTOR. I would like to thank all t h e p e o p l e w h o h a v e h e l p e d m e i n c o m p l e t i o n o f p r o j e c t , I w o u l d a v a i l t h i s opportunity to express my profound gratitude and indebtness to all those people. I am extremely grateful to my project guide Prof. Mr. NAVIN SARAF who has given an opportunity to work on such an interesting project. She proved to be a constant source of inspiration to me and provided constructive comments on h o w t o ma k e t h i s r e p or t b e t t e r . C r e d i t a l s o g o e s t o m y f r i e n d s wh o se c o n s t a n t encouragement kept me in good stead . Lastly without fail I would thank all my faculties for providing all explicit and implicit support to me during the course of my project.

EXECUTIVE SUMMARY
Cyber crimes are any illegal activities committed using computer target of the criminal activity can be either a computer, network operations. Cyber crimes are genus of crimes, which use computers and networks for criminal activities. The difference between traditional crimes and cyber crimes is the cyber crimes can be transnational in nature. Cyber crime is a crime that is committed online in many areas using e-commerce. A computer can be the target of anoffence,w h e n u n a u t h o r i z e d a c c e s s o f c o m p u t e r n e t w o r k a n d o n o t h e r h a n d i t a f f e c t s E - C OM M ER C E . C yb e r c r i me s c a n b e o f v a r i o u s t yp e s s u c h a s T e l e c o m mu n i c a t i o n s P i r a c y Electronic Money Laundering and Tax Evasion, Sales and Investment Fraud, Electronic Funds Transfer Fraud and so on The modern contemporary era has replaced these traditional monetary instruments from a paper and metal based currency to plastic money in the form of credit cards, debit cards, etc. This has resulted in the increasing use of ATM all over the world. The use of ATM is not only safe but is also convenient. This safety and convenience, unfortunately, has an evil side as well that do not originate from the use of plastic money rather by the misuse of the same. This evil side is reflected in the form of ATM frauds that is a global problem . Internet commerce has grown exponentially during the past few years and is still growing. But unfortunately the growth is not on the expected lines because the credit card fraud which has become common has retarded the e-commerce growth. Credit card fraud has become regular on internet which not only affects card holders but also online merchants. Credit card f r a u d c a n b e d o n e b y t a k i n g o v e r t h e a c c o u n t , s k i m mi n g o r i f t h e c a r d i s s t o l e n. C e r t a i n preventive measures can be taken to becoming a credit card victim. The term "Internet fraud" refers generally to any type of fraud scheme that uses one or more components of the Internet such as chat rooms, e-mail, message boards, or Web sites - to present fraudulent solicitations to prospective victims, to conduct fraudulent transactions, or to transmit the proceeds of fraud to financial inst itutions or to other connected with the scheme.

Some form of Internet fraud, include: Spam, Scams, Spyware, Identity Theft, Phishing , Internet banking fraud.

The modern thief can steal more with o computer than a gun. Tomorrows terrorist may be able to do more damage with a keyboard than with a bomb.

-National Research Council, Computers at risk1991

INDEX 1) Introduction 2) Cyber crimes in India 3) Crimestatistics 4) Cyberspace 5) Types of cyber crime 6) Classification of cyber crime 7) Reasons for cyber crime 8) Banking sector 9) Cyber crime in banking sector 10)Cyber money laundering 11)Cyber criminals 12)Working of cyber criminals 13)Conclusion and 14)Bibliography

CYBER CRIME INTRODUCTION

Th e u s a g e o f i n t e r n e t s e r v i c e s in I n d i a i s g r o wi ng r a p i d l y. I t h a s g i v e n r i s e t o n e w opportunities in every field we can think of be it entertainment, business, sports or education.

There are many pros and cons of some new types of technology which are been invented or discovered. Similarly the new & profound technology i.e. using of INTERNET Service, has also got some pros & cons. These cons are named CYBER CRIME, the major disadvantages ,illegal activity committed on the internet by certain individuals because of certain loop-holes. The internet, along with its advantages, has also exposed us to security risks that come with connecting to a large network. Computers today are being misused for illegal activities like e -ma i l e s p i o n a g e , c r e d i t c a r d f r a u d , s p a ms , a n d s o f t wa r e p i r a c y a n d s o o n , wh i c h i n v a d e o u r privacy and offend our senses. Criminal activities in the cyberspace are on the rise.

Computer crimes are criminal activities, which involve the use of information co mp u t e r s ys t e m w i t h i n t e n t o f d a ma g i n g , deleting or altering computer data. Computer crimes also include the activities such as electronic f r a u d s mi s u s e o f d e v i c e s , i d e n t i t y t h e f t a n d d a t a a s w e l l a s s ys t e m i n t e r f e r e n c e . C o mp u t e r c r i me s ma y n o t n e c e s s a r i l y i n v o l v e d a ma g e t o p h ys i c a l p r o p e r t y. Th e y r a t h e r in c l u d e t h e manipulation of confidential data and critical informatio

Computer crime can broadly be defined as criminal activity involving an information technology infrastructure, including illegal access (unauthorized access), illegal interception (by technical means of non-public transmissions of computer data to, from or within computer system), data interference (unauthorized damaging, deletion, de terioration, alteration or suppression of computer data), systems interferen ce (interfering with the functioning of acomputer system by inputting, tra nsmitting, damaging, deleting, deteriorating, altering or suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud (Taylor,1999)

In 2002 the newly formed U.S. Internet Crime Complaint Center reported that more than$54 million dollars had been lost through a variety of fraud schemes; this represented a three fold increase over estimated losses of $17 million in 2001. The annual losses grew in subsequent years, reaching $125 million in 2003, about $200 million in 2006 and close to $250 million in 2008.

CYBERCRIMES IN INDIA

As India become the fourth highest number of Internet users in the world, cyber crimes in India has also increased 50 percent in 2007 over the previous year. According to the Information Technology (IT) Act, the majority of offenders were under 30 years of age. Ar o u n d 4 6 p e r c e n t o f c yb e r c r i m e s we r e r e l a t e d t o i n c i d e n t s o f c yb e r p o r n o g r a p h y, followed by hacking. According to recent published 'Crime in 2007 report', published by the N a t i o n a l C r i me R e c o r d B u r e a u ( N C R B ) , i n o v e r 6 0 p e r c e n t o f t h e s e c a s e s , o f f e n d e r s w e r e between 18 and 30. These cyber-crimes are punishable under two categories; the IT Act 2000a n d t h e I n d i a n P e n a l C o d e ( I P C ) . Ac c o r d i n g t o t h e r e p o r t , 2 1 7 c a s e s o f c yb e r - c r i me w e r e registered under the IT Act in 2007, which is an increase of 50 percent from the previous year .Under the IPC section, 339 cases were recorded in 2007 compared to 311 cases in 2006. Out of 35 mega cities, 17 cities have reported around 300 cases of cyber-crimes under both categories that is an increase of 32.6 percent in a year. The report also shows that cyber crime is not only limited to metro cities but it also moved to small cities like Bhopal. According to the report, Bhopal, the capital of Madhya Pradesh has reported the highest incidence of cyber crimes in the country.

I n o r d e r t o t a c k l e wi t h c yb e r c r i me , D e l h i P o l i c e h a v e t r a i n e d 1 0 0 o f i t s o f f i c e r s i n handling cyber crime and placed them in its Economic Offences Wing. These officers were trained for six weeks in computer hardware and software, computer networks comprising data communication networks, network protocols, wireless networks and network security. Faculty at Guru Gobind Singh Indraprastha University (GGSIPU) were the trainers.

CRIME STATISTICS

As per the National Crime Records Bureau statistics, during the year 2005, 179 cases were registered under the IT Act as compared to 68 cases during the previous year, thereby reporting a significant increase of 163.2% in 2005 over 2004. During 2005, a total of 302 cases were registered under IPC sections a s c o mp a r e d t o 2 7 9 s u c h c a s e s d u r i n g 2 0 0 4 , t h e r e b y reporting an increase of 8.2% in 2005 over 2004. NCRB is yet to release the statistics for 2006.In 2006, 206 complaints were received in comparison with only 58 in 2005, a 255% increase in the total number of complaints received in the Cyber Cell/EOW over the last year. In terms of c a s e s r e g i s t e r e d a n d i n v e s t i g a t e d i n 2 0 0 6 ( u p t o 2 2 .1 2 .0 6 ) , a t o t a l o f 1 7 c a s e s , w h e r e t h e computer was the victim, a tool or a repository of evidence, have been registered in the Cyber Cell/EOW as compared to 12 cases registered in 2005. And mind you, these are just the reported cases. While the number of cyber crime instances has been constantly growing over the last few years, the past year and a half, in particular, has seen a rapid spurt in the pace of cyber crime activities. Cyber lawyers, Pavan Duggal, advocate with the Supreme Court of India and Karnika Seth, partner, Seth Associates, Advocates and Legal Consultants, testify to this, pointing out that they have seen a jump in the number of cyber crime cases that they've been handling in the last o n e ye a r . On e a l s o s h o u l d r e me mb e r t h a t t h e t e r m ' C yb e r C r i me ' s h o u l d b e a p p l i e d t o a l l offences committed with the use of 'Electronic Documents'. Hence, cyber crimes must grow at the same rate as the use of the Internet, mobile phone, ATM, credit cards or perhaps even faster. " Wi t h t h e l i t t l e o f f e n c e s c a me t h e l a r g e r o n e s i n v o l v i n g h u g e money, and one has seen this s u d d e n j u m p f r o m s m a l l e r c r i m e s t o f i nancial crimes in the last one year" A c c o r d i n g t o C a p t a i n Ra g h u Ra ma n , C E O , Ma h i n dr a S p e c i a l S e r v i c e s Gr o u p ( S S G) , t h e contributing factors are high volume of data processing, rapid growth and major migration intot h e o n l i n e s p a c e , e s p e c i a l l y o f f i n a n c i a l i n s t i t u t i o n s a nd their customer transactions. However, actual numbers continue to include, considering the fact that a majority of the cases go unreported. Most victims, especially the corporate, continue to downplay on account of the fear of negative publicity thereby failing to give a correct picture of the cyber crime scene in the country. According to Cyber law expert Na Vijayashankar (popularly known as Naavi); it is d i f f i c u l t t o m e a s u r e t h e g r o w t h o f C y b e r C r i m e s b y

a n y s t a t i s t i c s , t h e r e a s o n b e i n g t h a t a majority of cyber crimes don't get reported. "If we, therefore, focus on the number of cases registered or number of convictions achieved, we only get diverted from real facts," he adds .Duggal points out to the results of a survey he conducted in early 2006 on the extent of under-reporting. For every 500 instances of cyber crimes that take place in India, only fifty are reported and out of that fifty, only one is registered as an FIR or criminal case. So, the ratio effectively is1:500 and this, he points out, are conservative estimates. Giving an insight into the reasons for low reporting, Nandkumar Sarvade, director, Cyber Security and Compliance at Nasscom, points out that very often, people are not aware whether an incident is a cyber crime; there is also lack of awareness on where to lodge a complaint or whether the police will be able to understand."Added to this is the fear of losing business and hence, many cases don't come to light," he adds.

CYBERSPACE
As the cases of cybercrime grow; there is a growing need to prevent them. Cyberspace belongs to everyone. There should be electronic surveillance which means investigators trackingdown hackers often want to monitor a cracker as he breaks into a victim's computer system. Thetwo basic laws governing real-time electronic surveillance in other criminal investigations also apply in this context, search warrants which means that search warrants may be obtained to gain a c c e s s t o t h e p r e mi s e s wh e r e t h e c r a c k e r i s b e l i e v e d t o

h a v e e v i d e n c e o f t h e c r i me . S u c h evidence would include the computer used to commit the crime, as well as the software used to gain unauthorized access and other evidence of the crime. Researchers must explore the problems in greater detail to learn the origins, methods, and motivations of this growing criminal group. Decision-makers in business, government, and lawe n f o r c e me n t mu s t r e a c t t o t h i s e me r g i n g b o d y o f k n o wl e d g e . Th e y mu s t d e v e l o p po l i c i e s , methods, and regulations to detect incursions, investigate and prosecute the perpetrators, and prevent future crimes. In addition, Police Departments should immediately take steps to protect their own information systems from intrusions (Any entry into an area not previously occupied). Internet provides anonymity: This is one of the reasons why criminals try to get away easily when caught and also give them a chance to commit the crime again. Therefore, we users should be careful. We should not disclose any personal information on the internet or use credit c a r d s a n d i f w e f i n d a n yt h i n g s u s p i c i o u s i n e - ma i l s o r i f t h e s ys t e m i s h a c k e d , i t s h o u l d b e immediately reported to the Police officials who investigate cyber-crimes rather than trying tofix the problem by ourselves. Computer crime is a multi-billion dollar problem. Law enforcement must seek ways to keep the drawbacks from overshadowing the great promise of the computer age. Cybercrime is amenace that has to be tackled effectively not only by the official but also by the users by cooperating with the law. The founding fathers of internet wanted it to be a boon to the whole world and it is upon us to keep this tool of modernization as a boon and not make it a bane to the society.

TYPES OF CYBER CRIME

1. Theft of Telecommunications Services The "phone phreakers" of three decades ago set a precedent for what has become a major c r i mi n a l i n du s t r y. B y g a i n i n g a c c e s s t o a n o r g a n i z a t i o n s t e l e p h o n e s wi t c h bo a r d ( P B X) individuals or criminal organizations can obtain access to dial-in/dial-out circuits and then make their own calls or sell call time to third parties (Gold 1999). Offenders may gain access to the switch board by impersonating a technician, by fraudulently obtaining an employee's access code, or by using software available on the internet. Some sophisticated offenders loop between PBX systems to evade

detection. Additional forms of service theft include capturing "calling card" details and on-selling calls charged to the calling card account, and counterfeiting or illicit reprogramming of stored value telephone cards.

It has been suggested that as long ago as1990,securi t y f a i l u r e s a t o n e m a j o r telecommunications carrier cost approximately 290 million, and that more recently, up to 5% of total industry turnover has been lost to fraud (Schieck 1995: 2-5). Costs to individual subscriberscan also be significant in one case; computer hackers in the United States illegally obtainedaccess to Scotland Yard's telephone network and made 620,000 worth of international calls for which Scotland Yard was responsible (Tendler and Nuttall 1996). 2. Communications in Furtherance of Criminal Conspiracies Just as legitimate organizations in the private and public sectors rely upon information systems for communications and record keeping, so too a r e t h e a c t i v i t i e s o f c r i m i n a l organizations enhanced by technology. There is evidence of telecommunications equipment being used to facilitate organized drug trafficking, gambling, prostitution, money laundering, child pornography and trade in w e a p o n s ( i n t h o s e ju r i s d i c t i o n s wh e r e s u c h a c t i v i t ie s a r e i l l e g a l ) Th e u s e o f e n c r yp t i o n technology may place criminal communications beyond the reach of law enforcement .The use of computer networks to produce and distribute child pornography has become t h e s u b j e c t o f i n c r e a s i n g a t t e n ti o n . To d a y, t h e s e ma t e r i a l s c a n b e i mp o r t e d a c r o s s n a t i o n a l borders at the speed of light. The more overt manifestations of internet child pornography entail a modest degree of organization, as required by the infrastructure of IRC and WWW, but the activity appears largely confined to individuals . By contrast, some of the less publicly visible traffic in child pornography activity appears to entail a greater degree of organization. Although knowledge is confined to that conduct which has been the target of successful police investigation, there appear to have been a number of networks which extend crossnationally, use sophisticated technologies of concealment, andentail a significant degree of coordination.

Illustrative of such activity was the Wonderland Club, an international network with members in at least 14 nations ranging from Europe, to North America, to Australia. Access tot h e g r o u p wa s p a s s wo r d p r o t e c t e d , a n d c o n t e n t wa s e n c r yp t e d . P o l i c e i n v e s t i g a t i o n o f t h e activity, codenamed "Operation Cathedral" resulted in approximately 100 arrests around the world, and the seizure of over 100,000 images in September, 1998. 3. Telecommunications Piracy D i g i t a l t e c h n o l og y p e r mi t s p e r f e c t r e p r o d u c t i o n a n d e a s y d i s s e mi n a t i o n o f p r i n t, g r a p h i c s , s o u n d , a n d mu l t i me d i a c o mb i n a t i o n s .Th e t e mp t a t i o n t o r e p r o d u c e c o p yr i g h t e d material for personal use, for sale at a lower price, or indeed, for free distribution, has proven irresistible to many. This has caused considerable concern to owners of copyrighted material. Each year, It has been estimated that losses of between US$15 and US$17 billion are sustained by industry by reason of copyright infringement (United States, Information Infrastructure Task Force 1995,131).The Software Publishers Association has estimated that $7.4 billion worth of software was lost to piracy in 1993 with $2 billion of that being stolen from the Internet (Meyer and Underwood 1994). Ryan (1998) puts the cost of foreign piracy to American industry at more than $10 billion in 1996, including $1.8 billion in the film industry, $1.2 billion in music $3.8 billion in businessapplication software, and $690 million in book publishing

According to the Straits Times (8/11/99) A copy of the most recent James Bond Film The World is Not Enough, was available free on the internet before its official release. When creators of a work, in whatever medium, are unable to profit from their creations, there can be a chilling effect on creative effort generally, in addition to financial loss. 4. Dissemination of Offensive Materials Content considered by some to be objectionable exists in abundance in cyberspace. This includes, among much else, sexually explicit materials, racist propaganda, and instructions for the fabrication of incendiary and explosive devices. Telecommunications systems can also beu s e d f o r h a r a s s i n g , t h r e a t e n i n g o r i n t r u s i v e c o mmu n i c a t i o n s , f r o m t h e t r a d i t i on a l o b s c e n e t e l e p h o n e c a l l t o i t s c o n t e mp o r a r y

ma n i f e s t a t i o n i n " c yb e r - s t a l k i n g " , i n wh i c h p e r s i s t e n t messages are sent to an unwilling recipient. One man allegedly stole nude photographs of his former girlfriend and her new boyfriend a n d p o s t e d t h e m o n t h e I n t e r n e t , a l o n g wi t h h e r n a me , a d d r e s s a n d t e l e p h o n e n u mb e r . Th e unfortunate couple, residents of Kenosha, Wisconsin, received phone calls and e-mails froms t r a n g e r s a s f a r a w a y a s D e n m a r k w h o s a i d t h e y h a d s e e n t h e p h o t o s o n t h e I n t e r n e t . I n v e s t i g a t i o n s a ls o r e v e a l e d t h a t t h e s u s p e c t wa s ma i n t a i n i n g r e c o r d s a b o u t t h e w o ma n ' s move ments and compiling information about her family (Spice and Sink 1999). In another case a rejected suitor posted invitations on the Internet under the name of a 28-year-old woman, the would-be object of his affections that said that she had fantasies of rape and gang rape. He then communicated via email with men who replied to the solicitations and gave out personal information about the woman, including her address, phone number, details of her physical appearance and how to bypass her home security system. Strange men turned up at her home on six different occasions and she received many obscene phone calls. While the woman was not physically assaulted, she would not answer the phone, was afraid to leave her home, and lost her job (Miller 1999; Miller and Maharaj 1999).One former university student in California used email to harass 5 female students in1998. He bought information on the Internet about the women using a professor's credit card and then sent 100 messages including death threats, graphic sexual descriptions and references to

their daily activities. He apparently made the threats in response to perceived teasing about his appearance (Associated Press 1999a). Computer networks may also be used in furtherance of extortion. The Sunday Times (London) reported in 1996 that over 40 financial institutions in Britain and the United States had been attacked electronically over the previous three years. In England, financial institutions were reported to have paid significant amounts to sophisticated computer criminals who threatened to wipe out computer systems.(The Sunday Times, June 2, 1996). The article cited four incidents between 1993 and 1995 in which a total of 42.5 million Pounds Sterling were paid by senior executives of the organizations concerned, who were convinced of the extortionists' capacity to crash their computer systems (Denning 1999 233-4).

5. Electronic Money Laundering and Tax Evasion For some time now, electronic funds transfers have assisted in concealing and in moving the proceeds of crime. Emerging technologies will greatly assist in concealing the origin of ill-gotten gains. Legitimately derived income may also be more easily concealed from taxation authorities. Large financial institutions will no longer be the only ones with the ability to achievee l e c t r o n i c f u n d s t r a n s f e r s t r a n s i t i n g n u m e r o u s j u r i s d i c t i o n s a t t h e s p e e d o f l i g h t . T h e development of informal banking institutions and parallel banking systems may permit central bank supervision to be bypassed, but can also facilitate the evasion of cash transaction reporting requirements in those nations which have them. Traditional underground banks, which have flourished in Asian countries for centuries, will enjoy even greater capacity through the use of telecommunications. With the emergence and proliferation of various technologies of electronic commerce, one can easily envisage how traditional countermeasures against money laundering and tax evasion may soon be of limited value. I may soon be able to sell you a quantity of heroin, in return for an untraceable transfer of stored value to my "smart-card", which I then download anonymously to my account in a financial institution situated in an overseas jurisdiction which protects the privacy of banking clients. I can discreetly draw upon these funds as and when I may require, downloading them back to my stored value card (Wahlert 1996) 6. Illegal Interception of Telecommunications Developments in telecommunications provide new opport u n i t i e s f o r e l e c t r o n i c eavesdropping. From activities as time- honoured as surveillance of an unfaithful spouse, to the n e we s t f o r ms o f p o l i t i c a l a n d i n d u s t r i a l e s p i o n a g e , t e l e c o mmu n i c a t i o n s i n t e r c e p t i o n h a s increasing applications. Here again, technological developments create new vulnerabilities. The electromagnetic signals emitted by a computer may themselves be intercepted. Cables may act as broadcast antennas. Existing law does not prevent the remote monitoring of computer radiation. It has been reported that the notorious American hacker Kevin Poulsen was able to gain access to law enforcement and national security wiretap data prior to his arrest in 1991 (Littman1997). In 1995, hackers employed by a

criminal organization attacked the communicationss y s t e m o f t h e A m s t e r d a m P o l i c e . T h e h a c k e r s s u c c e e d e d i n g a i n i n g p o l i c e o p e r a t i o n a l intelligence, and in disrupting police communications (Rathmell 1997). 7. Electronic Funds Transfer Fraud Electronic funds transfer systems have begun to proliferate, and so has the risk that such transactions may be intercepted and diverted. Valid credit card numbers can be intercepted electronically, as well as physically; the digital informat i o n s t o r e d o n a c a r d c a n b e counterfeited.Of course, we don't need Willie Sutton to remind us that banks are where they keep the money. In 1994, a Russian hacker Vladimir Levin, operating from St Petersburg, accessed the computers of Citibank's central wire transfer department, and transferred funds from large corporate accounts to other accounts which had been opened by his accomplices in The UnitedS t a t e s , t h e Ne t h e r l a n d s , F i n l a n d , Ge r ma n y, a n d I s r a e l . Of f i c i a l s f r o m o n e o f t h e c o r p o r a t e v i c t i ms , l o c a t e d i n Ar g e n t i n a , n o t i f i e d t h e b a n k , a n d t h e s u s pe c t a c c o u n t s , l o c a t e d i n S a n F rancisco, were frozen. The accomplice was arrested. Anot h e r a c c o m p l i c e w a s c a u g h t attempting to withdraw funds from an account in Rotterdam. Although Russian law precludedLe v i n ' s e x t r a d i t i o n , h e wa s a r r e s t e d d u r i n g a v i s i t t o t h e Un i t e d S t a t e s a n d s u b s e q u e n t l yimprisoned. (Denning 1999, 55).The above forms of computer-related crime are not necessarily mutually exclusive, andneed not occur in isolation. Just as an armed robber might steal an automobile to facilitate aquick getaway, so too can one steal telecommunications services and use them for purposes of vandalism, fraud, or in furtherance of a criminal conspiracy.1 Computer -related crime may becompound in nature, combining two or more of the generic forms outlined above

1.HACKING H a c k i n g i n s i mp l e t e r ms me a n s a n i l l e g a l i n t r u s i o n i n t o a c o mp u t e r s ys t e m a n d / o r network. There is an equivalent term to hacking i.e. cracking, but from Indian Laws perspective there is no difference between the term hacking and cracking. Every act committ ed towards breaking into a computer and/or network is hacking. Hackers write or use ready-made computer programs to attack the target computer. They possess the desire to destruct and they get the kick out of such destruction. Some hackers hack for personal monetary gains, such as to stealing the credit card information, transferring money from various bank accounts to their own account followed by withdrawal of money. They extort money from some corporate giant threatening him to publish the stolen information which is critical in nature. G o v e r n me n t we b s i t e s a r e t h e h o t t a r g e t s o f t h e h a c k e r s d u e t o t h e p r e s s c o v e r a ge , i t receives. Hackers enjoy the media coverage. Motive Behind The Crime a. Greed b. Power c. Publicity d. Revenge e. Adventure f. Desire to access forbidden information g. Destructive mindset h. Wants to sell n/w security services

2.Child Pornography The Internet is being highly used by its abusers to reach and abuse children sexually, worldwide. The internet is very fast becoming a household commodity in India. Its explosion has made the children a viable victim to the cyber crime. As more homes have access to internet, more children would be using the internet and more are the chances of falling victim to the aggression of pedophiles. The easy access to the pornographic contents readily and freely a v a i l a b l e o v e r t h e i n t e r n e t l o we r t h e i n h i b i t i on s o f t h e c h i l d r e n . P e d o p h i l e s l u r e t h e c h i l d r e n b y d i s t r i b u t i n g pornographic material, and then they try to meet them for sex or to take their nude photographs including their engagement in sexual positions. Sometimes Pedophiles contact children in the chat rooms posing as teenagers or a child of similar age, then they start becoming friendlier with them and win their confidence. Then slowly pedophiles start sexual chat to help children shed their inhibitions about sex and then call them out for personal interaction. Then starts actual e x p l o i t a t i o n o f t h e c h i l d r e n b y o f f e r i n g t h e m s o me mo n e y o r f a l s e l y p r o mi s i n g t h e m g o o d opportunities in life. The pedophiles then sexually exploit the children either by using them as sexual objects or by taking their pornographic pictures in order to sell those over the internet. In physical world, parents know the face of dangers and they know how to avoid & face the problems by following simple rules and accordingly they advice their children to keep away f r o m d a n g e r o u s t h i n g s a n d w a ys . B u t i n c a s e o f c yb e r wo r l d , mo s t o f t h e p a r e n t s d o n o t themselves know about the basics in internet and dangers posed by various services offered over t h e i n t e r n e t . H e n c e t h e c h i l d r e n a r e l e f t u n p r ot e c t e d i n t h e c yb e r wo r l d . P e d o p h i l e s t a k e advantage of this situation and lure the children, who are not advised by their parents or by their teachers about what is wrong and what is right for them while browsing the internet. How Do They Operate a. Pedophiles use false identity to trap the children/teenagers. b. Pedophiles contact children/teens in various chat rooms which are used by children/teen to interact with other children teen. c. Befriend the child/teen.

d. Extract personal information from the child/teen by winning his confidence. e. Gets the e-mail address of the child/teen and starts making contacts on the victim e-mail address as well f.Starts sending pornographic images/text to the victim i n c l u d i n g c h i l d p o r n o g r a p h i c images in order to help child/teen shed his inhibitions so that a feeling is created in the mind of the victim that what is being fed to him is normal and that everybody does it. g. Extract personal information from child/teen. h . At t h e e n d o f i t , t h e p e d o p h i l e s e t u p a me e t i n g w i t h t h e c h i l d / t e e n o u t o f t h e h o u s e a n d then drag him into the net to further sexually assault him or to use him as a sex object .In order to prevent your child/teen from falling into the trap of pedophile, read the tips under Tips & Tricks heading. 3.Cyber Stalking Cyber Stalking can be defined as the repeated acts harassment or threatening behavior of the cyber criminal towards the victim by using internet services. Stalking in General terms can be referred to as the repeated acts of harassment targeting the victim such as following the

victim, making harassing phone calls, killing the victims pet, vandalizing victims property ,leaving written messages or objects. Stalking may be followed by serious violent acts such as physical harm to the victim and the same has to be treated and viewed seriously. It all depend son the course of conduct of the stalker. Both kind of Stalkers Online & Offline have desire to control the victims life. Majority of the stalkers are the dejected lovers or ex-lovers, who then want to harass the victim because they failed to satisfy their secret desires. Most of the stalkers are men and victim female. How Do They Operate a. C o l l e c t a l l p e r s o n a l i n f o r ma t i o n a b o u t t h e v i c t i m s u c h a s n a me , f a mi l y b a c k g r o u n d , Telephone Numbers of residence and work place, daily routine of the victim, address of residence and place of work, date of birth etc. If the stalker is one of the acquaintances of the

victim he can easily get this information. If stalker is a stranger to victim, he collects the information from the internet resources such as various profiles, the victim may have filled in while opening the chat or e-mail account or while signing an account with some website. b . Th e s t a l k e r ma y p o s t t h i s i n f o r ma t i o n o n a n y w e b s i t e r e l a t e d t o s e x - s e r v i c e s o r d a t i n g services, posing as if the victim is posting this information and invite the people to call the victim on her telephone numbers to have sexual services. Stalker even uses very filthy and obscene language to invite the interested persons c. People of all kind from nook and corner of the World, who come across this information, start calling the victim at her residence and/or work place, asking for sexual services or relationships. d . S o me s t a l k e r s s u b s c r i b e t h e e - ma i l a c c o u n t o f t h e v i c t i m t o i n n u me r a b l e p o r n o gr a p h i c and sex sites, because of which victim starts receiving such kind of unsolicited e-mails. e . S o me s t a l ke r s k e e p o n s e n d in g r e p e a t e d e - ma i l s a s k i n g f o r v a r i o u s k i n d s o f f a v o r s o r threaten the victim.

f. In online stalking the stalker can make third party to harass the victim. g . F o l l o w t h e i r v i c t i m f r o m b o a r d t o b o a r d . Th e y h a n g o u t o n t h e s a me B B s a s t h e i r victim, many times posting notes to the victim, making sure the victim is aware thath e / s h e i s b e i n g f o l l o w e d . M a n y t i m e s t h e y w i l l f l a m e t h e i r v i c t i m ( b e c o m i n g argumentative, insulting) to get their attention. h . S t a l k e r s wi l l a l mo s t a l w a ys ma k e c o n t a c t wi t h t h e i r v i c t i ms t h r o u g h e ma i l . Th e l e t t e r s may be loving, threatening, or sexually explicit. He will many times use multiple names when contacting the victim. Contact victim via telephone. If the stalker is able to access the victims telephone, he will many times make calls to the victim to threaten, harass, or intimidate them. j.Track the victim to his/her home.

Definition of Cyber stalking Although there is no universally accepted definition of cyber stalking, the term is used in this report to refer to the use of the Internet, e-mail, or other electronic communications devices to stalk another person. Stalking generally involves harassing or threatening behavior that an individual engages in repeatedly, such as following a person, appearing at a persons home or p l a c e o f b u s i ne s s , ma k i n g h a r a s s i n g p h o n e c a l l s , l e a v i n g wr i t t e n me s s a g e s o r o b je c t s , o r vandalizing a persons property. Most stalking laws require that the perpetrator make a credible threat of violence against the victim; others include threats against the victims immediate family; and still others require only that the alleged stalkers course of conduct constitute an implied threat. (1) While some conduct involving annoying or menacin g behavior might fall short of illegal stalking, such behavior may be a prelude to stalking and violence and should be treated seriously. Nature and Extent of Cyber stalking

An existing problem aggravated by new technology. Although online harassment and threats can take many forms, cyber stalking shares important characteristics with offline stalking .Many stalkers online or offline are motivated by a desire to exert control over their victims and engage in similar types of behavior to accomplish this end. As with offline stalking, the available evidence (which is largely anecdotal) suggests that the majority of cyber stalkers are men and the majority of their victims ar e women, although there have been reported cases of women cyber stalking men and of same-sex cyber stalking. In many cases, the cyber stalker and the victim had a prior relationship, and the cyber stalking begins when the victim attempts to break off the relationship. However, there also have been many instances of cyber stalking by strangers. Given the enormous amount of personal information available through the Internet, a cyber stalker can easily locate private information about a potential victim with a few mouse clicks or key strokes. The fact that cyber stalking does not involve p h y s i c a l c o n t a c t m a y c r e a t e t h e misperception that it is more benign than physical stalking. This is not necessarily true. As the Internet becomes an ever more integral part of our personal and professional lives,

stalkers can t a k e a d v a n t a g e o f t h e e a s e o f c o m m u n i c a t i o n s a s w e l l a s i n c r e a s e d a c c e s s t o p e r s o n a l information. In addition, the ease of use and non-confrontational, impersonal, and sometimes anonymous nature of Internet communications may remove disincentives to cyber stalking. Put another way, whereas a potential stalker may be unwilling or unable to confront a victim in person or on the telephone, he or she may have little hesitation sending harassing or threatening electronic communications to a victim. Finally, as with physical stalking, online harassment and threats may be a prelude to more serious behavior, including physical violence. 1.Phishing I n t h e f i e l d o f c o mp u t e r s e c u r i t y, phishing i s t h e c r i mi n a l l y f r a u d u l e n t p r o c e s s o f attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT Administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website w h o s e l o o k a n d f e e l a r e a l m o s t identical to the legitimate one. Even when using s e r v e r authentication, it may require tremendous skill to detect that the website is fake. Phishing is an example of social engineering techniques used to fool users,and exploits the poor usability of c u r r e n t w e b s e c u r i t y t e c h n o l og i e s . At t e mp t s t o d e a l wi t h t h e g r o wi n g n u mb e r o f r e p o r t e d phishing incidents include legislation, user training, public awareness, and technical security measures. Phishing, also referred to as brand spoofing or carding , is a variation on "fishing," the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting .A phishing technique was described in detail in 1987, and the first recorded use of the term "phishing" was made in 1996. Phishing email From: *****Bank [mailto:support@****Bank.com]

Sent: 08 June 2004 03:25 To: India Subject: Official information from ***** Bank Dear valued ***** Bank Customer! For security purposes your account has been randomly chosen for verification. To verify your account information we are asking you to provide us with all the data we are requesting. Otherwise we will not be able to verify your identity and access to your account will be denied. Please click on the link below to get to the bank secure page and verify your account details. Thank you. https://infinity.*****bank. co. in/Verify.jsp

2 .D e n i a l Of S e r v i c e At t a c k This is an act by the criminal, who floods the bandwidth of the victims network or fills his email box with spam mail depriving him of the services he is entitled to access or provide. 3 .Vi r u s Di s s e mi n a t i o n Malicious software that attaches itself to other software. (Virus,, worms,, Trojan Horse,, Time bomb,, Logic Bomb,, Rabbit and Bacterium are the malicious softwares). 4.Software Piracy

Theft of software through the illegal copying of genuine programs or the counterfeiting and distribution of products intended to pass for the original. Retail revenue losses worldwide are ever increasing due to this crime .It can be done in various ways- End user copying, Hard disk loading,, Counterfeiting,, Illegal downloads from the internet etc 5.Spoof ing Getting one computer on a network to pretend to have the identity of another computer, usually one with special access privileges, so as to obtain access to the other computers on the network .. 6.Net Extortion C o p yi n g t h e c o mp a n y s c o n f i d e n t i a l d a t a i n o r d e r t o e x t o r t s a i d c o mp a n y f o r h u g e amount. 7.SALAMI ATTACK I n s u c h c r i me c r i mi n a l ma k e s i n s i g n i f i c a n t c h a n g e s i n s u c h a ma n n e r t h a t s u c h c h a n g e s would go unnoticed. Criminal makes such program that deducts small amount like Rs. 2.50 per month from the account of all the customer of the Bank and deposit the same in his account. In this case no account holder will approach the bank for such small amo unt but criminal gains huge amount. 8.SALE OF NARCOTICS Sale & Purchase through net. There are web sites which offer sale and shipment off contrabands drugs.

CLASSIFICATION OF CYBER CRIME

Mr. Pavan Duggal, who is the President of cyber laws, net and consultant, in a report has clearly defined the various categories and types of cyber crimes. Cyber crimes can be basically divided into 3 major categories:

1 .C yb e r c r i me s Ag a i n s t P e r s o n s Cyber crimes committed against persons include various crimes like transmission of c h i l d - p o r n o g r a p h y, h a r a s s me n t of a n y o n e w i t h t h e u s e o f a c o mp u t e r s u c h a s e - ma i l . Th e trafficking, distribution, posting, and dissemination of obscene material including pornography and indecent exposure, constitutes one of the most important Cyber crimes known today. The potential harm of such a crime to humanity can hardly be amplified. This is one Cyber crime which threatens to undermine the growth of the younger generation as also leave irreparable scars and injury on the younger generation, if not controlled.

A minor girl in Ahmadabad was lured to a private place through cyber chat by a man, who, along with his friends, attempted to gang rape her. As some passersby heard her cry, she was rescued. Another example wherein the damage was not done to a person but to the masses is the case of the Melissa virus. The Melissa virus first appeared on the internet in March of 1999. It spread rapidly throughout computer systems in the United States and Europe. It is estimated that the virus caused 80 million dollars in damages to computers worldwide.

In the United States alone, the virus made its way through 1.2 million computers in one-fifth of the country's largest businesses. David Smith pleaded guilty on Dec. 9, 1999 to state and federal charges associated with his creation of the Melissa virus. There are numerous examples of such computer viruses few of them being "Melissa" and "love bug".

2 . C yb e r c r i me s A g a i n s t P r o p e r t y The second category of Cyber crimes is that of Cyber crimes against all forms of property. These crimes include computer vandalism (destruction of others' property), transmission of harmful programmes. A M u mb a i - b a s e d u p s t a r t e n g i n e e r i n g c o mp a n y l o s t a s a y a n d mu c h mo n e y i n t h e business when the rival company, industry major, stole the technical database from their computers with the help of a corporate cyber spy.

3.Cybercrimes Against Government The third category of Cyber crimes relate to Cyber crimes against Government. Cyber terrorism is one distinct kind of crime in this category. The growth of internet has shown that the medium of Cyberspace is being used by individuals and groups to threaten the international

g o v e r n me n t s a s a l s o t o t e r r o r i z e t h e c i t i z e n s o f a c o u n t r y . Th i s c r i me ma n i f e s t s i t s e l f i n t o terrorism when an individual "cracks" into a government or military maintained website. The Parliament of India passed its first Cyber law, the Information Technology Act in2000. It not only provides the legal infrastructure for E-commerce in India but also at the same time, gives draconian powers to the Police to enter and search, without any warrant, any public place for the purpose of nabbing cyber criminals and preventing cyber crime. Also, the Indian C y b e r l a w t a l k s o f t h e a r r e s t of any person who is about to commit a cyber crime. The Act defines five cyber crimes damage to computer source code, hacking, publishing electronic information which is lascivious or prurient, breach of confidentiality and publishing false digital signatures. The Act also specifies that cyber crimes can only be investigated by an official holding no less a rank than that of Dy. Superintendent of Police (Dy.SP). I t i s c o mmo n t h a t ma n y s ys t e ms o p e r a t o r s d o n o t s h a r e i n f o r ma t i o n wh e n t h e y a r e v i c t i mi z e d b y c r a c k e r s . Th e y d o n ' t c o n t a c t l a w e n f o r c e me n t o f f i c e r s w h e n t h e i r c o mp u t e r systems are invaded, preferring instead to fix the damage and take action to keep crackers from gaining access again with as little public attention as possible. According to Sundari Nanda, SP, CBI, "most of the times the victims do not complain, may be because they are aware of the extent of the crime committed against them, or as in the case of business houses, they don't want to confess their system is not secure". As the research shows, computer crime poses a real threat. Those who believe otherwise simply have not been awakened by the massive losses and setbacks experienced by companies worldwide. Money and intellectual property have been stolen, corporate operations impeded, and jobs lost as a result of computer crime. Similarly, information systems in government a n d b u s i n e s s a l i k e h a v e b e e n c o mp r o mi s e d . T h e e c o n o mi c i mp a c t o f c o m p u t e r c r i me i s s t a g g e r i n g ( g r e a t d i f f i c u l t y) .

REASONS FOR CYBER CRIME

Hart in his work The Concept of Law has said human beings are vulnerable so rule of law is required to protect them. Applying this to the cyberspace we may say that computers are vulnerable(capable of attack) so rule of law is required to protect and safeguard them against cyber crime. The reasons for the vulnerability of computers may be said to be:

1.Capacity To Store Data In Comparatively Small Space-

The computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium makes it much easier.

2.Easy To Access The problem encountered in guarding a computer system from un authorised access is that there is every possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system.

3.Complex The computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system.

4.Negligence

Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a cyber criminal to gain access and control over the computer system.

5.Loss Of Evidence

Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of crime investigation.

BANKING SECTOR
The Banking Industry was once a simple and reliable business that took deposits from i n v e s t o r s a t a l o w e r i n t e r e s t r a t e a n d loaned it out to borrowers at a higher rate. However deregulation and technology led to a revolution in the Banking Industry that saw it transformed. Banks have become global industrial powerhouses that have created ever more complex products that use risk. Through technology development, banking services have become available 24 hours a day, 365 days a week, through ATMs, at online banking, and in electronically enabled exchanges where everything from stocks to currency futures contracts can be traded . The Banking Industry a t i t s c o r e p r o vi d e s a c c e s s t o c r e d i t . I n t h e l e n d e r s c a s e , t h i s includes access to their own savings and investments, and interest payments on those amounts. In the case of borrowers, it includes access to loans for the creditworthy, at a competitive interest rate. Banking services include transactional services, such as verification of account details, a c c o u n t b a l a n c e d e t a i l s a n d t h e t r a n s f e r o f f u n d s , a s w e l l a s a d v i s o r y s e r v i c e s t h a t h e l p individuals and institutions to properly plan and manage their finances. Online banking channels have become a key in the last 10 years. The collapse of the Banking Industry in the Financial Crisis, however, means that some of the more extreme risk-taking and complex securitization activities that banks increasingly engaged in since 2000 will be limited and carefully watched, to ensure that there is not another banking system meltdown in the future. Banking in India originated in the last decades of the 18th century. The oldest bank inexistence in India is the State Bank of India, a government-owned bank that traces its origins back to June 1806 and that

is the largest commercial bank in the country. Central banking is the responsibility of the Reserve Bank of India, which in 1 9 3 5 f o r m a l l y t o o k o v e r t h e s e r e s p o n s i b i li t i e s f r o m t h e t h e n I mp e r i a l B a n k o f I n d i a , r e l e g a t i n g i t t o c o m me r c i a l b a n k i n g functions. After India's independence in 1947, the Reserve Bank was nationalized and given broader powers. In 1969 the government nationalized the 14 largest commercial banks; the government nationalized the six next largest in 1980. Currently, India has 88 scheduled commercial banks (SCB s) 27 public sector banks( t h a t i s wi t h t h e Go v e r n me n t o f I n d i a holding a stake), 31 private banks (these do not have government stake; they may be publicly listed and traded on stock exchanges) and 38 foreign banks. They have a combined network of over 53,000 branches and 17,000 ATMs. According to a report by ICRA Limited, a rating agency, the public sector banks hold over 75 percent of total assets of the banking industry, with the private and foreign banks holding 18.2% and 6.5%respectively.

CYBER CRIME IN BANKING SECTOR AUTOMATED TELLER MACHINE

The traditional and ancient society was devoid of any monetary instruments and the entire exchange of goods and merchandise was managed by the barter system. The use of monetary instruments as a unit of exchange replaced the barter system and money in va rious d e n o mi n a t i o n s wa s u s e d a s t h e s o l e p u r c h a s i n g p o w e r . Th e mo d e r n c o n t e m p o r a r y e r a h a s r e p l a c e d t h e s e t r a d i ti o n a l mo n e t a r y i n s t r u me n t s f r o m a p a p e r a n d me t a l b a s e d c u r r e n c y t o plastic money in the form of credit cards, debit cards, etc. This has resulted in the increasing use of ATM all over the world. The use of ATM is not only safe but is also convenient. This safety and convenience, unfortunately, has an evil side as well that do not originate from the use o f p l a s t i c mo n e y r a t h e r b y t h e mi s u s e o f t h e s a me . Th i s e v i l s i d e i s r e f l e c t e d i n t h e f o r m of ATM FRAUDS that is a global problem. The use of plastic money is increasing day by day for payment of shopping bills, electricity bills, school fees, phone bills, insurance premium, travelling bills and even petrol bills. The convenience and safety that credit cards carry with its use has been instrumental in increasing both credit card volumes and usage. This growth is not only in positive use of the same but as well as the negative use of the same. at large is

WAYS TO CARD FRAUDS Some of the popular techniques used to carry out ATM crime are: 1.T h r o u g h C a r d J a m m i n g A T M s c a r d r e a d e r i s t a m p e r e d w i t h i n o r d e r t o t r a p a customers card. Later on the criminal removes the card. 2.Card Skimming, is the illegal way of stealing the cards security information from the cards magnetic stripe. 3.Card Swapping, through this customers card is swapped for another card without the knowledge of cardholder. 4.Website Spoofing, here a new fictitious site is made which looks authentic to the user and customers are asked to give their card number. PIN and other information, which are used to reproduce the card for use at an ATM.

5.Physical Attack. ATM machine is physical attacked for removing the cash.

What Precaution Should Be Taken While Leaving Cash Machine

Once you have completed a transaction, discreetly put your money and card away before leaving the cash machine. I f yo u l o s e yo u r c a r d i n a c a s h ma c h i n e , c a n c e l t h e c a r d i mme d i a t e l y wi t h t h e c a r d issuers 24-hour emergency line, which can be found on your last bank statement. Do not assume that your bank automatically knows that the machine has withheld your card. Again, beware of help offered by "well meaning strangers". Dispose of your cash machine receipt, mini-statement or balance enquiry slip with care. Tear up or preferably shred these items before discarding them. Card Fraud Also Happens In The Home: C a r d h o l d e r s s h o u l d a l s o b e wa r n e d o f t h e r i s k s o f v e r i f yi n g b a n k d e t a i l s a t h o me i n unsolicited telephone conversations. Always call the person back using the advertised customer telephone number, not the telephone number they may give you. 1.D o N o t C l i c k O n H y p e r l i n k s S e n t T o Y o u B y E m a i l A s k i n g Y o u T o Confirm Your Bank Details Online: Hyperlinks are links to web pages that have been sent to you by email and may open a dummy website designed to steal your personal details. Phone your bank instead on their main customer number or access your account using the bank's main website address. Use good anti virus and firewall protection.

NEVER Write Down Your Pin: People make life very easy for pickpockets if they write down their PIN and keep it in their purse or wallet. Do not write down your PIN. If you have been given a number that you find difficult to remember, take your card along to a cash machine and change the number to one that you will be able to remember without writing it down.

CYBER MONEY LAUNDERING

During the past two decades, IT and Internet technologies have reached every nook and corner of the world. E-commerce has come into existence due to the attributes of Internet like ease of use, speed, anonymity and its International nature. Internet has converted the world into a boundary less market place that never sleeps. Drug peddlers and organized criminals found a natural and much sought after ally in Internet. Computer networks and Internet, in particular, permit transfer of funds electronically between trading partners, businesses and consumers. This transfer can be done in many ways. They include use of credit cards,

Internet banking, e-cash, e-wallet etc. for example, smart cards like Visa Cash, Mondex card, whose use is growing can store billions of dollars. At present, there is an upper limit imposed by the card issuers but technically there is no limit. In some other forms of computer-based e-money, there is no upper l i mi t . M o b i l e b a n k i ng a n d mo b i l e c o m me r c e a r e g r o wi n g a n d t h e s e t e c h n o l o g i e s h a v e t h e capability to transfer any amount of money at the touch of a bottom or click of a mouse. They c a n b e e f f e c t i v e t o o l s i n t h e h a n d s o f mo n e y l a u n d e r e r s . F i r s t a n d f o r e mo s t , t he a n o n ymi t y offered by internet and cyber payment systems is being exploited to the hilt by the criminal elements.

As per cyber payment systems eliminate the need for face to face interactions, transfer of funds can be done between two trading partners directly. Two individuals also can transfer funds directly using e- wallets. This problem is further compounded by the fact that, in many countries, nonfinancial institutions are also permitted to issue e-money. Monitoring the activities of these i n st i t u t i o n s i n a t r a d i t i o n a l ma n n e r i s n o t p o s s i b l e . Ea r l i e r , c r o s s - b o r d e r t r a n s a c t i o n s we r e controlled by the central banks of respective countries. With the entry of Internet commerce, the jurisdictional technicalities come into play and it is another area that is being exploited by the money launderers. The capacity to transfer unlimited amounts of money without having to go through strict checks makes cyber money laundering an attractive proposition. From the point of view of law enforcing agencies, all the above advantages cyber payments provide to consumers and trading partners, turn out to be great disadvantages while investigating the crimes.

WHY MONEY LAUNDERING?

T h e mo s t i mp o r t a n t a i m o f mo n e y l a u n d e r i n g i s t o c o n c e a l t h e o r i g i n o f t h e mo n e y, wh i c h , i n a l mo s t a l l c a s e s , i s f r o m i l l e g a l a c t i v i t y. C r i mi n a l r e s o r t t o t h i s p r a c t i c e t o a v o i d detection of the money by law enforcement which will lead to its confiscation and also may provide leads to the illegal activity. By

laundering the money the criminals are trying to close thei r tracks. Further, their aims could be to increase the profits by resorting to illegal money transfer etc. and also of course, to support new criminal ventures. Money laundering from the point of view of the criminal increases the profits and, at the same time, reduces the risk. While indulging in money laundering process, the launderers also attempt to safeguard their interests. They conceal the origin and ownership of the proceeds, maintain control over proceeds and change the form of proceeds.

MONEY LAUNDERING PROCESS Money laundering is normally accomplished by using a three stage process. The three steps involved are Placement, Layering and Integration. E-money and cyber payment systems come in handy in all the three stages of the process.

1.PLACEMENT The first activity is placement. Illegal activities like drug trafficking, extortion, generate very volumes of money. People involved in these activities cannot explain the origin and source of these funds to the authorities. There is a constant fear of getting caught. So the immediate requirement is to send this money to a different location using all available means. This stage is characterized by facilitating the process of inducting the criminal money into the legal financial system. Normally, this is done by opening up bank

accounts in the names of non-existent people or commercial organizations and depositing the money. Online banking and Internet banking make it very easy for a launderer to open and operate a bank account. Placement in cyber space occurs by depositing the illegal money with some legitimate financial institutions or businesses. This is done by breaking up the huge cash into smaller chunks. Launderers are very careful at this stage because the chances of getting caught are considerable here. Cyber payment systems can come in handy during this process.

2.LAYERING Layering is the second sub process. In this complex layers of financial transaction are created to disguise the a udit trail and provide anonymity. This is used to distance the money from the sources. This is achieved by moving the names from and to offshore bank accounts in the names of shell companies or front companies by using Electronic Funds Transfer (EFT) or by other electronic means. Every day trillions of dollars are transferred all over the world by other legitimate business and thus it is almost impossible ton as certain whether some money is legal or illegal. Launderers normally make use of commodity broke rs, stock brokers in the layering process. Launderers were also found to purchase high value commodities like diamonds etc. and exporting them to a different jurisdiction. During this process, they make use of the banks wherever possible as in the legal commercial activity.

3.INTEGRATION

Integration is the third sub process. This is the stage in which the cleaned money is p l o u g h e d b a c k . T h i s i s a c h i e v e d b y ma k i n g i t a p p e a r a s l e g a l l y e a r n e d . Th i s i s n o r ma l l y a c c o mp l i s h e d b y t h e l a u n d e r e r s b y e s t a b l i s h i n g a n o n ymo u s c o mp a n i e s i n c o u n t r i e s w h e r e secrecy is guaranteed. Anyone with access to Internet can start an ebusiness. This can look and function like any other e-business as far as the outside world is concerned. This anonymity is what makes Internet very attractive for the launderers. They can then take loans from these

companies and bring back the money. This way they not only convert their money this way but also can take advantages associated with loan servicing in terms of tax relief. Another way can be by placing false export import invoices and over valuing goods. The entire process can be explained with the help of an example . The money launderers first activity is to set up an online commerce company which is legal. Normally, the launderer s e t s u p t h e w e b s i t e f o r hi s c o mp a n y a n d a c c e p t s o n l i n e p a yme n t s u s i n g c r e d i t c a r d s f o r t h e purchases made from his companys website. As a part of the whole scheme, launderers obtain credit cards from some banks or financial institutions located in countries with lax rules, which are known as safe havens. The launderer sitting at home, then, makes purchases using this credit card from his own website. As in normal transactions, the Web-based system then sends an invoice to the customers (who happens to the launderer himself) bank, in the safe haven. The bank then pays the money into the account of the company. Cyber space provides a secure and anonymous opportunity to the criminals in money laundering operations. It has come to light that many gangs are opening up the front companies and hiring information technology specialists f o r n e f a r i o u s a c t i v i t i e s . I n c i d e n t s h a v e a l s o c o me t o l i g h t w h e r e t h e c r i mi na l s a r e u s i n g cryptography for hiding their transaction.

CYBER CRIMINALS
The cyber criminals constitute of various groups/ category. This division may be justified on the basis of the object that they have in their mind. The following are the category of cyber criminals1. Children and adolescents between the age group of 6 18 years The simple reason for this type of delinquent behaviour pattern in children is seen mostly due to the inquisitiveness to know and explore the things. Other cognate reason may be to prove themselves to be outstanding amongst other children in their group. Further the reasons may be psychological even. E.g. the Bal Bharati (Delhi) case was the outcome of harassment of the delinquent by his friends. 2. Organized hackers These kinds of hackers are mostly organized together to fulfill certain objective. The reason may be to fulfill their political bias, fundamentalism,

etc.The Pakistanis are said to be one of the best quality hackers in the world. They mainly target the Indian government sites with the purpose to fulfill their political objectives. Further the NASA as well as the Microsoft sites is always under attack by the hackers 3. Professional hackers / crackers Their work is motivated by the colour of money. These kinds of hackers are mostly employed to hack the site of the rivals and get credible, reliable and valuable information. Further they are ven employed to crack the system of the employer basically as a measure to make it safer by detecting the loopholes. 4. Discontented employees

Working of Cyber Criminals

Cyber crime has become a profession and the demographic of your typical cyber criminal is changing rapidly, from bedroom-bound geek to the type of organized gangster more traditionally associated with drug-trafficking, extortion and money laundering. It has become possible for people with comparatively low technical skills to steal thousands of pounds a day without leaving their homes. In fact, to make more money than can be made selling heroin (and with far less risk), the only time the criminal need leave his PC is to collect his cash. Sometimes they don't even need to do that. In all industries, efficient business models depend upon horizontal separation of production processes, professional services, sales channels etc. (each requiring specialized skills and resources), as well as a good deal of trade at prices set by the market forces of supply and demand. Cyber crime is no different: it boasts a buoyant international market for skills, tools and finished product. It even has its own currency. The rise of cyber crime is inextricably linked to the ubiquity of credit card transactions and online bank accounts. Get hold of this financial data and not only can you steal silently, but also through a process of virus driven

automation with ruthlessly efficient and hypothetically infinite frequency. The question of how to obtain credit card/bank account data can be answered by a selection of methods each involving their own relative combinations of risk, expense and skill. The most straightforward is to buy the finished product. In this case well use the example of an online bank account. The product takes the form of information necessary to gain authorized control over a bank account with a six- figure balance. The cost to obtain this information is $400 (cyber criminals always deal in dollars). It seems like a small figure, but for the work involved and the risk incurred its very easy money for the criminal who can provide it. Also remember that this is an international trade; many cyber-criminals of this ilk are from poor countries in Eastern Europe, South America or South-East Asia.

The probable marketplace for this transaction will be a hidden IRC (Internet Relay Chat) chatroom. The $400 fee will most likely be exchanged in some form of virtual currency such as e-gold.

Not all cyber-criminals operate at the coalface, and certainly dont work exclusively of one another; different protagonists in the crime community perform a range of important, specialized functions. These broadly encompass:

Coders comparative veterans of the hacking community. With a few years' experience at the art and a list of established contacts, coders produce ready-to-use tools (i.e. Trojans, mailers, custom bots) or services (such as making a binary code undetectable to AV engines) to the cyber crime labour. force the kids. Coders can make a few hundred dollars for every criminal activity they engage in. Kids so-called because of their tender age: most are under 18. They buy, trade and resell the elementary building blocks of effective cyber-scams such as spam lists, php mailers, proxies, credit card numbers, hacked hosts,

scam pages etc. Kids will make less than $100 a month, largely because of the frequency of being ripped off by one another. Drops the individuals who convert the virtual money obtained in cyber crime into real cash. Usually located in countries with lax e-crimelaws (Bolivia, Indonesia and Malaysia are currently very popular), they represent safe addresses for goods purchased with stolen financial details to be sent, or else safe legitimate bank accounts for money to be transferred into illegally, and paid out of legitimately. Mobs professionally operating criminal organizations combining or utilizing all of the functions covered by the above. Organized crime makes particularly good use of safe drops, as well as recruiting accomplished coders onto their payrolls. Gaining control of a bank account is increasingly accomplished through phishing. There are other cyber crime techniques, but space does not allow their full explanation. All of the following phishing tools can be acquired very cheaply:a scam letter and scam page in your chosen language, a fresh spam list, a selection of php mailers to spam-out 100,000 mails for six hours, a hacked website for hosting the scam page for a few days, and finally a stolen but valid credit card with which to register a domain name. With all this taken care of, the total costs for sending out 100,000 phishing emails can be as little as $60. This kind of phishing trip will uncover at least 20 bank accounts of varying cash balances, giving a market value of $200 $2,000 in e-gold if the details were simply sold to another cyber criminal. The worst-case scenario is a 300% return on the investment, but it could be ten times that. Better returns can be accomplished by using drops to cash the money. The risks are high, though: drops may take as much as 50% of the value of the account as commission, and instances of ripping off or grassing up to the police are not uncommon. Cautious phishers often separate themselves from the physical cashing of their spoils via a series of drops that do not know one another. However, even taking into account the 50% commission, and a 50% rip-off rate, if we assume a single stolen balance of $10,000 $100,000,

then the phisher is still looking at a return of between 40 and 400 times the meagre outlay of his/her phishing trip.

In large operations, offshore accounts are invariably used to accumulate the criminal spoils. This is more complicated and far more expensive, but ultimately safer. The alarming efficiency of cybercrime can be illustrated starkly by comparing it to the illegal narcotics business. One is faster, less detectable, more profitable (generating a return around 400 times higher than the outlay) and primarily non-violent. The other takes months or years to set-up or realise an investment, is cracked down upon by all almost all governments internationally, fraught with expensive overheads, and extremely dangerous. Add phishing to the other cyber-criminal activities driven by hacking and virus technologies such as carding, adware/spyware planting, online extortion, industrial spying and mobile phone dialers and youll find a healthy community of cottage industries and international organizations working together. productively and trading for impressive profits. Of course these people are threatening businesses and individuals with devastating loss, financial hardship and troubling uncertainty and must be stopped. On top of viruses, worms, bots and Trojan attacks, organizations in particular are contending with social engineering deception and traffic masquerading as legitimate applications on the network. In a reactive approach to this onslaught, companies have been layering their networks with stand alone firewalls, intrusion prevention devices, anti-virus and anti-spyware solutions in a desperate attempt to plug holes in the armoury. They're beginning to recognize it's a failed strategy. After all, billions of pounds are being spent on security technology, and yet security breaches continue to rise. To fight cyber crime there needs to be a tightening of international digital legislation and of cross-border law enforcement co-ordination. But there also needs to be a more creative and inventive response from the organisations under threat. Piecemeal, reactive security solutions are giving way to strategically deployed multi-threat security systems. Instead of having

to install, manage and maintain disparate devices, organizations can consolidate their security capabilities into a commonly managed appliance.

THREE WAYS TO DETER CYBER CRIMES 1. Organizing to combat fraud 2. Implementing secure browsers 3. Using integrated, single sign on

Organizing to combat fraud. Business fraud incidents are significant (albeit under reported) as related by major security companies and members of industry entities such as the Financial Services-Information Sharing and Analysis Center. Formed by presidential directive in 1999, FS-ISAC, now has 4,100 members from institution, brokerage and insurance sectors. Members successfully share threat vulnerabilities through a network of trust that guarantees anonymity, while reporting important threat information to financial industry, government and other industry sectors, says FS-ISAC president William B. Nelson. . Implementing secure browsers The secure browser solves the openness problem of the Internet without plunging the world back into private networks. Much like a dedicated business to bank connection, the secure browser uses only the rendering portion of the browser and restricts URL destinations with a bank and company controlled list through entitlements and self-tests for changes indicating malware such as Trojans. This creates a secure connection akin to a virtual private network, but without the technical requirements and cost overhead. Like a regular browser, the secure browser performs site authentication, but it shuts the user down if a site is not authenticated, rather than asking the normal user to decide whether it is okay to continue during an abnormal even. Using integrated, single sign on.

Independent integrated SSO solutions are appearing to fill the security gaps of online business banking and cash management solutions, which were never intended as portal or SSO solutions. The new integrated SSO combines user credential management for entity Websites with browser validation with a multi-layered security approach including strong authentication, software based keyboards to thwart keyloggers, one-time perishable passcode generation and utilization, and strong authentication of destination Websites to prevent DNS poisoning and pharming. The global economic costs of cyber crime are estimated at more than one trillion dollars and costs to the U.S. at about $8 billion. The banking industry is moving to shared fraud analytics to detect cyber crime in flight, but it should also be prevented at the outset. Financial products with built-in security are absolutely essential. Industry groups, banks and technology companies are emerging to fill the gaps and build the online experience with the proper foundation to mitigate threats that have moved beyond network perimeters to applications and data.

PREVENTION OF CYBER CRIME: Prevention is always better than cure. It is always better to take certain precaution while operating the net. The 5P mantra for online security is Precaution, Prevention, Protection, Preservation and Perseverance. The following things should always be kept in mind: As an Enterprise Employ defense-in-depth strategies, which emphasize multiple, overlapping, and mutually supportive defensive systems to guard against single-point failures in any specific technology or protection method. This should include the deployment of regularly updated antivirus, firewalls, intrusion detection, and intrusion protection systems on client systems.

Turn off and remove services that are not needed.

If malicious code or some other threat exploits one or more network services, disable or block access to those services until a patch is applied. Consider implementing network compliance solutions that will help keep infected mobile users out of the network. Enforce an effective password policy. Configure mail servers to block or remove email that contains file attachments that are commonly used to spread viruses, such as .VBS,BAT, .EXE, ., and SCR files. Isolate infected computers quickly to prevent the risk of further infection within the organization. Perform a forensic analysis and restore the computers using trusted media. Train employees to not open attachments unless they are expected and come from a known and trusted source, and to not execute software that is downloaded from the Internet unless it has been scanned for viruses. Ensure that emergency response procedures are in place. This includes having a backup-and-restore solution in place in order to restore lost or compromised data in the event of successful attack or catastrophic data loss. Educate management on security budgeting needs. Test security to ensure that adequate controls are in place. Be aware that security risks may be automatically installed on computers with the installation of file sharing programs, free downloads, and freeware and shareware versions of software. Clicking on links and/or attachments in email messages may also expose computers to unnecessary risks. Ensure that only applications approved by the organization are deployed on desktop computers. As a Consumer

Consumers should use an Internet security solution that combines anti virus, firewall, intrusion detection, and vulnerability management for maximum protection against malicious code and other threats. Consumers should ensure that security patches are up to date and that they are applied to all vulnerable applications in a timely manner. Consumers should ensure that passwords are a mix of letters and numbers, and should change them often. Passwords should not consist of words from the dictionary. Consumers should never view, open, or execute any email attachment unless the attachment is expected and the purpose of the attachment is known. Consumers should keep virus definitions updated regularly. By deploying the latest virus definitions, consumers can protect their computers against the latest viruses known to be spreading in the wild.

CONCLUSION

Lastly I conclude by saying that Thieves are not born, but made out of opportunities. This quote exactly reflects the present environment related to technology, where it is changing very fast. By the time regulators come up with preventive measures to protect customers from innovative frauds, either the environment itself changes or new technology emerges. This helps criminals to find new areas to commit the fraud. Computer forensics has developed as an indispensable tool for law enforcement. But in the digital world, as in the physical world the goals of law enforcement are balanced with the goals of maintaining personal liberty and privacy. Jurisdiction over cyber crimes should be standardized around the globe to make swift action possible against terrorist whose activities are endearing security worldwide. The National institute of justice, technical working group digital evidence are some of the key organization involved in research. The ATM fraud is not the sole problem of banks alone. It is a big threat and it requires a coordinated and cooperative action on the part of the bank, customers and the law enforcement machinery. The ATM frauds not only cause financial loss to banks but they also undermine customers' confidence in the use of ATMs. This would deter a greater use of ATM for monetary transactions. It is therefore in the interest of banks to prevent ATM frauds. There is thus a need to take precautionary and insurance measures that give greater "protection" to the ATMs, particularly those located in less secure areas. The nature and extent of precautionary measures to be adopted will, however, depend upon the requirements of the respective banks. Internet Banking Fraud is a fraud or theft committed using online technology to illegally remove money from a bank account and/or transfer money to an account in a different bank. Internet Banking Fraud is a form of identity theft and is usually made possible through techniques such as phishing.

Credit card fraud can be committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Cyber space and cyberpayment methods are being abused by money launderers for converting their dirty money into legal money. For carrying out their activities launderers need banking system. Internet, online banking facilitates speedy financial transactions in relative anonymity and this is being

exploited by the cyber money launderers. Traditional systems like credit cards had some security features built into them to prevent such crime but issue of emoney by unregulated institutions may have none. Preventing cyber money laundering is an uphill task which needs to be tackled at different levels. This has to be fought on three planes, first by banks/ financial institutions, second by nation states and finally through international efforts. The regulatory framework must also take into account all the related issues like development of e-money, right to privacy of individual. International law and international co-operation will go a long way in this regard. Capacity of human mind is unfathomable. It is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. Further I all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime

BIBLIOGRAPHY

BOOKS REFERRED:
MARKETING IN BANKING SERVICES

MARKETING AND FINANCE- BY MICHAEL VAZ & VINAYAK PARALIKAR

WEBSITES REFERRED:

WWW.WIKIPEDIA.COM

WWW.BANKINGSECTOR.COM

WWW.CYBERCRIME.COM

WWW.GOOGLE.COM

www.scmagazineus.com