A United Nations officer issued a cheque on his nationalized bank account. The cheque bounced despite his having deposited a big sum a few days back. He complained to the bank only to be told that Rs 75,000 was withdrawn in a number of transactions in Romania, a country he has never visited.
The police suspect that the account was hacked on internet. This is not the lone case of fraudulent activity in an Indian bank. Bank fraud is a big business in today's world. With more educational qualifications, banking is becoming impersonal and an increase in banking sector has given rise to this white collar crime. In many cases, the involvement of bank officials, as deliberate colluders, is also suspected.
With the introduction of internet universal banking, the number of bank frauds has more than doubled in five years. There were 10,450 cases of such cases in 2004-05, which rose to 13,914 in 2005-06 and 23, 914 in 2008-09. The figures are as per cases recorded with the Central Bureau of Investigation. It is assumed that there are many more cases, which are settled at the banks' end and no complaints are lodged officially.
The frauds have cost the depositors Rs 779 crore in 2004-05. It almost doubled to Rs 1381 crore the next year. In 2008-09, the figure rose to Rs 1883 crore. The figures given - Rs 4,043 crore in these deals - are again not conclusive. The actual figure may be much more. Both bank and forensic officials are baffled at this massive level of fraud. In 2004-05, there were 96 cases in which over Rs 1 crore was swindled away in each transaction. This rose to 212 in 2008-09.
Apparently no depositor is safe. Chances of swindling increase seemingly with the size of the bank. A multi-crore fake cheques scam estimated to the tune of Rs 52 crore was exposed in the Kanpur main branch of the State Bank of India last August. Seven bank officials, including one assistant general manager and two chief managers were suspended. The bank's audit team found that the fraud involved clearing of fake cheques in the bank account of an influential petrol pump owner. He is believed to have fled the country. This is stated to be the biggest fraud in the Kanpur-Lucknow region.
This banking fraud is basically classified as fraud by insider and fraud by others. It involves a highly placed insider nominally authorized to invest sizeable funds on behalf of the bank; as it happened in the Kanpur case. This person secretly makes aggressive and risky investments using the bank's money and when one investment goes bad, he engages in further market speculation in the hope of a quick profit, which would hide or cover the loss. Many such transactions found their way even to the stock market though investments in other speculative activities are also not uncommon.
Unfortunately, when one investment loss is piled onto another, the costs to the bank can reach into hundreds of crore of rupees. Remember, many of the US and western banks went out of business for such activities in 2008.
The banking fraud is classified as fraudulent loans, wire frauds, forged or fraudulent documents, uninsured deposits, theft of identity, demand draft frauds, forgery and altered cheques, accounting fraud, bill discounting fraud, credit card fraud, fraudulent loan applications, phishing and internet frauds. While some of these existed in one or the other form even earlier, the magnitude was far less. New technology has added to the woes of the investigators as it not only involved complex accounting processes but also complicated technology and software applications.
A computer crime may be committed in one country and its result can be found in another country. There has been a lot of jurisdictional problem and though the Interpol helps, it too has its limitations. Different treaties and conventions have created obstructions in relation to tracking of cyber criminals hiding or operating in other nations.
It is described as a no-scene crime. The usual crime scene is the cyber space. The terminal may be anywhere and the criminal need not indicate the place. The only evidence a criminal leaves behind is the loss to the bank. The major advantage the criminal has in instituting a computer crime is that there is no personal exposure, no written documents, no signatures, no fingerprints or voice recognition. The criminal is truly and in the strict sense faceless.
There are certain spy softwares which are utilized to find out passwords and other vital entry information to a computer system. The entry is gained through a spam or bulk mail. This is called phishing. A number of programmes called "Trojan horse" programmes have also been used to snoop on the internet users while online, capturing keystrokes or confidential data.
The information thus stolen is then used in other frauds, such as theft of identity or online fraud. Though using debit and ATM card is stated to be safe by banks, technological experts say that pin numbers and other details can easily be cloned or pilfered and misused as one feeds the machine. The experts also advice not to put credit card ATM details ever on the internet for any kind of transactions. The information travels to a chain of computers and could be intercepted at any point.
International internet transactions are always fraught with risk. The CBI and banks are now putting their heads together to create a firewall and improve the forensic techniques. However, the nature of transaction that has to allow access to the accounts of the banks pose a daunting challenge. Some elements have suggested closing the direct internet transactions at least at international level. It is a matter of probe whether terrorist groups are part of cyber crime or not.
The existing Indian laws are not at all adequate to counter cyber crimes. The Indian Penal Code, Evidence Act, and Criminal Procedure Code have no clue about computers when they were codified. The IT Act is there but it is inadequate. Banks are clueless at stopping this crime. The alternate is to utilize the banking services in the conventional paper method till a foolproof system evolves.
By Shivaji Sarkar