Beruflich Dokumente
Kultur Dokumente
Banking system occupies an important place in a nations economy. A banking institution is indispensable in a modern society. It plays a pivotal role in economic development of a country and forms the core of the money market in an advanced country. Banking industry in India has traversed a long way to assume its present stature. It has undergone a major structural transformation after the nationalization of 14 major commercial banks in 1969 and 5 more on 15 April 1980. Banks are the engines that drive the operations in the financial sector, which is vital for the economy. With the nationalization of banks in 1969, they also have emerged as engines for social change. After Independence, the banks have passed through three stages. They have moved from the character based lending to ideology based lending to today competitiveness based lending in the context of India's economic liberalization policies and the process of linking with the global economy. A sound banking system should possess three basic characteristics to protect depositors interest and public faith. Theses are (i) a fraud free culture, (ii) a time tested Best Practice Code, and (iii) an in house immediate grievance remedial system. All these conditions are their missing or extremely weak in India.
Section 5(b) of the Banking Regulation Act, 1949 defines banking as Banking is the accepting for the purpose of lending or investment, deposits of money from the purpose of lending or investment, deposits of money from the
1
public, repayable on demand or otherwise and withdraw able by cheque, draft, order or otherwise. In the present day, Global Scenario Banking System has acquired new dimensions. Banking did spread in India. Today, the banking system has entered into competitive markets in areas covering resource mobilization, human resource development, customer services and credit management as well. With the rising banking business, frauds in banks are also increasing and the fraudsters are becoming more and more sophisticated and ingenious. In a bid to keep pace with the changing times, the banking sector has diversified its business manifold. Replacement of the philosophy of class banking with mass banking in the post-nationalization period has thrown a lot of challenges to the management on reconciling the social responsibility with economic viability. The banking system in our country has been taking care of all segments of our socio-economic set up. A bank fraud is a deliberate act of omission or commission by any person carried out in the course of banking transactions or in the books of accounts, resulting in wrongful gain to any person for a temporary period or otherwise, with or without any monetary loss to the bank.
Definition of Fraud:
Fraud is defined as any behavior by which one person intends to gain a dishonest advantage over another. In other words , fraud is an act or omission which is intended to cause wrongful gain to one person and wrongful loss to the other, either by way of concealment of facts or otherwise. Fraud is defined u/s 421 of the Indian Penal Code and u/s 17 of the Indian Contract Act. Thus essential elements of frauds are:
2
1. There must be a representation and assertion; 2. It must relate to a fact; 3. It must be with the knowledge that it is false or without belief in its truth; and 4. It must induce another to act upon the assertion in question or to do or not to do certain act. A false representation of a matter of fact whether by words or by conduct, by false or misleading allegations, or by concealment of what should have been disclosed that deceives and is intended to deceive another so that the individual will act upon it to her or his legal injury. In law, the deliberate misrepresentation of fact for the purpose of depriving someone of a valuable possession or legal right. Any omission or concealment that is injurious to another or that allows a person to take unconscionable advantage of another may constitute criminal fraud. The most common type of fraud is the obtaining of property by giving a check for which there is insufficient funds in the signer's account. Another is the assumption of someone else's or a fictitious identity with the intent to deceive. Also important are mail and wire fraud (fraud committed by use of the postal service or electronic devices, such as telephones or computers). A tort action based on fraud is sometimes referred to as an action of deceit.
Bank Frauds:
Losses sustained by banks as a result of frauds exceed the losses due to robbery, dacoit, burglary and theft-all put together. Unauthorized credit facilities are extended for illegal gratification such as case credit allowed against pledge of goods, hypothecation of goods against bills or against book debts. Common modus operandi are, pledging of spurious goods, in letting the value of goods, hypothecating goods to more than one bank, fraudulent removal of goods with the knowledge and connivance of in negligence of bank staff, pledging of goods belonging to a third party. While the operations of the bank have become increasingly significant, there is also an occupation hazard. There is a Tamil proverb, which says that a man who collects honey will always be tempted to lick his fingers. Banks are all the time dealing with money and the temptation should therefore is very high. Oscar Wilde said that the thief was an artist and the policeman was only a critic. There are many people who are unscrupulous and are able to perpetrate a fraud. We must be able to see that we devise our systems and procedures in such a way that the scope for such clever and unscrupulous people is reduced. Frauds in deposit accounts take place by opening of bogus accounts, forging signatures of introducers and collecting through such accounts stolen or forged cheques or bank drafts. Frauds are also committed in the area of granting overdraft facility in the current accounts of customers. A large number of frauds have been committed through bank draft, mail transfers and telegraphic transfers. An analysis made of cases brings out broadly the under mentioned four major elements responsible for the commission of frauds in banks.
4
1. Active involvement of the staff-both supervisor and clerical either independent of external elements or in connivance with outsiders. 2. Failure on the part of the bank staff to follow meticulously laid down instructions and guidelines. 3. External elements perpetuating frauds on banks by forgeries or manipulations of cheques, drafts and other instruments. 4. There has been a growing collusion between business, top banks executives, civil servants and politicians in power to defraud the banks, by getting the rules bent, regulations flouted and banking norms thrown to the winds.
2. Rogue traders
A rogue trader is a highly placed insider nominally authorised to invest sizeable funds on behalf of the bank; this trader secretly makes progressively more aggressive and risky investments using the bank's money, when one investment goes bad, the rogue trader engages in further market speculation in the hope of a quick profit which would hide or cover the loss. Unfortunately, when one investment loss is piled onto another, the costs to the bank can reach into the hundreds of millions of dollars; there have even been cases in which a bank goes out of business due to market investment losses.
3. Fraudulent loans
One way to remove money from a bank is to take out a loan, a practice bankers would be more than willing to encourage if they know that the money will be repaid in full with interest. A fraudulent loan, however, is one in which the borrower is a business entity controlled by a dishonest bank officer or an accomplice; the "borrower" then declares bankruptcy or vanishes and the money is gone. The borrower may even be a non-existent entity and the loan merely an artifice to conceal a theft of a large sum of money from the bank.
5. Uninsured deposits
There are a number of cases each year where the bank itself turns out to be uninsured or not licensed to operate at all. The objective is usually to solicit for deposits to this uninsured "bank", although some may also sell stock representing ownership of the "bank". Sometimes the names appear very official or very similar to those of legitimate banks. For instance, the "Chase Trust Bank" of Washington D.C. appeared in 2002 with no licence and no
8
affiliation to its seemingly apparent namesake; the real Chase Manhattan Bank is based in New York. There is a very high risk of fraud when dealing with unknown or uninsured institutions. The risk is greatest when dealing with offshore or Internet banks (as this allows selection of countries with lax banking regulations), but not by any means limited to these institutions.
Instead of tampering with a real cheque, some fraudsters will attempt to forge a depositor's signature on a blank cheque or even print their own cheques drawn on accounts owned by others, non-existent accounts or even alleged accounts owned by non-existent depositors. The cheque will then be deposited to another bank and the money withdrawn before the cheque can be returned as invalid or for non-sufficient funds.
8. Stolen cheques
Some fraudsters obtain access to facilities handling large amounts of cheques, such as a mailroom or post office or the offices of a tax authority (receiving many cheques) or a corporate payroll or a social or veterans' benefit office (issuing many cheques). A few cheques go missing; accounts are then opened under assumed names and the cheques (often tampered or altered in some way) deposited so that the money can then be withdrawn by thieves. Stolen blank cheque books are also of value to forgers who then sign as if they were the depositor
9. Accounting fraud
In order to hide serious financial problems, some businesses have been known to use fraudulent bookkeeping to overstate sales and income, inflate the worth of the company's assets or state a profit when the company is operating at a loss. These tampered records are then used to seek investment in the company's bond or security issues or to make fraudulent loan applications in a final attempt to obtain more money to delay the inevitable collapse of an unprofitable or mismanaged firm.
10
Accounting fraud has also been used to conceal other theft taking place within a company.
11.Cheque kiting
Cheque kiting exploits a system in which, when a cheque is deposited to a bank account, the money is made available immediately even though it is not removed from the account on which the cheque is drawn until the cheque actually clears. Deposit Rs.1000 in one bank, write a cheque on that amount and deposit it to your account in another bank; you now have Rs2000 until the cheque clears.
11
In-transit or non-existent cash is briefly recorded in multiple accounts. A cheque is cashed and, before the bank receives any money by clearing the cheque, the money is deposited into some other account or withdrawn by writing more cheques. In many cases, the original deposited cheque turns out to be a forged cheque. Some perpetrators have swapped checks between various banks on a daily basis, using each to cover the shortfall for a previous cheque. What they were actually doing was check kiting; like a kite in the wind, it flies briefly but eventually has to come back down to the ground.
i) Booster cheques:
A booster cheque is a fraudulent or bad cheque used to make a payment to a credit card account in order to "bust out" or raise the amount of available credit on otherwise-legitimate credit cards. The amount of the cheque is credited to the card account by the bank as soon as the payment is made, even though the cheque has not yet cleared. Before the bad cheque is discovered, the perpetrator goes on a spending spree or obtains cash advances until the newly-"raised" available limit on the card is reached. The original cheque then bounces, but by then it is already too late.
clients' credit card numbers for later misuse (or a thief using carbon copies from old mechanical card imprint machines to steal the info) to the use of tampered credit or debit card readers to copy the magnetic stripe from a payment card while a hidden camera captures the numbers on the face of the card. Some thieves have surreptitiously added equipment to publicly accessible automatic teller machines; a fraudulent card stripe reader would capture the contents of the magnetic stripe while a hidden camera would sneak a peek at the user's PIN. The fraudulent equipment would then be removed and the data used to produce duplicate cards that could then be used to make ATM withdrawals from the victims' accounts.
14. Impersonation:
Impersonation has become an increasing problem; the scam operates by
14
obtaining information about an individual, then using the information to apply for identity cards, accounts and credit in that person's name. Often little more than name, parents' name, date and place of birth are sufficient to obtain a birth certificate; each document obtained then is used as identification in order to obtain more identity documents. Government issued standard identification numbers such as "social security numbers" PAN numbers are also valuable to the fraudster. Information may be obtained from insiders (such as dishonest bank or government employees), by fraudulent offers for employment or investments (in which the victim is asked for a long list of personal information) or by sending forged bank or taxation correspondence. In some cases, a name is needed to impersonate a citizen while working as an illegal immigrant but often the identity thieves are using the bogus identity documents in the commission of other crimes or even to hide from prosecution for past crimes. The use of a stolen identity for other frauds such as gaining access to bank accounts, credit cards, loans and fraudulent social benefit or tax refund claims is not uncommon. Unsurprisingly, the perpertators of such fraud have been known to take out loans and disappear with the cash, quite content to see the wrong persons blamed when the debts go bad or the police come calling.
make a risky loan appear to be a sound investment for the bank. Some corporations have engaged in over-expansion, using borrowed money to finance costly mergers and acquisitions and overstating assets, sales or income to appear solvent even after becoming seriously financially overextended.
Phishing means sending an e-mail that falsely claims to be a particular enterprise and asking for sensitive financial information. Phishing, thus, is an attempt to scam the user into surrendering private information that will then be used by the scammer for his own benefit. Phishing uses 'spoofed' e-mails and fraudulent Web sites that look very similar to the real ones thus fooling the recipients into giving out their personal data. Most phishing attacks ask for credit card numbers, account usernames and passwords. According to statistics phishers are able to convince up to five per cent of the recipients who respond to them.
of a special paper with a coating of plastic laminated on both sides of each note to protect the ink and the anti forgery device from damage. More over these notes have security threads, water marks. But these things are not known to the majority of the population. Forged currency notes are in full circulation and its very difficult to catch hold of such forgers as once such notes are circulated its very difficult to track its origin.
describe them as an act involving computer equipment, software or data that results in an unauthorized financial advantage. Worldwide frauds in computerized environment cause losses running into very large sums. Although in India, frauds committed so far have not revealed any extensive manipulation of computer systems, it is no doubt a potentially high-risk area, which should be addressed carefully and in timely manner. According to a recent survey, companies in India have not addressed security issues appropriately.
1) Manipulation:
In an ideal situation, where information systems have all the necessary controls, which are properly integrated with other manual controls and maintained, there will generally be no cause of worry. It is however, not so. Not only, most system controls are not perfect, people also try to manipulate systems for variety of motives from games playing, ego peer pressure, and hatred for the organization, emotional maladjustment, blackmail and economic gains. Such people could be insiders, outsiders as well as vendors, competitors in fact any one. Computer frauds gain their criticality as they are easy to commit, difficult to detect and even harder to prove. The most important type of such frauds is committing the fraud by manipulation of input, output or throughput of a computer system.
a) Input Manipulation:
In input manipulation, input data such as deposit amounts in ledgers, limits in accounts or face value of cheques are changed.
19
b) Output manipulation:
Output manipulation is achieved by affecting the output of the system, such as use of stolen or falsified cards in ATM machines.
c) Throughput manipulation:
Throughput manipulation could be by rounding off sums credited to different accounts and siphoning of the rounded digits to another account. No system is foolproof and fraudulent transfers can occur in even highly automated and secure funds transfer systems.
2) Unauthorized use:
Other types of such frauds or crimes could be unauthorized access to computers by hacking into systems or stealing passwords, deliberate damage caused to computer data or programs, computer forgery (changing of data or images stored in computers) and un-authorized reproduction / modification of computer programs.
3) Awareness:
Other important causes of such frauds are lack of employee awareness, poor implementation of security policies and segregation of duties, vendor products with weak security controls, outsourced service providers and hackers (many as young as school students). Computer frauds in such cases are generally for economic benefit to the fraudster and corresponding loss to the organization Other sources of computer crimes are terrorists, organized criminals and groups hating the organization.
20
Components of Fraud:
There are two important components in any fraud committed by an employee of a bank, himself or in collusion with a burrower. They are, firstly, the intention which is subjective; and secondly, the opportunity which is objective. Conditions must be created in the bank that the person who intends perpetrating a fraud does not get the opportunity to commit it. In India, the design, management and regulation of electronically-based payments system are becoming the focus of policy deliberations. The imperatives of developing an effective, efficient and speedy payment and settlement systems are getting sharper with introduction of new instruments such as credit cards, telebanking, ATMs, retail Electronic Funds Transfer (EFT) and Electronic Clearing Services (ECS). We are moving towards smart cards, credit and financial Electronic Data Interchange (EDI) for straight through processing. We are basically concerned about computer frauds committed by an unauthorized user (whether insider or outsider) to the computer networks, which
21
aims at causing economic or financial gains to the user by this act or an economic or financial loss to the information system (i.e. hardware, software and data) owner.
Execution of Documents:
1. A bank officer must adopt a strict professional approach in the execution of documents. The ink and the pen used for the execution must be maintained uniformly. 2. Bank documents should not be typed on a typewriter for execution.
22
These should be invariably handwritten for execution. 3. The execution should always be done in the presence of the officer responsible for obtain them, 4. The borrowers should be asked to sign in full signatures in same style throughout the documents. 5. Unless there is a specific requirement in the document, it should not be got attested or witnessed as such attestation may change the character of the instruments and the documents may subject to stamp duty. 6. The paper on which the bank documents are made should be pilfer proof. It should be unique and available to the banks only. 7. The printing of the bank documents should have highly artistic intricate and complex graphics. 8. The documents executed between Banker and Borrowers must be kept in safe custody, One issue when a fraud is perpetrated is who should be held responsible. For instance in the case of the borrower-based accounts, there is the person who posts the accounts, there is the person who passes the instrument and, there is a third person who makes the payment. It has been suggested that there must be a method of isolating the person who makes the payment from the people who make the posting or pass the order. The relative responsibility of the three will have to be fixed. This is an issue that has been raised before me by one of the Chairman of the banks. Perhaps in a programme like this we will be able to go into such issues and evolve guidelines about what should be done so that while the innocent is not punished, the guilty are not spared. Another issue, which is of importance to the Indian economy. This is the
23
reported fear of many officers, especially in the middle levels in the banks, to take decisions regarding dispersal of funds. As a result, there is always a tendency to push the case upwards and the whole banking system is operating in a sub-optimal manner. We must be able to find a solution to this. In fact, the whole vigilance function can become an effective function for economic growth if we are able to create an environment in which the honest are encouraged to take the decision and the dishonest are punished quickly. Bank frauds are the failure of the banker. It does not mean that the external frauds do not defraud banks. But if the banker is upright and knows his job, the task of defrauder will become extremely difficult, if not possible.
a) Appropriate controls:
The first steps in prevention of frauds in computerized systems involve setting up of proper access controls both physical and logical. The physical protection of Information System assets means physical control of access to computer and network systems and the devices to which they are connected. Access to these
24
systems could be controlled by security guards, installation of code locks, smart card driven door opening devices or modern biometric devices (which control the access on the basis of certain individual characteristics such as finger-prints, eyes retina image etc., which cannot be changed or falsified). However, in a computerized environment, logical access controls (i.e. controls to operating systems, data-base systems as well as application systems) play more important role. Adequate controls over system software and data is done by keeping a strict control over functional division of labor between all classes of employees, keeping in mind the principle of least privilege and that maker and checker. A clear segmentation of access to system engineers, programmers and administrators is also done depending on their work responsibility. Information System Auditors / Security Management must exercise a great deal of creativity in identifying ways in which unauthorized users could gain access. Hence, the first step in prevention of computer frauds is setting up of the appropriate controls.
b) Proper Implementation:
The Second step in prevention of frauds would be to ensure that the users properly implement the control systems. Control measures could be either software driven like passwords or system driven like exception reports and transaction authorization processes. In this connection, it may be noted that access controls are a system in themselves and existence of such controls means existence and maintenance of such control systems. In the case of passwords, as access control measures. It may be noted that merely having passwords is not sufficient. It should also be ensured that
25
password have been prescribed to have certain minimum characters, are stored in encrypted files, there is a forced change of passwords at the time of first login as well as after a specified period. These features however depend on the security policy of the organization. Systems are also designed to keep a chronological record of the events occurring in the system (i.e. commands executed by the users, actions on files, messages displayed by the system, resources consumption by the users, transaction entry and security violations) in the form of audit trails. These can be built in operating systems, database management systems as well as application software. A regular analysis of audit trails as control measure helps in containing any future loss through fraud. However, although having good controls and maintaining them is a major step in prevention of frauds it is still not sufficient to prevent them. Even with the best of systems and their maintenance, all the possibilities of their misuse can neither be predicted nor tested. Even when the best of the access controls tools are used and monitored, when data flows from within the network through data communication lines or from one network to another or through Internet, protection of the data becomes an important tool for prevention of frauds. For this, one can either depend on simple processes like check sum or hash totals built in the software or may require using encryption technology or cryptography. The complexity and cost of implementation of these methods varies a lot and is, hence, decided by the risk element.
26
Examples:
1) When data relating to inter-branch reconciliation flows through network simple processes like check sum or hash totals may suffice. However, in the case of INFINET used for Real Time Gross Settlement, which uses dial-up connections, leased lines as well as VSAT technology for access, use of Public Key Infrastructure (PKI) with a larger key-size is necessitated.
2) Firewalls for computer networks are another important tool in prevention of frauds when access is allowed across networks or Internet. They are used to enforce an access control policy across the networks. They allow only authorized traffic to pass and prevent unauthorized access. They also protect sensitive data and provide audit or logging information. As such they provide a focal point for monitoring and log access to the network and thus limit exposure of network services.
3) Present technology also makes us available what is called as Intruder Detection Systems (IDS). IDS are systems build up to detect intruders entering the network. It is the process of identifying and responding to malicious activity targeted at computing and networking resources and is an important component of defensive measures protecting computer system and networks from abuses. There are different kinds of IDS:
i) Network Intrusion Detection Systems (NIDS) monitor packets on the network and attempt to discover if a hacker is trying to break into a system. ii) System Integrity Verifiers (SIV) monitors system files to detect when an
27
intruder changes them and send alert. iii) Log File Monitor (LFM) monitors log files generated by network and look for patterns in the log files that suggest an intruder is attacking. Once the hacker gets into the network it triggers an alarm at the same time. As firewall acts like a fence around the network, it cannot on its own detect somebody trying to break in. It restricts access at the designated points. IDS, on the other hand, are intended to recognize attacks against the network that firewall are unable to see. 80% of all the financial losses are due to hacking that come from inside the network. Firewall cannot see anything happening inside the network. Firewall checks for traffic which passes between internal network and the Internet. Adding IDS will double-check miss-configured firewalls; catch attempts that fail; catch insider hacking; record electronic evidence.
officer, in his own mind. 4. It is advisable to keep the central office informed about the fraud and further developments in regard thereto. One method of detection will be only by regular checks and this is where apparently there is slackness today. Ultimately we must be able to create in our banks an atmosphere of trust on the one side and transparency on the other so that frauds if they occur are immediately detected, checked and penalized. Apart from the systems and procedures, ultimately the whole issue boils down to the values we have. Today we are highly tolerant of corruption. We also have in our Hindu philosophy the two basic principles, which seem to indirectly encourage corruption. These are extreme tolerance and the prayaschitta principle. As a result many people who commit frauds can literally get away freely. Our systems are really to be blamed. As it is seen, if we make a quick analysis of 100 people in any given organisation, 10% may be honest and 10% dishonest whatever we do. 80% depend on the systems we have. And our systems encourage corruption due to the following factors: Scarcity of goods and services Lack of transparency Delay and red tape Cushions of safety that have been built for the corrupt on the healthy principle that everybody is innocent till proved guilty. We have got voluminous vigilance manuals and the corrupt can find always some method of escaping punishment by exploiting some loophole or other. This must be checked. Do not know to what extent the bank frauds can be attributed to the people in
29
our own banking system that, because of loyalty of the profession or organisation, tends to protect the corrupt. Such people may be doing a disservice to the nation. We should therefore be able to evolve ultimately systems which tackle the corruption promoting factors mentioned above so that the punishment of the corrupt becomes a perceived reality and acts as a check for people who have a tendency to commit frauds. After all that is the way for prevention and detection of frauds.
30
Hi-tech crime
The information technology is changing very fast. The normal investigator does not have the proper background and knowledge .special investigators have to be created to carry out the investigations. the FBI of USA have a cell, even in latest scenario there has been cells operating in the Maharashtra police department to counter cyber crimes.C.B.I also have been asked to create special team for fighting cyber crimes.
International crime:
A computer crime may be committed in one country and the result can be in another country. There has been lot of jurisdictional problem a though the Interpol does help but it too has certain limitations. The different treaties and conventions have created obstructions in relation to tracking of cyber criminals hiding or operation in other nations
No-scene crime:
The computer satellite computer link can be placed or located any where. The usual crime scene is the cyber space. The terminal may be anywhere and the criminal need not indicate the place. The only evidence a criminal leaves behind is the loss to the crime.
Faceless crime:
The major advantage criminal has in instituting a computer crime is that there is no personal exposure, no written documents, no signatures, no fingerprints or voice recognition. The criminal is truly and in strict sense faceless.
31
There are certain spy softwares which is utilized to find out passwords and other vital entry information to a computer system. The entry is gained through a spam or bulk mail. The existing enacted laws of India are not at all adequate to counter cyber crimes. The Indian Penal code, evidence act, and criminal procedure code has no clue about computers when they were codified. It is highly required to frame and enact laws which would deal with those subjects which are new to the country specially cyber law; Intellectual property right etc. The Reserve Bank of India has come up with different proposals to make the way easier, they have enacted electronic fund transfer act and regulations, have amended, The Reserve Bank of India Act, Bankers Book Evidence Act etc., experience of India in relation to information and technology is limited and is in a very immature state. It is very much imperative that the state should seek the help of the experienced and developed nations. As the success of the fraudster depends on how fast their crime is detected among very large number of transactions processed by the organization, auditors and fraud investigators find that computers are their best tools for detection of fraud. Powerful, interactive software that quickly sifts through mountains of electronic data enables auditors to effectively detect and prevent fraud throughout an organization. The benefit is speed. One such tool is the General Audit Software (like ACL - Audit Command Language and IDEA - Interactive Data Extraction & Analysis). Such tools can quickly compare and analyze data to identify patterns and trends that often reveal fraudulent activity. For effectively detecting and preventing fraud, one must be able to recognize
32
fraud and its symptoms. Auditors have been trained to look for anomalies and a data analysis tool can highlight anomalies quickly. However, while gathering evidence for fraud, one will have to be little creative and examine closely any indication of fraud, however, small. In other words, to uncover a fraud, one must think like a thief and not as an auditor. In fact, as such crimes can be committed by comparatively with much less investment and gains to fraudsters may be beyond geographic boundaries. Another way to use such software for prevention of fraud could be identifying organizations risks and exposures and assembling fraud profiles for targeted audits. One should not forget that, in a computerized environment, frauds increase, as fraudsters believe their action near impossible to detect, if detected near impossible to prove, if proved nearly impossible to convict and if convicted, amounts nearly impossible to recover. The problem is compounded in networked banks operating in different nations with different laws. Despite this, it has been observed that frauds perpetrated from across the globe have been detected and amounts recovered by proper combination of technology and sleuthing skills. Hence, while security administrators continually watch incidences and plug the holes, fraud investigators improve their skills and actively liaise with authorities to improve the legal framework.
33
1) Expect fraud:
Nowhere in the world the fraud can be avoided hence the banks can be no exceptions. It is a human tendency of taking the risk to commit the frauds if he finds suitable opportunities. So it is wise to expect the occurrence of the fraud. If the fraud is expected, efforts can be concentrated on the areas, which are fraud prone. Fraud is the game of two. The rule makers and rule breakers. Whoever is strong in the anticipation of the situations wins the game of frauds. Fraud is a phenomenon, which cannot be eliminated, but it needs to be managed.
3) Assess Risk:
Look at the ways fraud can happen in the organization. It is very important to study the trend and the style of frauds in the bank. Some of the big
35
nationalized banks maintain the databases of the fraud cases reported in their banks. But the databases are dumb. They yield nothing unless they are analyzed effectively. Establish regular fraud-detection procedures. It could be in the form of internal audit or it could also be in the form of inspections. These procedures alone discourage employees from committing fraud. In addition to this the Institute of Chartered Accountants of India has issued an Accounting and Assurance standard on internal controls which is a real guideline to test internal controls. Controls break down because people affect them, and because circumstances change.
36
38
3. Daybook should not be written by the Cashier where another person is available to the job. 4. No cash withdrawal should be allowed within passbook in case of withdrawal by pay order. 5. The branch manager should ensure that all staff members have recorder their presence in the attendance registrar, before starting work.
40
CHANGES
IN
LEGISLATIONS
AFTER
ELECTRONIC
TRANSACTIONS:
1. Section 91 of IPC shall be amended to include electronic documents also. 2. Section 92 of Indian Evidence Act, 1872 shall be amended to include commuter based communications. 3. Section 93 of Bankers Book Evidence Act, 1891 has been amended to give legal sanctity for books of account maintained in the electronic form by the banks. 4. Section 94 of the Reserve Bank of India Act, 1939 shall be amended to facilitate electronic fund transfers between the financial institutions and the banks. A new clause has been inserted in Section 58(2).
Keep changing your e-mail password frequently because it can be hacked. Limit the amount of personal information on your cheque. For e.g. drivers license, telephone numbers. A criminal can use this information by applying for credit card or loan, opening a new account. Dont send any personal information to any e-mail ID this can lead phising. Thus above are some the measures that the customer should undertake to avoid any type of bank frauds.
A survey On Frauds:
Highlights of the first annual survey published by India forensic Research Foundation. This study was carried out in the period of August'2006 and February'2007. This is the first independent and privately funded study carried out in India on the banking sector frauds.400 participants contributed their valuable views on this subject. Total fraud loss to Indian Banks in year 2005- 06 was Rs. 1381 crores
42
according to the report published by Reserve Bank of India. Existence of the internal controls is still the methodology in India to catch the frauds. Collusion of the borrowers and the employees is the biggest cause of the bank frauds. At least Rs.690 crores worth of frauds are known to the banks but are not reported to various authorities for reasons like unclear definition of word frauds, damage to the banks image etc. Technology related frauds like (ATM Card, Debit card, Credit card) are expected to be going un-exposed on the vast proportion. Estimated minimum loss to the banking industry because of the unknown frauds could be more than Rs.828 crores. Total impact of frauds on banking revenues = 1.7% of the total consolidated revenues of the banks are lost to frauds. Money laundering is considered to be the risk of frauds in future. Educating the bank employees is the most effective way to prevent the bank frauds.
43
.Survey Report
Findings:
According the survey conducted by me most of the customers know about bank frauds. They have a computational idea of frauds taking place in banks. There are very few, those are not aware of bank frauds.
The survey also revealed the types of bank frauds that the customers know about. The survey included ATM Fraud, Credit card fraud and Online fraud. The following is the graph revealed:
44
Due to computerization banks facilities have increased. There has been increase in frauds also. The following Graph shows the survey on frauds increased or decreased due to computerization.
Following survey shows the number of customers those have experienced the frauds in banks either through banks or by others.
The suggestions that the survey reveal is that there must be some strict actions take against the fraudsters. Banks should provide the necessary information regarding the frauds that the customers can come across. Awareness among the customers regarding frauds is must.
45
such frauds. Preventive measures, for this class of fraud should be taken at the level the custody or control of the funds or property of the bank generally vests. Such a measure should be sufficient, it is extended to these persons who are actually handling or having actual custody or control of the fund or movable properties of the bank.
Theft from lockers and safe deposit vaults are not easy to commit because the master-key remains with the banker and the individual key of the locker is handed over to the costumer with due acknowledgement
8. Offences relating to currency notes and banks notes (Section 489 A-489E,IPC)
These sections provide for the protection of currency-notes and bank notes from forgery. The offences under section are: (a) Counterfeiting currency notes or banks. (b) Selling, buying or using as genuine, forged or counterfeit currency notes or bank notes. Knowing the same to be forged or counterfeit. (c) Possession of forged or counterfeit currency notes or bank-notes, knowing or counterfeit and intending to use the same as genuine. ( d ) M a k i n g o r p a s s i n g i n s t r u me n t s o r ma t e r i a l s f o r f o r g i n g o r c o u n t e r f e i t i n g , currency notes or banks. (e) Making or using documents resembling currency-notes or bank notes.
48
The ideal situation is one there is no fraud, but taking ground realities of the nation's environment and human nature's fragility, an institution should always like to keep the overreach of frauds at the minimum occurrence level. Following are the relevant sections relating to Bank Frauds Indian Penal Code (45 of 1860)
49
Whoever does anything with the intention of causing wrongful gain to one person or wrongful loss to another person is said to do that thing "dishonestly".
50
51
WEDNESDAY, DECEMBER 26, 2007 SOURCE TIMES OF INDIA Card crooks tap into data wires:
First, it was skimmers. Now, credit card crooks in Kolkata may be getting more tech savvy, using wire-tapping gadgets to cash in on unsuspecting card users. It's a new cause of worry for city police and CID. Wire-tapping is a complicated scheme and much more difficult to track down. It's a technical maze that involves telephone wires, receiving-terminals and a cable line parallel with telephone cables to copy the card details when it is swiped for a transaction. The first time that the city police got an inkling of fake credit card rackets in Kolkata was when three Bangladeshis were arrested for using a card whose owner was in Singapore. Wire-tapping is the most likely method, they now say. Though they have not identified a racket as yet, cyber sleuths are sure the card racketeers are running a hi-tech operation in the city. Their suspicions were strengthened when a private bank recently held a workshop for CID to discuss fraud techniques. "We haven't got any case where wire-tapping was used to dupe somebody but we are sure the racketeers are out there. We are trying to find the right technique to detect such crimes and also adopting safe-guard measures," said a senior CID officer. Wiretapping works in three phases. The first phase involves tapping into the wires of the main server to capture card data as it is processed for a legitimate transaction. The next step is to transfer the encoded data to another server, at the fraudster's end, where it is decoded. In the last phase, the data is used to produce counterfeit cards. The technology is definitely more complicated than a
52
skimmer - a gadget which copies the details of a card from a measured distance. In advanced countries, encrypted cables are installed to prevent telephone wire tapping but awareness is low in India. "The cable linking the electronic data capturing machine (EDC) and the distribution point box is a very sensitive area which is targeted by the racketeers. When the card is swiped on the EDC, the machine records the financial data in the card's magnetic strip and feeds it to the DP box, from where it moves to the main server of the telephone service provider and is finally transferred to the servers of banks where the transaction is recorded. The hackers target the area between the EDC and the DP box, tap into the wires, steal data and send it to another server," said an anti-fraud officer of a private bank. Police officers say it is difficult to trace such rackets. "For the first phase, the fraudsters need only a map of the telephone wiring, a receiving terminal and cables matching the ones used by the telephone service provider. These are not very difficult to manage and anybody who has a flair for technology can use it to store the data. High-end technology comes in the next level," said an officer. Police suspect card fraudsters in Kolkata could be using the technology to copy the data and send it to other cities in India and abroad. They have a good reason to suspect this. In the last one year, such units have been busted in Delhi, Jaipur and Hyderabad. "We heard about it and are looking for effective measures to prevent wire-tapping," said Jawed Shamim, deputy commissioner, detective department. Kolkata Police could also take tips from south-east Asian countries like Thailand and Philippines, where such rackets are active and where law enforcement agencies have more experience in handling such crimes.
53
54
CASES STUDIES.
UTI Bank: Phishing Fraud Recent fraudulent transactions through phishing resulted in loss of over Rs 20 lakh for a customers.
Friday, June 08, 2007 The Economic Offences Wing, Crime Branch, Delhi Police, received a complaint from the vice president, Operations, UTI Bank that many customers of various UTI banks in Delhi, Vishakapatnam, Thane, Nasik, and Ahmedabad received emails claiming to have originated from the bank. These emails included a hyperlink within the email itself, and a click on the link took the recipients to a Web page, which was identical to UTI's Web page. Some unsuspecting recipients responded to these mails, and gave their login information and passwords. Later on, through Internet banking, a large number of fraudulent transactions took place. These transactions resulted in loss of over Rs 20 lakh for customers with bank accounts in Delhi, Vishakapatnam, Thane, Nasik, and Ahmedabad. An analysis on those phishing mails revealed that they had originated from somewhere in Lagos, Nigeria. The UTI phishing site had lifted the UTI logo as well as the I connect symbol from the original UTI site in order to make the fake site look real. The fake site provided a 'click here' option, which in turn took victims to a fake customer verification site based in Austria. IP addresses of the fraudulent transactions indicated transactions had been made from Nigeria, Atlanta and California. Investigations: Upon a complaint of the vice president, UTI Bank, a case registered and taken
55
up for investigation by a special team. Investigations revealed that Sanjit Chowdhary, Account No 111010100023959 with UTI Bank, Noida, had received a disputed credit entry totaling Rs 1.3 lakh through Internet banking from the account of Lakshmi Narayan Sarkar of Kolkata, who has an account at UTI Bank, Salt Lake, Kolkota, and from the account of Makaran H Pundalik, who has an account with the Standard Chartered Bank, Delhi. It was further revealed that the misappropriated funds had been transferred in the account of accused Sanjit Chowdhary. The police team laid a trap at UTI Bank in Noida and the accused Sanjit Chowdhary, who came to the branch to make enquiries regarding the inactive status of his account, was arrested on December 7, 2006.On being interrogated, the accused disclosed that he had received money in his bank account consequent to phishing mails sent to various customers of UTI Bank. Various transaction slips pertaining to the UTI Bank and ICICI Bank were recovered from his possession. A scrutiny of these slips revealed that Sanjit Chowdhary had withdrawn funds and deposited the same in accounts of his other associates, who had accounts in UTI and ICICI Bank at Mumbai and Trichy. Till December 2006, a total of twenty complainants had registered their complaints. All the six beneficiary accounts are in Delhi for these twenty complainants. Further, ten complaints had been received by UTI branches in Vishakapatnam, Ahmedabad, Nasik, and Thane, where the beneficiary accounts are being maintained. An analysis of the accounts of the four arrested Nigerian nationals revealed that financial transactions worth over Rs 1 crore took place in an eight-month period.
56
CASE STUDY: BANK FRAUDS RISE IN INDIA Monday, 01 February 2010, 06:27 IST.
New Delhi: The Reserve Bank of India has announced that bank frauds are on there is. Moreover, it is the public sector banks, considered to be safer than private banks that beat the latter in the swindling game, reports
Economic Times. Crores of rupees have been disappearing from bank accounts or are being used deceitfully every day. According to Economic Times, recently, a bank branch manager recklessly sanctioned housing loans for the purpose of flats. On the behest of the bank's chief vigilance officer, an on spot verification by the Central Bureau of Investigation (CBI) was conducted, during which it transpired that the three storeyed building was constructed as a hotel. On further probing it was found that the branch manager had sanctioned many other housing loans against fabricated agreements of sale in fictitious names. By the time, the investigation was completed the bank had been duped of 25 crore."This is an alarming scenario. After all, it is people's hard earned money. Globally, banks keep a tight vigil as any slip can bring them down and even impact the economy," says Mayur Joshi, Chairman of India forensic Research Foundation, a Pune-based consultancy which conducts fraud examination and forensic accounting in India. Information collated by the CBI has shown that, the central investigation body tracks frauds valuing only a crore or above amount doubled in 2008-09 from 659crore in 2007-
follow up of under-trial cases to conclude them without delay," says a CBI spokesperson. The rising number of frauds has also got the central bank concerned. "It's high time banks strengthen their fraud management practices. In their bid to quickly expand and grow, they are losing focus on risk control," said a senior official of the bank, who did not want to be named.
58
59
AXIS BANK:
1) What are types of frauds you have come across? Property mortgaging in different bank with the help of duplicate document, Money laundering, credit card fraud, Debit card fraud, DD fraud Bill discounting fraud.
2) What are the measures taken against frauds? i) Core Banking Solutions (EXEL report) to find out fraud. ii) Know the Introducer while opening the account iii) Account should not be opened those coming with DD, Cheques. iv) Internal Checkings
3) What are the steps taken after the fraud is detected? Several steps are taken: In case of Accounts fraud higher authority is reported. In case of cash authority is consulted and if necessary FIR is registered.
4) How a customer can be made aware the frauds they can come across? Customers are asset to the banking company. They can be made aware through E-mails, Advertisements, Posters, etc. `5) Which frauds are more conducted Internal or by others? Most of the frauds conducted are by others. Whereas, internal fraud can be controlled through strict supervision, daily check of the documents, etc. External frauds are threat to the public as well as banks.
60
61
No. of Total No. of Total cases Amount cases Amount 13 1244.26 1 2 1 3 3 53.57 135.47 78.45 305.33 404.13 3737 10072 13923 23622 21249 23941 24791 19827 14735 13293 4296.80 938.29 1453.53 1225.86 1076.54 1911.68 2037.81 3832.08 4491.54 8646.00
Annex 2 Bank Group wise fraud cases reported (As on March 31, 2013) (No. of cases in absolute terms and amount involved in Rs. Crore) Amt Involved Bank Group < Rs 1 lakh No. of Total cases Amount > 1 lakh and up to Rs 1 crore No. of cases Total Amount > Rs 1 cr and up to Rs 50 crore No. of cases Total Amount > Rs.50 crore Total Fraud cases
62
Nationalised Banks including SBI Group Old Pvt. Sector Banks New Pvt. Sector Banks Sub Total (Private Banks) Foreign Banks Grand Total
29653 24828.01 2271 91060 93331 46206 1707.71 2140.47 3848.19 1233.92
Annex 3 Year wise details of fraud cases closed (No. of cases in absolute terms and amount involved in Rs. Crore) Amt Involved FY (Apr-Mar) Pre-2004 2004-05 2005-06 2006-07 2007-08 2008-09 2009-10 2010-11 2011-12 2012-13 Total < Rs 1 lakh No. of Total cases Amount 1661 6047 11611 14291 12861 6796 5828 13526 38330 11198 122149 2.85 8.47 9.47 9.46 11.23 9.25 8.99 13.47 23.58 8.45 105.22 > 1 lakh and up to Rs 1 crore No. of cases 568 470 154 248 374 420 636 649 756 556 4831 Total Amount 36.33 33.27 10.86 17.53 26.79 20.84 38.03 42.88 49.80 35.83 312.16 > Rs 1 cr and up to Rs 50 crore No. of cases 11 13 11 4 3 10 4 7 10 14 87 Total Amount 94.64 99.68 75.93 34.30 32.05 49.28 21.18 14.26 33.04 78.51 532.87 > Rs.50 crore Total Fraud cases
No. of Total No. of Total cases Amount cases Amount 1 1 2 85.66 55.28 2241 6530 11777 14543 13238 7226 6468 14182 39096 11768 219.48 141.42 151.54 61.29 70.07 79.37 68.20 70.61 106.42 122.79
63
Conclusion:
The Indian Banking Industry has undergone tremendous growth since nationalization of 14 banks in the year 1969. There has an almost eight times increase in the bank branches from about 8000 during 1969 to mote than 60,000 belonging to 289 commercial banks, of which 66 banks are in private sector. However, with the spread of banking and banks, frauds have been on a constant increase. It could be a natural corollary to increase in the number of customers who are using banks these days. In the year 2000 alone we have lost Rs 673 crores in as many as 3,072 number of fraud cases. These are only reported figures. There were nearly 65,800 bank branches of a total of 295 commercial banks in India as on June 30, 2001 reporting a total of nearly 3,072 bank fraud cases. The most important feature of Bank frauds is that ordinarily they do not involve an individual direct victim. They are punishable because they harm the whole society. It is clear that money involved in Bank belongs to public. There must be certain preventive and curative measures to control frauds. The higher authority of bank must follow strict rules against such fraudsters. The various new technologies must be adapted by the bank to overcome such frauds. Thus, a fraud is the game of two, the rule makers and the rule breakers. Fraud is a phenomenon that cannot be eliminated but can be managed.
64
WEBILOGRAPHY
http://en.wikipedia.org/wiki/Bank_fraud http://www.anz.com/personal/ways-bank/security/online-security/threats-bankingsafety/fraud-types/ http://www.dnaindia.com/mumbai/1634788/report-mumbai-is-number-one-forbanking-fraud-in-country http://trivialmatters.blogspot.in/2005/08/supposed-atm-fraud-update.html http://www.ndtv.com/article/cities/one-held-in-mumbai-s-rs-1-crore-e-bankingfraud-325768 http://articles.timesofindia.indiatimes.com/2007-12-18/kolkata/27984790_1_carddata-card-details-credit-card http://www.rupeetimes.com/news/credit_cards/pnb_official_involved_in_bank_fra ud_of_rs_2_lakh_1593.html http://www.ciol.com/ciol/news/41581/uti-bank-phishing-fraud http://profit.ndtv.com/news/banking-finance/article-fraudulent-bank-loans-hit-rs-6000-cr-in-2011-cbi-probe-on-305708 http://www.ndtv.com/article/cities/bank-employees-swipe-rs-17-lakh-from-modelanupama-verma-s-account-172659 http://www.ndtv.com/article/cities/four-bank-employees-jailed-for-rs-1-7-crorefraud-160963
65
http://zeenews.india.com/news/maharashtra/atm-fraud-case-mumbai-police-zeroin-on-2-bulgarians_857251.html
SURVEY FORM
NAME: AGE:CONTACT NO: -
Survey for Project on Frauds in Indian Banking Sector 1) Do you know about Bank Frauds? Yes No 2) Are you aware of any of the following type of fraud? ATM fraud Credit Card Fraud Online Bank Fraud All of the above None of the above 3) Do you think Frauds have increased due to online technology? Yes No 4) If Yes/ No Why? 5) Have you come across any bank frauds? Yes
66
No 6) If yes, which fraud and through which bank? Suggestions if any:-Project Guide:-
67