Beruflich Dokumente
Kultur Dokumente
PROJECT ON
CYBERCRIME IN BANKING SECTOR
BACHELOR OF COMMERCE
BANKING & INSURANCE
SEMESTER V
(2017-2018)
SUBMITTED
In partial Fulfillment of the requirement for the
Award of Degree of Bachelor of Commerce Banking & Insurance.
SUBMITTED BY,
CHAITANYA AMBRE
ROLL NO. - 04
UNDER GUIDANCE,
Asst. Prof. Kunal Soni
MAHARSHI DAYANANDCOLLEGE
OF ARTS, SCIENCE & COMMERCE
PAREL, MUMBAI 400 012.
CERTIFICATE
Signature of student
Name of Student
Roll No. 04
ACKNOWLEDGEMENT
The college, the faculty, the classmates & the atmosphere, in the college
were all the favorable contributory factors right from the point when the
topic was to be selected till the final copy was prepared. It was a very
enriching experience throughout the contribution from the following
individuals in the form in which it appears today. We feel privileged to take
this opportunity to put on record my gratitude towards them.
PROF. KUNAL SONI made sure that the resource was made available in
time & also for immediate advice & guidance throughout making this
project. The principal of our college DR. T.P. GHULE and our Vice-
Principal Mrs. SANJEEVANI PHATAK has always been inspiring &
driving force. We are thankful to Mr. SANTOSH SHINDE associated with
administration part of Financial Markets & Banking & Insurance section
has been very helpful in making the infrastructure available for data entry.
EXECUTIVE SUMMARY
Cybercrimes are any illegal activities committed using computer target of the
criminal activity can be either a computer, network operations. Cybercrimes are
genus of crimes, which use computers and networks for criminal activities. The
difference between traditional crimes and cybercrimes is the cybercrimes can be
transnational in nature. Cybercrime is a crime that is committed online in many
areas using e-commerce. A computer can be the target of an offence
when unauthorized access of computer network
Occurs and on other hand it affects ECOMMERCE. Cybercrimes can be of
various types such as Telecommunications Piracy Electronic Money Laundering
and Tax Evasion, Sales and Investment Fraud, Electronic Funds Transfer Fraud
and so onThe modern contemporary era has replaced these traditional
monetary instruments from a paper and metal based currency to plastic money
in the form of credit cards, debit cards, etc. This has resulted in the increasing use
of ATM all over the world. The use of ATM is not only safe but is also convenient.
This safety and convenience, unfortunately, has an evil side as well that do not
originate from the use of plastic money rather by the misuse of the same. This
evil side is reflected in the form of ATM frauds that is a global problem.
Internet commerce has grown exponentially during the past few years and is still
growing. But unfortunately, the growth is not on the expected lines because the
credit card fraud which has become common has retarded the e-commerce growth.
Credit card fraud has become regular on internet which not only affects card
holders but also online merchants. Credit card fraud can be done by taking over
the account, skimming or if the card is stolen. Certain preventive measures can be
taken to becoming a credit card victim. The term "Internet fraud" refers generally
to any type of fraud scheme that uses one or more components of the Internet -
such as chat rooms, e-mail, message boards, or Web sites - to present fraudulent
solicitations to prospective victims, to conduct fraudulent transactions, or to
transmit the proceeds of fraud to financial institutions or to other connected with
the scheme.
INDEX
01 INTRODUCTION 01
03 I.T. IN BANK 05
04 CYBERCRIME IN BANK 07
07 CASE STUDY 32
08 CONCLUSION 34
10 BIBLIOGRAPHY 37
TYBBI Cybercrime in Banking Sector MD College
CHAPTER 1
INTRODUCTION
The world is fast moving online with 46.1% of total world population now
connected to the web according to internetlivestats.com (as on July 1, 2016). A
remarkable instance of this phenomena has been experienced in India with a
notable increase in the past three years i.e. 18% of the Indian population online
in 2014, 27% in 2015 and 34.8% in 2016 (as on July 1, 2016). Today activities
performed over the internet are not just limited to technology freaks for
technical uses, rather every second individual is enjoying the easy internet
availability and accessibility for day-to-day purposes like banking, ecommerce,
education, entertainment and many more. Markedly, the wave of smartphones
has acted as a catalyst to this tremendous internet growth. The banking industry
has enjoyed the ride of emerging technology to undergo significant changes.
Banks are among the biggest beneficiaries of the IT revolution and have largely
adopted Information Technology solutions for rendering the banking services to
their customers. The proliferation in online transactions mounting on
technologies like NEFT (National Electronic Fund Transfer), RTGS (Real-time
Gross Settlement Systems), ECS (Electronic Clearing Service) and mobile
transactions is a glimpse of the deep-rooted technology in banking and financial
matters. With the swift expansion of computer and internet technologies, new
forms of worldwide crimes known as Cyber Crimes has evolved in the scene.
Over a period of time, the nature and pattern of Cyber Crime incidents have
become more sophisticated and complex. Banks and Financial Institutions
remain the unabated targets of cyber criminals in the last decade. Notably
financial gain is still one of the major motivations behind most cybercriminal
activities and there is little chance of this changing in the near future (Symantec,
1
TYBBI Cybercrime in Banking Sector MD College
sector and their related impacts. Additionally, it identifies the threat vectors
supporting these cybercrimes and develop measures to aid in the combating the
resulting cyber-attacks so that such attacks can be better prevented in the future
for enhanced security. As an increasing number of users are demanding online
services, the background mission of providing balanced security and
convenience is seeming to be a tough challenge due to numerous obtrusive
actors collectively referred to as Cyber-Crime. Simply stated, Cyber-Crime
is crime that involves a computer and a network. (Moore R, 2005). Cyber-
Crime is being considered a serious threat to all the aspects of a nations
economic growth as maximum instances of the same are being observed in
financial institutions. Cyber-Crime incidents include but are not limited to credit
card fraud, spamming, spoofing, e-money laundering, ATM fraud, phishing,
vishing, identity theft and denial of service. Today, web technology has emerged
as an integral and indispensable part of the Indian Banking sector. The
enlargement of non-cash based transactions around the globe has resulted in the
steady development of robust online payment systems. While paper-based
transactions cleared through cheques amounted to Rs 85 lakh crore in FY15,
paperless transactions, including retail electronic transactions such as ECS
(electronic clearing system) debits and credits, electronic fund transfer, card
transactions, mobile transactions and prepaid instruments were to the tune of Rs
92 lakh crore in the same. India has seen an upsurge in the volume of
debit/credit cards due to increased online acceptance through alternative
channels, including internet, ATM and mobile banking. In the days to come, this
volume will gain traction as the youth generation will enter the economic
2
TYBBI Cybercrime in Banking Sector MD College
gyration. The last few years have seen a significant increase in cybercrime
across all sectors and geographies. Given the proliferation of these technological
crime, organizations face a significant challenge to be resistant against
cyberattacks. As per Motive-wise Cases Reported under Cyber Crimes during
2015 statistics by National
Crime Records Bureau, Greed / Financial Gain is the prime motivation for
committing Cyber Crimes. This research attempts to analyses the concerns of
cyber threats to the banking sector by highlighting the underlying modus
operandi. It focusses on the preparedness of the financial organizations to deal
with incidents related to Cyber Crime.
3
TYBBI Cybercrime in Banking Sector MD College
CHAPTER 2
OBJECTIVE
4
TYBBI Cybercrime in Banking Sector MD College
CHAPTER 3
Information Technology in Bank
The Indian baking industry is enjoying a joyous growth. With the credit card
and debit card users increasing every day and new technologies like internet
wallets slowly gaining popularity, the financial transactions are touching all-
time highs. This firm progression in the mounting paper less transactions
numbers where a total of 9545797438 transactions were commenced using
credit and debit cards in the year 2015 alone (Fig 1) can be partially accredited
to the recent developments in the e-banking and e-commerce verticals. Online
banking, also known as internet banking, e-banking or virtual banking, is an
electronic payment system that enables customers of a bank or other financial
institution to conduct a range of financial transactions through the financial
institution's website. The online banking system will typically connect to or be
part of the core banking system operates by a bank and is in contrast to branch
banking which was the traditional way customers accessed banking services.
The customer visits the financial institution's secure website, and enters the
online banking facility using the customer number and credentials previously
set up. The types of financial transactions which a customer may transact
through online banking are determined by the financial institution, but usually
includes obtaining account balances, a list of the recent transactions,
electronic bill payments and funds transfers between a customer's or another's
accounts. Most banks also enable a customer to download copies of bank
statements, which can be printed at the customer's premises (some banks charge
a fee for mailing hard copies of bank statements). Some banks also enable
customers to download transactions directly into the customer's accounting
software. The facility may also enable the customer to order a cheque book,
statements, report loss of credit cards, stop payment on a cheque, advise change
of address and other routine actions.
Today, many banks are internet-only institutions. These "virtual banks" have
lower overhead costs than their brick-and-mortar counterparts. In the United
States, many online banks are insured by the Federal Deposit Insurance
Corporation(FDIC) and can offer the same level of protection for the customers'
funds as traditional banks
6
TYBBI Cybercrime in Banking Sector MD College
CHAPTER 4
CYBER CRIME IN BANKING SECTOR
Cyber Crime can be simply stated as crimes that involve the use of computer
and a network as a medium, source, instrument, target, or place of a crime. With
the growing aspect of e-commerce and e-transactions, the economic crime has
drifted towards the digital world. Cybercrimes are increasing globally and India
too has been witnessing a sharp increase in cybercrimes related cases in the
recent years. In 2016, a study by Juniper Research estimated that the global
costs of cybercrime could be as high as 2.1 trillion by 2019. However, such
estimates are only indicative and the actual cost of cybercrime including
unreported damages is beyond estimation. Cyber Crimes can be broadly
classified into categories such as cyber terrorism, Cyber-bullying, Computer
Vandalism, Software Piracy, Identity Theft, Online Thefts and Frauds, Email
Spam and Phishing and many more. However, from the aspect of financial cyber
crimes committed electronically, the following categories are predominant:
Vishing: Itis the criminal practice of using social engineering over the telephone
system to gain access to private personal and financial information from the
public for financial reward.
7
TYBBI Cybercrime in Banking Sector MD College
8
TYBBI Cybercrime in Banking Sector MD College
the card reader to look like a part of the machine. Additionally, malware that
steals credit card data directly can also be installed on these devices
9
TYBBI Cybercrime in Banking Sector MD College
six different occasions and she received many obscene phone calls. While the
woman was not physically assaulted, she would not answer the phone, was
afraid to leave her home, and lost her job (Miller 1999; Miller and Maharaj
1999).One former university student in California used email to harass 5 female
students in1998. He bought information on the Internet about the women using
a professor's credit card and then sent 100 messages including death threats,
graphic sexual descriptions and references to their daily activities. He
apparently made the threats in response to perceived teasing about his
appearance (Associated Press 1999a). Computer networks may also be used in
furtherance of extortion.
.
The Sunday Times
, June 2, 1996). The article cited four incidents between 1993 and 1995 in which
a total of 42.5 million Pounds Sterling were paid by senior executives of the
organizations concerned, who were convinced of the extortionists' capacity to
crash their computer systems (Denning 1999 233-4).
11
TYBBI Cybercrime in Banking Sector MD College
12
TYBBI Cybercrime in Banking Sector MD College
13
TYBBI Cybercrime in Banking Sector MD College
14
TYBBI Cybercrime in Banking Sector MD College
CHAPTER 5
Measures to prevent Cyber Crimes In Banking Company
Applying the modern technical means of the information security has become the
significant element of the computer crime prevention in banking (prevention
implies the access restriction or the use of the whole computer system or just part
of it. The Regulations about technical information security in Ukraine indicates that
technical information security with the restricted access in the automated systems
and means of computer engineering is directed on preventing the disturbance of
data integrity with the restricted access and its leaking in the way of :
- Unauthorized access
- intaking and analyzing the collateral electromagnetic radiations and i n d u c i n g
- the use of the laying devices
- the implementation of computer viruses and other ways of disturbance.
The main methods and means of engineering information security with the
restricted access in the automated systems and means of computer engineering are:
These measures can play serious generally preventive role in the fight with computer
crimes at their skillful and comprehensive use.
Taking into consideration the fact that the problem dealing with computer
criminality and its preventive measures in banking in our country has been studied
only for 90 years, and in some foreign countries this problem has been studied for
a long time, we should learn the broad experience of these countries and put it into
the domestic practice considering the acting normative and legal basis of Ukraine.
There are main means of information security: physical measures, hardware means,
software means, hardware and software means, cryptographic and organizational
methods.
The physical means of protection are the measures which are necessary for outer
protection of a computer, the territory and the objects on the basis of computer
engineering which are specially meant for creating the physical obstacles on
possible ways of penetration and access of the potential infringes to the
components of information systems and data which are under protection. The
simplest and reliable method of information security from the threats of the
unauthorized access is the regime of the independent use of a computer by one
user in a specially meant room in the absence of unauthorized persons. In this case
the specially set room plays the role of an exclusive circle of protection, and the
16
TYBBI Cybercrime in Banking Sector MD College
physical security is windows, walls, a floor, a ceiling, a door. If the wall, the
ceiling, the floor and the door are substantial, the floor has no hatches adjoining to
other rooms, the windows and the door are supplied with a signaling system, then
the stability of security will depend on the performance specification of a signaling
system in the users absence in the off time.
In the working time when a computer is on, the leak of information is possible
through the channels of adjacent electromagnetic radiation. To prevent such a
threat a special examination of means (a computer itself) and devices of electronic
computer machinery (CM) (a computer in a room specially marked out) is
carried out. This examination implies is a certification procedure and
categorization of means and devices of CM with issuing the corresponding
operating permit. Moreover, the door of the room must be supplied with the
mechanical or electromechanical lock. In some cases if there is no signaling system
and the computer user is absent during a long period it is desirable to keep a
system block and the machine information carriers in the safe to provide better
safety . The use of a hardware password in the input/output system of BIOS in
some computers, which disables loading and operating ECM, does not provide
proper security against the threats of the unauthorized access, for the hardware
element of the BIOS-carrier of a password can be substituted for another one alike
in the absence of the mechanical lock on case of the system block and the absence
of a user, as the clusters (blocks) of BIOS are unified and they have the certain
password data. For this reason the mechanical lock disabling the process of a
computer switching on and its loading is the most effective measure in this case.
17
TYBBI Cybercrime in Banking Sector MD College
To provide security against the leakage the specialists suggest the mechanical
attaching of a computer to the users table. Meanwhile it is necessary to keep in
mind that in the absence of a signaling system ensuring constant access control to
the room or to the safe the reliability of locks and attachments must be of the kind
that the time the infringe needs to force them would not exceed the period when
the computer users will be absent. If this kind of security is not provided, the
signaling system is required without fail [3].
The range of modern physical security means is very wide. This group of security
means also includes various means of screening the workrooms and the data
transmission channels.
The hardware means of security are various electronic, mechanical and electronic
means and other system devices which are embedded in the serial blocks of
electronic systems of data processing and data transferring to provide internal
security of computer facilities: terminals, devices of data input and output,
processors, transmission links,
etc.
18
TYBBI Cybercrime in Banking Sector MD College
- the emitters supplying uninterrupted power of hardware, and also the device of
equalization which prevents the spasmodic voltage drop and voltage crests in the
transmission network
- the devices of hardware screening, transmission links and accommodations
where the computer machinery is located
- the devices of identification and commit of terminals and users when fulfilling
the unauthorized access to a computer
web
- the protection means of computer ports , etc.
1) a comparison of the code . The computer of port security verifies the code of
the authorized users with the code required
19
TYBBI Cybercrime in Banking Sector MD College
There are some aims of the safety which are realized with the help of software
security means:
- check of the loading and login with the help of a password system
- delimitation and check of access rights to the system resources , terminals,
exterior lives, constant and temporary data sets, etc
- file protection from viruses
- automatic control of users operations in the way of logging their activity.
The hardware and software security means are the means, which are based on the
synthesis of program and hardware means. These means are widely used in
authentication of users of the automated banking systems. Authentication is the
inspection of the users identifier before its access to the system resource.
The hardware and software safety means are also used at overlaying electronic and
20
TYBBI Cybercrime in Banking Sector MD College
digital signatures of the accountable users. The use of smart cards containing
passwords and users codes are widespread in the automated banking systems [4].
The organizational security means of the computer information make up the set of
measures concerning staff recruitment, inspection and training of the staff which
participate in all stages of information process.
The analysis of the materials of criminal cases leads to the conclusion that the main
reasons and conditions which make for committing computer crimes are mainly the
following:
- the absence of attending personnels activity control, which helps a criminal use a
computer freely as the instrument of crime
- a low level of the software which has no reference security and does not ensure
the inspection of conformity and accuracy of the information
- the imperfection of a password security system from the unauthorized access to a
workstation or its software which does not provide authentic identification of a
user according to individual biometrics parameters
- the absence of strict approach to the employees access to the secret information,
etc.
The experience of foreign countries testifies that the most effective security of
information systems is bringing in the position of the specialist on computer safety
or creating a special services, both private and centralized ones depending on a
particular situation. The availability of such a department (service) in a bank
system according to the foreign specialists decreases two-fold the undertaking of
21
TYBBI Cybercrime in Banking Sector MD College
In opinion of such native specialists as Bilenchuk P.D. and Golubev V.O., the
creation of special structures is obligatory for credit and financial establishments
and some bodies (banks of commerce, concerns, companies, etc.). They must have
specially created departments of computer safety within the framework of acting
services of economical safety and physical security whose activity should be
supervised with one official specially appointed for these purposes that is the
deputy of the security chief who has corresponding human, financial and
engineering resources in his disposal to solve the problems put by.
Duties of such persons (structural subdivisions) should include, first of all, such
organizational measures as:
22
TYBBI Cybercrime in Banking Sector MD College
7) working out the effective measures of fight with the infringes of computer
equipment security
The reliable means of effectiveness increase of computer equipment safety is
training and instructing of the working staff as for the organizational and
engineering measures of security which one are applied in a particular enterprise.
23
TYBBI Cybercrime in Banking Sector MD College
1) it is necessary to determine the access categories for all persons who have the
right of access to the computer equipment, that is the circle of official interests of
each person, kinds of information which he has the right of access to, and also the
kind of such a permit, powers of an official who is authorized to accomplish these
or those manipulations with the computer equipment facilities
3) to settle the periodic system control of the quality of information security in the
way of accomplishing scheduled tasks by a person responsible for safety as well as
in the way of involving of the competent specialists (experts) from other
enterprises
To protect the information while being transmitted they usually use different
methods of data encoding before their input to the transmission link or to the
24
TYBBI Cybercrime in Banking Sector MD College
physical carrier with the following decoding. The methods of ciphering enable to
protect the computer information from the criminal trespasses rather safely.
Applying the cryptographic security that is the encoding of the text with the help of
complex mathematical algorithms, has become more and more popular. Certainly,
any of encryption algorithms does not give an uttermost warranty of security from
the malefactors but some methods of encoding are so complex that it is practically
impossible to acquaint with the contents of the encoded messages [6].
- encoding with the help of cryptographic standards of data enciphering (with the
symmetrical schema of ciphering) based on using checked and tested algorithms of
data encoding with large crypto capability
- encoding with the help of a pair of keys (with an asymmetric ciphering system)
where one key is open and it is used for encoding of the information, the second
one is enclosed and it is used for decoding the information.
25
TYBBI Cybercrime in Banking Sector MD College
Cryptography is one of the best means supplying the confidentiality and control
of the information integrity. It occupies the central place among program and
engineering safety regulators. It is the basis fulfilling many of them and at the
same time it remains the last safety border.
26
TYBBI Cybercrime in Banking Sector MD College
The foundation for fighting cybercrime would stem from a Bank Board
approved cyber security policy that outlines the approach for combating
cybercrime. This policy is not to be confused with the IT policy or IS security
policy and its strategy should encompass some of the following:
27
TYBBI Cybercrime in Banking Sector MD College
of cyber threats including and not limited to: distributed denial of services
(DDoS), ransom-ware / crypto ware, destructive
malware, business email frauds including spam, email phishing, spear phishing,
whaling, vishing frauds, drive-by downloads, browser gateway fraud, ghost
administrator exploits, identity frauds, memory update frauds, password related
frauds, zero day attacks, remote access threats and more.
28
TYBBI Cybercrime in Banking Sector MD College
CHAPTER 6
RBIs latest guidelines help Indian banks combat cybercrime
Keeping in mind the dramatic swell in online economic crimes, Indias central
bank RBI (Reserve Bank of India) recently issued comprehensive circular to
all banks in India urging them to implement a cybersecurity framework. It
prescribes the ideal approach for banks on taking concrete measures to combat
cybercrime, fraudulent activities online and thereby retain customer confidence,
reduce financial losses and ensure business continuity.
29
TYBBI Cybercrime in Banking Sector MD College
Banks need to fortify the measures adopted to achieve baseline security and
resilience. For instance:
Detect and prevent as it happens and not wait for end-of-the-day reporting of
incidents that are suspicious. In fact RBIs circular lists out the implementation
of risk-based transaction monitoring or surveillance process as part of fraud risk
management system across all delivery channels.
30
TYBBI Cybercrime in Banking Sector MD College
The RBI circular also touches upon the topic of governance aspects which
include dashboards, intelligence, proactive monitoring and management
capabilities with sophisticated tools for detection, quick response and backed by
data and tools for sound analytics. In addition, banks must keep in mind several
other issues while equipping themselves to fight cyber-attacks: technology
issues, people related issues and process related issues.
31
TYBBI Cybercrime in Banking Sector MD College
CHAPTER 7
CASE STUDY
33
TYBBI Cybercrime in Banking Sector MD College
CHAPTER 8
CONCLUSION
34
TYBBI Cybercrime in Banking Sector MD College
CHAPTER 9
RECOMMENDATION & SUGGESTIONS
36
TYBBI Cybercrime in Banking Sector MD College
CHAPTER 10
BIBLIOGRAPHY
https://www.rbi.org.in
https://www.icicibank.com/
https://www.sbi.co.in/
cybercellmumbai.gov.in/
37