Online banking frauds

The cyber space is increasingly used by organized criminal groups to target credit cards, bank account and other financial instruments for fraudulent transactions. Online fraud is considered to be third amongst economic crimes prevalent in India according to Global Economic Crime Survey 2011, conducted by Price House Water House Cooper, which reveals the propensity of such crimes in India.[1] The major forms of cyber fraud includes online auctions, internet access services, work at home plans, payment methods using debit/credit card, phishing etc.

Banking frauds methods

Most of the online banking frauds are conducted either through phishing, stealing of banking information or through cloning of credit/debit cards. In phishing, a fraudster will send an email pretending to be sent from the bank to the victim asking for their personal details including banking information like PIN code or banking user name and password on some pretext or the other. Once the person reveals such crucial information, the fraudster may withdraw or transfer the money from the account of the victim. In most cases, due to lack of awareness, people fall for the traps of such fraudster and looses huge sums of amount.

A selected study of banking frauds revealed that the fraudsters mostly apply the following tactics to defraud innocent people:

  • Stealing of the original credit/debit cards and using the cards at shopping merchants (POS purchases)
  • Cloning/duplication of credit/debit card
  • Phishing scams where the information has been revealed by the customer himself
  • Leakage of PIN/credit card/debit card numbers by the handlers of such information/payment gateways/banks (voluntary or involuntary like hacking, physical intrusion, data breach)
  • Usage of stolen/duplicate/cloned mobile SIM card to receive one time password (OTP) of mobile/net banking and transaction made using such information

Responsibilities and liabilities of banks

Nabbing a cyber fraudster who might have committed the offence sitting at a distant location possibly on a foreign shore will be difficult for a common person. What are the legal recourses that can be taken to recover the lost amount? But what happens when the bank or other intermediaries like telecom companies fails to provide adequate security measures to protect the customer from illegal and fraudulent transfers? What happens when there is a lapse on the part of the banks and other intermediaries during such fraudulent transaction?

https://lawsikho.com/course/diploma-cyber-law-fintech-technology-contracts

Generally intermediaries are not liable for the offence committed by the users or third parties using their network or system. However, they might be liable for non-compliance of due diligence requirements under the law.  A body corporate handling sensitive personal data (which includes financial information such as bank account, credit card or debit card or other payment instruments, password)  and stores such information in a computer, is required to  maintain reasonable security practices and procedures to protect such data. If due to negligence of the body corporate in handling such sensitive personal data causes wrongful loss to such person, the body corporate is liable to pay adequate damages as compensation to such person.

Now days, most banking functions have moved to core banking system and a large number of transactions are made using internet banking, mobile banking or use of debit/credit cards. A significant number of urban and semi-urban customers of the banks use debit/credit cards for their every day purchases through e-commerce sites or withdrawal of money through ATMs. The banks are in possession of sensitive personal information of their customers including account numbers, PIN, credit/debit card numbers and other financial information of the customer in an electronic form. The banks are responsible for protection of such information from unauthorized usage through maintaining reasonable security procedures laid down in different rules and regulations issued by RBI and other bodies. Some of the important rules and guidelines which govern maintenance of reasonable security standards for banks include, Master Circular –   Know your Customer (KYC) norms, Anti-Money Laundering standards, Combating of financial terrorism, Obligations of banks under Protection of Money Laundering Act, 2002 and  by RBI and other international standards for information technology security (ISO standards).

Breaches in data security by the banks and telecom operators

Some of the common breaches in security procedures by banks and telecom operators include:

  • Non-compliance of KYC norms of customers by banks. Most of the proceeds of the fraudulent transactions are transferred either in “mule accounts” (accounts of innocent persons are used to transfer money in promise of payment of a certain percentage) or in accounts where the identity of the customers cannot be verified. Such accounts are generally created by using either apparently fraudulent documents or no proper documents as such.
  • Non-compliance of KYC norms by the telecom operators while issuance of duplicate SIM card. In a large number of cases, the fraudster has obtained a duplicate SIM card of the victim’s mobile, which was later used to receive one time password or make mobile banking transaction. Due to issuance of duplicate SIM card, the victim’s original SIM will get disabled and he will not be able to receive transaction messages.
  • Non installation of CCTVs or non-working of CCTVs in banks, ATMs which is a necessary security procedure for banks
  • No mechanism to identify and flag suspicious transaction patterns
  • Failure to notify the customer of suspicious transactions (either through SMS or email) on a live basis

How to recover lost money through fraudulent bank transfers under Information Technology Act?

One can file an application before the Adjudicating Officer appointed under Section 46 of Information Technology Act, 2000 claiming breach of reasonable security procedures by the bank. An analysis of selected cases ordered by the Adjudicating Officer in the state of Maharashtra revealed that the banks and telecom operators in most cases have failed to maintain reasonable security procedures, including non-compliance of KYC norms, Anti-money laundering guidelines, and automatic suspicious transaction monitoring facilities. As per Section 43A of Information Technology Act, 2000 the banks and other intermediaries who have failed to maintain reasonable security procedure must pay adequate damages as compensation to such person to cover the loss. The Adjudicating Officer has the power to adjudicate in the matters where the claim does not exceed Rs 5 crores. The bank must prove that they have maintained reasonable security procedures to prevent such fraudulent acts. In case the bank fails to prove that they have maintained reasonable security procedure, the Adjudicating Officer who has the powers of a Civil Court, may order the bank to pay damages as compensation to the victim.

How to file a complaint in the state of Maharashtra:

  • Application must be made in a specified format (Download form)
  • Application must be accompanied by an application fee of Rs 50 along with appropriate fees as per the amount of compensation claimed (rates provided below) by a Demand draft drawn in the name of Adjudicating Officer Information Technology Act” payable at Mumbai.

Compensation claimed

Fee

Upto Rs.10,000 10% ad valorem rounded off to nearest next hundred
From 10001 to Rs. 50000 Rs. 1000 plus 5% of the amount exceeding Rs. 10,000 rounded off to nearest next hundred
From Rs. 50001 to Rs. 100000 Rs. 3000/- plus 4% of the amount exceeding Rs. 50,000 rounded off to nearest next hundred
More than Rs. 100000 Rs.5000/- plus 2% of the amount exceeding Rs. 100,000 rounded off to nearest next hundred

 

  • The application must be made to Adjudicating Officer, c/o Directorate of Information Technology, 7th Floor, Mantralaya, Madam Cama Road, Hutatma Rajguru Chowk, Nariman Point, Mumbai – 400021

 

LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join:  

https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content 

 


[1] Shreya Roy, Online Fraud 3rd Most prevalent Economic Crime in India: Survey, The Financial Express, Mar,19,2012, available at  http://www.financialexpress.com/news/online-fraud-3rd-most-prevalent-economic-crime-in-india-survey/889457/ .

Did you find this blog post helpful? Subscribe so that you never miss another post! Just complete this form…

12 COMMENTS

  1. This happens a good deal btw I am told from a few people. It is because many of these scammers work for multiple companies such as they have something called an affiliate manager or a lawyer/legal representative who also works for more than one broker. So they will respond with the stamp from that broker as directed by the scam companies. What happens is they make a mistake every now and then to get the wrong broker haha. They are very cheap people in Israel and share many of the same employees since the scam is the same it is very easy to do.

  2. Tamilnadu bank scam to where compliant can you pls give me address for online fraud complaints to get back money.

  3. Dear Sir
    I am also victim of such incident on 20May 2017. Transaction of 33000rs is being made for purchasing from the UCO Bank account. if there is any procedure to recover the money please help me.

  4. Today I became the victim of such incident. A lady made me a call telling she is a SBI representative and in order to send you the first bill of credit card we want to confirm the details. So she asked my name card number birthrate like wise. I refused initially . But she told that I am asking for open details on your card . And made transaction of 9999 rupees. Later i made a call and came to know she was a shopindia representative.Please suggest me a way out.

  5. Today my dad become victim someone call form name of bank he know all details of my dad name registration mobile number and also he know account of my dad than said bcoz of gst we are blocking or renewal of card tell me the your ATM number dad gave him ATM only without ATM code and cvv after that also form account 50k transfer to Paytm and ola money . Please help me how I ll get my dad 50k money

  6. Hai,

    Yesterday in my father in Law was also became a victim of such an incident. Where i should complain in the kerala state with this application form. Kindly send some reply

  7. Got mails from RBI asuring sumof rs 4.63 crores.. However they asked for money transfer to certain accounts.. Transferred almost 1.60 lakhs.. How can we track them..

  8. Dear Team,
    Yesterday, my family became the victim of such incident where in the caller has taken the details of the card and passwords and made transactions from two bank to the tune of Rs. 48000/- consolidated. I need your help in getting the money back.

    Regards,
    Ravi Kumar Pandey

LEAVE A REPLY