CONTEMPORARY CHALLENGES AND REFORMS NEEDED IN THE INDIAN

BANKING SYSTEM IN RELATION TO CYBER CRIME

Submitted To

AMITY LAW SCHOOL, AMITY UNIVERSITY, NOIDA, UTTARPRADESH

In part, fulfilment and requirement for degree of Masters of law under the guidance and
supervision of

Dr. Varun Srivastava

Assistant Professor

Submitted By

Astha Garg

LL.M (Corporate Banking and Insurance Law)

Enrolment No. A3268622035 Batch (2022-2023)

i
 ACKNOWLEDGMENT

The research on “_Contemporary Challenges and Reforms Needed In The

Indian Banking System In Relation To Cyber Crime _” has been given to me

as a party of the curriculum in LLM.

I have tried my best to present this information as clearly as possible using basic terms that
I hope will be comprehended by the widest spectrum of researchers, analysts and students
for further studies.

I have completed this research study under the guidance and supervision of Dr. Varun
Srivastava. I will be failed in my duty if I do not acknowledge the estimated scholarly
guidance, assistance and knowledge. I have received them towards faithful and timely
completion of this work.

Mere acknowledgement may not redeem the debt I own to my parents for their
direct/indirect support during the entire course of this research.

This study bears testimony to the active encouragement and guidance of my friends and
well-wishers. This accomplishment would not have been possible without them.

Astha Garg

LLM

ii
 CERTIFICATE

This is to certify that the research entitled “Contemporary Challenges and

Reforms Needed In The Indian Banking System In Relation To Cyber
Crime” is submitted by Astha Garg, a student of Amity University Noida,
Uttar Pradesh. Under my supervision and guidance: I recommend it for
evaluation.

Signature of Supervisor: ____________

Amity University Noida, Uttar Pradesh

iii
 DECLARATION
This is to certify that the report entitled “Contemporary Challenges and
Reforms Needed In The Indian Banking System In Relation To Cyber
Crime” which is submitted by Astha Garg. in partial fulfillment of the
requirement for the degree of LLM (Corporate Banking and Insurance Law)
Amity University comprises only my general work & due acknowledgement
has been made in the text to all material used. Neither the same work, nor any
part thereof, has earlier been submitted to any university for any degree.

Name of the Student: Approved by:

Astha Garg Dr. Varun Srivastava

Enrolment no.-

A3268622035

iv
 TABLE OF CONTENTS
ACKNOWLEDGMENT..................................................................................................... ii

CERTIFICATE .................................................................................................................. iii

DECLARATION ............................................................................................................... iv

TABLE OF CASES .......................................................................................................... vii

LIST OF ABBREVIATIONS .......................................................................................... viii

CHAPTER 1- INTRODUCTION ....................................................................................... 1

1.1. INTRODUCTION ................................................................................................... 1

1.3. STATEMENT OF PROBLEM .............................................................................. 17

1.4. OBJECTIVES OF THE RESEARCH ................................................................... 18

1.5. RESEARCH QUESTIONS ................................................................................... 18

1.6. HYPOTHESIS ....................................................................................................... 19

1.7. RESEARCH METHODOLOGY........................................................................... 19

1.8. SCHEME OF CHAPTERISATION ...................................................................... 19

CHAPTER 2- CONCEPT OF CYBERCRIME AND ITS LEGAL REGULATION ...... 21

2.1. CONCEPT & CLASSIFICATION OF CYBER CRIME .................................. 21

2.2. LEGAL REGULATION OF CYBERCRIME ................................................... 25

2.2.1. NEED FOR A CYBER LAW ..................................................................... 25

2.2.2. INTERNATIONAL AGENCIES FOR REGULATING E-COMMERCE 26

2.2.3. PROVISIONS ANCILLARY TO CYBER CONTRAVENTIONS ........... 28

2.3. PREVENTION OF THE NEW-AGE CYBER-CRIMINAL IN INDIA ........... 29

2.4. INITIATIVES TAKEN SO FAR TO HANDLE CYBERCRIME PREVENTION

IN INDIA ...................................................................................................................... 32

2.5. CYBER SECURITY FRAMEWORK ............................................................... 38

CHAPTER 3- MAJOR ISSUES IN INTERNET BANKING AND THE LEGAL

FRAMEWORK................................................................................................................. 43

v
 3.1. INTRODUCTION .............................................................................................. 43

3.2. LAW RELATING TO E-BANKING IN INDIA ............................................... 45

3.2.1. RESERVE BANK OF INDIA ACT, 1934 ................................................. 46

3.2.2. BANKING REGULATION ACT, 1949 .................................................... 47

3.2.3. NEGOTIABLE INSTRUMENTS ACT, 1881 ........................................... 49

3.2.4. BANKERS BOOKS EVIDENCE ACT, 1891 ........................................... 52

3.2.5. PREVENTION OF MONEY LAUNDERING ACT, 2002 ....................... 52

3.2.6. INFORMATION TECHNOLOGY ACT, 2000 ......................................... 53

3.2.7. INDIAN CONTRACT ACT, 1872 ............................................................. 57

3.2.8. INDIAN PENAL CODE, 1860................................................................... 58

3.2.9. INDIAN EVIDENCE ACT, 1872 ................................................................... 60

3.2.10. CONSUMER PROTECTION ACT, 1986 ................................................. 63

3.2.11. THE PAYMENT AND SETTLEMENT SYSTEMS ACT, 2007 .............. 64

CHAPTER 4: TECHNOLOGICAL CHALLENGES TO BANKING SECTOR IN INDIA

........................................................................................................................................... 66

4.1. INTRODUCTION .............................................................................................. 66

4.2. DIGITAL BANKING IN INDIA ....................................................................... 67

4.3. CHALLENGES IN DIGITAL BANKING ........................................................ 70

CHAPTER 5- CONCLUSION AND SUGGESTIONS ................................................... 72

SUGGESTIONS ............................................................................................................... 79

BIBLIOGRAPHY ............................................................................................................. 82

vi
 TABLE OF CASES

• Abdul Rahaman Kunji vs. the State of West Bengal

• Allahabad Bank v Deepak Kumar Bhola, (1997) 4 SCC 1
• Anvar P.V. vs. P.K. Basheer and Others
• Armstrong vs. Executive Office of the President, 1 F.3d 1274 (Dc Circuit, 1993)
• Financial Service Companies v. Union of India, n.d. (2011) 2 SCC 352
• IDBI Bank v. Sudhir S. Dhupia, 2019 SCC OnLine TDSAT 226
• Monotype Corp., Plc. vs. International Typeface Corp., 43 F.3d. 443 (9th Circuit
1994)
• R. K. Malkani vs. State of Maharashtra 1973 AIR 157, 1973 SCR (2) 417
• Ronald, vs. Standler (1999)
• Sanjay Singh Ramrao Chavan vs. Dattatray Gulabrao Phalke, Criminal Appeal No.
97 OF 2015
• Selvi & Ors. vs. State of Karnataka (Crl. Appeal 1267 of 2004)
• State of Karnataka vs. Chandrasekhar CRIMINAL PETITION No.6894/2021
• State of Tamil Nadu vs. Suhas Katti C No. 4680 of 2004
• Sunil Panchal vs. State of Rajasthan (2016 Crilj 4238 [Raj])
• Yusuf Ali Esmail Nagree vs. State of Maharashtra 1968 AIR 147, 1967 SCR (3)
720

vii
 LIST OF ABBREVIATIONS

• “ACFE Association of Certified Fraud Examiners

• AGM Assistant General Manager
• Apps Applications
• AQR Asset Quality Review
• ATM Automated Teller Machines
• BIS Bank of International Standards
• CERT Computer Emergency Response Team or
• CRR Cash Reserve Ratio
• CVV Card Verification Value
• DoS Denial-of-Service
• DDoS Distributed Denial-of-Service
• E-Banking Electronic Banking
• ECS Electronic Clearing Service
• ED Enforcement Directorate
• EFT Electronic Fund Transfer
• E- Wallets Electronic Wallets
• FBI Federal Bureau of Investigation
• FCNR Foreign Currency Non-Resident
• FDI Foreign Direct Investment
• FDIC Federal Deposit Insurance Corporation
• FEMA Foreign Exchange Management Act, 1999
• FinTech Financial Technology
• KYC Know Your Customer
• LOU Letter of Undertaking
• MD Managing Director
• MICR Magnetic Ink Character Recognition
• MSME Micro, Small & Medium Enterprises

viii
• NBFC Non-Banking Financial Companies
• NCLT National Company Law Tribunal
• NCRB National Crime Records Bureau
• NEFT National Electronics Fund Transfer
• NPA Non-Performing Assets
• RBI Reserve Bank of India”

ix
 ABSTRACT
Every nation's economic growth is significantly influenced by the role that banks play. The
economy would not function without its banks. The bank is not only an institution but also
one of the fundamental requirements of humans in the modern day. Everyone has a need
for banks, and our identity is established via our bank accounts. The financial sector in
India is undergoing rapid expansion and change at an alarming rate, with new laws, rules,
and regulations being implemented almost on a daily basis. The reserve bank of India
exercises oversight over the Indian banking system and has system holdings. In the modern
day, bank accounts are considered to be human common things; hence, they may be utilised
whenever and whenever. The banker has observed and analysed the desires and satisfaction
of the client, such as rapid changes in the method transaction channels such as ATM,
balance inquiry, online banking, mobile banking e cheque, electronic money transfer, credit
cards, debit cards, smart cards, and payment banks. The Indian bank began operations in
the post office sector in addition to establishing a number of payment banks. Since the Post
Office Department is now employing banking services, this indicates that the Indian
Banking Sector is undergoing significant transformation and expansion.

x
 CHAPTER 1- INTRODUCTION

1.1. INTRODUCTION

The growth of India’s banking industry can be traced back to reforms made in the final
decade of the last century that made the market more accessible to private and foreign
investment. Financial dealings have gone digital over the past two decades. The
introduction of ATMs, online/mobile banking, and more recently payment
gateways/aggregators have revolutionised the way we conduct financial transactions.
Instead, globalisation and technological progress have changed the face of fraud in India
and around the world. Concerns about regulation and prevention have been raised as new
forms of fraud have emerged to replace older ones.1

Because of the increased reliance on technology in modern banking, both internal and
external fraud have increased. Mobile banking, payment banks/aggregators like PayTM,
and payment gateways like Citrus Pay, and CC Avenue have all seen rapid growth in India,
making banking activities and other payment options more accessible but also increasing
the risk of fraud.

Banking has always played a crucial role in any nation’s economic development because
of its central role in trade and commerce. Moneylenders and merchants, who provided
financial services before the advent of the organised banking sector, were often unchecked
and prone to fraud and corruption. The establishment of the Bank of Bombay in 1720 and
the Bank of Hindustan in 1770 marked the start of the modern era of banking in India.
Since then, banking has drastically changed, moving from being passive stewards to active
promoters of economic growth. Nowadays, businesses and investors can easily transfer
money thanks to the modern banking system. Financial institutions such as banks and credit
unions provide a wide range of services to the government, as well as to individuals, small
businesses, and multinational corporations. Banking and financial institutions are the
economic engines that power any country’s financial sector. With an increase in both
opportunities and potential fraud risk areas, this new role carries heavier burdens of

1
Bessis, Joel, “Risk Management in Banking.” Third Edition, John Wiley & Sons Ltd. (2010).

1
responsibility and accountability for the financial sector as a whole. Large-scale bank
investments in corporations and businesses come with an increased risk of internal and
external fraud on top of the usual business risks. A brief overview of banking in India is
provided by the RBI, which was established in 1934 with the goals of regulating the
monetary system, ensuring monetary stability, and managing the nation’s credit system.2

After the RBI was nationalised in 1949, other banks in operation at the time were also
nationalised in 1969 and 1980, ushering in a period of profound change that saw banks
pivot from serving purely commercial interests to aiding the welfare state and promoting
economic growth. Another shift in the banking sector’s paradigm occurred as liberalisation
policies were put into effect in the final decade of the twentieth century. Banks had to keep
up with the various banking standards adopted and utilised by global competitors, in
addition to the rapidly changing technological landscape. Digital banking (or E-Banking)
has largely superseded traditional banking in recent years. E-Banking provides a number
of channels through which customers can complete a range of banking tasks. In the
beginning, some private banks only allowed limited access to e-banking features like
checking account balances and similar functions. All banking services, both public and
private, are now available digitally via a variety of channels (e.g., online banking,
telephone banking, etc.) and are therefore fully computerised.3

To “receive deposits of money from the general public for lending or investing the same
and which is repayable on demand or otherwise to the depositors” is outlined in Section
5(b) of the Banking Regulation Act of 1949 as the interpretation of banking. Financial
institutions are granted permission to conduct additional business activities in Section 6 of
the Act.

It is crystal clear from the provisions of the aforementioned Act that banking today entails
far more than just deposits and loans. The banking industry’s enhanced efficiency has led
to a general improvement in business practices. Indian financial institutions were also

2
Ghosh, Amalendu “Managing Risks in Commercial and Retail Banking.” Singapore, John Wiley & Sons
Ltd. (2012).
3
Ibid

2
compelled by globalisation and liberalisation to become more familiar with global banking
standards.

India entered a new technological and economic era in the last decade of the twentieth
century. Nowadays, technology is not only fundamental to our daily lives but also the
bedrock of all commercial endeavours. The banking sector has heavily invested in
technology, expanding the range of available channels for customers to make their financial
dealings with complete ease. FinTech, which refers to any technological advancement in
the financial services industry that makes use of Information Technology (IT), is now a
major factor in the way banking operations are carried out in areas like asset management,
borrowing and lending, payments and settlements, insurance, and so on. Payment
aggregators and gateways are two examples of cutting-edge technology that have sped up
the settlement and processing of retail and wholesale payments.4

Respectfully maintaining pace with the rest of the world, India has advanced and adapted
to technological advances in banking operations. The rapid but commendable shift from
traditional, manual banking, in which the bank required customers to make personal
appearances premises for any transactions, to modern digital banking in India, has been
complicated by the layering of systems, the introduction of new risks, and the proliferation
of E-Banking frauds. The increased reliance on automated systems increases the risks of
internal and external cybercrime or fraud and results in the need for frequent upgrades to
keep up with rapidly evolving technology and the complexity of integrating different
platforms.

According to studies, fraud is among the most typical examples of white-collar crime. Most
legal systems classify fraud as a tort, a crime, or a breach of contract; however, a
universally accepted definition is more elusive. In these situations, “fraud” is defined as
“any act where misrepresentation or deception is used to obtain an unfair or unlawful
advantage” or “anytime a person or business intentionally deceives another by promising

4
Shah, Mahmood, “E-Banking Management: Issues, Solutions and Strategies,” New York, Information
Science Reference. (2009

3
goods, services, or financial benefits that do not exist, were never intended to be provided,
or have been misrepresented.”5

Innovations and Know Your Customer (KYC) discussions based on the foregoing, any
fraudulent activity perpetrated within the banking industry is collectively referred to as
“banking fraud,” even if it involves negotiable instruments, loan accounts, securities,
insiders, outsiders, conventional or cutting-edge technological methods, embezzlement,
forgery, falsification of accounts, account skimming, etc.

Money transfers, payments, and settlements, as well as data on the many accounts they
keep, and any other type of financial service, are all dependent on the internet and online
transactions for their day-to-day operations. Fraud involving the use of technology has
increased noticeably as the service delivery model has shifted. Traditional banking services
and technology have begun to converge in this industry. Due to social media’s increased
efficiency, mobile banking’s decreased costs, and payment gateways’ expanded reach,
banks are increasingly demanding that their customers use these cutting-edge technologies.
However, fraudsters have found a new way to take advantage of technological
developments and vulnerabilities in technology-based banking systems as acceptance and
customer use of such banking has increased.

PROBLEM ON HAND:

Despite all of the benefits of e-banking, technological advancement has presented the
banking industry with a number of challenges. Operational risks, technological issues,
security issues, and legal issues are the primary causes of the numerous problems
encountered when using e-banking services. Unauthorized data access, data theft by
hackers, and data loss or damage caused by viruses are just a few of the many security
issues that people face. The online banking system is undergoing maintenance issues.
Inexperienced personnel are required to manage the electronic banking system. In addition
to enhancing the likelihood of committing e-banking fraud, problems with literacy and a
lack of computer literacy also increase the likelihood of committing such crimes. If salami
attacks are possible, funds may be fraudulently transferred from one person's account to

5
Walter, V. Bud and Haslett Jr., “Risk Management.” USA, John Wiley & Sons, Inc. (2010).

4
the fraudster's account using specialised software. E-banking has provided customers with
convenient banking services and made their lives easier, but it has also introduced new
risks that could affect the banks' profitability, capital, and reputation, as well as cause
customers to incur financial losses. These risks may also present bank executives with a
number of risk-related challenges. The lack of qualified personnel to manage the system
for providing e-banking services is one of the challenges facing the e-banking industry.

Due to the universal accessibility of internet banking, there are no geographical restrictions.
Internet banking services have an unlimited geographical reach. As a result, it is difficult
to identify and control criminals who commit fraud via online banking.

In order to reduce the incidence of e-banking fraud in India, preventative measures are
necessary. Moreover, laws, rules, and regulations must be written correctly. There are
regulatory and supervisory challenges associated with the banking industry's adoption of
new technology. Cross-border banking transactions exacerbate these difficulties because
they raise jurisdictional and legal issues that must be addressed when addressing or
resolving e-banking fraud cases. Although there are legal provisions in place to combat e-
banking fraud, modifications will be necessary because it is possible that as more people
use e-banking services and e-banking activity expands, new legal issues will emerge. Legal
concerns should address all e-banking issues, and each of these issues must be resolved.
All crimes should be punished severely enough to deter criminal behaviour in the future.6

If you violate or fail to comply with established rules and regulations, you expose yourself
to legal risk. Inaccurate application of the law can occasionally result in legal
complications. The cyber laws of India are inadequate to combat e-banking-related crimes.
There is a chance that the laws and regulations of multiple nations or states will overlap
due to the internet's expanded geographic reach. Different states and nations are subject to
different laws. Consequently, the question is which laws ought to be applied to cross-border
issues or frauds. In an internet banking service system, banks have limited discretion to
stop payments based on customer instructions. The United Kingdom has more codified
laws governing e-banking services than India. The Electronic Funds Transfer Act is a

6
Ibid

5
United Kingdom statute governing electronic money transfers. Developed nations, as
opposed to developing nations such as India, also have more advanced data protection laws
pertaining to maintaining the privacy of customer personal information. Internet banking
has numerous benefits, but it also has some drawbacks. Using various techniques such as
hacking, cracking, etc., a large number of fraudsters have discovered and successfully
exploited online banking accounts. Fraudsters gain access to the user's computer system by
compromising the Internet service provider's address, Domain Name Server, etc. They then
gain access to and steal sensitive data and information, which they use to generate
substantial profits from the victim's bank account. Hacking is possible from any location
on Earth without fear of being discovered. This issue can be resolved only through the use
of superior technology, regular technological advancements, and efficient and effective
legislative measures.7

The problem persists because the existing legal provisions are ineffective against the
fraudsters who commit these types of frauds, despite the fact that many steps have been
taken to stop these types of activities through legal provisions.

A hacker is a person who engages in hacking. A hacker, also referred to as a computer

expert, gains access to a user's computer by breaking into it and stealing information that
can be used to commit fraud and cause financial losses. Utilizing online banking is fraught
with peril. If the password or other user information is compromised, hackers can gain
access to the user's account and use the information they obtain to commit fraud against
the user, costing them a significant amount of money. By the time customers receive their
bank account statements and discover unauthorised transactions, it will be too late and
difficult to locate the fraudster.

Internet banking requires the user's identification to confirm that the website is authentic
and secure. If a user logs into a fraudulent website, the fraudster gains access to the user's
login credentials and can then access the user's account. A user can manage his account at
a cybercafé if he does not have access to the internet at home. If network connectivity is
lost during a transaction and it is only partially completed, there is a significant risk of data

7
Singh, S. (2007). “Banking Sector Reforms in India.” New Delhi, Kanishka Publishers.

6
leakage if the transaction is left in this state. Another reason is that if a user forgets to log
out after completing a transaction while using internet banking services at an internet café,
a fraudster may still be able to commit fraud. Customers can prevent this by taking simple
precautions, such as keeping their user ID and password to themselves. However, many
customers are unaware of these precautions, and even those who are aware are careless
when using the internet banking services at cybercafés.8

In the banking sector, technological innovation coexists with difficulties. The most
prevalent problem is legal and security-related. In response to the rise in e-banking fraud
cases, the Reserve Bank of India, in its capacity as regulator and supervisor, has issued
fraud prevention guidelines. The Reserve Bank of India also advises banks on how to
prevent fraudsters from committing e-banking fraud and periodically issues new guidelines
in response to changing circumstances.

The Reserve Bank of India has also advised banks to identify vulnerabilities in the e-
banking system and determine the root causes of e-banking fraud, so that other banks are
aware of and able to control fraudulent activities in the e-banking system. All Indian banks
fail to implement legally mandated safeguards for e-banking in a complete and effective
manner. India has not yet ratified any international cybercrime treaties, which makes it
difficult to identify and track fraudsters. Legislation regarding customer privacy laws,
protection laws, and regulatory laws pertaining to e-banking services is murky due to the
fact that numerous cybercrime-related issues have not been resolved or are still in the
works.9

The laws governing e-banking are still in their infancy; they require polishing, the
elimination of ambiguities, and the clarification of the laws governing e-banking services
and systems. Only then will we be able to use the e-banking system risk-free and have
complete control over e-banking frauds, preventing financial losses due to e-banking frauds
and enabling customers to use e-banking services easily, safely, and securely.

8
Adrian, Sparrow “A Theoretical Framework for Operational Risk Management and Opportunity
Realization,” Treasury Working Paper (1999).
9
Singh, S. (2014). “Management of E-Banking Risks in India.” New Delhi, DBH Publishers.

7
If the employer credits the employee's account directly with the salary, the employee is not
required to maintain the account. The salary account will be converted to a savings account
with a minimum balance requirement if the employee leaves their position or if money has
not been deposited for three consecutive months.

People who frequently change jobs should be aware of this because it is possible that they
forgot to close the account when they changed jobs and could face severe penalties for
failing to maintain the required minimum balance in the account, resulting in customer
losses. As technology within the banking industry advances, customers are now faced with
the issue of direct fund transfers through electronic banking.

Criminals who engage in e-banking frequently use computers to commit fraud and obtain
sensitive data and information, which they then exploit to cause harm to individuals,
businesses, and other entities. The Information Technology Act of 2000, which included
e-commerce-related legislation, was passed in India. Consequently, it applied to e-banking
fraud crimes.

This Act does not state explicitly that hacking is a crime; rather, it investigates the situation
and determines whether or not a guilty mind existed in cases of hacking. Employees are
frequently involved in internal hacking. Under Section 66(b) of the Information
Technology Act, hacking is punishable by fines of up to two lakh rupees and three years in
prison. The Information Technology Act of 2000 contains no provisions specifically
addressing ATM fraud.10

There is no current trend towards banking fraud in Indian society. Since the time of
Kautilya's Arthashastras, banking fraud has been a problem. These frauds occurred during
the manual banking process, which the implementation of E-banking was intended to
reduce. On the other hand, fraudsters have found a way to commit fraud using the E-
banking system. E-banking fraud-related cybercrimes are another type of offence that is
committed. Since hackers and phishers have discovered a way to steal data online, they are

10
Ahmad, Raza Bilal; Noraini, “Remodelling of Risk Management in Banking: Evidence from the Sub-
Continent 180 and Gulf,” The Journal of Risk Finance, 14 (5), 468-489 (2013).

8
now committing fraud with these techniques. Swindlers figure out how to execute their
cons before technology advances.11

In 2012, banks reported 8,322 instances of cyber fraud, including credit card, internet
banking, ATM, and debit card fraud. However, many more instances of e-banking fraud
go unreported.

ICICI banks in the private sector reported the most cases (3,428), while IDBI banks in the
public sector reported. With the rapid development of technology, e-banking fraud is
increasing daily, resulting in monetary losses and harming the Indian economy. Whether a
society is developed, developing, or underdeveloped, e-banking fraud exists. Mumbai is
the nation's leader in banking fraud.12

Due to high costs, banks are hesitant to implement security measures; investigations of e-
banking fraud cases are not completed properly, and suspects are released due to
investigators' lack of knowledge and skill; and territorial jurisdiction barriers impede the
prosecution of criminals. Investigating and locating fraudsters across borders is difficult.
India ranks third in terms of online malware attacks, behind Japan and the United States.

Due to a lack of trained and skilled personnel to manage e-banking systems, fraud can be
easily committed. 2013's. Private sector banks reported more cases than public sector
banks, according to the study. In the first three quarters of 2015, debit and credit card fraud
in Mumbai increased by nearly 90 percent compared to the same period in 2014. Crime in
Mumbai increased by 51% between January 2015 and September 2015, according to police
statistics.13

There are a growing number of cases of online cybercrime in the banking industry because
many people who are exposed to the internet banking system do not fully comprehend it
and the dos and don'ts of using e-banking services.

11
“2023 Cyber Security Statistics Trends & Data” (PurpleSec) available at
<https://purplesec.us/resources/cyber-security-statistics/> accessed April 6, 2023
12
“Cyber Threats in The Banking Industry” available at https://www.archonsecure.com/blog/banking-
industry-cyber-threats accessed April 6, 2023
13
“India: Number of Cyber Crimes Related to Online Banking 2021 | Statista” (Statista) available at
https://www.statista.com/statistics/875887/india-number-of-cyber-crimes-related-to-online-banking/
accessed April 6, 2023

9
Despite the fact that many individuals use online banking, they lack knowledge of the
technology. The issue is either their lack of education or the inadequacy of the safety
measures. The mobile banking application is completely insecure. Card cloning is the most
common method of data theft. Another type of fraudulent caller is a vishing caller. While
impersonating a bank representative, the caller requests the customer's PIN and credit or
debit card information. They threaten to cancel the client's card if the requested information
is not provided. Numerous individuals from all social classes have fallen victim to these
strategies. All banks are required to file complaints on behalf of their customers with the
appropriate agency, but none do. Despite its global territorial scope, local law enforcement
disregards online crime as a minor issue. There are no significant efforts to locate and
apprehend fraudsters because they are typically located outside of India. Even in India,
cybercriminals are rarely convicted.14

In 2014, there were one hundred credit and debit card frauds in Mumbai; in 2015, there
were 190. These numbers come from the Mumbai Police Department. In 2015, only five
criminals were arrested, as opposed to ten in 2014. Instances of phishing rose from 76 in
2014 to 102 in 2015.15

Fraud is defined as any dishonest act in which one party gains an advantage over another.
For victims of fraud, losses can be either direct or indirect.

The definition of white collar crime is fraud in the banking industry. More banking frauds
are committed daily. As a result of technological progress, white collar crime has increased
in the banking industry.

Criminals communicate with their victims via multiple channels, such as email and job
search websites. Young people seeking employment may, for instance, visit multiple
websites and, in the hope of obtaining employment, voluntarily provide their personal
information to con artists by responding to questions on employment applications that

14
Brooks C, “Cybersecurity Trends & Statistics For 2023; What You Need To Know” (Forbes, March 5,
2023) available at https://www.forbes.com/sites/chuckbrooks/2023/03/05/cybersecurity-trends--statistics-
for-2023-more-treachery-and-risk-ahead-as-attack-surface-and-hacker-capabilities-grow/ accessed March
16, 2023
15
Ibid

10
request this information. Some job search websites also request sensitive data, such as bank
account numbers.

However, the Indian Penal Code defines similar offences, such as deception and forgery.
Unlike typical thefts and robberies, victims of banking fraud suffer losses in the lakhs and
crores of rupees. As technology progresses, the number of banking frauds in India increases
daily. A bank fraud can be perpetrated by both insiders and outsiders.

Once a transfer is made, it may be difficult or impossible to undo it. It is possible that bank
employees or insiders lack the knowledge or experience required to transfer funds using
the e-banking system. If this occurs, the employee may make a costly mistake for the
clients.

A small percentage of bank employees are dishonest and frequently disclose personal
customer information to an unidentified third party who is actually a fraudster. The
information obtained by the con artist is utilised in the development of his scheme. The
fraudster obtains debit and credit cards by using a customer's name and other personal
information obtained from a bank employee.

Using credit cards for fraudulent purposes: Credit cards, also known as plastic money,
consist of three plastic sheets. The term “core stock” refers to the centre sheet of a credit
card. The information about the cardholder is embossed on the credit card.

Credit card fraud can take various forms, such as the creation of duplicate credit cards, the
manipulation or alteration of real credit cards, and the acquisition of real credit cards by
fraudsters who submit phoney applications with real people's addresses.

As a result of technological advancements and the rise in e-banking and mobile banking
usage, credit card fraud is becoming increasingly prevalent and costly for its victims.

Card-skimming particulars: The seller steals the credit card information of the buyer and
uses it fraudulently. While a criminal copies the card's magnetic stripe, a hidden camera
captures the number embossed on the card's face. Occasionally, con artists install these
devices and concealed cameras at public ATMs. A fake card reader would read the
magnetic stripe, while a hidden camera would attempt to record the PIN. The fraudulent

11
machine will then be disassembled, and the information obtained will be used to create
duplicate or new cards that can be used to withdraw money from the victim's bank account
using an ATM.

Via phishing emails impersonating online banks, users are directed to fake websites that
make it appear as if they have logged into legitimate websites. This fraudulent website
requests the user's personal information. Using the information obtained from the
fraudulent website, additional frauds that cost the victims money are planned at a later date.
In addition, numerous Trojan horse programmes are used to spy on internet users while
they surf the web and collect sensitive information, which is then sent to external websites.
Once again, these details and information are used to plan e-banking frauds. Emails that
appear authentic and pose as requests for verification are used by cybercriminals to solicit
personal information. This method of acquiring and misusing data results in substantial
monetary losses.

Spoofing is the process of creating a website that closely resembles the original, including
the same name, logo, and other elements, and then requesting the user's login information.
The hacker acquires the user's information and then uses it to commit crimes or financial
fraud.

Phone phishing occurs when customers are called to report problems with their bank
accounts and are asked for their password and identification information. The information
is then used to cause the clients significant financial losses.

Viruses are used to steal information. In order to commit fraud, viruses steal data from a
user's computer and insert it into the computer system. Data encryption, cryptography,
firewalls, hardware and software controls, data capture and output restrictions, and network
security are all methods for addressing security issues. The RBI formed a working group
to investigate the various aspects of internet banking. The Reserve Bank of India agreed to
implement the recommendations made by the group. According to RBI regulations, banks
are responsible for compensating clients who have lost money as a result of e-banking
frauds, because, in the RBI's view, banking institutions failed to provide customers with
safe and secure e-banking services. E-banking raises security concerns in some ways. It
may create a hazardous environment for systems that are isolated. Three types of security

12
breaches have been identified. Which are: violations with intent to commit a serious crime
(fraud, theft of private information or of financially sensitive data).16

Threats posed by hackers include denial-of-service attacks and website hacking. In this
case, it allows the hacker to view websites. Moreover, configuration and design flaws make
it easy for a fraudster to breach the system's security. The government has made an effort
to address legal concerns by publishing Reserve Bank of India (RBI) guidelines, which
must be followed by all Indian banks offering e-banking services. Banks are required,
among other things, to use public key infrastructure, implement logical access control
measures such as user IDs, passwords, or other biometric technologies, and monitor
password guessing attempts with the assistance of a security officer, according to rules
published by the Reserve Bank of India. Banks must update their technology on a regular
basis and educate their customers on safe e-banking practises. To prevent such frauds,
banks must raise public awareness about e-banking fraud and the importance of taking
preventive measures. This RBI directive has only been implemented in a few states,
including banks in Tamil Nadu, Karnataka, Maharashtra, Gujarat, and others. Some banks
profit at the expense of their customers by promoting unsecure technology. Banks have
implemented the Reserve Bank of India's safety precautions and guidelines, but because
technology is constantly changing, banks must continue to take action to introduce new
security precautions on a regular basis.

Later, the Information Technology Bill was introduced in order to address various types of
cybercrime and give digital signatures legal standing. After the bill was passed, the
Information Technology Act went into effect. In the year 2000, the Information
Technology Act was enacted. Because fraudsters were committing more crimes, the IT Act
of 2000 was enacted. The Information Technology Act is insufficient to prevent e-banking
fraud and contains some flaws.

A body corporate is required to pay compensation if it fails to protect sensitive personal

data that it has in its possession, uses, or manages on a computer resource that it owns,
controls, or operates, according to the Information Technology Amended Act of 2008. New

16
“166 Cybersecurity Statistics and Trends [Updated 2022]” available at
https://www.varonis.com/blog/cybersecurity-statistics accessed March 16, 2023

13
offence categories and punishments were also added. The amended act is ambiguous and
does not cover many new offences. There are also issues with jurisdiction, evidence
gathering, and interpreting the provisions provided, all of which favour the accuser and
prevent victims from receiving justice. The Indian Evidence Act of 1891, the Banker's
Book Evidence Act of 1891, and the Indian Penal Code were all amended. Overall, laws
are not strong enough to help victims of e-banking fraud.

There are gaps in the existing laws, and changes are required to ensure the safe and secure
use of technology in the banking sector. While few banks have attempted to implement
preventive measures, the number of cybercrimes in the banking sector is increasing year
after year. Only a few sections of the Information Technology Act address cybercrime in
the e-banking industry. It is critical to raise public awareness of e-banking frauds, their
consequences, and the precautions that consumers should take through a variety of
campaigns. Despite the fact that banks are legally protected, both customers and banks are
targets of e-banking fraud. Given the aforementioned, the topic under study will be
explained, along with a situational analysis of India and its applicability. It is critical to
address the consequences of e-banking fraud, and this thesis can help. The researcher wants
to show how frequently thieves commit e-banking fraud and how much attention
lawmakers have given this issue. How well banks have followed the law, and how well
customers are aware of e-banking frauds, protective measures, and the importance of dos
and don'ts when using e-banking services.17

Extensive research on a variety of topics has focused on the problem of e-banking frauds
and the monetary losses suffered by victims. The thesis's goal is to populate the
hypothetical Act with knowledge from various Acts and Legislations, thereby expanding
and improving the law pertaining to e-banking frauds. A critical examination of the laws
and regulations governing e-banking fraud is required in order to find a solution to the
demographic problem that plagues much of India and beyond. Laws cannot be enforced
unless they have widespread support. This is supported by the government's inability to
strictly enforce laws and monitor e-banking fraud. Fieldwork should look for preventative

17
“Cybercrime To Cost The World $10.5 Trillion Annually By 2025” (Cybercrime Magazine, February 21,
2018) https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/ accessed March 16,
2023

14
measures that banks and customers can take to find problem-oriented solutions that
legislators can adopt and that fill theoretical gaps. If this is not done, India will suffer
significant financial losses, affecting the Indian economy. Banking fraud has been a
problem for a long time. Even if it is initially impossible to completely eradicate, taking
precautions can help. Banks are working to educate their clients about e-banking frauds by
providing advice on preventive measures they can take; however, because most people are
still unaware of these frauds, it is difficult for them to understand the importance of taking
preventive action. Banks are now attempting to educate their employees on how to use the
system. Despite significant technological advancements that have aided the nation and its
economy, e-banking fraud has slowed the country's economic growth. Instead of being
properly utilised, the benefits of technological advancement are being abused to commit
crimes by fraudsters. Thousands of cases in India have yet to be registered for a variety of
reasons. Banks lack an effective risk management system. Banks must begin developing a
risk management system to ensure the safety of customer funds. Banks are the custodians
of their customers' funds, so they must maintain security by taking preventative measures.18

To mitigate the effects of e-banking fraud, it is necessary to raise awareness of the

precautions that should be taken. Customers and banks alike must exercise caution. Banks
must explain to customers the consequences of e-banking fraud, as well as the various
preventive measures that can be used to address these issues. Furthermore, banks must
emphasise the importance of caution to their customers. The study's goal is to determine
how much the general public is aware of e-banking frauds, the need for prevention, and the
negative consequences of inaction. In order to have a safe and secure e-banking service
system, it is necessary to reduce e-banking frauds through the implementation of preventive
measures. This will eventually boost customer confidence, leading to an increase in the use
of e-banking services, which will aid the nation's overall development and economic
growth. In India, e-banking is a relatively new concept. Despite its rapid development,
technology is not always dependable or secure. The majority of hacking occurs at the initial
stage, when offenders attempt to access the bank website by breaking into the banks' and
customers' internal systems. Because hackers are always one step ahead of technology,

18
“Hacking Statistics to Give You Nightmares” available at https://dataprot.net/statistics/hacking-statistics/
accessed March 20, 2023

15
banks have yet to develop a completely fool proof security system. According to statistics,
only 4,911 of India's approximately 45,836 banks are fully computerised. E-banking in
India is still in its early stages, as evidenced by the fact that there are fewer ATMs than in
the United States.19

1.2. REVIEW OF LITERATURE

Dr. A. Prasanna, “Cyber Crime: Law and Practice”, she essentially covered a wide range
of cyber frauds and the numerous cases associated with them. Her article demonstrates
unequivocally that the Information Technology Act of 2000 does not adequately protect
against cyber fraud. As a result, it is clear that the Indian Penal Code may cover some types
of cybercrime. Despite the fact that there are numerous laws and acts, we can say that they
need to be updated in order to stop the alarming rise in crime.

Seema Goel, “Cyber-Crime: A Growing Threat to Indian Banking Sector”, The legal
system needs to re-evaluate how to deal with the new forms of cybercrime that target
financial institutions. To put it simply, cyber attackers will always act for financial gain.
Law enforcement agencies need to come up with new strategies to combat cyber fraud
before it's too late, as it raises a number of legal issues for regulators.

Shewangu Dzomira, in his article “Electronic Fraud (Cyber Fraud) Risk In The Banking
Industry, Zimbabwe”, the difficulties presented by various forms of electronic banking
fraud were discussed. Although people appreciate the conveniences that technology has to
offer, all too frequently that very technology turns people into its victims. Technical
limitations, a lack of customer education, and the absence of safeguarding laws present
challenges for banks. The paper identified a number of different types of electronic fraud,
but there was little discussion of what constitutes a fraud.

Liaqat Ali, Faisal Ali, Priyanka Surendran, Bindhya Thomas, in “The Effects of Cyber
Threats on Customer’s Behaviour in e-Banking Services,” demonstrates how important a
concern cybercrime is for the global online banking industry. All banks must be aware of
the risks posed by cybercriminals and have put in place sufficient security measures if they

19
“Hacking Statistics to Give You Nightmares” available at https://dataprot.net/statistics/hacking-statistics/
accessed March 20, 2023

16
are to maintain the success of their operations. Understanding the tactics and strategies
cybercriminals use to commit fraud is essential for identifying the security threat. This
study paves the way for more investigation into the various fraudster tactics in the future.

Soni R.R. and Soni Neena, in “An Investigative Study of Banking Cyber Frauds with
Special Reference to Private and Public Sector Banks”, In contrast to the public sector's
unwavering adherence to tried-and-true methods, private banks' lax adherence to the
security mechanism in question. The study looks at how common bank fraud is in both
public and private institutions and concludes that the latter are more likely to be the target
of fraud.

Sanchi Agrawal, in “Cyber Crime in Banking Sector”, that cyber crime has remained a
persistent issue despite technological developments that have enabled banks to offer more
services and better facilities. Even though a cyber cell has been established, she continues,
people in rural areas are less likely to report crimes because they are unsure of where or
how to do so. She also discusses the shortcomings of the IT Act when talking about
extraterritorial jurisdictional issues. Studies, however, have not indicated that the
provisions of the IT Act should be changed.

Ompal, Tarun Pandey, Bashir Alam, “How to Report Cyber Crimes in Indian Territory”,
highlights the shift from physical threats to cybercrime as a concern in the banking industry
and includes a discussion of the various amenities that banks offer as a result of
technological advancement in the banking sector. The various Indian and international
organisations fighting cybercrime are examined in this paper. India's CERT-IN (Computer
Emergency Response Team) (Indian computer emergency response team).

1.3. STATEMENT OF PROBLEM

Since so many people put their trust in banks to store their cash and savings, this type of
crime is especially perilous. While there are certainly advantages to online banking, it has
also opened the door for fraudsters to engage in a wide variety of scams that cost banks a
lot of money. Unauthorized use of personal information, access control issues, a lack of
cyber security awareness among both customers and employees, money laundering, and
governance concerns are just a few of the legal, regulatory, security, and operational

17
challenges that arise from developing e-banking technologies. Risks associated with e-
banking services result in monetary and reputational losses for banks, requiring constant
policy reviews by lawmakers, regulators, and management.

1.4. OBJECTIVES OF THE RESEARCH

• Examining the various manifestations of cyber fraud in India is the central focus of
the study.
• to recognise the different banking procedural errors that occur in e-banking
activities.
• to research the flaws in current laws and their inadequacy to control the expanding
problems and worries of cyberfrauds in banking.
• determining whether international laws are adequate to address cybercrimes related
to electronic banking, particularly in transnational matters, and suggesting legal
reforms from a global perspective.
• To suggest measures that can be taken to efficiently combat cyber fraud.

1.5. RESEARCH QUESTIONS

• What is the regulatory framework of banks in India?
• To what extent do different forms of cybercrime in India contribute to online bank
fraud?
• If the term “cyber fraud” were to be used without reference to any particular legal
definition, what specific characteristics would be used to describe it?
• What mechanism exists to ensure perpetrators of cyber fraud are investigated and
brought to justice in the absence of a statutory definition of cyber fraud? What
procedures do law enforcement agencies follow to gather digital evidence in the
event of a cyber fraud investigation?
• Despite the fact that banks are upgrading their security systems under RBI's
supervision, what are the root causes of various procedural lapses in e-banking, and
how far can RBI guidelines protect bank customers from Cyber fraud?

18
1.6. HYPOTHESIS
The study’s premise is that the inability of the existing legislative and regulatory
framework to keep up with the rate of the platform and technological evolution renders it
ineffective in preventing and reducing the incidence of fraud in e-banking services.

1.7. RESEARCH METHODOLOGY

The researcher is conducting the research in accordance with strict doctrinal principles. I
specifically reviewed a number of acts, legislations, regulations, notifications, and orders
issued by RBI over time, as well as case studies, conventions, laws, and rulings from
various countries. When talking about the study's supplemental materials, including books,
articles, journals, etc. I also cited a number of judgements rendered by Indian and foreign
courts regarding instances of online bank fraud, such as phishing, cheating, credit/debit
card frauds, vishing, etc.

1.8. SCHEME OF CHAPTERISATION

The research is broken down into five chapters that cover topics like banking sector fraud,
insider risks in e-banking services, the legal framework in India, and the country’s response
to the issue.

Chapter 1: INTRODUCTION

In this chapter we are introduced to the banking industry, common banking sector frauds,
and the crucial role that insiders play in the successful execution of fraudulent schemes.
This chapter takes a look at the existing body of literature that serves as the basis for the
Research. It states the hypothesis and explains the study’s aims, parameters, and
restrictions.

Chapter 2: CONCEPT OF CYBER-CRIME AND PREVENTIVE MEASURES TO

CONTROL CYBERCRIME

In this chapter the concept of cybercrime and its classification is given. It deals with legal
regulations and preventive measures to control cybercrime. It elaborates on the
cybercrimes of the 21st century and what measures the government is taking to prevent the
rising new age of cybercrimes.

19
Chapter 3: MAJOR ISSUES IN INTERNET BANKING AND THE LEGAL
FRAMEWORK

In this chapter we explore the most pressing concerns surrounding online banking and the
regulatory framework put in place to address those concerns. Each theoretical concept is
backed up by an example study in this research.

Chapter 4: TECHNOLOGICAL CHALLENGES TO BANKING SECTOR IN

INDIA

This chapter delves into an essential topic: technology, which is no longer a luxury but a
necessity in the financial industry. It examines the various components of the banking
system of tomorrow. To ensure the free, safe, and secure conduct of banking business along
the highway, it would list some of the major aspects that, to my mind, appear to be the
road's cornerstones.

Chapter 5: CONCLUSION

In this chapter we discuss the finding of the study and concludes the research. The research
is summed up, key findings are highlighted, and suggestions for preventing fraud,
especially insider fraud in the banking industry

20
 CHAPTER 2- CONCEPT OF CYBERCRIME AND ITS
LEGAL REGULATION

2.1. CONCEPT & CLASSIFICATION OF CYBER CRIME

New types of criminal activity are on the rise due to the widespread availability of the
Internet. Some of them include “computer hacking, software piracy, online
paedophilia, industrial espionage, password cracking, spoofing, telecommunication
fraud, e-mail bombing, spamming, pornography, and the accessibility of illegal or
unauthorised items and services.” A number of brand-new problems have emerged in
recent years, including online credit card fraud, cyber terrorism, money laundering, and
unauthorised use of encrypted Internet connections. There is a significant danger of
unauthorised bank withdrawals and money laundering activities due to the present
inadequate electronic payment system, which lacks sufficient restrictions. The video
and phonographic industries are failing all over the globe, while software piracy is
increasing.20

The modes of committing the crime are evolving dramatically as the human mind
evolves daily. Criminals are leveraging their growing intelligence to devise ever more
sophisticated methods of committing crimes and evading arrest. No one foresaw
computers being a breeding ground for or facilitator of crime. “Father of the Computer”
Charles Babbage surely had no idea that his creation would one day be used for criminal
purposes or to do damage to society. The term “cybercrime” is often used to refer to
any wrongdoing committed through a compromised computer system. Incorrect
definitions of “cybercrime” have been widely used. No Act or Statute made by the
Indian Parliament provides a definition for this term. Cybercrime is conceptually
related to “real world” crime. Both include some kind of action or inaction that leads
to a breach of the law and, in response, the state imposes some kind of punishment.
Despite the fact that cybercrime is a relatively new sort of crime that began not long

20
Bachmann, Michael (2010). “The Risk Propensity and Rationality of Computer Hackers.” International
Journal of Cyber Criminology, 4 (1&2),

21
 after the introduction of computers, the issue has worsened as a result of the internet's
pervasive presence in modern life.

Conventional Crime:

Crime has always been a part of human society and the global economy. A criminal
offence is anything defined by the law. In legal parlance, a crime (sometimes spelt
“offence”) is “a legal error that may be followed by criminal conduct that may result in
punishment.” Lord Atkin once said that breaking the law was a defining feature of
criminal behaviour. Only by considering the kinds of behaviour that carry legal
penalties can we determine whether or not an act has criminal potential. To commit a
crime, one must first engage in conduct that is prohibited by law and whose infraction
carries criminal penalties.21

Cyber Crime:

Cybercrime is the newest and most complicated issue facing the online community at
large. The term “cybercrime” refers to any criminal act that takes place online and
involves the use of a computer in some way, with the “traditional” form of crime
serving as the “genus” for these online offences. The term “cybercrime” refers to any
unlawful activity that makes use of a computer, whether for the purpose of committing
an instrumentality target or as a means of maintaining more criminal activity. One
potentially all-encompassing definition of cybercrime is “unlawful action in which the
computer is either a tool or a target, or both.” Computers may be used to perpetrate a
wide variety of unlawful activities, including monetary theft, the selling of illicit items,
pornography, online gambling, theft of intellectual property, spoofing of electronic
mail, forgery, cyber defamation, and cyberstalking. Illegal acts that target computers
include, but are not limited to, “unauthorised access to the computer, theft of computer
systems or computer networks, unauthorised access to stored information in electronic
form, e-mail bombing, Salami attacks, logic bombs, Trojan attacks, Internet time thefts,
web jacking, theft of computer systems, and physical damage to computer systems.”22

21
International Journal of Cyber Criminology (ISSN: 0974-2891)
22
Chang, Jason V. (2004). “Computer Hacking: Making the Case for a National Reporting Requirement,”
Research Publication No. 2004-07, (4/2004).

22
 Distinction Between Conventional and Cyber Crime

Cybercrime and conventional crime seem to be same in that they both cause harm to at
least one party. But, after giving it some thought, we could decide that there is a clear
dividing line between classic crime and online fraud. When it comes to cybercrime, the
media itself serves as a dividing line. “ A computer-facilitated crime is defined as “a
crime perpetrated against a person or an entity using a computer.” Online or on a
computer network is where cybercrime takes place.23

Reasons for Cyber Crimes

Professor H.L.A. Hart in his classic work entitled “The Concept of Law has stated that
human beings are vulnerable to unlawful acts which are crimes and therefore, rules of
law are required to protect them against such acts. In the same vein, despite their
advanced nature, computer systems are very susceptible to attack.” This technology
may easily be used to deceive or exploit a person or his computer if one gains illegal
or unauthorised access. There's a chance the victim's life was negatively impacted in
more ways than one due to the exploitation of a computer system. Without a failsafe
system to protect innocent computer users, cybercriminals would continue to conduct
crimes over the internet without fear of being caught and brought to justice. The
following are some of the reasons why computers are vulnerable to cybercrime:24

• Huge Data Storage Capacity: The computer has the unique ability to store
massive amounts of data in a very small amount of space. In a CD-ROM, a little
microprocessor computer chip can hold lakhs of pages. This storage capacity
provides ample area to easily remove or derive information via physical or visual
means. Even if the power is switched off, any data stored in ROM will stay intact.
Regardless of the type of ROM utilised, the data saved inside is non-transitory and
will remain so indefinitely unless actively wiped or overwritten.

23
Mukherjee A, “Difference Between Cyber Crime and Conventional Crime in Tabular Form - Law Corner”
(Law Corner, March 5, 2023) available at https://lawcorner.in/difference-between-cyber-crime-and-
conventional-crime-in-tabular-form/ accessed March 20, 2023.
24
“How Cyber Crimes Differ from Traditional Crimes” available at https://www.eatmy.news/2022/11/how-
cyber-crimes-differ-from.html accessed March 20, 2023

23
• Wider Access to Information: Because it relies on complicated technology rather
than simple human acts, a computer is an electronic device. It is the widest range
of information resources available via big and extensive media which is the greatest
benefit of networking in the computer age. Networks are increasingly being used
by businesses to make information readily available to their employees, customers,
and other parties with whom they interact. This is why networking and cyber
activities are becoming more and more commonplace in today's information-driven
society. Because of the widespread use of the World Wide Web to disseminate
information, new avenues for quick and inexpensive global access to data have
opened up. Using email, chats, and downloads has ushered in a new era of
communication. With the advent of the internet, everyone may now communicate
with anyone else with just a single mouse click.
There are, however, some drawbacks to greater openness to information, such as
securing and protecting any computer system from unauthorised access, not owing
to human error, but rather because of the complicated technical manipulations
involved. When a bank vault, which often holds millions of rupees, is monitored by
security personnel and fashioned of extremely tough material, this makes it difficult
for thieves to obtain entry. To protect the Keys and/or access codes, only the Bank's
most trusted employees have them. When it comes to banking, even the strongest
firewalls and biometric verification systems can't protect the Bank's servers, which
contain hundreds of millions of rupees, from being hacked. Logic bombs and key
pictures can be used to steal a secret easily. Voice recorders can also deceive
biometric systems and undermine security measures because of their sophistication.
• The complexity of Computer Systems: The operating systems of the computers
are made up of millions of codes, and the operating systems themselves are made
up of millions of codes. At every point in the process, the human mind is susceptible
to error. This vulnerability is exploited by cyber thieves, who infiltrate the computer
system. Hackers are criminals who take advantage of the flaws in current operating
systems and security measures. There are several reasons why people fear hackers,
including their ability to compromise computer systems for personal benefit,
nefarious intent, and a desire to defraud or harm their victims.

24
• Negligence of Network Users: Human behaviour is intimately linked to the
prevalence of neglect in the world. Consequently, it is quite likely that the owner
or user of the computer system may make an error or neglect in securing the system,
allowing a cybercriminal to acquire access or control of the system without
authorization or consent. In the rush to get the computer software running,
computer users tend to overlook the importance of access, control, and security
measures, allowing cyber criminals to penetrate and steal, change, or destroy large
amounts of data. In particular, this is the case for large organisations, such as banks
and corporations or government offices that use sophisticated software systems for
public access but leave them vulnerable to information thieves or manipulators due
to the simple carelessness of their employees.
• Non-Availability or Loss Evidence: It has been supplanted by digital computer
processing and network technologies for the production, storage, transmission, and
distribution of information or records. The most pressing issue for law enforcement
and investigators is how to acquire and retain evidence. Cybercrimes are different
from other types of criminal offences in that gathering enough evidence to prove
an accused person's guilt beyond all reasonable doubt is much more difficult. It is
difficult to establish a criminal case against a cybercrime due to the anonymity that
is provided by the internet. This makes it easier for them to commit crimes without
leaving any evidence behind. Most cyber thieves destroy evidence to avoid being
caught, as seen by the low conviction rate for this type of crime.

2.2. LEGAL REGULATION OF CYBERCRIME

Salmond, a renowned English jurist, made the point that the purpose of law is to
control people's actions in society.

2.2.1. NEED FOR A CYBER LAW

Intellectual property violations, piracy, freedom of expression, jurisdictional issues,

etc. are just some of the many legal issues that have arisen as a result of the growing
importance of e-commerce and e-governance on the internet and other forms of
computer or digital processing devices, and they all require the multifaceted

25
 approach of the interdisciplinary legal community to resolve. Cyberspace
transactions of citizens inside a country's territorial jurisdiction provide a major
problem to law enforcement organisations because it lacks any physical features
such as sex, age, or gender. There are times when the conventional assumption that
an internet user is governed by local law does not apply because of the nature of
the issue, which is transnational in scope. Even in the early days of the internet, no
one imagined that it could be unintentionally utilized for criminal objectives by
internet users. An adequate legal framework and regulatory measures are needed to
combat cybercrime, which is rampant in cyberspace due to its anonymity and the
low probability that it will be caught, because of its prevalence.25

2.2.2. INTERNATIONAL AGENCIES FOR REGULATING E-

COMMERCE

The purpose of certain global organisations is to mediate conflicts and facilitate the
settlement of issues via international trade and electronic commerce. These are
some of the more important ones:

World Trade Organisation (WTO): While at Briton Woods, Hampshire, after

World War II, experts from all over proposed the creation of an international body
to bring economic order back by harmonising tariffs and trade, as well as resolving
global monetary issues. The US Congress was opposed to the idea of establishing
an international trade organisation, and therefore it was never implemented.
International trade standards were formulated at the second meeting of 56 countries
in Havana in 1947. In December 1947, the 129 contracting countries signed a
General Agreement on Tariffs and Trade (GATT). There was no dispute resolution
process in the original Garr, which focused on lowering tariffs and promoting
international trade.

25
Anant A, “Distinction Between Conventional Crime And Cyber Crime” available at
https://www.legalbites.in/conventional-crime-and-cyber-crime/ accessed March 20, 2023

26
 “The World Trade Organization (WTO) was proposed at the end of the Eighth round
of the General Agreement on Tariffs and Trade (GATT), which took place in
Uruguay in 1986. Its purpose was to address the following concerns: —

1. Agricultural subsidy; and

2. Trade-related dispute settlement mechanism.”
3. Trade-related investment measures
4. Trade-related IPRs
5. Trade-related services

WIPO Internet Copyright Treaty, 1996: In 1883, the Paris Convention for the
Protection of Industrial Property was convened, and a treaty was formed to protect
intellectual inventions known as patents. This is when the World Intellectual
Property Organization (WIPO) was born. With the Burne Convention (1971) on
copyright protection, copyright entered the international arena. In 1974, the United
Nations established WIPO as a specialised institution to handle issues relating to
intellectual property. It employs a total of 917 people. The Geneva-adopted WIPO
copyright treaty, which went into effect on March 6, 2002, cites the right to
communication but omits any language about the right of reproduction. For
copyright law, merely states that digital copies are deemed reproductions. WIP0
copyright treaty has dealt with online IPR violations, thus member nations are free
to create their own IPR policies and laws.26

Internet Corporation for Assigned Name and Numbers (ICANN)

Internet Corporation for Assigned Names and Numbers (ICANN), based in

California, established the Unified Domain Name Dispute Resolution Policy,
which governs the online arbitration of domain name disputes. On September 18,
1998, it was founded to administer domain names and Internet Protocol (IP)
addresses, among other things. Alternative Dispute Resolution Service Providers

26
“Summary of the WIPO Copyright Treaty (WCT) (1996)” available at
https://www.wipo.int/treaties/en/ip/wct/summary_wct.html accessed March 21, 2023

27
handle domain name disputes. It has jurisdiction over the whole internet, making
life easier for people without violating the rights of other countries' governments.

2.2.3. PROVISIONS ANCILLARY TO CYBER CONTRAVENTIONS

Section 28 vests the powers to investigate the contraventions of the Controller or

any other officer authorized by him on his behalf. It reads as under:

Authority to investigate violations of the rules

• Any violation of this Act may be investigated by the Controller or any other
official authorised by him on his behalf. For instance, a set of rules issued
thereunder.
• Subject to the limits set down in chapter XII of the Income-tax Act, 1961,
the Controller or any other official appointed by him on his behalf shall
exercise the similar powers as are bestowed on income tax authorities under
that chapter.
• With the consent of the Controller or any official authorised by him in this
respect or by the Adjudicating Officer, as the case may be, the parties may
resolve the issue by compounding the violation on such terms and
conditions as they may specify under Section 63.

It is inexpedient to proceed with the case.

• The evidence in possession is meagre and no useful purpose would be

caused in proceeding with the case.
• It is in the public interest to compound the contravention
• Interests of administration may dictate in favour of compounding.

“Confiscation

In the event of a violation of this Act or the rules, orders, or regulations imposed
thereunder, the government may seize the offending party's computer, computer
system, computer network, floppies, compact discs, tape drives, and any other
accessories relevant thereto. To the extent that the person in possession of any such
computer, computer system, or computer network, floppies, compact discs, tape

28
 drives, or other accessories related thereto is not responsible for the violation of the
provisions of this Act, rules, orders, or regulations made thereunder, the Court
adjudicating the confiscation may, instead of ordering the confiscation of such
computer, computer system, or computer network, floppies, compact discs, tape
drives, or other accessories related thereto.”

“The essential ingredients of this section are:

1. The Information Technology Act of 2000 or any rules, orders, or regulations

promulgated thereunder have been or are being broken.
2. If a computer, computer system, computer network, floppy disc, compact
disc, tape drive, or other accessory related thereto was used in the
commission or facilitation of a Contravention, that computer, computer
system, computer network, floppy disc, compact disc, tape drive, or
accessory related thereto may be seized.
3. There must be nexus between the offenses or the contraventions and the
instruments used for the commission of such offenses or the contraventions,
as the case may be, to make such instruments liable for confiscation. The
court may therefore direct confiscation of the said articles employing, or
relation to which offense or the contravention has been committed. Yet, if
evidence is shown to the Court hearing the seizure that shows the individual
in possession, power, or control over any such computer, computer system,
computer network, floppies, compact discs, tape drives, etc.
4. If the person in possession of a weapon, ammunition, explosive, or device
used in violation of this Act, or any rule, order, or regulation promulgated
thereunder, is not culpable for the contravention, the weapon, ammunition,
device, or accessory in issue may not be confiscated.

2.3. PREVENTION OF THE NEW-AGE CYBER-CRIMINAL IN

INDIA

Several important technological developments are underway in India, from Digital

Locker, which eliminates the need for citizens to carry printed copies of government

29
 records, to demonetization, which has prompted citizens across the country to use
electronic instalments. As a result of Digital India and Smart City programs, urban and
rural ecosystems have experienced a paradigm shift in terms of connectivity, services,
and potential risks. With the increased usage of credit and debit cards and the gradual rise
of new technologies such as internet wallets, financial transactions are at an all-time high.
While increased connection opens the door to new possibilities, it also introduces new
risks.

Some new-age cyber thieves target leading industries in energy, communications,

finance, and transportation. In 2017, one cybercrime was reported in India every ten
minutes, according to CERT-IN. This disturbing trend necessitates a concerted effort by
law enforcement agencies to address it. There was a time when cybercrime was limited
to computer hacking, but it has since broadened to include data theft, ransomware, child
pornography, and so on. Another lucrative method used by attackers to install malware
on a victim's computer without their knowledge is called “crypto-jacking,” and it involves
taking advantage of the victim's hardware to generate bitcoin. Data leakage, business
espionage, and Confident and Compact Information Transfer are all examples of web
risks.27

Indian IT/BPO security needs to be tightened further, backed by a better regulatory

framework, even though the country is far safer than most other countries (including the
US and the UK) concerning information security. To be expected, India's portion of total
internet scams would be 1-2 per cent shortly, but that sum alone will be a staggering Rs
200 crores. Net3India, India's largest internet telephony company, was defrauded of Rs.
1.3 crores in internet telephony scam.28

'Days after a retired Chief Justice of India was targeted by cyber thieves, a Metropolitan
Magistrate has become the latest target after someone allegedly conducted fraudulent
transactions from his bank account,' read another story that made headlines in Delhi in
June 2019. As a result of the Magistrate's testimony, the police at Farsh Bazar Police

27
DNA, “Security ‘Only Skin Deep’ in Indian IT-BPO” (DNA India) available at
https://www.dnaindia.com/business/report-security-only-skin-deep-in-indian-it-bpo-1367871 accessed
March 21, 2023
28
Ibid

30
 Station opened an investigation into a possible case of fraud. A skimmer attached to an
ATM is what the police suspect the Magistrate may have used to steal money from
victims. It is possible that the card data was copied by the skimmer and utilized in the
transaction.”29

There have been recent reports that the first-ever e-governance initiative, Andhra Pradesh
Technology Services, has been breached. Cyber thieves are now using Hindi because a
substantial portion of the population of Hindi-speaking nations like India, Nepal, Bhutan,
Bangladesh, and Pakistan is illiterate in English, making it difficult for them to obtain
financial and personal information.

According to the National Finance Corporation of India, a flaw in its Unified Payment
Interface (UPI) program resulted in the transfer of about Rs4.46 crore from Bank of
Maharashtra accounts in March 2017. They had found the system bug that allowed money
to be transferred out of accounts even if the monies required were not present in
Bhayander or Palghar. Cyber crooks took advantage of the malfunction and opened 50 to
60 accounts at several banks, most of which were in rural Aurangabad, where the villagers
were duped into believing that the federal government was launching a rural banking
project. Promises of the commission were used to entice victims into letting money move
into their accounts. Withdrawals were made as fast as they came, leaving residents to deal
with police investigations into crimes they hadn't committed. When an employee clicked
on a phishing link in an email, hackers gained access to their bank account information,
stealing $171 million from Union Bank of India in July 2016. These scams exposed the
ease with which cyber thieves may operate as well as rural India's susceptibility to tech-
savvy criminals.30

29
“UPI Bug Costs Bank of Maharashtra about Rs25 Crore” available at
https://www.moneylife.in/article/upi-bug-costs-bank-of-maharashtra-about-rs25-crore/50129.html accessed
March 21, 2023
30
Sharma S, “Bank of Maharashtra Accounts Lost Rs25 Crore Due to UPI Bug, Says NPCI” (mint, March
30, 2017) available at https://www.livemint.com/Industry/8HUcQEUGBn0CcPOD6cbfJP/Bank-of-
Maharashtra-accounts-lost-Rs25-crore-due-to-UPI-bug.html accessed March 21, 2023

31
It's becoming increasingly common for cybercriminals to use the resources of other
cybercriminals as well as provide a cheap and easy option for those who are eager to enter
the world of cybercrime at a very low entrance cost. This is a developing concern.

2.4. INITIATIVES TAKEN SO FAR TO HANDLE CYBERCRIME

PREVENTION IN INDIA

There is now a strategy in place for cyber security measures as part of the 12th Five-Year
Plan (2012–17). This plan focuses on the following key areas:

• Collaboration
• Framework laws that allow for
• Detection, prevention, and mitigation of security incidents via raised awareness,
better training, and more rapid reaction times
• The Compliance, Assurance, and Policy of Security
• Scientific investigation towards the improvement of security

According to DeitY, this policy is justified by the dangers posed by IT infrastructure

vulnerabilities, threats, and attacks, both existing and anticipated. There are three key
goals in DeitY's cyber security plan, which are backed up by five activities and strategic
initiatives. DeitY has determined that raising people's consciousness about information
security is a top priority. The Information Security Education and Awareness (ISEA)
programme was established and implemented. One of the goals of this initiative was to
educate children, home users, and non-IT professionals about information security in an
organised manner. The Center for Development of Advanced Computing (C-DAC),
Hyderabad, has been given the task of implementing this project by the Department of
Electronics and Information Technology. Internet security awareness resources for
children were created as part of the campaign, including presentations, cartoons,
guidebooks, security tools and parental controls. The website www.infosecawareness.in
was also established at the same time as the website. The government has created
investigation manuals outlining the steps involved in conducting searches, seizing

32
 evidence, and analysing it before presenting it in court. Law enforcement departments
across the country received the guides. Other measures taken include:31

National Cyber Security Policy, 2013

To combat cybercrime, the Indian government adopted this policy in 2013. The goal of
this text is to ensure a safe and secure internet for Indian residents. It is the goal of the
Cyber Security Policy to safeguard data in cyberspace by reducing vulnerabilities and
reducing the likelihood of cyber events, as well as the harm caused by them. If
implemented, it will ensure that consumers have the confidence to use electronic payment
systems because of secure computing infrastructure. Cyber security intelligence will
become a vital part of anticipating attacks and swiftly implementing countermeasures
when applied at the macro level. Cybercrime is on the rise, but the policy argues that
education and training programmes are needed to reduce the rate, and it wants to teach
500,000 experts by 2018. To raise public knowledge of the dangers of cybercrime, the
strategy calls for the implementation of a number of national awareness campaigns. To
combat cybercrime, the policy calls for collaboration between the public and commercial
sectors.

Crime and Criminal Tracking Network and Systems (CCTNS)

Mission Mode Project under the “National e-Governance Plan (NeGP) of the Indian
government CCTNS (MMP).” It will create a tracking system for the 'Investigation of
crime and identification of offenders throughout the nation' that is enabled by information
technology in order to increase the efficiency and effectiveness of police. In 2009, the
Cabinet Committee on Economic Affairs allocated a budget of INR 2 billion to fund an
IT-enabled framework for criminal monitoring and misbehaviour location. The Scheme's
overarching goals may be summarised as follows:

• Help the police in their pursuit of justice by equipping them with the resources
they need to conduct effective investigations and identify offenders.

31
“Initiatives Taken by Indian Government for Cyber Security” (Unacademy) available at
https://unacademy.com/content/upsc/study-material/science-and-technology/initiatives-taken-by-indian-
government-for-cyber-security/ accessed March 21, 2023

33
 • Facilitate Police Departments communicate and share information more easily
with one another at the local, regional, state, and federal levels.
• It is important to monitor the development of cases, particularly those that are
heard in the judicial system.
• Minimize the use of paper and pen.
• Make it easier for top police officers to keep tabs on investigations.
• Automating the procedures at police stations will make the police department
more open and accountable to the public.
• Using ICT efficiently, we can better provide services that are focused on the
needs of the public.”

In accordance with NeGP's “central planning and decentralized implementation”

approach, CCTNS is implemented. Planning, provision of the “Core Application
Software (CAS), customization, enhancement, and deployment are the primary functions
of the Centre (“Ministry of Home Affairs, National Crime Records Bureau”). States
would be in charge of implementing the system at the state level and would retain
ownership of the system after it was completed.

An “integrated service delivery” strategy is used to implement CCTNS rather than the
procurement of hardware and software. CCTNS implementation at the state level
revolves on the “bundling of services” idea. Hence, each state chooses one System
Integrator to be the go-to guy for everything related to CCTNS. A few examples of these
components are the addition of new modules and customizations to the application,
hardware, communication infrastructure, and other related services like capacity building
and support.32

An iPhone and Android app called CCTNS Citizen Services (CCS) makes it simple for
citizens to get in touch with the police and receive alerts about various issues. NCRB has
created a few mobile app templates for the Android and iOS platforms, which it has made
available to States and UTs for further customization and public distribution. The most

32
“Latest 10 Indian Government Initiatives on Cybersecurity” (securium solutions, January 6, 2022)
available at https://securiumsolutions.org/latest-10-indian-government-initiatives-on-cybersecurity/
accessed March 24, 2023

34
 important features of this app are the ability to file a complaint, check the progress of a
search, send out a “SOS” alert, look for missing persons, get in touch with an emergency
service provider, find the location of a district police station, and see that station on
Google Maps.33

Around 15,000 police headquarters, home offices for municipal and state police, and
automated administrations were originally slated to be completed by the year 2012.
Despite this, the situation is far from resolved. There are other on-the-ground challenges
to fully operationalizing CCTNS, including a lack of internet access and an under-
prepared police force at the headquarters. Other concerns include a lack of accessibility
to digital measurable investigation offices in many places, as well as a lack of awareness
of online nationals services, such as the check of inhabitants and representatives and the
freedom for parades and events. “The issues that obstruct the optimum utilization of the
project at the field level can be summarised under the following heads:34

• Absence of Specialized Solutions: The full potential of a central crime and

criminal database in terms of facilitating crime detection, prevention, predictive
policing, and strategic planning cannot be realised without the implementation of
specialised solutions such as the “National Automated Finger Print Identification
System (NAFIS), Fingerprint Enrolment Device (FED), Automated Facial
Recognition System (AFRS), Mobile Data Terminal (MDT), etc.”“
• All FIR Registering Agencies not Covered under CCTNS: “The goal of
creating a unified database of criminal records has yet to be completely realised
since CCTNS does not yet include other FIR registration agencies like Excise,
Forest, CBI, NCB, ED, NIA, etc.
• Average Adoption at Field Level: The current app should be updated so that it
provides a better user experience and conforms to all possible field conditions and
scenarios. This includes making it simpler to fill out IIFs, making it compatible
with mobile terminals, increasing the speed with which the app responds,

33
“Steps Taken to Deal with Cyber Crime and Cyber Security” available at
https://pib.gov.in/Pressreleaseshare.aspx?PRID=1579226 accessed March 24, 2023
34
Shalini S, “How to Prevent Cyber Crime in India?” available at https://www.myadvo.in/blog/cyber-crime-
in-india/ accessed March 24, 2023

35
 simplifying the process of searching for information, adding a dynamic query
builder and report generators, and so on. Another problem is that there isn't
enough technical support staff available at the district or state level to deal with
CCTNS problems.
• Obsolete Hardware/ Software: According to the 2009 blueprint, CCTNS
equipment has been installed in all police stations, administrative buildings, and
NDC/SDC/DRC zones. The response time and damage of these antiquated
infrastructures are quite high, which has a negative impact on the CCTNS's utility.
Much of this antiquated gear cannot run the modern programme essential for
rolling out the CCTNS service.”
• Poor and Unreliable Connectivity: Most police stations only have access to 512
Kbps of broadband, which was only increased to 2 Mbps by MHA on the 20th of
February 2018. Because of these issues, most police stations often lose internet
connection, which slows down the process of uploading data to SDC. To connect
to the internet, BSNL was your only option.

Online Complaints

The Central Government has recently proclaimed that an “Inside Citizen Portal” will be
established in response to Supreme Court inquiries on measures taken to combat
cybercrime. Residents will be able to document their experiences with various forms of
cybercrime, such as digital stalking and money-related extortion, online. For example,
any complaint that is made on a portal will be flagged by the police, who can then track
and update its status. The governmental response describes this process. The complainant
will be given the option to view updates and bring his complaint to the attention of
superiors.

Cyber Police Stations

State and district cybercrime coordination cells, cyber forensics, and mobile forensics
labs have been mandated by the Union Home Ministry as part of an eight-point set of
instructions to combat cybercrime. District cybercrime cells will report to the district SP,
but the State Cyber Crime Controller will provide direction to the state cybercrime
coordination cells. Several states' Criminal Investigative Departments have cybercrime

36
 investigation units (CID). To effectively combat cybercrime, state governments have
been urged to provide the necessary technology infrastructure as well as human resources
to ensure that cybercrime can be detected early, registered, investigated, and punished. In
addition, a national centre of excellence for cyber forensic services and training has been
established, as well as a national research and training centre.

The majority of digital police headquarters have a well-trained staff and the necessary
equipment to investigate and track complex crimes. Cybercrime in Maharashtra has
increased by 140% in the last few years, and the state's detection rate of cases reported
by the Maharashtra cyber cell in 2018 barely surpassed 30%. As a result, the state is
converting its current cybercrime labs into digital police headquarters. This means that
each region of the state will have its digital police headquarters. Additionally,
Maharashtra's activity is valuable as a result of the rise of online exchanges and
cybercrime within Tier II and Tier III urban areas. However, despite the rise in
cybercrime, complaints remain rare, and our ability to understand wrongdoing is poor as
a result.

Predictive Policing

Information mining, measurable demonstration, and machine learning on datasets

indicating wrongdoings are all examples of this. The goal is to build expectations about
possible areas for police mediation. To separate global and spatial hotspots of criminal
movement and relapse models based on links between earlier, often small wrongdoings
and subsequent rough offenses, issue area mapping is included in this model. Jointly with
the National Informatics Centre, Jharkhand Police worked in 2013 on a new system.
Jharkhand Police are also looking into IIM Ranchi's business examination skills and
assets to deal with any wrongdoing in Jharkhand that may have taken place. The “Indian
Space Research Organization (ISRO) has been used by the Delhi Police to develop
CMAPS – Crime Mapping, Analytics, and Predictive System, a foresight policing tool.
Delhi Police's Dial 100 helpline calls are combined with ISRO satellite symbolism to
identify hotspots of misbehaviour in the city.”35 The Delhi Police have reduced their

35
Ibid

37
 examination time from 15 days to the three minutes it takes for the framework to
invigorate its database by using CMAPS, which was formerly used for mechanical
misbehaviour mapping.

“Common Integrated Police Application” [CIPA]

The purpose of CIPA is to build a standard crime and criminal information system based
on Cr P C at all levels of the police force in the nation. For the computerization of police
records across the country, CIPA is to be implemented in a time-bound manner from the
police station level forward, as a nationwide project.

“Crime Criminal Information System” [CCIS]

To store and retrieve criminal records, the Indian government created the Crime Criminal
Information System. 2005 saw the implementation of CCIS MLS, a version of the system
that allows for the simultaneous use of five regional languages on the web. Data
warehousing for criminal analysis has also been introduced. So that investigators and
supervisors can access CCIS MLS databases at the national and state levels from
anywhere, at any time, the web-enabled application has been developed.

Cyber Crime Cell of CBI

“CBI has a Cyber Crime Cell which conducts inquiry of inter-state and important
cybercrime cases. It has constituted a Cyber and High-Tech Crime Investigation and
Training Centre at CBI Academy. To combat computer-related crimes, the CBI has the
following specialized structure:

(i) Cyber Crimes Research and Development Unit (CCRDU);

(ii) Cyber Crime Investigation Cell (CCIC);
(iii) Cyber Forensics Laboratory; and
(iv) Network Monitoring Centre.”

2.5. CYBER SECURITY FRAMEWORK

A cyber security framework is a collection of papers outlining norms, rules, and

recommended methods for handling cyber security threats. The purpose of the

38
 frameworks is to protect a company from potential security flaws that might be exploited
by malicious parties like hackers. The word “framework” in the name gives the wrong
impression and refers to software rather than hardware. Not helping things is the use of
the word “mainframe,” which may suggest a physical network of computers and storage
devices. When applied to an organization's security strategies and practises, however, a
cyber security framework provides the same kind of groundwork, structure, and support
that one would expect from a physical framework applied to a building or other similarly
important object.36

According to their intended purpose, frameworks may be placed into one of three
categories:

• Creates a framework for the company's cyber security initiatives

• Includes a standard set of safety measures
• provides an analysis of the current condition of the system and its technologies
• place importance on putting in place security measures

Program Frameworks

• analyses the condition of the security programme of the company

• builds a full-fledged cybersecurity infrastructure

• Checks how safe the software is and how it stacks up against the competition.

• Streamlines and streamlines the cyber security team's interactions with upper
management and executives.

Risk Frameworks

• Specifies the activities involved in evaluating and controlling risk

• Organises a safety plan with the purpose of reducing danger

• Finds, evaluates, and ranks the threats to the organization's security.

36
“Top Cybersecurity Regulations in India [Updated 2023] | UpGuard” available at
https://www.upguard.com/blog/cybersecurity-regulations-india accessed March 24, 2023

39
 • Puts the right security measures and procedures first”

Top Cyber Security Frameworks

There are many options to choose from when it comes to a cyber-security architecture.
Here are some of the best frameworks currently being used in the market. Your option
depends on the security requirements of your firm.

Cybersecurity frameworks serve as a guide for businesses. Security teams can effectively
manage their companies' cyber threats if they have the right structure in place. It is
possible for a company to either modify an existing framework or create a new one on its
own.

Industry or government requirements mandate that some businesses use specialized

information security frameworks. Your organization must adhere to the “Payment Card
Industry Data Security Standards (PCI-DSS)” framework if it processes transactions
through credit cards. In this case, a PCI-DSS framework audit is required to verify that
your organization is compliant.

The NIST Cyber Security Framework: The “National Institute of Standards and
Technology (NIST)” produced the NIST Framework for Enhancing Critical
Infrastructure Cybersecurity (often referred to as the “NIST cybersecurity framework”)
in response to Executive Order 13636 issued by President Obama. In order to safeguard
vital American infrastructure against cybercriminals, the National Institute of Standards
and Technology (NIST) was established.

When it comes to cyber defence, private companies may benefit from NIST's voluntary
security standards. As part of the framework, it provides recommendations on how to
both prevent and recover from cyberattacks. NIST is responsible for five distinct tasks or
standards:

• Detect
• Identify
• Protect
• Recover

40
 • Respond

The Center for Internet Security Critical Security Controls (CIS): If you're looking
to keep overhead low while expanding your firm over time, CIS is the way to go. This
framework was developed in the late 00s to protect enterprises against cyber-crimes.
Twenty controls are constantly updated by security experts from a variety of sectors
(academia, government, industrial). Foundational is followed by organizational before
we wrap up the framework with a look at the fundamentals. With the use of benchmarks
such as HIPAA or NIST, the CIS provides enterprises that aren't obligated by mandated
security regulations with a framework for enhancing their cyber security.37

The International Standards Organization (ISO) frameworks ISO/IEC 27001 and

27002: The ISO 27002 standard is another name for this system. It is widely accepted as
the international standard for verifying cyber security in both internal and external
contexts. An Information Security Management System (ISMS) is assumed to be in place
by the ISO 270K standard. An organization's information security risks must be
comprehensively managed, focusing on threats and vulnerabilities, according to ISO/IEC
27001. Achieving ISO 270K is a challenge. As a result, given the time and effort required
to keep the standards current, ISO 270K may not be suitable for everyone. To attract new
clients, though, it's worth the investment in ISO 270K certification.

Cyber security frameworks provide teams with a systematic, well-thought-out strategy to

protect their data, infrastructure, and information systems from cyber attacks, allowing
them to better cope with cyber security challenges. IT security managers will have a
roadmap to follow thanks to the recommendations, which will help them protect their
company from cybercrime.

If you can't find a pre-existing structure that works for your purposes, you may always
make your own. However, this solution may not be feasible for some firms since they are
required to adhere to commercial or government standards about security. Those
standards may not be met by home-grown frameworks.

37
“Inviting New Ideas and Suggestions to Prevent Cybercrime” (MyGov Uttarakhand, February 26, 2021)
available at https://uttarakhand.mygov.in/group-issue/inviting-new-ideas-and-suggestions-prevent-
cybercrime accessed March 24, 2023

41
The bottom line is that firms are increasingly expected to adhere to conventional
cybersecurity standards, and employing these frameworks makes compliance both easier
and wiser. It doesn't matter what industry you're in; the right framework will work for a
wide range of organizations of all sizes.

In addition to ensuring the safety of the organization, frameworks assist build consumer
confidence in businesses. When a company adheres to established security protocols,
customers have fewer concerns about doing business online.

42
 CHAPTER 3- MAJOR ISSUES IN INTERNET BANKING
AND THE LEGAL FRAMEWORK

3.1. INTRODUCTION

The rule of law simply cannot be expected to keep up with the rapid development of new
technologies. The current scandal involving online snooping exposed, among other things,
the weakness and insufficiency of legislation regulating internet usage. There is no
suggestion that the difficulties of determining jurisdiction, fixing culpability, and recording
and reproducing evidence will soon be resolved. As more institutions in India go towards
electronic banking, worries about security and abuse have grown.

Although banks were encouraged to start out serving the public good, they have always
been run as businesses with profit maximisation as their primary goal. Issues have surfaced
in the banking sector in recent years as a result of the broad implementation of new
economic settings such as globalisation, liberalisation, and privatisation. Deregulation,
advances in technology, and globalisation are all factors that are having a significant impact
on the financial services available in India.

As a direct result of the proliferation of online banking, a number of conventional financial

institutions have revised their IT strategies. It has been stated that the costs associated with
offering online banking services are lower than the costs associated with maintaining
branch banking, and that financial institutions who do not adapt to the changing market are
likely to see a loss in customer base.

As compared to other emerging countries, India's chances of successfully using E-Banking

and establishing a cashless economy are rather high. The Government of India (GOI) has
made it plain that it is committed to achieving financial inclusion, and it is taking active
initiatives to make this happen. Sustaining financial inclusion requires providing financial
services to the underserved and the impoverished using a market-driven strategy.

During the course of the last ten years, the Reserve Bank of India (henceforth referred to
as RBI) and the Government of India have collaborated on a number of initiatives to

43
enhance financial inclusion, including reforms and enrollment drives. The initiatives and
reforms made by the Reserve Bank of India (RBI) and the Government of India have been
a significant factor in the expansion of the electronic banking system in India. The technical
prototypes that will be employed as part of the modifications include things like smart
cards, options based on mobile devices, debit and credit cards, and so on. A more market-
driven environment, shaped by these developments, will characterise the Indian economy
in the years to come.

There are dangers associated with using modern technologies.

When the legal rights and obligations of the transaction are not founded on well-established
standards, there is a legal risk that they may be violated or otherwise not met. Due to the
immaturity of online banking, there is some grey area around legal protections and
customer responsibilities.

Legal issues can arise from the lack of clarity around the legality of agreements made via
electronic media and the transparency and privacy protection laws that apply to consumers.
Inadequate consumer education about his rights and obligations while using online banking
products or services may lead to disputes over transactions and unwelcome legal action
against the bank or other regulatory body.

The expansion of electronic banking is associated with an increase in legal risk. These are
caused, in large part, by the ambiguity surrounding E-governing Banking's laws and
regulations. Because of the success that many nations have had with electronic banking, a
clear regulatory framework is in place in most of them. Yet, issues occur when no
regulatory framework exists, like when a bank sells its electronic services internationally
but there is no overarching legal structure at the global level.38

In addition, there is a privacy concern that might lead to legal trouble. A bank runs a high
risk of legal trouble from things like fraud, misrepresentation, and theft of money if its
employees or malicious outsiders misuse the bank's technology. Intruders may get access
to bank databases and conduct fraud using consumers' personal information. To better

38
Amor deniel, “the e-business evolution,” Pearson education, new delhi,2000

44
serve their clientele, banks may include external links on their websites. This might lead to
legal trouble and danger. The connected site might also be used by cybercriminals to steal
money from a bank client. There is an increase in danger if financial institutions are given
the authority to authenticate systems, for example by serving as a Certification Authority.
Electronic banking has made it possible to use digital signatures.

The certifying authority verifies the authenticity of a digital signature by issuing a digital
certificate to the signer. The bank that issued the digital certificate might be held
accountable for any damages sustained by the party who relied on it if fraud were to occur.

Indian banks must to constantly balance the pressure of increased competition with the
dangers they face. The banking industry has implemented a number of measures to reduce
vulnerability and better position itself for global competitiveness. Public sector banks
(PSBs) face particularly stiff competition from private and international banks that have
recently entered the market. With the advent of the Internet, conventional banking services
have been augmented by the use of electronic means, known as e-banking. The Saraf
Committee was established in 1994 to investigate and provide recommendations on EFT
technology (EFT).39

Many problems with the regulation of electronic commerce have been tried to be solved
by the Information Technology Act of 2000 (IT Act, 2000). The 'Working Group on
Internet Banking,' which investigates three primary topics including technology and
security, legislation, and regulation and supervision, recommended changes to the law in
2008. The Information Technology (Amendment) Act of 2008 incorporates some of the
suggestions made. The bank's legal section is responsible for providing guidance to
business units on any legal issues that may arise from their usage of information
technology.40

3.2. LAW RELATING TO E-BANKING IN INDIA

B.r.reddy, “Consumer Awareness Towards E-Banking,” published by discovery publishing house,2012

39

Tannan M.L “Banking Law and Practice in India”, 28th edition, India Law House Connaught Place, New
40

Delhi.

45
With the rise of modern technology, banking law in India has seen profound
transformations. The international banking industry has undergone a transformation, which
necessitated the alterations. The upgrade was essential for the service to catch up to global
norms. In order to adapt the legislation to the advances in financial technology, revisions
have been made.

3.2.1. RESERVE BANK OF INDIA ACT, 1934

“The Committee for Proposing Laws on Electronic Funds Transfer and other Electronic
Payments was established by the Central Bank in 1995. An amendment to the Reserve
Bank of India Act, 1934 (henceforth referred to as the RBI Act, 1934) was enacted to permit
electronic banking on the basis of this advice. In order to facilitate such EFTs and ensure
the legal admissibility of documents and records, a new clause30 was inserted into section
58, subsection 2 of the Act, relating to the regulation of funds transfer via electronic means
between banks, i.e., transactions like Real Time Gross Settlement (RTGS) and National
Electronic Funds Transfer (NEFT) and other funds transfer. The Reserve Bank of India
(RBI) has actively promoted the use of electronic payment systems since 1995, when it
first established the Electronic Clearing Service (ECS) and the Electronic Funds Transfer
(EFT) system, and again in 2004, 2005, and 2008.41

ECS is an electronic payment and receipt system used for regular and recurring business
dealings. Institutions utilise ECS to collect payments for telephone/electricity/water bills,
cess/tax collections, loan installment repayments, periodic investments in mutual funds,
insurance premiums, and other revenues, and to make bulk payments for distribution of
dividend, interest, salary, and pension. Transferring large sums of money from one bank
account to many bank accounts, or vice versa, is a simple task using ECS. By revising RBI
Act, ECS and EFT were established in 1995, RTGS in 2004, and NEFT in 2005. The RBI
also approved of the cheque truncation system. The drawer's check is halted in transit to
the drawee branch, a procedure known as truncation. A digital representation of the
instrument, including the MICR fields, presentation date, presenting banks, and other
pertinent information, will be transmitted to the drawee branch once the physical

41
Jain N.C “Cyber Crimes” Allahabad Law Agency, Delhi 2008.

46
instrument has been truncated. Consequently, cheque truncation would eliminate, barring
extraordinary situations, the need to physically transport the instruments between branches.
To speed up the process of collection or realisation of the cheques, this would effectively
minimise the time necessary for payment and the related cost of transportation and delay
in processing. The year 2008 saw the debut of CTS.”

3.2.2. BANKING REGULATION ACT, 1949

The Act's original name was the Banking Companies Act, 1949, and it went into effect on
March 16. The initial Act, known as the B.R.Act, 1949, was expanded to include
cooperative banks in 1966, at which point it was renamed the Banking (Acquisition and
Transfer of Undertaking) Act, 1969. The Act's goals are to ensure that depositors' funds
are secure, to foster the growth of stable financial institutions, and to align the country's
monetary and credit framework with its broader interests and ambitions.

The original share-buying law has been updated to reflect the amendment. If the Reserve
Bank of India (RBI) determines that the purchase of the stock is in the best interests of the
public, of banking policy, of preventing the affairs of any banking company from being
conducted in a manner prejudicial to the public interest or the company's interest, of
emerging trends in banking and international practises, or of the banking and financial
system in India, it may give its approval to the transaction and allow it to proceed. This
would be the only circumstance in which the RBI would give its approval.

No one else is eligible to buy the shares or voting rights being sought. Shareholders' voting
rights under the legislation provide them significant influence over the company's banking
operations.

The RBI is the only entity authorised to grant or deny permission to operate a financial
institution. The Reserve Bank of India will set up a fund known as the “Depositor
Education and Awareness Fund.” Banking Laws (Amendment) Act, 2012 highlights
include-

1. Regulatory power to supersede board of banks

47
The (RBI) has the authority to dismiss a director or other executive of a bank under the
Banking Regulation Act, 1949. If RBI determines that a bank's board of directors is not
acting in the best interests of shareholders and depositors, RBI may remove them from
office for a period of up to a year. If the bank is not acting in the best interests of its
shareholders or depositors, the Reserve Bank of India (RBI) will appoint an administrator
to run the institution temporarily. With its newfound authority to replace the Board, RBI is
better able to exert its will on and oversee the operation of financial institutions. The Act
allows for interaction with the Indian Government to restrict the RBI's ability to use
authority arbitrarily.

2. Inspect associate enterprises

The Act grants the RBI the authority to request any information from a bank's “affiliate
enterprise” and to examine its operations. This should pave the path for the issuance of new
bank licences and create a legal foundation for the establishment of Bank Holding
Companies. A bank's associate enterprises may include the bank's holding or subsidiary
companies, joint ventures, companies that control the composition of the bank's Board of
Directors, companies that influence the bank in making financial decisions, and companies
that reap economic benefits from the bank's operations.

The Reserve Bank of India (RBI) could be unable to get information from overseas banks
with “affiliate firms” based in countries other than India. A foreign bank may be subject to
a request for information from the RBI if it has a branch or associate firm in India. The Act
applies to a foreign bank's associate firm (outside India) if such bank has a Wholly-Owned-
Subsidiary (WOS) in India.

3. Increase in voting rights

No shareholder (other than the Central Government) may possess more than one percent
of the voting stock in a PSB and still be considered a minor stakeholder. In addition, every
shareholder (other than the Central Government) who holds preference shares is restricted
from casting votes equal to more than 1% of the total voting rights of all shareholders
holding preference share capital.

48
A shareholder's vote in a public-sector bank is increased from 1% to 10% under the Act. It
is against the law for any shareholder in a private bank to own more than 10% of the voting
stock and exercise more than 10% of the overall voting power.

4. Conversion of a branch of a bank into Wholly Owned Subsidiary

It is now possible to avoid paying stamp duty when a bank's branch is transformed into a
Wholly Owned Subsidiary (WOS) or when a bank's stock is transferred to a holding
company. Several players in the banking industry stand to gain from these changes. With
the financial regulator's newfound authority comes more regulatory compliance, while
banks benefit from increased investment to fulfil capital requirements and expand their
operations.

The legislation is likewise highly stringent with regards to accounting and auditing. The
auditor's job is to make sure there is a reliable method for collecting confirmations and
acknowledgments of debts on a regular basis. The audit reports from each branch will need
to be reviewed for this reason. The recovery duration, the presence of a recovery policy, its
frequent updating, monitoring, and adherence, compliance with the RBI standards, and the
system of monitoring the recovery of credit card dues with regard to credit cards issued are
all matters that the auditor is obligated to report on. The auditor should comment on any
significant frauds uncovered during the audited period. The auditor's feedback on the
system's efficiency and the actions taken in response to vigilance reports is also anticipated.
The R.B.Burman Committee recommended that all banks and financial institutions
implement an information system audit policy similar to the one in place now.42

3.2.3. NEGOTIABLE INSTRUMENTS ACT, 1881

Electronic images of truncated cheques and electronic cheques are both considered
“cheques” for the purposes of the 1881 Act on Negotiable Instruments. A digital signature,

42
Ahemad Farooq Dr. in his book “Cyber Law in India” (Law of Internet)” published on Pioneer Books
Delhi.

49
with or without a corresponding biometric signature, and an asymmetric crypto scheme are
all taken into account in the concept of an electronic check.

The term “cheque truncation” refers to the practise of reducing or eliminating the physical
transportation of cheques inside banks, between banks, and to the clearing house in favour
of electronic recordings of the contents of the cheques, with or without photographs, for
further processing and transmission. In accordance with the rules released on a periodic
basis, the truncation of cheques in clearing has been implemented, and suitable protections
have been proposed. Cheque The system as a whole benefit from truncation because it
expedites the collection of checks, which improves customer service, decreases the cost of
collection, and eliminates reconciliation and logistical issues associated to cheques.43

This computerised replica of the cheque's shortened form is the cheque itself. At the time
of presentation for payment, the drawee bank may request additional information about the
truncated cheque from the bank holding the truncated cheque, and if the drawee bank has
reasonable suspicion that the instrument is not genuine due to fraud, forgery, tampering, or
destruction, the drawee bank may additionally request the presentation of the truncated
cheque itself for verification, provided that the drawee bank has not previously presented
the truncated cheque for This safeguard protects the paying bank when it makes a payment
in good faith and without mistake.44

The bank that receives the abbreviated check may have truncated it at the clearing house's
request. Banks are required to keep a copy of the check even after it has been cashed in
accordance with Section 81 of the NI Act. According to the National Identification Act,
Section 89, any discrepancy between the original cheque and the abbreviated picture is to
be considered a substantial modification.

A material alteration is one that has the potential to unfairly disadvantage the party bound
by the deed as originally executed, such as when it modifies the rights, liabilities, or legal
position of the parties as determined by the deed in its original state, alters the legal effect
of the instrument as originally expressed, or brings into certainty some provision that was

43
Toor, N. “Handbook of Banking Information,” Skylark Publications, 28th edition 2009
44
Ibid

50
previously uncertain and, as such, null. In this case, the bank or clearinghouse will need to
double check the abridged version before sending it forward.

The Indian Supreme Court believes that cases involving the dishonour of cheques should
be quickly resolved, that penalties for perpetrators should be tightened, that an electronic
image of a truncated cheque and a cheque in electronic form should be introduced, and that
an official nominee director should be immune from prosecution under the NI Act, 1881.
In the event that a shortened check is paid electronically, the bank that processes the
payment must give a certificate attesting to the fact that the instrument has been paid. Any
discrepancy between the apparent tenure of the electronic image of the truncated cheque
and the truncated cheque shall be deemed a material alteration, and it shall be the duty of
the bank or the clearing house, as the case may be, to ensure the exactness of the apparent
tenure of electronic image of the truncated cheque while truncating and transmitting the
image. Whenever time a bank or clearing house receives a digital image of a shortened
check through transmission, it must double-check with the sender to ensure accuracy.

The Northern Ireland Act mandates prompt payment of bank bills. According to Section
131 of the Negotiable Instruments (Amendment and Miscellaneous Provisions Act, 2002),
“it shall be the duty of the banker who receives payment based on an electronic image of
a truncated cheque held with him to verify the prima facie genuineness of the cheque to be
truncated and any fraud, forgery, or tampering apparent on the face of the instrument that
can be verified with due diligence and ordinary care.” The previous deadline of 15 days
to report a dishonoured check has been extended to 30 days. In addition, the time restriction
for filing a lawsuit over this dispute has been doubled to 2 years (from 1 year).45

Further operational hazards are introduced when cheques are truncated. Financial
institutions are obligated to adopt sufficient safety precautions. It has to comply with the
law and standard banking procedure. Extra caution is required when processing payments
via the system, particularly for high-value instruments, to avoid the bank's liability under
section 131 of the NI Act. Yet, since they are unable to process shortened checks, clearing

45
Nandan Kamath, “Law relating to Computers, Internet and E-commerce: A Guide to Cyber Laws and the
Information Technology Act, 2000,” Universal Law Publishing Co., 2009.

51
houses are immune from liability in cases of fraud or forgery. The banker should always
use good judgement and work within the bounds of the law.

3.2.4. BANKERS BOOKS EVIDENCE ACT, 1891

In parallel with the rollout of electronic banking in India, the Bankers Books Evidence Act
was subject to certain necessary amendments. The section of the act that discusses the
books kept by banks may be found in section 2. This category includes all of the records
that are utilised in the daily operations of the bank, regardless of whether they are kept in
paper form or are stored on microfilm, magnetic tape, or any other form of mechanical or
electronic data retrieval mechanism. These records can be kept at the bank's primary
location or at any offsite location, such as a back-up or disaster recovery site. And any
microfilm, magnetic tape, or other mechanical or electronic data retrieval device printout
of any entry in the books of a bank that was acquired by any technique that in itself assures
the correctness of such printout as a copy will be admitted as evidence will be allowed to
serve as a copy of the entry in question.

A document's physical copy or electronic file that has been checked and validated to ensure
that it is an identical reproduction of the original may both qualify as a certified copy of
the document. The printout has to be signed by both the management of the bank and the
person in charge of the computer. As a result of these amendments, the Act may now be
presented as evidence in judicial or arbitral proceedings concerning electronic banking now
that it has been updated.

3.2.5. PREVENTION OF MONEY LAUNDERING ACT, 2002

The black market could not exist without money laundering, or the use of financial
transactions to conceal the origin, ownership, or usage of illicitly acquired monies. Money
laundering is the process of converting or transferring property with the knowledge that the
property is derived from a serious criminal offence with the intent to conceal or disguise
the illicit origin of the property or to aid any person who is involved in committing such an
offence or offences to evade the legal consequences of his action. To rephrase, money

52
laundering is the process of converting illegally obtained funds into what seem to be
legitimate business dealings.

To effectively prevent money laundering, financial institutions must have comprehensive

rules and processes, which requires staying abreast of evolving criminal tactics. The
intricacy of this duty lies in the financial institution's capacity to foresee emerging criminal
trends and to institute preventative measures. The biggest players in money laundering are
bankers, and the problem can't be solved until they cooperate. The proliferation of
advanced technology and the rise of wire transfers have made it more difficult than ever to
track the origins of slush cash.

Due to the distant nature of online banking transactions, financial institutions may struggle
to enforce anti-money-laundering policies for some types of electronic payments. This
means that banks are taking a risk when it comes to money laundering. There might be
legal repercussions for failing to follow “know your customer” (KYC) regulations. Each
bank, financial institution, and intermediary, if applicable, must keep records of
transactions in the formats and within the time frames specified by the regulations and
provide information to the director. The director shall receive the information from the
chief executive officer of the bank in writing, through fax, or electronic mail. The third rule
of PMLR details the kind of documents that organisations in this category must keep. Cash
transactions totaling more than ten lakhs (or the foreign currency equivalent) must be
recorded. Every month, by the 15th of the next month, you must report any fake or
counterfeit notes you discover, together with any questionable cash transactions that
occurred during the previous month. Financial institutions are required to keep such records
for a period of 10 years after the date of the transaction. There is an additional obligation
placed upon the financial institution to safeguard its customers' personal information and
data.

3.2.6. INFORMATION TECHNOLOGY ACT, 2000

When it comes to crimes perpetrated with the use of technology in India, this law is crucial.
Banking and finance have been profoundly impacted by technological development and
the use of IT in particular. Online banking relies heavily on the underlying technology and

53
security requirements. Online banking won't deliver the goods if the necessary technology
and security measures aren't in place. It is well acknowledged that the process of technical
transformation includes the adoption of new technology by firms. Confidentiality,
integrity, and availability are the three facets of information that need to be safeguarded,
and this is what information security focuses on. Expanded definitions, the introduction of
the idea of electronic signature, the creation of new offences, and many other changes were
made in 2008 to the IT Act 2000. Just two provisions of the IT Act of 2000 addressed
computer-related crimes.

In addition to bolstering the overall framework against cybercrime, the updated Act
provides for more stringent data security measures. There are concerns unique to the
banking and customer relationships that arise from the nature of IT-based crimes itself.
These include the difficulty in identifying those responsible for cybercrimes, the difficulty
in determining jurisdiction, the difficulty in obtaining credible evidence, and the difficulty
in reporting cybercrimes to authorities for fear of repercussions on the company's
reputation.

In addition to the aforementioned, the following are certain concerns that arise only
between a bank and a client:

• Intermediary- There have always been both general and particular relationships
between banks and their clients, such as debtor and creditor, agent and principal,
bailor and bailee, trustee and beneficiary. Bankers now have a dual function as
intermediaries and, in certain cases, data/information owners thanks to
technological advancements and widespread acceptance of these tools.

An intermediary is defined as “any person who on behalf of another person receives, stores,
transmits, or offers any service with regard to that communication” under the Information
Technology Act of 2000. 82 While banks are not specifically mentioned, the definition is
broad enough to include the banker, as the banker receives payments on behalf of
consumers through electronic messaging. Making payments on a client's behalf follows the
same protocol as the bank's everyday operations.

54
As a result, they take on the role of go-betweens. Financial institutions may meet the
criteria for inclusion in the definition of “intermediary” since they offer services related to
the communications and data in question.

In 2008, changes were made to the definition. According to the revised definition, an
intermediary is “any person who on behalf of another person receives, stores, or transmits
that record or provides any service with respect to that record.” This includes, but is not
limited to, “telecom service providers, network service providers, internet service
providers, web hosting service providers, search engines, online payment sites, online-
auction sites, online market places, and cyber cafes.” Although this doesn't fundamentally
alter banks' roles as go-betweens, the addition of electronic recordkeeping and transmission
cements banks' status as intermediaries for electronic banking.

It is the responsibility of intermediaries to ensure the safety of E-Transactions, passwords,

and payments in accordance with the requirements of the IT Act. The Supreme Court ruled
in Sanjay Kumar Kedia v. Central Bureau and Anr. (1984) that service providers
(intermediaries) are immune from liability for acts performed in good faith. The customer's
best interests are not served by ambiguity about the banker's role as a middleman. Bankers
conducting E-Banking transactions, however, need to exercise caution.

• Encryption- The Federal Government may provide guidelines for the use of
encryption in order to protect the integrity of electronic communications and to
advance e-governance and e-commerce. This is because there is always a chance
that information sent via the internet can be intercepted and utilised inappropriately.
To prevent this kind of eavesdropping, encrypting data before sending it over the
internet is a must. But, until the intercepted data is encrypted, it will be useless.
Internet service providers may better safeguard their customers' personal
information and the data of their users in general if they use data encryption.
Individuals, groups, and institutions may only use so much encryption due to ISP
licencing restrictions. RBI has mandated SSL encryption for financial institutions.

• Data Protection- When discussing the acquisition, storage, and distribution of

personal data, the term “data protection” is used to refer to the body of laws,

55
 regulations, and procedures designed to protect individuals' right to privacy.
Information gathered by a government or commercial entity or agency that may be
used to identify an individual is often referred to as “personal data.”

A corporation may be held accountable for damages to an affected individual if it is in

possession, deals, or handles sensitive personal data or information and fails to develop
and maintain acceptable security standards, as required by the Information Technology Act
(IT Act).

The injured party may seek as much compensation as they feel is appropriate under the
circumstances, and no cap is placed on this amount. The court has the last say on whether
or not the victim receives restitution. If a person who has obtained access to an individual's
electronic records and information in violation of the IT Act of 2000 without that
individual's authorization exposes such information to a third party, that individual faces
up to two years in jail, a fine of up to one million rupees, or both. Nonetheless, the penalties
for disclosure by any party, including an intermediary, in violation of a legitimate contract
are laid forth in Section 72A.

Unlike Section 72, which only applies to disclosures made in the exercise of rights given
under the IT Act of 2000, Section 72A covers disclosures of personal information of a
person made (without agreement) in the course of delivering services under a legitimate
contract. As it is, parties are allowed to enter into contracts outlining their connection and
the words personal data, personal sensitive data, data which may not be moved out of or to
India, and the way of managing the same, all of which are relevant to the problem of data
protection. Internal risks might come from the bank's own employees, particularly those
working in the bank's application development, infrastructure, or data centre. Employee
threats are thought to be mostly accidental, despite the fact that they pose a real danger.
Employees' threats lead to theft and embezzlement of company cash.46

• Computer related offences and Penalty/Punishment – “Banks may face criminal

and civil responsibility under the IT Act of 2000, as modified. Under the updated

46
“The Legal Structure of E-Banking in India - iPleaders” (iPleaders, November 8, 2021) available at
https://blog.ipleaders.in/the-legal-structure-of-e-banking-in-india/ accessed March 26, 2023

56
 IT Act in front of the Adjudicating Officer, a person may be liable to pay damages
in the form of compensation up to five crores, and any amount beyond five crores
may be litigated in a court of competent jurisdiction.

• Banks to be licensed as Certifying Authority- Under clause (o) of Section 6(1)

of the Banking Regulations Act, 1949, banks may apply to the Reserve Bank of
India for permission to issue digital signature certificates and act as a certifying
authority to facilitate Internet banking. Online banking requires electronic records
to be authenticated in a way that complies with the Act. Legally, Internet banking-
related electronic records that have been properly kept would be admissible in
court..”

3.2.7. INDIAN CONTRACT ACT, 1872

The Indian Contract Act may be two centuries old, but it covers every facet of contracts,
even electronic ones. There must be legitimate consideration, free consent, competent
individuals engaging into the contract (i.e. not minors, people of unsound mind, or those
who are barred by law from entering into contracts), and the contract must be formed to
attain a lawful aim for it to be deemed valid. The Act also addresses unique contracts and
various methods of contract discharge.

In addition to the aforementioned, a proposal and an unqualified acceptance of the proposal

are also necessary. From this it can be deduced that the formation of a legally binding
contract is an essential step in any commercial endeavour, whether it production, trade, or
service.

The contract's enforceability depends on its legality.

In the context of electronic commerce, an e-contract is any legally binding agreement

reached through the use of electronic means, such as email, between two or more parties,
or between one human and an electronic agent, such as a computer programme, or between
at least two electronic agents that are designed to recognise the existence of a contract.

57
The consumer is not approached personally by the seller in E-Contracts. The shopper
“browses” the merchant's website to see what's for sale, and then makes a purchase
decision. The website itself does not make the offer when it lists the things for sale at a
certain price. This is an open invitation to make an offer, which may be declined at any
point prior to acceptance. Emails or a simple click of “I Agree” constitute acceptance of
the offer.

In the digital realm, where privacy and swiftness are valued, the contract takes on added
relevance. Electronic contracts refer to agreements that are formed and executed in a digital
format. Electronic contracts allow parties to a transaction or agreement to do so without
ever having to meet in person. There are typically two parties engaged in an electronic
contract: the sender and the recipient. The sender, receiver, or keeper of an electronic
communication is known as the originator. The word “addressee” refers to the recipient to
whom the electronic record is being sent, excluding any intervening third parties. An
intermediary is a third party who acts as a conduit for the exchange of information between
two parties. If the preceding theory is used, then the contract's creator becomes the
promissory, the addressee becomes the promise, and the intermediate becomes the carrier's
service. There is no need for a human intermediary in the transmission of electronic
messages or data. After the communication leaves the hands of the sender and reaches the
intermediate, it has been delivered.47

3.2.8. INDIAN PENAL CODE, 1860

“Crime is both a social and economic phenomenon. It predates the dawn of civilization.
The fast proliferation of the Internet and the digitalization of commercial operations have
contributed to a meteoric rise in cybercrime in emerging nations. With the development
and widespread use of internet banking, this service has become a prime target for
cybercriminals.

Some sections of the Indian Criminal Code have undergone extensive revisions (herein
referred as IPC). Electronic records are considered “documents” under Section 172,

47
“Major Legal Issues in Indian E-Banking System - iPleaders” (iPleaders, June 3, 2020) available at
https://blog.ipleaders.in/major-legal-issues-indian-e-banking-system/ accessed March 26, 2023

58
“documents to be delivered before a Court of Justice” under Section 192, “makes false
entry in books of records” under Section 463, and “inserting false electronic record with
purpose to cause harm or injury” under Section 463.

It is generally agreed that three main factors contribute to bank frauds:

a. Involvement of bank's employee or in connivance with outsiders;

b. Failure of the bank staff to follow the instructions and guidelines; and

c. External elements or collusion between various parties or by a hacker.

Though there are various kinds of frauds, but purely from reporting standpoint, RBI has
classified frauds on the basis of the provisions of the IPC.

1. Misappropriation (Section 403 IPC) and criminal breach of trust (Section

405 IPC);
2. Fraudulent encashment through forged instruments, manipulation of books
of account or through fictitious accounts and conversion of property
(Sections 477A, 378 and 120 A);
3. Unauthorized credit facilities extended for reward or for illegal
gratification;
4. Negligence and cash shortages;
5. Cheating (Section 415 IPC) and forgery (Section 463 IPC);
6. Forgery of electronic records (Section 465 IPC);
7. Bogus websites, cyber frauds, phishing (Section 420 of IPC)
8. Irregularities in foreign exchange transactions; and
9. Any other type of fraud not coming under the specific heads as above.”

Notwithstanding the lack of a definition for fraud, the above clauses are all relevant to the
crime. E-Banking fraud cases have been heard in Indian courts under both the Indian Penal
Code and the Information Technology Act.

59
Case law states that “whoever knowingly or intentionally conceals, destroys, or alters, or
intentionally or knowingly causes another to conceal, destroy, or alter, any computer source
code used for a computer, shall be punished with death.” This case was filed under Sections
409, 420, and 120B of the Indian Penal Code (IPC) and Section 65 of the Information
Technology Act (IT Act) of 2000.

The explanatory notes to Section 65 of the IT Act further state that “dishonestly” is defined
in accordance with Section 24 of the IPC and that “fraudulently” is defined in accordance
with Section 25 of the IPC.

A definition of fraud is offered in the Report of the RBI Working Group on Information
Security, Electronic Banking, Technological Risk Management, and Cyber Frauds, which
may shed some light on the matter: “a deliberate act of omission or commission by any
person, carried out in the course of a banking transaction or in the books of accounts
maintained manually or under computer system in banks, resulting into wrongful gain.”

3.2.9. INDIAN EVIDENCE ACT, 1872

The Indian Evidence Act was a groundbreaking legal reform that was enacted and adopted
in India, completely overhauling the country's judicial system's approach to the acceptance
of evidence.

Physical evidence and digital evidence are not interchangeable in any way. This
discrepancy stands out at every level of the legal process, including discovery, collection,
storage, and presentation of evidence. Fingerprints, the murder weapon, and blood spatter
are all easily traceable in the actual world, but in the virtual one, they become very
impossible to locate. An effective and experienced computer forensics specialist knows
how to preserve evidence of cybercrime, since any mistakes in doing so will reduce the
evidence's value.

After the necessary evidence has been discovered, the investigator must verify that it is
gathered in accordance with all applicable laws and regulations. To comply with the law,
it is necessary to get a warrant before collecting evidence, to complete the investigation

60
before any conclusions can be drawn about the information obtained, and to obtain further
warrants if necessary. In a court of law, evidence is only admissible if it was obtained in a
lawful manner. In order to comply with the provisions of the IT Act, the Indian Evidence
Act was revised.

The Indian Evidence Act validated the admissibility of all digital evidence. The definition
of “documents” in the Act was updated to read as follows: “where the phrase all documents
includes electronic records.”

As part of the IT Act's evidential framework, terms including “digital signature,”

“electronic form,” “secure electronic record,” and “information” were included. In Section
17, the terms “oral or documentary or contained in electronic form” replaced the original
“oral or documentary.”

The term “record” was changed to “record or an electronic record” in both instances
throughout section 35 of the Act. The original Act's Section 39 addresses the presentation
of evidence when a statement is included in a discussion, document, book, or series of
letters or documents. “ Evidence shall be given of so much and no more of any statement,
conversation, document, or document contained in a book or connected series of letters or
papers, as the Court considers necessary in that particular case to a full understanding of
the nature and effect of the statement, conversation, document, or document contained in
question.48

When a statement is made in a conversation, written or electronic record, book, or series

of letters or papers but the words have been changed, proof must be supplied. Every
statement, discussion, document, electronic record, book, or linked sequence of letters or
documents may be introduced into evidence, but only to the extent the Court deems
essential in that specific paragraph. According to the newly added Section 47A, “when the
court has to form an opinion as to the digital signature of any person, the opinion of the
certifying authority which has issued the Digital Signature Certificate is a relevant fact,

48
“E-Banking Frauds and Indian Legal Prospective” available at https://legalserviceindia.com/legal/article-
3322-e-banking-frauds-and-indian-legal-prospective.html accessed March 26, 2023

61
section 47 was amended to emphasise the importance of the certifying authority's opinion.”
The contents of papers were changed to “the contents of documents or electronic records”
in Section 59. Two new subsections, 65A and 65B, were added to Section 65 as part of the
amendments. Electronic records are subject to both 65A's “specific requirements as to
evidence” and 65B's “admissibility” rules.49

The other changes concerned the burden of proof for a digital signature, the burden of proof
for the verification of a digital signature, the burden of proof for a digital signature
certificate, and the burden of proof for the production of documents or electronic records
that another party having possession refuses to produce before courts.

Information contained in an electronic record that is printed on paper, stored, recorded, or

copied in optical or magnetic media produced by a computer (hereinafter referred to as the
computer output) shall be deemed to be also a document, if the conditions mentioned in
this section are satisfied in relation to the document, despite the fact that the amendments
brought to the Indian Evidence Act were challenged in P. Padmanabh v. Syndicate Bank
Limited.

Admissibility of electronic records as evidence as enshrined in section 65B of the Indian

Evidence Act is wide enough to cover all types of electronic records as evidence which
states as under- 50

“Any information contained in an electronic record which is printed on a paper, stored,

recorded or copied in optical or magnetic media produced by a computer shall be treated
like a document, without further proof or production of the original, if the conditions like
these are satisfied: (a) the computer output containing the information was produced by
the computer during the period over which the computer was used regularly.... by lawful
persons. (b) the information ...derived was regularly fed into the computer in the ordinary
course of the said activities; (c) throughout the material part of the said period, the

49
“Finance and Development” available at https://www.imf.org/external/pubs/ft/fandd/2002/09/nsouli.htm
accessed March 26, 2023
50
“Lessons from the Rapidly Evolving Regulation of Digital Banking” (McKinsey & Company) available
at https://www.mckinsey.com/industries/financial-services/our-insights/lessons-from-the-rapidly-evolving-
regulation-of-digital-banking accessed March 26, 2023

62
computer was operating properly r was out of operation during that part of the period, was
not such as to affect the electronic record or the accuracy of its contents; and (d) the
information contained in the electronic record reproduces or is derived from such
information fed into the computer in the ordinary course of the said activities”

Evidences (information) obtained from computers or electronic storage devices and

produced as print-outs or in electronic media are legitimate if they are obtained from the
system in a suitable manner with no room for manipulation of data. Data created directly,
with or without human interaction, is guaranteed to be accurate, and this is confirmed by a
certificate signed by an authorised individual attesting to the veracity of the data extracted
from a computer system using all the safety measures specified in the section.

3.2.10. CONSUMER PROTECTION ACT, 1986

After the passing of the Consumer Protection Act, 1986, consumer rights were
strengthened in India. It gave customers the ability to file complaints against businesses
and people who had sold them faulty products or offered subpar service quickly, efficiently,
and effectively. It has proven to be the most powerful tool available to consumers seeking
swift remedy for their grievances. This Act ensures the residents of India have access to
swift justice, which is a basic right. Because the board has already been established, many
of the procedures necessary in conventional courts are unnecessary. A judge hears the case,
and two social workers sit on the bench with the judge as observers. There is a combination
of written and spoken testimony. Justice is also guaranteed by the inspection of tangible
items.51

A bank customer is a consumer if he meets the legal meaning of the term. The Act only
applies to services that consumers pay for, hence “consumer” refers only to those who pay
for products or services.

51
Panicker LA and posts by Lavanya Ajaykumar Panicker V all, “Consumer Protection in E-Banking - Indian
Law Portal” (Indian Law Portal, November 30, 2020) available at https://indianlawportal.co.in/consumer-
protection-in-e-banking/ accessed March 26, 2023

63
Anybody making a purchase or using a service as part of a business rather than for personal
use is not eligible.

The National Consumer Forum has ruled that a consumer has the right to seek redress under
the Consumer Protection Act and the right to seek redress from an appropriate forum if it
is determined that the consumer hired the service for money and suffered a loss as a result
of the service provider's negligence or incompetence. Banks have always considered
technological failure and the disclosure of personal information to constitute a flaw in
service, assuming the client is not at fault. Before a client may start using the bank's E-
Banking service, they need to get some guidance from the bank. Customers are increasingly
being encouraged by online banks to move their deposits there, which is having a
significant effect on the deposit base of traditional banks. And the same goes for
encouraging safety measures.

3.2.11. THE PAYMENT AND SETTLEMENT SYSTEMS ACT, 2007

It is generally agreed upon in the international community that a solid legal foundation is
necessary for payment and settlement systems to operate well. This includes, but is not
limited to, the provision of regulation and control of payment and settlement systems, the
legal recognition of nets, the finality of settlements, and the provision of necessary
authorisation for the establishment of such systems. The subject of electronic fund transfers
is not addressed by any law in India (EFT). To some degree, the problem is addressed under
the Payment and Settlement Act (herein referred to as PSS Act) and the directives and
recommendations issued thereunder. The institution must meet RBI's requirements in order
to get the necessary authorisation letter. The Act establishes a comprehensive framework
for the resolution of disputes between the participants in a payment system, the providers
of that system, and the participants themselves. The RBI is authorised to request returns,
documents, and other information from the payment system provider. Any and all data

64
pertaining to the payment system's functioning should be made available to the Reserve
Bank by the system provider and all participants.52

Like dishonour of a check under the NI Act, 1881, dishonour of an electronic money
transfer order owing to insufficient funds in the account is a crime punishable by jail or a
fine, or both. The Act specifies the steps that must be followed before criminal prosecution
of a defaulter may begin. So, the RBI can keep an eye on the Indian e-payment system
thanks to this piece of law. 53

52
“Internet Banking in India - - India” (Internet Banking in India - - India, April 11, 2003) available at
https://www.mondaq.com/india/finance-and-banking/20687/internet-banking-in-india accessed March 28,
2023
53
Ibid

65
 CHAPTER 4: TECHNOLOGICAL CHALLENGES TO
BANKING SECTOR IN INDIA
4.1. INTRODUCTION

The Indian banking sector has undergone significant transformation as a result of the
liberalisation and deregulation process that began in 1991–1992. We've made the transition
from a highly controlled setting to a more market-based, competitive one. The term
“information technology” (or “IT”) has become ubiquitous in recent years. The rapid
development of technology has shrunk the globe into a global village, and it has also
brought about significant shifts in the financial sector. In today's increasingly globalised,
liberalised, privatised, and competitive market, banks must function. Because of
Technology, a new paradigm in business has emerged. It is becoming more important in
enhancing banking sector offerings. As a result of technological advancements, the banking
sector in India has grown exponentially. The success of any service company in the modern
day, including banking, is impossible to imagine without the aid of information technology.
The banking sector's overall economic impact has grown as a result. Payments and other
financial transactions may now be performed in a matter of seconds with little effort.54

Every new advancement in IT and the widespread acceptance of it by India's commercial

banks has allowed them to employ IT extensively in their product and service offerings to
consumers, rather than merely in their back-office operations. In today's ruthless financial
services industry, banks who use cutting-edge IT strategies have a distinct advantage. In
addition, they might provide an increasing number of lucrative commercial prospects. The
advent of IT in banking has not only enhanced client service but also decreased operating
costs (Talwar, 1999). When discussing technological developments in the banking sector,
the phrase “digital banking” is used to signify and embrace the full spectrum. This is a

54
“Technology and Talent: Two Challenges for Indian Banks - ET BFSI” (ETBFSI.com) available at
https://bfsi.economictimes.indiatimes.com/news/banking/technology-and-talent-two-challenges-for-indian-
banks/95340171 accessed March 28, 2023

66
catch-all phrase for the distribution of financial services and goods through electronic
channels such as the telephone, mobile phones, internet, etc.55

The traditional bank branch has been disrupted by online banking. Customers may conduct
financial transactions from remote areas like their homes or offices, using encrypted
internet connections. Account transfers, balance enquiries, bill payments, and stop-
payment requests, as well as the application for loans and credit cards, are all possible for
consumers to do online. Banks need to adapt their offerings and their IT infrastructure to
remain competitive in the current market. These days, more and more individuals choose
to do their financial dealings online. The proliferation of mobile phones and internet access
through tablets, laptops, and desktop computers may contribute to the dissolution of
geographic distinctions. Banks may reach a wider audience and expand their service
offerings by transitioning to digital banking.

4.2. DIGITAL BANKING IN INDIA

In the late 1980s, the Indian banking industry recognised the need to use computerization
to enhance customer service, bookkeeping, and MIS reporting. The Central Bank of India
appointed Dr. C. Rangarajan to lead a committee on bank computerization in 1988. Banks'
use of IT dates back to the widespread availability of personal computers and continued
with the advent of LANs. As technology progressed, banks started using a system called
Core Banking. As a result, bank branches became just banks. As a promising move towards
improving consumer convenience via Anywhere and Anytime Banking, Core Banking
Solution (CBS) allowed banks to boost the comfort feature to the clients. Many notable
Core Banking solutions emerged, including Finacle from Infosys, BaNCS from TCS, and
FLEXCUBE from i-flex.56

With the liberalisation of the economy in 1991 and 1992, the computerization trend picked
up speed. Rising rivalry from domestic and international banks was a significant force

55
“Key-Challenges in Indian Banking Sector Amid a Technology-Led Revolution” (AcuityKP, May 8, 2018)
available at https://www.acuitykp.com/the-indian-banking-sector-key-challenges-amid-a-technology-led-
revolution/ accessed March 28, 2023
56
Vasamsetti R, “5 Challenges Of Digital Banking In India And How Indian Companies Are Overcoming
Them” (BW Businessworld, August 1, 2001) available at http://businessworld.in/article/5-Challenges-Of-
Digital-Banking-In-India-And-How-Indian-Companies-Are-Overcoming-Them/08-06-2020-194534
accessed March 28, 2023

67
behind this shift. In order to keep up with the competition, many commercial banks have
begun transitioning to digital consumer services. In India, digital banking services are now
widely used. The branch banking model was the standard up until the early 1990s, when
non-branch banking services were first introduced. ICICI Bank is credited as the pioneer
of online banking in India. The next major banks to provide online banking were Citibank
and HDFC Bank in 1999. On October 17, 2000, the Indian government passed the
Information Technology Act, 2000, which gave the government's blessing to e-commerce
and other forms of electronic transaction. To make sure that e-banking develops along
sustainable lines and that e-banking-related issues do not threaten financial stability, the
Reserve Bank constantly analyses and assesses the relevant legislative and other
requirements of digital banking. Indian commercial banks have taken many measures,
digital banking being one of them, to deal with the increasing strain of competition.
Competition has been particularly fierce for the public sector banks due to the early
adoption of digital banking by the newly founded private sector and international
institutions. “The following are some of the digital banking services that clients of Indian
banks may take use of:57

• Automated Teller Machines (ATMs)

• Internet Banking
• Mobile Banking
• Phone Banking
• Tele banking
• Electronic Clearing Services
• Electronic Clearing Cards
• Smart Cards
• Door Step Banking
• Electronic Fund Transfer”

57
“Banking On Technology: Tech Trends That Have Carved A Niche This Year - Forbes India Blogs”
(Forbes India, November 24, 2021) available at https://www.forbesindia.com/blog/technology/banking-on-
technology-tech-trends-that-have-carved-a-niche-this-year/ accessed March 28, 2023

68
The government of India is actively encouraging the use of digital methods of commerce.
The National Payments Corporation of India's (NPCI) introduction of Unified Payments
Interface (UPI) and Bharat Interface for Money (BHIM) is a major development in the field
of Payment Systems. UPI is a mobile interface that allows users to instantly transfer money
between bank accounts using just a virtual address and a unique identifier.58

Nowadays, clients want a banking experience that is quick, precise, and of high quality.
All Indian banks have made digitisation their primary priority today. The RBI report for
2016–17 states that there were 2,22,475 ATMs and 25,29,141 POS terminals in use (POS).
There has been widespread adoption in Indian banks of various forms of electronic
payment technology like NEFT (National Electronic Fund Transfer), ECS (Electronic
Clearing Service), RTGS (Real Time Gross Settlement), the Cheque Truncation System,
the Mobile Banking System, Debit Cards, Credit Cards, and Prepaid Cards. All of these
events indicate significant steps forward in the development of financial technology.
Banking as we know it has been significantly altered with the advent of online banking.59

For sending money from one bank branch to another in India, NEFT (National Electronic
Funds Transfer) is the method of choice. It processes jobs every half hour. There are now
23 communities. High-value,'real-time' transactions are the most common use case for Real
Time Gross Settlement (RTGS). Sending money with RTGS requires a minimum of two
million Indian rupees. The sky is the limit. The National Payments Corporation of India
(NPCI) provides the Immediate Payment Service (IMPS), a 24/7/365 electronic payments
transfer service. Prepaid payment instruments (PPIs) have been more popular for online
shopping, in-store payments, and money transfers in recent years. From Rs.105 billion and
Rs.82 billion in 2015-16, respectively, the value of transactions made using PPI Cards
(which comprise mobile prepaid instruments, gift cards, overseas travel cards, and

58
Ibid
59
“Indian Banking Sector Explained: Challenges, Opportunities, and Its Future - Hero Vired” available at
https://herovired.com/learning-hub/blogs/indian-banking-sector-explained-challenges-opportunities-and-
its-future/ accessed March 30, 2023

69
corporate cards) and mobile wallets has skyrocketed to Rs.277 billion and Rs.532 billion
in 2017-18.60

4.3. CHALLENGES IN DIGITAL BANKING

Availability of Personnel services: Customers of today's banking institutions anticipate

that their financial institutions will fulfil a variety of requirements. These requirements
include social banking that offers a variety of financial options, selective upgrades,
computerization and innovative mechanisation, improved services for customers, a robust
organisational culture, adequate profits, and efficient management. Banks have to be ready
to satisfy their customers' requirements since customers carry their own set of expectations
with them.61

Competition: Foreign and new private sector banks provide competition to the
nationalised and commercial banks. The banking industry is highly competitive, and as a
result, financial institutions must face a wide range of challenges, including product
positioning, innovative ideas and channels, new market trends, cross selling, and the need
to manage assets and limit risk at the managerial and organisational levels. When a bank
reduces the number of employees in an administrative department, it is doing so by
replacing those employees with machines. Staff with certain skill sets and experience levels
will be recruited and hired in order to achieve set goals.62

Customer Awareness: In India, there is still a lack of consumer education on digital

banking services and processes. When it comes to communicating the value, convenience,
and utility of online banking, financial institutions fall short. One of the biggest roadblocks
to the growth of e-banking is the general public's lack of knowledge about the advantages
of new technology.

60
“5 Key Challenges Faced by India’s Banks - Meaningful Minutes” (Kotak Securities®, May 8, 2015)
available at https://www.kotaksecurities.com/ksweb/Meaningful-Minutes/5-key-challenges-faced-by-
Indias-banks accessed March 30, 2023
61
Bhushan K, “Artificial Intelligence in Indian Banking: Challenges and Opportunities” (mint, July 6, 2018)
available at https://www.livemint.com/AI/v0Nd6Xkv0nINDG4wQ2JOvK/Artificial-Intelligence-in-Indian-
banking-Challenges-and-op.html accessed March 30, 2023
62
Ibid

70
Implementation of global technology: “There is a need to have an adequate level of
infrastructure and human capacity building before the developing countries can adopt
global technology for their local requirements. In developing countries, many consumers
either do not trust or do not access to the necessary infrastructure to be able to process e-
payments.

Non- Performing Assets (NPA): Nonperforming assets are another challenge to the
banking sector. Vehicle loans and unsecured loans increases N.P.A. which terms 50% of
banks retail portfolio was also hit due to upward movement in interest rates, restrictions on
collection practices and soaring real estate prices. So that every bank has to take care about
regular repayment of loans.

Privacy risk: The risk of disclosing private information & fear of identity theft is one of
the major factors that inhibit the consumers while opting for internet banking services.
Most of the consumers believe that using online banking services make them vulnerable to
identity theft. According to the study consumers worry about their privacy and feel that
bank may invade their privacy by utilizing their information for marketing and other
secondary purposes without consent of consumers.

Security Risk: The problem related to the security has become one of the major concerns
for banks. A large group of customers refuses to opt for digital banking facilities due to
uncertainty and security concerns. According to the IAMAI Report (2006), 43% of internet
users are not using internet banking in India because of security concerns. So it‟s a big
challenge for marketers and makes consumers satisfied regarding their security concerns,
which may further increase the online banking use.63“

Strengthening the public support: Most previous e-finance projects in low-income

countries were a collaborative effort between the commercial and state sectors. Joint efforts
between the public and private sectors, as well as multilateral institutions like the World
Bank, are vital if the public sector lacks the means to undertake the projects in order to
ensure public support for e-finance related activities.

63
Ibid

71
The Trust Factor: Most people just don't feel safe enough to use internet banking.
Customers who are wary about banking online tend to stick with traditional methods. They
believe that fraud is more likely to occur with internet transactions. Many clients have
concerns about utilising online banking services, including whether or not their
transactions went completed. How many times should I press the transfer button?
Customers' propensity to make purchases from online stores is influenced in large part by
their level of trust in these businesses.

Handling Technology: To reach and maintain high service and efficiency standards while
being cost efficient and producing a sustainable return to shareholders, it is vital to develop
or acquire the correct technology, use it properly, and leverage it to the utmost degree
possible. Those that embrace new technologies early on have a decisive competitive
advantage. Thus, the banking industry in India has a significant problem in managing
technology.64

CHAPTER 5- CONCLUSION AND SUGGESTIONS

5.1. CONCLUSION

64
“5 Facets of Digital Transformation in Banking | SafeGuard Cyber” available at
https://www.safeguardcyber.com/blog/security/digital-transformation-in-banking accessed March 30, 2023

72
The way we bank has seen a significant transformation in the previous two decades due to
technological advancements. Banks and their clients alike have reaped the benefits of
banking's modernisation and automation. Although banks have reaped the benefits of
expanded business and lower overhead, clients have reaped the benefits of convenient
access to banking services around the clock and in any location. Nevertheless, there is a
dark side to technical progress: the rise of increasingly sophisticated and perilous fraud
threats that evolve with new technologies. The banking industry and fraudsters alike have
embraced the technology. Rules and regulations, however, have not kept pace with
technological and societal developments, and are now mostly playing catch-up. In fact, we
need to pick up the pace now.

According to the findings, India's banking system is complex, with several tiers catering to
different demographics and demands. The banking industry is diversifying and growing
more competitive at a breakneck rate, which greatly increases the sector's exposure to fraud
threats from both internal and external sources.

For as long as there have been criminals, banks and other financial institutions have been
a prime target. The vulnerability of financial institutions, especially to fraud, has increased
as a result of the widespread use of technology in banking services. The number of recorded
occurrences of fraud has skyrocketed over the last decade, notably after demonetization in
2017 and the outbreak of the Covid 19 epidemic (as evidenced from both the data published
by RBI and NCRB). This growth is mostly owing to the widespread adoption and use of
electronic banking services, which have shown to be more susceptible to security threats
than their brick-and-mortar counterparts.

In a similar vein, Chanakya's book on economic policy from 330 BC shows that banks have
always faced fraud threats from inside the organisation, such as when staff falsify
documents or steal money. The expanded potential for Insiders to perpetrate frauds while
limiting their risks of finding are a direct result of the complexity of E-Banking systems,
which employ different technologies necessitating interaction with each other, requiring
numerous access credentials being provided to the users. Due to their familiarity with the
systems and vulnerabilities, increased access to customers' personal and financial

73
information (needed to carry out daily duties), and the anonymity offered by the lawful use
of these, insiders pose an especially high risk in electronic banking.65

The problem is made even worse by the fact that it often takes anything from 23 to 55
months (RBI Reports) between the inadvertent or tip-off discovery of Bank Fraud and its
reporting. The magnitude of losses is magnified by the delay in identification and reporting,
and the complexity of the inquiry leads to either no convictions or weak ones. Also, banks
are hesitant to reveal instances of internal fraud for fear of negative publicity. The fraudster
has an opening and incentive to do further fraudulent acts because of this failure to disclose.

The study also shows how the threat of fraud has grown rather than decreased despite the
various laws and regulations that affect the banking industry. Most laws and regulations
deal with operational soundness because they aim to maintain a secure financial system.
While fraud risk reduction is discussed generally, it is just one component of the larger risk
management plan.

Bank crimes were singled out for special attention by legislators in 1981 by the Council of
Europe's Committee of Ministers, who were discussing the subject of a surge in Economic
Crimes due to the great development in economic activity. The Committee of Ministers
suggested that governments examine their current company laws and advocate for a legal
framework that can handle any economic crimes that may occur as a result of technology
advances.

Special Investigative Agencies qualified to handle such Serious Frauds are necessary
because to the type, complexity, and frequency with which cross-border transactions are
involved. Special investigative agencies such as the Central Bureau of Investigation (CBI),
the Enforcement Directorate (ED), and the Serious Fraud Investigation Office (SFIO) in
India look into cases of financial fraud, particularly bank fraud. Notwithstanding the
Reserve Bank of India's (RBI) Master Guidelines on Fraud Classification and Reporting,
which categorise crimes in accordance with the Indian Penal Code (IPC), there is no

65
“Advantages and Challenges of Digital Banking” available at https://www.bankofbaroda.in/banking-
mantra/digital/articles/advantages-and-challenges-of-digital-banking accessed March 30, 2023

74
universally accepted definition of Bank Fraud. The ibid Master Guidelines provide that
various investigative authorities would look into fraud cases differently according on the
amount at stake and whether or not the perpetrators were from inside or beyond the
company. As the extent and level of participation at the time of identification may be
unknown, this divergence raises questions about which agency would conduct an
investigation. Not all law enforcement organisations have the resources necessary to
adequately investigate complicated Financial Frauds, particularly those that include the
misuse of information technology.66

The clarity of the established Laws, the harmful impact they have, and, finally, how the
companies assess Fraud Risk versus the materiality of losses generated all play a role in
ensuring that Serious Frauds are prevented in the organisational environment.
Nevertheless, most legislative initiatives aimed at reducing Insider Risks and fraud are
focused on bolstering organisational ecosystems and internal control mechanisms by
means of audits and reviews.

Some of the major frauds that have rocked the Banking Industry in recent years were
committed by bank personnel or by them in connivance with outsiders, as shown by the
case studies mentioned by the Researcher. A low-level employee and the branch manager
of one branch are suspected of perpetrating the over Rs. 11,000-crore PNB fraud over the
course of nearly seven years. The auditors and the senior management of the Bank were
unable to discover the abuse of the Bank's SWIFT Code by the junior employee, despite
rigorous Regulations and RBI Guidelines on periodic audit, notably in instances of Bank
Guarantees and LoUs. This instance shows that insider fraud is difficult to prevent because,
without severe penalties, the benefits of perpetrating the fraud always seem to exceed the
dangers.

A similar failure of Corporate Governance Principles and abuse of position occurred in the
situations of Yes Bank and PMC Bank, where the Managing Director of the Board of

66
“Four Essential Tech Trends for the Banking Industry | Deloitte Netherlands” available at
https://www2.deloitte.com/nl/nl/pages/financial-services/articles/tech-trends-banking.html accessed March
31, 2023

75
Directors and top bank personnel utilised false accounts to disguise problematic loans and
cheat the depositors by portraying good balance sheets. Despite causing massive losses for
the banks and, eventually, the depositors, the offenders in these situations excused their
actions as not being fraudulent and undertaken only with the objective of achieving
organisational goals. The fact that they were able to commit their crimes for many years
undetected demonstrates the weakness of the Laws pertaining to Banking Frauds.

In conclusion, the purpose of the current fraud framework is to stop frauds from happening
in banks, but the lack of clarity about what counts as fraud causes people to wait before
coming forward with their suspicions, which is a major factor in the meteoric rise of frauds
in the Advance/Loan portfolio. The fact that fraudulent activities go undetected for some
time after they begin suggests that banks do not put enough resources into protecting its
infrastructure. The development in the number of banks and the variety of digital banking
solutions available have both contributed to the rise of fraud. Employee overwork, rivalry,
and the need to grow the firm have all contributed to a culture of laxity that allows the
dishonest to take advantage of gaps in policy.

The Banking and Financial Services Industry is Very Vulnerable to Fraud and Bank fraud
legislation has often been reactive rather than preventative. After a string of frauds, most
laws were passed or revised to address the issue of bank fraud. Although various laws have
been passed to oversee and control the banking industry, none of them deal directly with
the problem of bank fraud.

Since banks' operations entail the intermediation of money, they are especially susceptible
to fraud in the modern period, and the effects of fraud on financial institutions are
disproportionately severe. Market, financial institution, and payment system disruptions
caused by fraud may have a significant economic impact. Moreover, scams may undermine
people's faith in the financial system and threaten the economy's security and stability.
Banks might fail and the RBI's oversight function could be compromised. Frauds in
banking and financial institutions, the researcher concludes, get considerable public and
media attention yet require extensive time and resources to investigate and establish. The
low rate at which fraudsters are identified and punished encourages others to engage in

76
fraudulent behaviour. This industry is mostly uncontrolled since there is no law that
recognises and addresses bank fraud as a distinct category of financial crimes.67

FINDINGS

• Due to technological developments, banks have shifted their focus from

traditional banking methods to E-Banking. Technology is now widely exploited
in the conduct of fraudulent operations, marking a shift in the typology of Bank
Fraud.
• There is no agreed-upon definition of bank fraud, leaving it up to individual
financial institutions to decide whether or not to report suspicious transactions.
Hence, academics, researchers, and legislators ignore this topic despite
evidence that it harms the whole financial system.
• Bank fraud and insider risks are not even touched upon by current legislation.
Because of this, more fraud is committed inside organisations, and the majority
of culprits never face justice.
• The regulatory framework gives less attention to controlling and mitigating
frauds than it does to overseeing the operational components of the Banking
Industry.
• Poor Corporate Governance Rules with an apparent lack of active engagement
of the Bank's Board and Management in reducing occurrences of internal fraud
are to blame for the rise in fraud at all Commercial Banks, notably in the
Advance Portfolio.
• Lack of monitoring of the audit process and insufficiency of intrinsic system
controls and security measures vis-à-vis E-Banking Services are evident in the
rising occurrences of fraud, which go unnoticed for lengthy periods of time.
• There is a disproportionate amount of time that passes between the commission
of an act and its discovery, investigation, and attribution of blame, which can
lead to a proliferation of blame and the protection of the primary perpetrators

67
“What Is the Impact of Technology on Financial Services? | HCLTech”
https://www.hcltech.com/technology-qa/what-is-the-impact-of-technology-on-financial-services accessed
March 31, 2023

77
 through the attribution of negligence to lower-level employees. The low
incidence of prosecution for bank fraud due to this delay likely encourages
others to commit the crime.
• The failure to provide enough incentives for workers is a contributing factor to
Insider Frauds. Dissatisfaction and resentment stem from a lack of respect for
their contributions and efforts, whether genuine or imagined.
• When incidents of fraud involving Insiders are not reported, the offender is
emboldened to try or perpetrate fraud in other organisations.
• Many bank frauds are carried out by “Insiders” working in tandem with both
bank clients and those from outside the bank. Corporate borrowers worked in
tandem with bank personnel to commit both the PNB Bank Fraud and the PMC
Bank Fraud.
• Although banks have been quick to adopt new technologies for E-Banking
Services, they have been slower to do the same for fraud detection and
investigation. To combat technology-driven fraud, early warning signals and
red flags are insufficient.
• Despite specific agencies like the CBI, ED, and SIFO are tasked with looking
into bank fraud as Economic Crimes, they often lack the forensic accountants
and attorneys who would be needed to properly investigate the crimes.
• When it comes to protecting the bank's systems against fraudulent assaults, the
staff is woefully unprepared since they have received little training. Both
malevolent and careless workers pose significant danger.
• The introduction of E-Banking Services and Products occurs without informing
customers/end users of the security precautions they need to take to protect their
personal identity information, which may be intercepted or stolen by fraudsters
as demonstrated in the Study.
• Bank fraud, and particularly electronic banking fraud, is not adequately
addressed by present anti-fraud laws. Additionally, the hazards presented by
Insiders in perpetrating and abetting frauds are not addressed by the existing
Legislations.

78
5.2. SUGGESTIONS
• Professionals or developers have a responsibility to provide all the information
that is required, as well as to create an interface that is easy to use even for the
average person.
• More innovative features and technology advances added to the apps will have
a greater impact on their users.
• Concerned specialists must ultimately do software and security testing to ensure
its quality, to counteract the crimes committed by hackers, and to prevent
cybercrime.
• Developers in the banking industry must think outside the box in terms of
software and digitalization in order to differentiate their products from the
competition.
• Experts must preserve the apps' potential and functioning to ensure their long-
term viability. In addition, it is suggested that a new law be passed specifically
to address financial fraud in the banking and financial sector, making it a crime
to commit such fraud and serving as a significant disincentive to anyone who
would engage in or seek to do such actions. The statute should define Financial
Frauds and include provisions for a Special Independent Investigative Agency
and Special Courts or Tribunals to investigate and prosecute such Offenses. To
effectively and efficiently complete its investigations under strict time
constraints, the Investigative Agency must employ personnel with financial and
legal expertise and provide them with cutting-edge technology for fraud
prevention. Trials in these cases should go quickly through the Special Courts
or Tribunals, presided by by Judges or Presiding Officers who understand not
just the regulatory and legal requirements but also the economic and financial
mechanisms at play. This would guarantee that instances of financial fraud in
banks are thoroughly investigated and brought to trial without delay, and that
those responsible face justice.68

68
“Three Ways COVID-19 Is Changing How Banks Adapt to Digital Technology” available at
https://www.ey.com/en_gl/banking-capital-markets/three-ways-covid-19-is-changing-how-banks-adapt-to-
digital-technology accessed March 31, 2023

79
• Data Privacy Regulations must be adopted to guarantee that people who have
access to consumers' personal and financial information are held accountable
for any breaches that may occur.
• It is suggested that, as a stopgap measure, Bank Fraud be added as a distinct
Offense to the Indian Penal Code, 1860.
• Although RBI may take disciplinary action against the Regulated Entities, it
does not have the authority to prosecute fraudulent practises. In cases where
fraud of significant value has been uncovered and reported, RBI is urged to take
decisive action, such as imposing heavy fines or even revoking the businesses'
licences, in order to safeguard the public's best interests.
• Banks may improve their corporate governance by requiring its staff and
contractors to strictly adhere to the Banks' own Best Practices Code. When it
comes to Banking Services, the roles and responsibilities of bank employees
and third-party contractors must be laid out in detail in the Best Practices Code.
• There has to be more control from boards and upper management, including
regular reviews of auditing procedures. Periodic evaluations and audits of the
Board and Management are also necessary for openness.
• To prevent abuse of E-Banking Services, permissions to use them must be
closely checked and managed. Passwords to the various systems must be
required to be changed on a regular basis. Regular audits of access permissions
are recommended to prevent the accidental maintenance of access for those who
are no longer permitted to have it.
• Banks need to employ data forensics and technology to spot suspicious actions
as soon as possible.
• The Reward System should not be based on the personal preferences of the
authority figure in charge.
• Whistle-blower The Best Practices Code should include policies that provide a
safe method of reporting misconduct.
• High-value loans, which may need an additional external audit component
before approval, highlight the importance of always adhering to the process for
approval of Loans and Credit facilities.

80
 • In a technologically advanced workplace, training people is crucial. All people
engaged in Financial Services must undergo obligatory training at specialised
institutes.
• It's just as crucial to know one's staff as it is to know one's clientele. Several
instances of insider fraud may be avoided by keeping track of employees'
updated addresses and contact information. Banks' human resource policies
should provide regular opportunities for staff to share their hopes, fears, and
concerns so that the institution may better meet their needs. It is important to
keep track of any out-of-the-ordinary behaviour and to keep an eye on the
actions of suspicious workers.69
• As it stands, the Management or Board is allowed to decide whether or not to
conduct an internal investigation into allegations of insider abuse or to disclose
the matter to investigative authorities. The banks must organise a special
committee to examine any suspected instance of internal fraud, and if criminal
charges are warranted, the accused must be suspended until the outcome of the
investigation.70

69
“Committee Reports” (Committee Reports) available at https://prsindia.org/policy/report-
summaries/banking-sector-in-india-issues-challenges-and-the-way-forward accessed April 6, 2023
70
Ibid

81
 BIBLIOGRAPHY

1. LIST OF STATUES
• Banking Regulation Act, 1949.
• Indian Penal Code, 1860.
• Information Technology, 2002.
• Reserve Bank of India Act,1934.

2. RESEARCH PAPERS
• Dr. Mritunjay Kumar Manish, “The Role of Commercial Banks in Economic
growth in India: A Perspective study” IJEMMASSS 03, July - September, 2020,
pp.151-154
• Bandlamudi Kalpana, Taidala Vasantaha Rao, “Roles of Economic Banks in
Economic Development of India” IRAJ
• Dr. D.Mahila Vasanthi Thangam, “Banking Frauds in India; A case analysis”
JETIR January 2019, Volume 6, Issue 1
• Sunindita Pan, “Analysis of Frauds in Indian Banking Sector” IJTSRD Volume 4
Issue 3, April 2020
• Charan Singh, “Frauds in the Indian Banking Industry” IIMB-WP N0. 505
• Dr. C.P. Gupta, Abhilasha Sharma, “Banking Frauds in India: trends and legal
challenges” IJEMMASSS (276-280) January - March, 2021
3. WEBSITE
• https://rbi.org.in/Scripts/ms_ banks.aspx
• https://swarajyamag.com/economy/another-day-another-bank-scam
• https://rbidocs.rbi.org.in/rdocs/PublicationReport/Pdfs/CR202_1994FF8CFF6238
7A4 37DAE16DE1F5776421C.PDF
• https://rbidocs.rbi.org.in/rdocs//PublicationReport/Pdfs/FFIRA27F4530706A41A
0BC 394D01CB4892CC.PDF
• https://pib.gov.in/PressReleasePage.aspx?PRID=1487585
• https://dea.gov.in/sites/default/files/watal_report271216.pdf

82
• https://rbidocs.rbi.org.in/rdocs/PublicationReport/Pdfs/WGFR68AA1890D7334D
8F8 F72CC2399A27F4A.PDF
• https://rbidocs.rbi.org.in/rdocs/PublicationReport/Pdfs/CDDP03062019634B0EE
F3F 7144C3B65360B280E420AC.PDF
• https://economictimes.indiatimes.com/industry/banking/finance/banking/cosmos-
banks-server-hacked-rs-94-crore-siphoned-off-in-2-
days/articleshow/65399477.cms
• https://netguardians.ch/internal-banking-fraud/#letterK
• https://rm.coe.int/16806cb4f0

83