Published Paper
Article Details
ONLINE BANKING FRAUD
AUTHORED BY
- RUGVED JAGTAP
‘C-40’ BBA.LLB
Third Year (2023-2024)
Bharati
Vidyapeeth Deemed to be University New Law College, Pune
Abstract
This
research paper examines the rise of online banking frauds in the twenty-first
century, which is being driven by technical innovation and a growing
move towards digital
banking. It discusses
a variety of scams, including vishing, phishing, fraudulent
applications, skimming, Wi-Fi vulnerabilities, wire transfer fraud, and social media impersonation, as well
as preventive measures including caller ID verification and encryption techniques. It investigates the
causes of the increase in scams, including the advent of online marketplaces, the popularity of
peer-to-peer payments, advances in banking, and technical sophistication. Case studies such as the Punjab National
Bank Fraud and the Bank of Baroda Black Money Scam demonstrate the scope and complexity of such frauds, emphasizing
the importance of strong cybersecurity measures and legislative changes
to protect the banking system and global economies in the
digital era.
INTRODUCTION:
Within the
21st century, our everyday lives are overwhelmed by innovation. We need
everything to be done immediately,
our quick approach towards each angle of our life made changes in the way we
approach everything in our daily
lives. As able to see, there's tremendous growth in each segment, counting
managing account administrations, we want online
managing an account
instead traditional keeping
money framework, which requires our physical nearness for
each benefit. Online keeping money can be done wherever we are, and the exchange can be done within a
few minutes, and it's accessible 24 hours a day. As the development within the managing an account segment
makes a difference to us with swift service, it moreover carries the chance of online managing account
extortion. It makes shoppers lose money. Within several seconds, most are ignorant of the conceivable chance of
online managing an account. Online banking still has not reached its flawlessness; in this way, we must be
mindful of the conceivable hazard of using modern innovation for our consolation. Web managing an account is broadly utilised
to check subtle
elements, make buys, pay bills,
transfer stores, print articulations, etc. For the most part, the client
character is the client character number, and
asecret word is given to secure exchanges. But due to a few obliviousness or
senseless botches, you'll effectively
fall into the trap of cybercriminals.
Scams in Online Banking
1. Vishing
Frauds acting as investors, firm officials, protection operators,
government authorities, and others call or approach
clients over the phone or social media. Fakers unveil several buyer
actualities, such as the customer's
title or date of birth, to win belief. Frauds may weigh or trap clients into
sharing private data such as passwords, OTPs, PINs, and Card Confirmation Values (CVVs) by citing an urgency or crisis such as the got to square an unauthorized exchange, an instalment required
to dodge a punishment, or an
appealing markdown, among other things.
Clients are at that point duped by utilising these accreditations.[1]
2. Phishing
Phishing is the movement that extraordinary to 'fish' your private money data.
It may include getting a mail
that supposedly appears to be from a well-known institution like a bank or a
trusted site. You must be mindful of
this and not press on such emails. Note that your bank would never ask for your private
data, such as your watchword, login subtle elements,
or OTP, among other such data.
3. Frauds due to the utilize of obscure or unconfirmed portable
apps
Agreeing with the RBI, fraudsters circulate through SMS, mail, social
media, Moment Courier, etc. certain
app joins, and conceal to seem comparative to the existing apps of authorized
substances. Fraudsters trap the
client into pressing on such links, which come about within the downloading of obscure
or unconfirmed apps on the
customer's versatile, portable workstation, desktop, etc.
Once the noxious application is downloaded, the fraudster picks up the
total get to the customer's gadget.
These incorporate secret points of interest put away on the gadget and messages
or OTPs gotten sometime recently or after
the establishment of such
apps.[2]
4. Skimming
To commit this extortion, scammers usually hide a little contraption
called a skimmer within the card spaces of ATMs or shipper installment
terminals, which can examine and record your card data. Fraudsters indeed utilizea carefully set camera to record your
Stick. It is prudent to remain caution at whatever point you visit an ATM booth to anticipate such managing an account extortion.[3]
5. Open Wi-Fi systems
Open organizing is continuously troublesome, as open Wi-Fi gives programmers adaptability to get to individual data. As it were, if the client employs the web in eateries, office stores, and air terminals, do they
unwillingly grant their
device access to the go-getter?
It can be exceptionally simple to hack the gadgets of the clients in the
event that they are utilizing private data on an open organization that does not require a password.
On the off chance that you open your bank account online by utilizing
open WiFi, at that point unconsciously,
your points of interest will be uncovered, making your account defenceless to
bank fraud. Too, in the event that you're
doing web-based shopping with the assistance of open Wi-Fi, at that point you may uncover your credit card data, which is inclined to chance.
6. Wire Exchange Extortion
The term “wire transfer” originated from the practice of exchanging
stores between banks over transmit wires.Wire Exchange Extortion
ordinarily happens in one of two ways:
A scammer poses as a true person, merchant, company, or family member and
demands a wire exchange, regularly
deceiving the casualty sincerely by claiming it's a crisis. For example, an employee in a fund gets anemail from the
CEO asking for cash to be exchanged with a merchant by the near end of commerce, or the bargain
will drop through.
The email includes
the account data and
looks genuine, but it isn't.[4]
A programmer may screen mail communications around
a wire exchange and alter the wire
enlightening todivert the reserves to a distinctive account.
With individuals getting
more comfortable sending
cash online, wire exchange extortion
is expanding, as is thevalue
of each exchange. One Ponder shows that the average value is up about 68% from
Q2 2020, coming to $12.5K in Q4 2021.
7. Impersonation on social media
With parcels of individuals investing time on social media and upgrading
their subtle elements, fraudsters
have made it simple to induce subtle elements to trick the individuals. As per
the RBI booklet, “Fraudsters make
fakeaccounts utilizing points of interest of the clients of social media stages
such as Facebook, Instagram, Twitter,
etc. Fraudsters at that point send an email to the users'
companions inquiring for cash for pressing therapeutic purposes,
installments, etc. Fraudsters, utilizing fake subtle elements,
contact clients and pick up users' beliefs over a period of time. When the
users' share their individual or private data, the fraudsters utilize such data
to shakedown or blackmail cash from the users.”
Measures for prevention[5]
1.
Vishing
Verify Caller Identities: Encourage people to confirm the identities of
callers before disclosing any critical information. They should inquire
about the caller's
name, organization, and a call-back number. If the caller claims to be from a real organization, the individual should
independently check the contact information and call back using the official number
shown on the organization's website
or other reliable sources.
Implement Caller ID Authentication: Use technologies like Secure
Telephony Identity (STI) or Caller ID
Authentication to check the legality of incoming phone calls. These
technologies can assist identify fake caller IDs
and lower the likelihood of vishing
attacks.[6]
Voice Biometrics: Wherever
possible, use voice biometrics solutions. Voice recognition technology can validate
callers' identities based on their distinct voice patterns, offering an extra
degree of security to phone communications.
Establish Call handling processes: Create explicit processes
for managing phone
calls, particularly those
asking for sensitive information or presenting as urgent. Employees
should understand how to escalate unusual phone calls and report possible
phishing efforts to the proper authorities within
the organization.
2.
Phishing
Use Email Filtering
and Spam Detection: Use email filtering
and spam detection
software to automatically identify and quarantine
questionable emails. These solutions can help limit the amount of phishing emails thatreach users'
inboxes while also providing an extra layer of security against phishing attempts.
Enable Multi-Factor Authentication (MFA): Set up multi-factor
authentication (MFA) for important systems andaccounts. MFA increases security
by forcing users
to give two forms of verification, such as a password and a one-time
code texted to their mobile
device, lowering the chance of unauthorized access
even if credentials are stolen via phishing attacks.[7]
Implement Web Filtering and URL Scanning: Use web filtering and URL scanning
technologies to prevent access to
known harmful websites and detect phishing sites in real-time. These solutions
can assist prevent usersfrom
mistakenly accessing phishing sites and falling victim to credential theft or malware
infestations.
Monitor and Analyze
Email Traffic: Look for signals
of phishing activity,
such as increases in suspicious email volumes or patterns of phishing-related phrases. Analyse
email records and user reports to detect possible phishing attempts and take preventative actions to reduce risk.
3.
Frauds due to
the utilize of obscure or unconfirmed portable
apps
App Reputation Services:
Use app reputation services and security solutions
to learn about
the reputation and trustworthiness of mobile apps. These services look
at app behavior, permissions, and other characteristics todetect potentially
malicious or counterfeit apps.
App authenticity Verification: Use techniques like digital signatures or
app attestation services to ensure the legitimacy
of mobile apps. These techniques serve to guarantee that the apps have
not been tampered with oraltered by third parties.
4.
Skimming
Use EMV Chip Technology: Encourage the adoption of EMV (Europay,
Mastercard, and Visa) chip- enabled
cards, which provide more security than standard magnetic strip cards. EMV chip
technology creates dynamic
transaction codes that are difficult for fraudsters to reproduce, making it more difficult to skim card information.
Install anti-skimming devices:
Install anti-skimming devices
or security overlays
on payment terminals
and ATMs to prevent unauthorised access to card readers and guard against
skimming attempts. These
devices candetect and stop skimming attempts by preventing access to the
card's magnetic stripe or chip.
Secure PIN Entry: Use PIN shields or privacy screens to prevent
unauthorised parties from viewing or recordingPINs
during transactions. Encourage consumers to conceal the keypad when inputting
PINs to reduce the risk
oftheft.
5.
Open Wi-Fi
systems
Use Encryption: To secure Wi-Fi networks, use encryption technologies such as WPA2 (Wi-Fi Protected
Access 2) or WPA3. Encryption scrambles data sent across a network, rendering
it illegible to unauthorised individuals attempting to intercept it.
Use Strong Passwords: Set strong and unique passwords for Wi-Fi networks
to prevent illegal access. Avoid using the default
passwords given by router manufacturers since they are frequently easy to guess
or well-known.
Enable Guest Networks: If feasible, set up guest networks with limited
access rights for guests or temporary users.
Guest networks should
be kept separate from the main network
and have limited
access to important resources.
6.
Wire Exchange
Extortion
Implement Email Authentication: Use email authentication protocols like SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message
Authentication, Reporting, and Conformance)
to verify email sender
authenticity and detect spoofing or fraudulent emails.
Use secure communication channels: Encourage the use of secure
communication methods, such as encrypted email or messaging
platforms, when sending
sensitive data or discussing financial transactions. Avoid transferring critical information via unencrypted or unsecured channels.
7.
Impersonation on social media
Verified Accounts: Encourage users to verify their social media accounts,
particularly corporations, prominent people,
and organisations. Verified
accounts are characterised by a blue checkmark, allowing
users to differentiate
genuine profiles from imposters.[8]
Report Impersonation: Encourage users to report suspected impersonation
or fake accounts to the appropriate
social media networks. Most platforms offer built-in reporting systems for
impersonation, trademark
infringement, and other policy breaches. Prompt reporting can help to remove
impostor accounts more quickly.
Implement Two-Factor Authentication: To add degree of protection to your
social media accounts, use two-factor
authentication (2FA) or multi-factor authentication (MFA). When signing in to
an account with 2FA, users must give extra verification, such as
a temporary code texted
to their mobile device.
Reasons behind the Increase
in scam
1. The appearance of modern commercial centre stages:
From social systems and dating apps to nourishment conveyance, elective
transportation, and get- away
rentals, advanced channels have revolutionized nearly every industry. All
through this year, country-wide
quarantines have caused an indeed more noteworthy spike in portable application utilization, with buyers requesting the conveyance of everything from foodstuffs to automobiles. With
the increasing number of commercial centre stages and administrations
accessible and their broad notoriety, particularly in the later months, fraudsters have moved their strategies to take advantage of rising in-app and online commercial centre purchases.
2. Installments are moving online:
In addition to customers executing more in online marketplaces, they are
also utilizing peer-to-peer (P2P)
and eWallet apps more regularly. These apps are most prevalent in Europe and
Asia but are becoming progressively prevalent within the U.S. as well, with 71% of Americans saying
they have utilized a P2P instalment stage. Clients
turn to these stages to carefully part supper checks with companions, send cash to family individuals in other parts of the world, pay for administrations from a nearby merchant, and more. But with more than half of P2P
exchanges taking place between shoppers and an
obscure substance, the extortion
hazard is high.
3. Progressively advanced
keeping money administrations:
Today's shoppers request more online and versatile services from their
money-related education. As aresult,
bequest banks are going advanced. They are doing more account onboarding and
exchange endorsements online and
deemphasizing in-person exchanges, which makes it harder to confirm characters. Moreover, in reaction to
shopper requests, an unused breed of “challenger banks"—born anddoing commerce totally within the
online world—have risen and are separating themselves by providingeasy-to-use and digital-native encounters. A lion's
share of these institutions' clients
is those who have “thin file” credit histories
(i.e., do not have much credit information). Less information implies
a more noteworthy hazard of extortion.
4. Technological Advancements:
Nowadays, extortion has, moreover, quickened and developed more modernly
due to the rise of e- commerce,
versatile instalments, and computing control. Numerous of the same innovations
that companies depend on to improve
and quickly present modern items and services are also being received by fraudsters.[9] Offenders
can more effortlessly commit extortion by utilizing cheap, on- demand compute control
or convey calculations utilizing machine learning
that is more unpretentious and competent at controlling extortion
discovery frameworks. The conventional rules-based extortion avoidance
frameworks that organizations have depended on for a long time presently battle
to keep up.
Cases related to online banking scams
The Punjab National Bank (PNB) fraud, spearheaded by jewellers Nirav Modi
and Mehul Choksi, shook India's
financial landscape in 2018, revealing unauthorized transactions surpassing $2
billion. Exploiting
vulnerabilitiesin PNB's procedures, they leveraged fraudulent Letters of
Undertaking (LoUs) to secure loans before absconding from the country.
The scandal laid bare systemic
deficiencies in risk management and oversight within India's banking
sector, sparking regulatory overhauls
and legal actions to bring the culprits to justice. Thecase spotlighted the
imperative for robust internal
controls and heightened vigilance to prevent such large-scale financial
misconduct. Furthermore, efforts
to extradite Modi and Choksi
emphasized the necessity for global collaboration in tackling cross-border
financial crimes. Ultimately, the PNB fraud underscored the importance of transparency, accountability, and
regulatory integrity to safeguard the integrity of financial systems and restore public
trust in banking institutions.
The Vijay Mallya scandal is around the failure of Kingfisher Airlines and
charges of financial irregularities
involving the Indian businessman. Kingfisher Airlines, founded in 2005, aspired
to provide a premium flying
experience but quickly suffered operational and financial issues. By 2012, the airline had discontinued operations,
leaving significant obligations to creditors, including banks and workers. Investigations indicated that
monies intended for the airline were reportedly syphoned away for personal use and redirected to other Mallya-owned
businesses. Mallya's opulent lifestyle, which
included costly parties and the purchasing of sports teams, garnered attention
during the airline's financial
troubles.
Subsequent investigations by Indian authorities revealed cases of
financial mismanagement and illegal
behaviour inside the Kingfisher Group. Mallya fled India for the United Kingdom
in 2016 due to rising pressure
from legal and investigative agencies.
The Indian authorities launched extradition
proceedings to return him to face allegations of fraud and money laundering.
Despite lengthy legal fights and appeals, extradition processes persisted in British courts.
The case highlights concerns about corporate governance, financial responsibility,
and the difficulties of prosecuting high-profile persons
accused of financial
malfeasance in many jurisdictions.
According to the most recent developments, Mallya's extradition is
delayed, prolonging the legal battle over his suspected
role in the Kingfisher Airlines
case.
Conclusion
In conclusion, the expansion of online banking,
although providing unsurpassed ease, has exposed
people and institutions to an increasing number of sophisticated frauds. From vishing
and phishing to fraudulent mobile
applications and wire transfer fraud, cyber threats
are constantly exploiting technical breakthroughs.
Mitigatingthese threats necessitates a multidimensional strategy that includes
public awareness, education, and
broad use of advanced security features like biometric authentication and encryption. Notable incidents, such as the
Punjab National Bank scam and the Vijay Mallya scandal, show the need for
regulatory change and increased enforcement. As we traverse
the digital era, we must work
together to strengthen the security of online banking,therefore preserving
trust and confidence in the financial institutions that are critical
to our connected world.
[1] Sneha Kulkarni '10 types of banking frauds in India customers
should know about' (The Economic Times, 25 March 2022)
[2] ibid
[3] “Understanding Skimming and How to Prevent It”
://www.flagright.com/post/understanding-skimming-and-how-to-
prevent-it> (Accessed on: 26 January 2024)
[4] “Wire Fraud Laws: Overview, Definition and Examples” (Investopedia,
November 3, 2023)
[5] Peterson, K. (no date) 5 tips to prevent online fraud,
Banner Bank. Available at: ://www.bannerbank.com/financial- resources/blog/tips-to-prevent-online-fraud>
(Accessed: 30 January 2024).
[6] Sarit, “What Is a Vishing Attack |
Examples & Prevention | Imperva” ://www.imperva.com/learn/application-
security/vishing-attack/> (Accessed on: 27 January 2024)
[7] Simister A, “How to Recognize Phishing Attacks and 10
Ways to Avoid Them” (Lepide Blog: A Guide to IT Security, Compliance and IT
Operations, January 31, 2024) ://www.lepide.com/blog/10-ways-to-prevent-phishing-attacks/amp/>
(Accessed on: 27 January 2024)
[8] Us_Jporta, “Social Media Impersonation: What Is It? How
to Stop It” (Red Points, December 21, 2023)
[9] “Inside the Rise of Bank Fraud in India - IDFY”
(IDfy, January 23, 2024) ://www.idfy.com/blog/inside-the-rise-of-bank-
fraud-in-india/> (Accessed on 29 January 2024)
[10] 'Major Bank Frauds in India: A Deep Dive into the Deceptions
and Loopholes' (test book, 28 August 2023)
[11] Ruchi Gupta 'Electronic Banking Frauds: The Case of India'
(ResearchGate, September 2023)
Article Information
ONLINE BANKING FRAUD
Authors: RUGVED JAGTAP
- Journal IJLRA
- ISSN 2582-6433
- Published 2024/03/20
- Issue 7
About Journal
International Journal for Legal Research and Analysis
- Abbreviation IJLRA
- ISSN 2582-6433
- Access Open Access
- License CC 4.0
All research articles published in International Journal for Legal Research and Analysis are open access and available to read, download and share, subject to proper citation of the original work.
Disclaimer: The opinions expressed in this publication are those of the authors and do not necessarily reflect the views of International Journal for Legal Research and Analysis.