Introduction:
EVOLUTION OF BANKING SYSTEM IN INDIA:
Banking system occupies an important place in a nations economy. A banking
institution is indispensable in a modern society. It plays a pivotal role in
economic development of a country and forms the core of the money market in
an advanced country.
Banking industry in India has traversed a long way to assume its present stature.
It has undergone a major structural transformation after the nationalization of 14
major commercial banks in 1969 and 5 more on 15 April 1980.
Banks are the engines that drive the operations in the financial sector, which is
vital for the economy. With the nationalization of banks in 1969, they also have
emerged as engines for social change. After Independence, the banks have
passed through three stages. They have moved from the character based lending
to ideology based lending to today competitiveness based lending in the context
of India's economic liberalization policies and the process of linking with the
global economy.
A sound banking system should possess three basic characteristics to protect
depositors interest and public faith. Theses are
(i)
(ii)
(iii)
money from the purpose of lending or investment, deposits of money from the
public, repayable on demand or otherwise and withdraw able by cheque, draft,
order or otherwise.
In the present day, Global Scenario Banking System has acquired new
dimensions. Banking did spread in India. Today, the banking system has entered
into competitive markets in areas covering resource mobilization, human
resource development, customer services and credit management as well.
With the rising banking business, frauds in banks are also increasing and the
fraudsters are becoming more and more sophisticated and ingenious. In a bid to
keep pace with the changing times, the banking sector has diversified its
business manifold. Replacement of the philosophy of class banking with mass
banking in the post-nationalization period has thrown a lot of challenges to the
management on reconciling the social responsibility with economic viability.
The banking system in our country has been taking care of all segments of our
socio-economic set up. A bank fraud is a deliberate act of omission or
commission by any person carried out in the course of banking transactions or
in the books of accounts, resulting in wrongful gain to any person for a
temporary period or otherwise, with or without any monetary loss to the bank.
Definition of Fraud:
Fraud is defined as any behavior by which one person intends to gain a
dishonest advantage over another. In other words , fraud is an act or omission
which is intended to cause wrongful gain to one person and wrongful loss to the
other, either by way of concealment of facts or otherwise.
Fraud is defined u/s 421 of the Indian Penal Code and u/s 17 of the Indian
Contract Act. Thus essential elements of frauds are:
Bank Frauds:
Losses sustained by banks as a result of frauds exceed the losses due to robbery,
dacoit, burglary and theft-all put together. Unauthorized credit facilities are
extended for illegal gratification such as case credit allowed against pledge of
goods, hypothecation of goods against bills or against book debts. Common
modus operandi are, pledging of spurious goods, inletting the value of goods,
hypothecating goods to more than one bank, fraudulent removal of goods with
3. Fraudulent loans
One way to remove money from a bank is to take out a loan, a practice
bankers would be more than willing to encourage if they know that the
money will be repaid in full with interest. A fraudulent loan, however, is one
in which the borrower is a business entity controlled by a dishonest bank
officer or an accomplice; the "borrower" then declares bankruptcy or
vanishes and the money is gone. The borrower may even be a non-existent
entity and the loan merely an artifice to conceal a theft of a large sum of
money from the bank.
4. Forged or fraudulent documents:
Forged documents are often used to conceal other thefts; banks tend to count
their money meticulously so every penny must be accounted for. A document
claiming that a sum of money has been borrowed as a loan, withdrawn by an
individual depositor or transferred or invested can therefore be valuable to a
thief who wishes to conceal the minor detail that the bank's money has in
fact been stolen and is now gone.
5. Uninsured deposits
There are a number of cases each year where the bank itself turns out to be
uninsured or not licensed to operate at all. The objective is usually to solicit
for deposits to this uninsured "bank", although some may also sell stock
representing ownership of the "bank". Sometimes the names appear very
official or very similar to those of legitimate banks. For instance, the "Chase
Trust Bank" of Washington D.C. appeared in 2002 with no licence and no
affiliation to its seemingly apparent namesake; the real Chase Manhattan
Bank is based in New York.
There is a very high risk of fraud when dealing with unknown or uninsured
institutions.
The risk is greatest when dealing with offshore or Internet banks (as this
allows selection of countries with lax banking regulations), but not by any
means limited to these institutions.
6. Demand draft fraud
Demand draft fraud is usually done by one or more dishonest bank
employees. They remove few DD leaves or DD books from stock and write
them like a regular DD. Since they are insiders, they know the coding,
punching of a demand draft. These Demand drafts will be issued payable at
distant town/city without debiting an account. Then it will be cashed at the
payable branch. For the paying branch it is just another DD. This kind of
fraud will be discovered only when the head office does the branch-wise
reconciliation, which normally will take 6 months. By that time the money is
unrecoverable.
By others:
7. Forgery and altered cheques
Thieves have altered cheques to change the name (in order to deposit
cheques intended for payment to someone else) or the amount on the face of
a cheque (a few strokes of a pen can change Rs.10000 into Rs.100,000,
although such a large figure may raise some eyebrows).
Instead of tampering with a real cheque, some fraudsters will attempt to
forge a depositor's signature on a blank cheque or even print their own
cheques drawn on accounts owned by others, non-existent accounts or even
alleged accounts owned by non-existent depositors. The cheque will then be
7
deposited to another bank and the money withdrawn before the cheque can
be returned as invalid or for non-sufficient funds.
8. Stolen cheques
Some fraudsters obtain access to facilities handling large amounts of
cheques, such as a mailroom or post office or the offices of a tax authority
(receiving many cheques) or a corporate payroll or a social or veterans'
benefit office (issuing many cheques). A few cheques go missing; accounts
are then opened under assumed names and the cheques (often tampered or
altered in some way) deposited so that the money can then be withdrawn by
thieves. Stolen blank chequebooks are also of value to forgers who then sign
as if they were the depositor
9. Accounting fraud
In order to hide serious financial problems, some businesses have been
known to use fraudulent bookkeeping to overstate sales and income, inflate
the worth of the company's assets or state a profit when the company is
operating at a loss. These tampered records are then used to seek investment
in the company's bond or security issues or to make fraudulent loan
applications in a final attempt to obtain more money to delay the inevitable
collapse of an unprofitable or mismanaged firm.
Accounting fraud has also been used to conceal other theft taking place
within a company.
10.Bill discounting fraud
Essentially a confidence trick, a fraudster uses a company at their disposal to
gain confidence with a bank, by appearing as a genuine, profitable customer.
To give the illusion of being a desired customer, the company regularly and
8
repeatedly uses the bank to get payment from one or more of its customers.
These payments are always made, as the customers in question are part of
the fraud, actively paying any and all bills raised by the bank. After time,
after the bank is happy with the company, the company requests that the
bank settles its balance with the company before billing the customer. Again,
business continues as normal for the fraudulent company, its fraudulent
customers, and the unwitting bank. Only when the outstanding balance
between the bank and the company is sufficiently large, the company takes
the payment from the bank, and the company and its customers disappear,
leaving no-one to pay the bills issued by the bank.
11.Cheque kiting
Cheque kiting exploits a system in which, when a cheque is deposited to a
bank account, the money is made available immediately even though it is not
removed from the account on which the cheque is drawn until the cheque
actually clears.
Deposit Rs.1000 in one bank, write a cheque on that amount and deposit it to
your account in another bank; you now have Rs2000 until the cheque clears.
In-transit or non-existent cash is briefly recorded in multiple accounts.
A cheque is cashed and, before the bank receives any money by clearing the
cheque, the money is deposited into some other account or withdrawn by
writing more cheques. In many cases, the original deposited cheque turns out
to be a forged cheque.
Some perpetrators have swapped checks between various banks on a daily
basis, using each to cover the shortfall for a previous cheque.
What they were actually doing was check kiting; like a kite in the wind, it
flies briefly but eventually has to come back down to the ground.
12.Payment card fraud:
Credit card fraud is widespread as a means of stealing from banks,
merchants and clients. A credit card is made of three plastic sheet of
polyvinyl chloride. The central sheet of the card is known as the core stock.
These cards are of a particular size and many data are embossed over it. But
credit cards fraud manifest in a number of ways.
They are:
i) Genuine cards are manipulated
ii) Genuine cards are altered
iii) Counterfeit cards are created
iv) Fraudulent telemarketing is done with credit cards.
v) Genuine cards are obtained on fraudulent applications in the
names/addresses of other persons and used.
It is feared that with the expansion of E-Commerce, M-Commerce and
Internet facilities being available on massive scale the fraudulent fund
freaking via credit cards will increase tremendously.
i) Booster cheques:
A booster cheque is a fraudulent or bad cheque used to make a payment to a
credit card account in order to "bust out" or raise the amount of available
credit on otherwise-legitimate credit cards. The amount of the cheque is
credited to the card account by the bank as soon as the payment is made,
even though the cheque has not yet cleared. Before the bad cheque is
discovered, the perpetrator goes on a spending spree or obtains cash
10
advances until the newly-"raised" available limit on the card is reached. The
original cheque then bounces, but by then it is already too late.
ii) Stolen payment cards:
Often, the first indication that a victim's wallet has been stolen is a phone
call from a credit card issuer asking if the person has gone on a spending
spree; the simplest form of this theft involves stealing the card itself and
charging a number of high-ticket items to it in the first few minutes or hours
before it is reported as stolen.
A variant of this is to copy just the credit card numbers (instead of
drawing attention by stealing the card itself) in order to use the numbers in
online frauds. The use of a four digit Personal Identity Number (PIN) instead
of a signature helps to prevent this type of fraud.
iii) Duplication or skimming of card information:
This takes a number of forms, ranging from a dishonest merchant copying
clients' credit card numbers for later misuse (or a thief using carbon copies
from old mechanical card imprint machines to steal the info) to the use of
tampered credit or debit card readers to copy the magnetic stripe from a
payment card while a hidden camera captures the numbers on the face of the
card.
Some thieves have surreptitiously added equipment to publicly accessible
automatic teller machines; a fraudulent card stripe reader would capture the
contents of the magnetic stripe while a hidden camera would sneak a peek at
the user's PIN. The fraudulent equipment would then be removed and the
data used to produce duplicate cards that could then be used to make ATM
withdrawals from the victims' accounts.
11
13
paper, but the guaranteed offshore investment with the vague claims of an
easy 100% monthly return are all fictitious financial instruments intended to
defraud individuals.
17. Phishing and Internet fraud:
Phishing operates by sending forged e-mail, impersonating an online bank,
auction or payment site; the e-mail directs the user to a forged web site
which is designed to look like the login to the legitimate site but which
claims that the user must update personal info. The information thus stolen is
then used in other frauds, such as theft of identity or online auction fraud.
Phishing means sending an e-mail that falsely claims to be a particular
enterprise and asking for sensitive financial information. Phishing, thus, is an
attempt to scam the user into surrendering private information that will then
be used by the scammer for his own benefit.Phishing uses 'spoofed' e-mails
and fraudulent Web sites that look very similar to the real ones thus fooling
the recipients into giving out their personal data. Most phishing attacks ask
for credit card numbers, account usernames and passwords. According to
statistics phishers are able to convince up to five per cent of the recipients
who respond to them.
18. Money laundering
Money laundering has been used to describe any scheme by which the true
origin of funds is hidden or concealed.
The operations work in various forms. One variant involved buying
securities (stocks and bonds) for cash; the securities were then placed for
safe deposit in one bank and a claim on those assets used as collateral for a
loan at another bank. The borrower would then default on the loan. The
14
securities, however, would still be worth their full amount. The transaction
served only to disguise the original source of the funds.
19. Forged currency notes:
Paper currency is the usual mode of exchange of money at the personal level,
though in business, cheques and drafts are also used considerably. Bank note
has been defined in Section 489A.If forgery of currency notes could be done
successfully then it could on one hand made the forger millionaire and the
other hand destroy the economy of the nation. A currency note is made out of
a special paper with a coating of plastic laminated on both sides of each note
to protect the ink and the anti forgery device from damage. More over these
notes have security threads, water marks. But these things are not known to
the majority of the population. Forged currency notes are in full circulation
and its very difficult to catch hold of such forgers as once such notes are
circulated its very difficult to track its origin.
20. Computer Frauds:
Computerization has brought advantages of efficiency, speed and economy
in all spheres of life. It is a very powerful tool and provides opportunities of
efficiency and speed to everybody using it. Further, the vast increase in the
memory (whether RAM or storage) and processing speeds as well as
availability of wide range of software, particularly Internet and web-based
applications i.e. connectivity, have made them pervade all aspects of our
lives. This has also brought large economy of scale particularly in our
economic environment and we are becoming more and more dependent on
computers and their networks for the services such systems deliver.
Frauds committed using computers vary from complex financial frauds
where large amounts are illegally transferred between accounts by
15
16
18
and Electronic Clearing Services (ECS). We are moving towards smart cards,
credit and financial Electronic Data Interchange (EDI) for straight through
processing.
We are basically concerned about computer frauds committed by an
unauthorized user (whether insider or outsider) to the computer networks, which
aims at causing economic or financial gains to the user by this act or an
economic or financial loss to the information system (i.e. hardware, software
and data) owner.
Prevention of frauds:
i) Internal Prevention:
It is said that failures are the stepping stone for success. What this means is that
if we are able to analyse why a particular failure by way of a fraud took place,
we can then detect the loopholes in our system which led to the fraud and take
corrective measures or change the system. For instance the great Harshad Mehta
scam took place because among other things, the public debt office of the
Reserve Bank of India was not computerised and was operating on a manual
system. This gave a float of fifteen days, which gave opportunity for people like
Ketan Parekh to perpetrate the fraud. Even after this scam while in the case of
the RBI the defect was rectified the overall banking system is still manual. Only
5000 out of the 65000 branches of banks are computerised. In today's
competitive market, it is necessary that the banks are able to service their clients
effectively. Therefore strongly urge is that we should have a massive effort at
computerisation of the banks.
19
Execution of Documents:
1. A bank officer must adopt a strict professional approach in the execution
of documents. The ink and the pen used for the execution must be
maintained uniformly.
2. Bank documents should not be typed on a typewriter for execution.
These should be invariably handwritten for execution.
3.
posts the accounts, there is the person who passes the instrument and, there is a
third person who makes the payment. It has been suggested that there must be a
method of isolating the person who makes the payment from the people who
make the posting or pass the order. The relative responsibility of the three will
have to be fixed. This is an issue that has been raised before me by one of the
Chairman of the banks. Perhaps in a programme like this we will be able to go
into such issues and evolve guidelines about what should be done so that while
the innocent is not punished, the guilty are not spared.
Another issue, which is of importance to the Indian economy. This is the
reported fear of many officers, especially in the middle levels in the banks, to
take decisions regarding dispersal of funds. As a result, there is always a
tendency to push the case upwards and the whole banking system is operating in
a sub-optimal manner. We must be able to find a solution to this. In fact, the
whole vigilance function can become an effective function for economic growth
if we are able to create an environment in which the honest are encouraged to
take the decision and the dishonest are punished quickly.
Bank frauds are the failure of the banker. It does not mean that the external
frauds do not defraud banks. But if the banker is upright and knows his job, the
task of defrauder will become extremely difficult, if not possible.
ii) External Prevention:
In the banking and financial sectors, the introduction of electronic technology
for transactions, settlement of accounts, bookkeeping and all other related
functions is now an imperative. Increasingly, whether we like it or not, all
banking transactions are going to be electronic. The thrust is on commercially
important centers, which account for 65 percent of banking business in terms of
21
value. There are now a large number of fully computerized branches across the
country.
a) Appropriate controls:
The first steps in prevention of frauds in computerized systems involve setting
up of proper access controls both physical and logical. The physical protection
of Information System assets means physical control of access to computer and
network systems and the devices to which they are connected. Access to these
systems could be controlled by security guards, installation of code locks, smart
card driven door opening devices or modern biometric devices (which control
the access on the basis of certain individual characteristics such as finger-prints,
eyes retina image etc., which cannot be changed or falsified).
However, in a computerized environment, logical access controls (i.e. controls
to operating systems, data-base systems as well as application systems) play
more important role. Adequate controls over system software and data is done
by keeping a strict control over functional division of labor between all classes
of employees, keeping in mind the principle of least privilege and that maker
and checker. A clear segmentation of access to system engineers, programmers
and administrators is also done depending on their work responsibility.
Information System Auditors / Security Management must exercise a great deal
of creativity in identifying ways in which unauthorized users could gain access.
Hence, the first step in prevention of computer frauds is setting up of the
appropriate controls.
22
b) Proper Implementation;
Second step in prevention of frauds would be to ensure that the users properly
implement the control systems. Control measures could be either software
driven like passwords or system driven like exception reports and transaction
authorization processes. In this connection, it may be noted that access controls
are a system in themselves and existence of such controls means existence and
maintenance of such control systems.
In the case of passwords, as access control measures. It may be noted that
merely having passwords is not sufficient. It should also be ensured that
password have been prescribed to have certain minimum characters, are stored
in encrypted files, there is a forced change of passwords at the time of first login
as well as after a specified period. These features however depend on the
security policy of the organization.
Systems are also designed to keep a chronological record of the events
occurring in the system (i.e. commands executed by the users, actions on files,
messages displayed by the system, resources consumption by the users,
transaction entry and security violations) in the form of audit trails. These can
be built in operating systems, database management systems as well as
application software. A regular analysis of audit trails as control measure helps
in containing any future loss through fraud.
However, although having good controls and maintaining them is a major step
in prevention of frauds it is still not sufficient to prevent them. Even with the
best of systems and their maintenance, all the possibilities of their misuse can
neither be predicted nor tested. Even when the best of the access controls tools
are used and monitored, when data flows from within the network through data
communication lines or from one network to another or through Internet,
23
protection of the data becomes an important tool for prevention of frauds. For
this, one can either depend on simple processes like check sum or hash totals
built in the software or may require using encryption technology or
cryptography. The complexity and cost of implementation of these methods
varies a lot and is, hence, decided by the risk element.
Examples:
1) When data relating to inter-branch reconciliation flows through network
simple processes like check sum or hash totals may suffice. However, in the
case of INFINET used for Real Time Gross Settlement, which uses dial-up
connections, leased lines as well as VSAT technology for access, use of Public
Key Infrastructure (PKI) with a larger key-size is necessitated.
2) Firewalls for computer networks are another important tool in prevention of
frauds when access is allowed across networks or Internet. They are used to
enforce an access control policy across the networks. They allow only
authorized traffic to pass and prevent unauthorized access. They also protect
sensitive data and provide audit or logging information. As such they provide a
focal point for monitoring and log access to the network and thus limit exposure
of network services.
3) Present technology also makes us available what is called as Intruder
Detection Systems (IDS). IDS are systems build up to detect intruders entering
the network. It is the process of identifying and responding to malicious activity
targeted at computing and networking resources and is an important component
of defensive measures protecting computer system and networks from abuses.
There are different kinds of IDS:
i) Network Intrusion Detection Systems (NIDS) monitor packets on the
network and attempt to discover if a hacker is trying to break into a system. ii)
24
Detection of Frauds:
i) Internal detection:
25
Despite all care and vigilance there may still be some frauds, though their
number, periodicity and intensity may be considerably reduced. The following
procedure would be very helpful if taken into consideration:
1. All relevant data-papers, documents etc. Should be promptly collected.
Original vouchers or other papers forming the basis of the investigation
should be kept under lock and key.
2. All persons in the bank who may be knowing something about the time,
place a modus operandi of the fraud should be examined and their
statements should be recorded.
3. The probable order of events should thereafter be reconstructed by the
officer, in his own mind.
4. It is advisable to keep the central office informed about the fraud and
further developments in regard thereto.
One method of detection will be only by regular checks and this is where
apparently there is slackness today. Ultimately we must be able to create in our
banks an atmosphere of trust on the one side and transparency on the other so
that frauds if they occur are immediately detected, checked and penalized.
Apart from the systems and procedures, ultimately the whole issue boils down
to the values we have. Today we are highly tolerant of corruption. We also have
in our Hindu philosophy the two basic principles, which seem to indirectly
encourage corruption. These are extreme tolerance and the prayaschitta
principle. As a result many people who commit frauds can literally get away
freely. Our systems are really to be blamed. As it is seen, if we make a quick
analysis of 100 people in any given organisation, 10% may be honest and 10%
dishonest whatever we do. 80% depend on the systems we have.
26
Lack of transparency
Cushions of safety that have been built for the corrupt on the healthy
principle that everybody is innocent till proved guilty. We have got
voluminous vigilance manuals and the corrupt can find always some
method of escaping punishment by exploiting some loophole or other.
This must be checked.
Do not know to what extent the bank frauds can be attributed to the people in
our own banking system that, because of loyalty of the profession or
organisation, tends to protect the corrupt. Such people may be doing a
disservice to the nation. We should therefore be able to evolve ultimately
systems which tackle the corruption promoting factors mentioned above so that
the punishment of the corrupt becomes a perceived reality and acts as a check
for people who have a tendency to commit frauds. After all that is the way for
prevention and detection of frauds.
27
they have to constantly improve upon the technological tools. However, security
can only reduce the possibility of fraud and not totally rule it out. In a
computerized environment, the perpetrators of fraud also expect their crime to
be near impossible to detect among the thousands or millions of transactions
processed by the organization. Hence to reduce the losses, timely detection of
the frauds plays an important role.
Bank computer crimes have a typical feature, the evidence relating to crime is
intangible. The evidences can be easily erased, tampered or secreted. More over
it is not easily detectable. More over the evidence connecting the criminal with
the crime is often not available. Computer crimes are different from the usual
crimes mainly because of the mode of investigation. There are no eyewitness,
no usual evidentiary clues and no documentary evidences.
It is difficult to investigate for the following reasons:
Hi-tech crime
The information technology is changing very fast. The normal investigator does
not have the proper background and knowledge .special investigators have to be
created to carry out the investigations. the FBI of USA have a cell, even in latest
scenario there has been cells operating in the Maharashtra police department to
counter cyber crimes.C.B.I also have been asked to create special team for
fighting cyber crimes.
International crime:
A computer crime may be committed in one country and the result can be in
another country. There has been lot of jurisdictional problem a though the
Interpol does help but it too has certain limitations. The different treaties and
28
As the success of the fraudster depends on how fast their crime is detected
among very large number of transactions processed by the organization,
auditors and fraud investigators find that computers are their best tools for
detection of fraud. Powerful, interactive software that quickly sifts through
mountains of electronic data enables auditors to effectively detect and prevent
fraud throughout an organization. The benefit is speed.
One such tool is the General Audit Software (like ACL - Audit Command
Language and IDEA - Interactive Data Extraction & Analysis). Such tools can
quickly compare and analyze data to identify patterns and trends that often
reveal fraudulent activity.
For effectively detecting and preventing fraud, one must be able to recognize
fraud and its symptoms. Auditors have been trained to look for anomalies and a
data analysis tool can highlight anomalies quickly. However, while gathering
evidence for fraud, one will have to be little creative and examine closely any
indication of fraud, however, small. In other words, to uncover a fraud, one
must think like a thief and not as an auditor.
In fact, as such crimes can be committed by comparatively with much less
investment and gains to fraudsters may be beyond geographic boundaries.
Another way to use such software for prevention of fraud could be identifying
organizations risks and exposures and assembling fraud profiles for targeted
audits.
One should not forget that, in a computerized environment, frauds increase, as
fraudsters believe their action near impossible to detect, if detected near
impossible to prove, if proved nearly impossible to convict and if convicted,
amounts nearly impossible to recover. The problem is compounded in
networked banks operating in different nations with different laws. Despite this,
30
it has been observed that frauds perpetrated from across the globe have been
detected and amounts recovered by proper combination of technology and
sleuthing skills. Hence, while security administrators continually watch
incidences and plug the holes, fraud investigators improve their skills and
actively liaise with authorities to improve the legal framework.
The most effective defence banks could have against fraud is to strengthen their
operational practices, procedures, controls and review systems so that all fraudprone areas are fully sanitized against internal or external breaches. However,
the huge expansion in banking transactions consequent to the transition of banks
to mass banking and the large scale computerization have played a major role in
the perpetration of the frauds. Hence mere reliance on the internal controls is of
no use. The ten fold INDIA FORENSIC approach to tackle the bank fraud
will definitely play a crucial role in coming days.
Following is the procedure to tackle frauds in banks:
1) Expect fraud:
Nowhere in the world the fraud can be avoided hence the banks can be no
exceptions. It is a human tendency of taking the risk to commit the frauds if
he finds suitable opportunities. So it is wise to expect the occurrence of the
fraud. If the fraud is expected, efforts can be concentrated on the areas,
which are fraud prone. Fraud is the game of two. The rule makers and rule
breakers. Whoever is strong in the anticipation of the situations wins the
game of frauds. Fraud is a phenomenon, which cannot be eliminated, but it
needs to be managed.
2) Develop a fraud policy:
The policy should be written and distributed to all employees, Borrowers and
depositors. This gives a moral tension to the potential Fraudster. Maintain a
32
zero tolerance for violations. The Indian bank needs to roar against the action
that is taken against the Fraudsters. The media publicity against the
fraudsters at all the levels is necessary. The announcement by US president
George W. Bush that the Corporate crooks will not be spared gave the
deep impact to the Corporate America. In India also we need to consider it as
a sever problem and need to fight against it.
3) Assess Risk:
Look at the ways fraud can happen in the organization. It is very important
to study the trend and the style of frauds in the bank. Some of the big
nationalized banks maintain the databases of the fraud cases reported in their
banks. But the databases are dumb. They yield nothing unless they are
analyzed effectively. Establish regular fraud-detection procedures. It could
be in the form of internal audit or it could also be in the form of inspections.
These procedures alone discourage employees from committing fraud. In
addition to this the Institute of Chartered Accountants of India has issued an
Accounting and Assurance standard on internal controls which is a real
guideline to test internal controls. Controls break down because people affect
them, and because circumstances change.
4) Segregate duties in critical areas:
It is the absolutely basic principle of auditing a single person should not
have the control of the books of accounts and the physical asset. Because this
is the scenario which tempts the employee to commit the fraud. Hence it
becomes essential to see that no one employee should be able to initiate and
complete a critical transaction without involving someone else.
Most of the banks in India have the well-defined authorization procedures.
The allocation of the sanctioning limits is also observed in most of the cases.
33
But still the bankers violate the authorities very easily. They just need to
collude with the outside parties. However the detection of the collusions is
possible in most of the cases if the higher authorities are willing to dig the
frauds.
34
a person is not of any use. Know whom you are hiring. More than 20 percent
of resumes contain false statements. Most employers will only confirm dates
of employment. Some times post employment condition might create the
greed in the minds of employee, hence at least the bankers should test check
the characters of their subordinates by creating real life scenarios such as
offering the bribes by calling on some dummy borrower.
8) Screen and monitor Borrowers:
Bad borrowers cause the biggest losses to the banks. What are they? Who
they represent themselves to be? Look at their ownership, clients, references,
and litigation history. In many cases the potential fraudsters have history of
defaulting in some other bank or Financial Institution.
Though this is not the foolproof solution to the disease of the frauds to some
extent it helps to combat the frauds.
35
36
37
38
Year
2002
2003
2004
Loss in
Rs.Crores
399.53 Cr.
653.5 Cr
600.16 Cr.
Fraud Cases
1744
2207
2663
A survey On Frauds:
Highlights of the first annual survey published by India forensic Research
Foundation. This study was carried out in the period of August'2006 and
February'2007. This is the first independent and privately funded study
carried out in India on the banking sector frauds.400 participants contributed
their valuable views on this subject.
Total fraud loss to Indian Banks in year 2005- 06 was Rs. 1381 crores
according to the report published by Reserve Bank of India.
39
At least Rs.690 crores worth of frauds are known to the banks but are
not reported to various authorities for reasons like unclear definition
of word frauds, damage to the banks image etc.
Technology related frauds like (ATM Card, Debit card, Credit card)
are expected to be going un-exposed on the vast proportion.
Educating the bank employees is the most effective way to prevent the
bank frauds.
40
Case Studies
1) Supposed ATM Fraud
Saturday, August 13, 2005
I did some snooping around the internet and found that even though this kind of
ATM fraud those occur there has been no indication that this is prevailant in
India or Pune for a matter of fact
Therefore the letter was either a warning from ICICI Bank to it's customers or
an attempt by someone to spread rumours or create a popular email forward.
Since no such warning is listed on the ICICI Bank website I would think it's the
latter.
A team of organized criminals are installing equipment on legitimate bank
ATM's in at least 2 regions to steal both the ATM card number and the PIN. The
team sits nearby in a car receiving the information transmitted wirelessly over
weekends and evenings from equipment they install on the front of the ATM.
If you see an attachment, do not use the ATM and report it, immediately to the
bank using the 800 number or phone on the front of the ATM.
The equipment used to capture your ATM card number and PIN are cleverly
disguised to look like normal ATM equipment. A "skimmer" is mounted to the
front of the normal ATM card slot that reads the ATM card number and
transmits
it
to
the
criminals
41
sitting
in
nearby
car.
The thieves copy the cards and use the PIN numbers to withdraw thousands
from many accounts in a very short time directly from the bank ATM.
Equipment
being
installed
on
front
42
of
existing
bank
card
slot.
The equipment as it appears installed over the normal ATM bank slot.
At the same time, a wireless camera is disguised to look like a leaflet holder and
is
mounted
in
position
to
view
ATM
PIN
entries.
Suprisingly this happens only in Pune for some reason. Pune India's high tech
crime capital.
43
W E D N E S D A Y, D E C E M B E R 2 6 , 2 0 0 7 ,
SOURCE TIMES OF INDIA
Card crooks tap into data wires:
First, it was skimmers. Now, credit card crooks in Kolkata may be getting more
tech savvy, using wire-tapping gadgets to cash in on unsuspecting card users.
It's a new cause of worry for city police and CID. Wire-tapping is a complicated
scheme and much more difficult to track down. It's a technical maze that
involves telephone wires, receiving-terminals and a cable line parallel with
telephone cables to copy the card details when it is swiped for a transaction.
The first time that the city police got an inkling of fake credit card rackets in
Kolkata was when three Bangladeshis were arrested for using a card whose
owner was in Singapore.
44
Wire-tapping is the most likely method, they now say. Though they have not
identified a racket as yet, cyber sleuths are sure the card racketeers are running a
hi-tech operation in the city. Their suspicions were strengthened when a private
bank recently held a workshop for CID to discuss fraud techniques.
"We haven't got any case where wire-tapping was used to dupe somebody but
we are sure the racketeers are out there. We are trying to find the right technique
to detect such crimes and also adopting safe-guard measures," said a senior CID
officer.
Wiretapping works in three phases. The first phase involves tapping into the
wires of the main server to capture card data as it is processed for a legitimate
transaction. The next step is to transfer the encoded data to another server, at the
fraudster's end, where it is decoded. In the last phase, the data is used to produce
counterfeit cards. The technology is definitely more complicated than a
skimmer - a gadget which copies the details of a card from a measured distance.
In advanced countries, encrypted cables are installed to prevent telephone wire
tapping but awareness is low in India.
"The cable linking the electronic data capturing machine (EDC) and the
distribution point box is a very sensitive area which is targeted by the
racketeers. When the card is swiped on the EDC, the machine records the
financial data in the card's magnetic strip and feeds it to the DP box, from where
it moves to the main server of the telephone service provider and is finally
transferred to the servers of banks where the transaction is recorded. The
hackers target the area between the EDC and the DP box, tap into the wires,
steal data and send it to another server," said an anti-fraud officer of a private
bank.
45
Police officers say it is difficult to trace such rackets. "For the first phase, the
fraudsters need only a map of the telephone wiring, a receiving terminal and
cables matching the ones used by the telephone service provider. These are not
very difficult to manage and anybody who has a flair for technology can use it
to store the data. High-end technology comes in the next level," said an officer.
Police suspect card fraudsters in Kolkata could be using the technology to copy
the data and send it to other cities in India and abroad. They have a good reason
to suspect this. In the last one year, such units have been busted in Delhi, Jaipur
and Hyderabad. "We heard about it and are looking for effective measures to
prevent wire-tapping," said Jawed Shamim, deputy commissioner, detective
department. Kolkata Police could also take tips from south-east Asian countries
like Thailand and Philippines, where such rackets are active and where law
enforcement agencies have more experience in handling such crimes.
46
lakh; however, after he was caught, he duped 2 more customers to the tune of
Rs 1.1 lakh to clear the banks liability.
The case had come to the Kurali police when the head of PNB,
Chandigarh Circle, had lodged a complaint against Baldev on March 10. That
day the bank had given Rs 8 lakh in cash to Baldev Singh to disburse payments
as cashier-cum-computer operator. However, he had disbursed Rs 6, 12,700 but
failed to deposit back the remaining amount of Rs 1, 87,300.
After the bank authorities had initiated an enquiry against the accused, he
committed to the crime and agreed to pay back the defrauded cash.
However, on March 15, he once again siphoned off Rs 1, 00,500 from the
account of a customer, Balveer Singh. Further enquiry also revealed that he had
duped another customer, Beant Singh, of Rs 10,000 as he withdrew Rs 15,000
from Beants account when the latter had come to withdraw Rs 5,000.
information and passwords. Later on, through Internet banking, a large number
of fraudulent transactions took place. These transactions resulted in loss of over
Rs 20 lakh for customers with bank accounts in Delhi, Vishakapatnam, Thane,
Nasik, and Ahmedabad.
An analysis on those phishing mails revealed that they had originated from
somewhere in Lagos, Nigeria. The UTI phishing site had lifted the UTI logo as
well as the Iconnect symbol from the original UTI site in order to make the fake
site look real. The fake site provided a 'click here' option, which in turn took
victims to a fake customer verification site based in Austria. IP addresses of the
fraudulent transactions indicated transactions had been made from Nigeria,
Atlanta and California.
Investigations:
Upon a complaint of the vice president, UTI Bank, a case registered and taken
up for investigation by a special team. Investigations revealed that Sanjit
Chowdhary, Account No 111010100023959 with UTI Bank, Noida, had
received a disputed credit entry totaling Rs 1.3 lakh through Internet banking
from the account of Lakshmi Narayan Sarkar of Kolkata, who has an account at
UTI Bank, Salt Lake, Kolkota, and from the account of Makaran H Pundalik,
who has an account with the Standard Chartered Bank, Delhi.
It was further revealed that the misappropriated funds had been transferred in
the account of accused Sanjit Chowdhary. The police team laid a trap at UTI
Bank in Noida and the accused Sanjit Chowdhary, who came to the branch to
make enquiries regarding the inactive status of his account, was arrested on
December 7, 2006.On being interrogated, the accused disclosed that he had
48
.Survey Report
Findings:
According the survey conducted by me most of the customers know about bank
frauds. They have a computational idea of frauds taking place in banks.
There are very few, those are not aware of bank frauds.
49
The survey also revealed the types of bank frauds that the customers know
about. The survey included ATM Fraud, Credit card fraud and Online fraud.
The following is the graph revealed:
Due to computerization banks facilities have increased. There has been increase
in frauds also. The following Graph shows the survey on frauds increased or
decreased due to computerization.
Following survey shows the number of customers those have experienced the
frauds in banks either through banks or by others.
50
The suggestions that the survey reveal is that there must be some strict actions
take against the fraudsters. Banks should provide the necessary information
regarding the frauds that the customers can come across. Awareness among the
customers regarding frauds is must.
Conclusion:
The Indian Banking Industry has undergone tremendous growth since
nationalization of 14 banks in the year 1969. There has an almost eight times
increase in the bank branches from about 8000 during 1969 to mote than 60,000
belonging to 289 commercial banks, of which 66 banks are in private sector.
However, with the spread of banking and banks, frauds have been on a constant
increase. It could be a natural corollary to increase in the number of customers
who are using banks these days. In the year 2000 alone we have lost Rs 673
crores in as many as 3,072 number of fraud cases. These are only reported
figures. There were nearly 65,800 bank branches of a total of 295 commercial
banks in India as on June 30, 2001 reporting a total of nearly 3,072 bank fraud
cases.
51
The most important feature of Bank frauds is that ordinarily they do not involve
an individual direct victim. They are punishable because they harm the whole
society. It is clear that money involved in Bank belongs to public.
There must be certain preventive and curative measures to control frauds. The
higher authority of bank must follow strict rules against such fraudsters. The
various new technologies must be adapted by the bank to overcome such frauds.
Thus, a fraud is the game of two, the rule makers and the rule breakers. Fraud is
a phenomenon that cannot be eliminated but can be managed.
ANNEXURES
Questionnaires:
To Understand Frauds in Indian Banking Sector, their prevention and detection
and security against them I visited two different banks:
i) ICICI BANK
explain in brief about the various mechanics of fraud and their prevention and
answered to some of my questions.
ICICI BANK:
52
AXIS BANK:
1) What are types of frauds you have come across?
Property mortgaging in different bank with the help of duplicate
document, Money laundering, credit card fraud, Debit card fraud, DD fraud Bill
discounting fraud.
2) What are the measures taken against frauds?
i) Core Banking Solutions (EXEL report) to find out fraud.
ii) Know the Introducer while opening the account
53
iii) Account should not be opened those coming with DD, Cheques.
iv) Internal Checkings
3) What are the steps taken after the fraud is detected?
Several steps are taken:
In case of Accounts fraud higher authority is reported.
In case of cash authority is consulted and if necessary FIR is registered.
4) How a customer can be made aware the frauds they can come across?
Customers are asset to the banking company. They can be made aware
through E-mails, Advertisements, Posters, etc.
AGE:-
No
54
No
4) If Yes/ No Why?
No
Suggestions if any:-
Project Guide:Urmila
By:
Signature- ___________
Niddhi K Lakhani
TyBBI Roll no. 24.
55
While you may not have fallen prey to any of them, thankfully, its our
responsibility to make you aware of them so that you are alert of how to protect
your money.
56
57
58
BIBLOGRAPHY
www.google.co.in
www.yahoo.com
www.fraudsinindianbankingsector.com
www.icicibank.com
www.axisbank.com
59