Bank Fraudsss

KES COLLEGE OF ARTS & COMMERCE FRAUD IN BANK

BANK FRAUDINTRODUCTION

Banks are the engines that drive the operations in the financial sector, which is vital for the economy. With the nationalization of banks in 1969, they also have emerged as engines for social change. After independence, the banks have passed through three stages. They have moved from the character-based lending to ideology-based lending to today's competitiveness-based lending in the context of India's economic liberalization policies and the process of linking with the global economy.

While the operations of the bank have become increasingly significant, there is also an occupation hazard. There is a Tamil proverb, which says that a man who collects honey will always be tempted to lick his fingers. Banks are, all the time dealing with money, a temptation should therefore be very high. Oscar Wilde said· that the thief was an artist and the policeman was only a critic. There are many people who are unscrupulous and are able to perpetrate a fraud. The bank should devise systems and procedures in such a way that the scope for such clever and unscrupulous people is reduced.

With the rising banking business, frauds in banks are also increasing and fraudsters are becoming more and more sophisticated and ingenious. In a bid to keep pace with the changing times, the banking sector has diversified its business manifold. Replacement of the philosophy of class banking with mass banking in the post-nationalization period has thrown a lot of challenges to the management on reconciling the social responsibility with economic viability.

Section 5(b) of the Banking Regulation Act, 1949 defines banking. According to it, banking means the accepting, for the purpose of lending or investment, of deposits of money from the public, repayable on demand or otherwise, and withdrawable by cheque, draft, and order or otherwise. But if the money has fraudulently been drawn from the bank, the later is under strict obligation to pay the depositor. The bank, therefore, has to ensure, at all times, that the money of the depositor is not drawn by deceitful means.

(1)


DEFINITION OF FRAUD

Fraud is defined as 'any behaviour by which one person intends to gain a dishonest advantage over another.' In other words, fraud is an act or omission which is intended to cause wrongful gain to one person and wrongful loss to the other, either by way of concealment of facts or otherwise.

Section 421 Indian Penal Code defines "fraud" as 'whoever dishonestly or fraudulently removes, conceals or delivers to any person, or transfers 'or causes to be transferred to any person, without adequate consideration, any property, intending thereby to prevent, or knowing it to be likely that he will thereby prevent, the distribution of that property according to law among his creditors or the creditors of any other person, shall be punished with imprisonment of either description for a term which may extend to two years or with fine or with both."

(2)


BANK FRAUDS

Losses sustained by banks as a result of frauds exceed the losses due to robbery, dacoity, burglary and theft-all put together.

Unauthorized credit facilitate are extended for illegal gratification such as cash credit allowed against pledge of goods, hypothecation of goods against bills or against book debts. Common modus operandi are, pledging of spurious goods, inflating the value of goods, hypothecating goods to more than one bank, fraudulent removal of goods with the knowledge and connivance of or negligence of bank staff, pledging of goods belonging to a third party. Goods hypothecated to a bank are found to contain obsolete stocks packed in between good stocks and cases of shortage in weight are not uncommon.

Frauds in deposit accounts take place by opening of bogus accounts, forging signatures of introducers and collecting through such accounts stolen or forged cheques or bank drafts. Frauds are also committed in the area of granting overdraft facility in the current accounts of customers. A large number of frauds have been committed through bank draft, mail transfers and telegraphic transfers.

An analysis made of cases brings out broadly, the under mentioned four major elements responsible for the commission of frauds in banks. First, active involvement of the staff-both supervisory and clerical either independent of external elements or in connivance with outsiders.

Secondly, failure on the part of the bank staff to follow meticulously laid down instructions and guidelines.

Thirdly, external elements perpetrating frauds on banks by forgeries or manipulations of cheques, drafts and other instruments.

Fourthly, there has been a growing collusion between businessmen, top bank executives, civil servants and politicians in power to defraud the banks, by getting the rules bent, regulations flouted and banking norms thrown to the winds.

(3)


An analysis of frauds committed in the Banks indicates the following 'areas, which are susceptible for commission of frauds.

Frauds-Prevention and Detection

A close study of any fraud in a bank reveals many common basic features. There may have been negligence or dishonesty at some stage, on the part of one or more of the bank employees. One of them may have colluded with the borrower. The bank official may have been putting up with the borrower's sharp practices for a personal gain. The proper care which was expected of the staff, as custodians of bank's interests may not have been taken. The bank's rules and procedures laid down in the Manual instructions and the circulars may not have been observed or may have been deliberately ignored. In all such cases, the result would be more or less the same-a fraud and consequent loss of money and prestige. It should, however, be conceded that in spite of all the possible safeguards and precautions that human ingenuity can desire, there may still be a wily customer who may have the upper hand in the battle of wits and succeed in cheating a bank.

Bank frauds are the failure of the banker. It does not mean that the external frauds do not defraud banks. But if the banker is upright and knows his job, the task of the defrauder will become extremely difficult, if not possible.

Components of Fraud

There are two important components in any fraud committed by an employee of a bank, himself or in collusion with a borrower. They are, firstly, the intention which is subjective; and secondly, the opportunity which is objective.

Conditions must be created in a bank that the person who intends perpetrating a fraud does not get the opportunity to commit it.

(4)


Prevention of Frauds

The following are the ways by which frauds can be averted:

1. Recruitment and Selection:

The right type of persons with necessary qualifications and aptitudes should be recruited. Selection of officers should be carefully made on the basis of qualifications, experience, performance, efficiency and reputation. Adequate training to staff at all levels should be provided

2. Private Lives of Staff:

The private lives of staff should be watched, difficult thought it may be. A member of the staff who is· a habitual borrower or lives beyond his means can be one who may ultimately let the bank down

3. No Undue Reliance:

No undue reliance should be placed on bank's staff. Explanations should not be too’ readily accepted. So that vested interests are not created, agents, clerical staff and officers should be transferred periodically from branch to branch.

4. Basic Honesty:

No bank official should think of accepting presents and bribes form the borrowers in the belief that everything is safe and nothing would go wrong. The financial position and dealings of a borrower who invites bank officials too often for drinks and dinners or sends them presents should be closely watched.

5. Routine:

The bank's system, routine and procedures should be meticulously followed. The manual of instructions and the circulars are the outcome of wide experience of men and matters, which the head office has acquired over a long period.

(5)


6. Supervision and Audit:

The checking of books and registers should be done regularly by the authorized officer. The godowns should be inspected without notice. Audit of bank branch is must.

7. Unscrupulous Parties:

The bank should be careful in accepting new customers, particularly borrowers. The customer, who has been noticed to follow undesirable practices or is known to have committed a fraud, should be avoided. It is good for the bank to follow the maxim, "once bitten, twice shy".

8. Danger Signals:

Particular attention must be paid to the accounts wherein the debt balance usually remains very near the sanctioned limit or the drawing limit.· When the borrower's cheques start bouncing with reasons like, "exceeds arrangement" or "effects not cleared, present again" or when there is a very poor turnover in the account/securities charged, bank officers have to be Watchful.

9. Vigilance:

Vigilance means alertness or watchfulness. This is a mental state and applicable to rank and file. Vigilance is an integral part of the managerial function. The preventive vigilance should ensure that:

The business is planned and conducted with proper system and procedures keeping in view corporate vision.

Transactions are properly authorized and appraised.

Assets safeguarded and liabilities controlled; minimize the risk of losses arising out of irregularities, fraud.

Accountability and records provide complete, accurate and timely information.

Finally, the bank officer’s eyes and ears have to be everywhere. They cannot afford to be lethargic, complacent or negligent in the discharge of their duties.

(6)


Detection of Frauds

Despite all the care and vigilance, there may still be some frauds, though their number, periodicity and intensity may be considerably reduced.

Just as vigilance is very important in the prevention of frauds, calm behaviour and attitude are a must in the detection of a fraud. The officer should in no circumstances lose his temper and presence of mind when confronted with difficult situation. The following procedure would be very helpful if taken into consideration.

1. All relevant data-papers, documents, etc. should be promptly collected. Original vouchers or other papers forming the basis of the investigation should be kept under lock and key.

2. All persons in the bank who may know something about the time, place and modus operandi of the fraud should be examined and their statements should be recorded.

3. The probable order of events should thereafter be reconstructed by the officer, in his own mind. The next man, if competent and honest, and capable of keeping secrets, should be taken into confidence.

4. It is always advisable to keep the central office informed about fraud and further developments in regard thereto.

(7)


Classification of Frauds and Action Required by Banks

As we are aware that in a bid to keep pace with the changing times,' the banking sector has diversified its business manifold. This has caused a dent on the credibility of the system in terms of checks/controls and supervision. Replacement of the philosophy of class banking with mass banking in the post nationalisation period has thrown a lot of challenges to the management on reconciling the social responsibility with economic viability.

The Reserve Bank of India had set-up a high level committee in 1992 which was headed by Mr. A. Ghosh, the then Dy. Governor Reserve Bank of India to inquire into various aspects relating to frauds malpractice in banks. The committee had noticed/observed three major causes for perpetration of frauds as given here under:

1. Laxity in observance of the laid down system and procedures by operational and supervising staff.

2. Over confidence reposed in the clients who indulged in breach of trust.

3. Unscrupulous clients by taking advantages of the laxity in observance of established, time tested safeguards also committed frauds.

Since, the above three causes are of utmost importance as such the banks are advised to keep in mind the same while discharging their duties

In order to have uniformity in reporting cases of frauds, RBI considered the question of classification of bank frauds on the basis of the provisions of the Indian Penal Code and has classified there as under:

1. Cheating

2. Criminal misappropriation of property

3. Criminal breach of trust

4. Forgery

5. Falsification of accounts

(8)


6. Theft

7. Extortion

8. Burglary (house breaking)

9. Robbery ad dacoity

10.Criminal conspiracy

11.Bribery and corruption

12.Offences relating to currency notes and bank notes.

1) Cheating

Whoever by deceiving any person, fraudulently or dishonestly induces the person so deceived to deliver any property to any person, or to consent that any person shall retain any property, or intentionally induces the person so deceived to do or omit to do anything which he would not do or omit if he were not so deceived, and which act or omission causes or is likely to cause damage or harm to that person in body, mind, reputation or property, is said to "cheat".

Whoever cheats shall be punished with imprisonment of either description for a term, which may extend to one year, and shall also be liable to fine.

When a cheque is dishnoured, the payee feels frustrated and seeks on immediate remedy at no costs or low costs. Civil suits are a costlier affair and a time consuming device and thus a complaint under the provisions of Indian Penal Code comes as a remedy

In Ram Jas v. State of Uttar Pradesh, 23 the Supreme Court has enumerated the ingredients to constitute the offence under this section as under:

There should be fraudulent or dishonest inducement of a person by deceiving him;

The person so deceived should be induced to deliver any property to any person, or to consent that any person shall retain any property; or

(9)


The person so deceived should be intentionally induced to do or omit to do anything, which he would not do or omit if he were not so deceived.

In the case covered by item (ii) (b), the act or omission should be one, which causes or is likely to cause damage or harm to the person induced in body, mind, reputation or property.

If the cheque is dishnoured, the drawer of the cheque may be prosecuted under sections 417 and 420 of the Indian Penal Code. However, it all depends on the circumstances of each case. Every dishonour of a cheque is not cheating. It must be proved that there was the intention to cheat.

Remedial Measures

The preventive measures, in respect of the cheating, can be concentrated on cross-checking regarding identity, genuineness, verification of particulars, etc. In respect of various instruments as well as persons involved in encashment or dealing with the property of the bank.

2) Criminal Misappropriation of Property

Whoever dishonestly misappropriates or converts to his own use any moveable property, shall be punished with imprisonment of either description for a term, which may extend to two years, or with fine, or with both. This offence is non-cognizable.

A finds a cheque payable to bearer. He can form no conjecture as to the person who has lost the cheque. But the name of the person, who has drawn the cheque, appears. A knows that this person can direct him to the person in whose favour the cheque drawn. A appropriates the cheque without attempting to discover the owner. He is guilty of an offence under this section.

A finds a government promissory note belonging to Z, bearing a blank endorsement. A knowing that the note belongs to Z, pledges it with a

(10)


banker as a security for a loan, intending at a future time to restore it to Z. A has committed an offence under this section.

Remedial Measures

Criminal misappropriation of property, presuppose the custody or control of funds or property, so subjected, with that of the person committing such frauds. Preventive measures, for this class of fraud should be taken at the level at which the custody or control of the funds or property of the bank generally vests. Such a measure should be sufficient, it is extended to these persons who are actually handling or having actual custody or control of the funds or movable properties of a bank.

3) Criminal Breach of Trust

Whoever, being in any manner entrusted with property, or with any dominion over property, dishonestly misappropriates or converts to his own use that property, or dishonestly uses or disposes of that property in violation of any direction of law prescribing the mode in which such trust is to be discharged, or of any legal contract, express or implied, which he has made touching the discharge of such trust, or willfully suffers any other person so to do, commits "criminal breach of trust".

In Anil Saranav v. State of Bihar,26 the Supreme Court has reiterated that where a partner is entrusted with property under special contract and he holds that property in a fiduciary capacity, and misappropriation of that property would amount to criminal breach of trust.

Remedial Measures

Criminal misappropriation of property, presuppose the custody or control of funds or property, so subjected, with that of the person committing such frauds. Preventive measures, for this class of fraud should be taken at the level at which the custody or control of the

(11)


funds or property of the bank generally vests. Such a measure should be sufficient it is extended to these persons who are actually handling or having actual custody or control of the funds or movable properties of a bank.

4) Forgery

Whoever makes any false document or part of a document with intent to cause damage or injury, to the public or to any person, or to support any claim or title, or to cause any person to part with property, or to enter into any express or implied contract, or with intent to commit fraud or that fraud may be committed, commits "forgery".

The essential ingredients of forgery are as under:

The making of false document or part of it.

Such making should be with intent.

To cause damage or injury to

Public; or

Any person; or

To support any clam or title; or

To cause any person to part with property; or

To cause any person to enter into express or implied contract; or

To commit fraud or that fraud may be committed.

Remedial Measures

Both the prevention and detection of frauds through forgery are important for a bank. Forgery of signatures is the most frequent fraud in banking business. A banker as per legal obligation is supposed to know the signature of his customer and in case of any doubt he has to consult the specimen signatures of his customer, which has already

(12)


been taken during the course of opening of account of the customer. The specimen signatures are always kept in safe custody of the bank. The bank should take special care when the instrument has been presented either bearer or order; in case a bank pays forged instrument he would be liable for the loss to the genuine customer.

5) Falsitlcation of Accounts

Whoever, being a clerk, officer or servant, or employed or acting in the capacity of a clerk, officer or servant, willfully, and with intent to defraud, destroys, alters, mutilates or falsifies any book, paper, writing valuable security or account which belongs to or is in the possession of his employer or has been received by him for or on behalf of his employer or willfully and with intent to defraud, makes or abets the making of any false entry in, or omits or alters or abets the omission or alteration of any material particular from or in, any such book, paper, writing, valuable security or account, shall be punished with imprisonment of either description for a term which may extend to seven years, or with fine, or with both.

Explanations

It shall be sufficient in any charge under this section to allege a general intent to defraud without naming any particular person intended to be defrauded or specifying any particular sum of money intended to be the subject of the fraud, or any particular day on which the offence was committed.

This section refers to acts relating to book-keeping or written accounts. It makes the falsification of books and accounts punishable even though there is no evidence to prove misappropriation of any specific sum on any particular occasion.

Ingredients

This section requires that:

(13)


The person coming within its purview must be a clerk, an officer, or a servant, or acting in the capacity of a clerk, an officer, or a servant.

He must willfully and with intent to defraud-

Destroy, alter, mutilate, or falsify, any book, paper, writing, valuable security, or account which-

Belongs td or is in the possession of his employer; or

Has been received by him for or on behalf of his employer;

Make or abet the making of any false entry in or omit or alter or abet the omission or alteration of any material particular from or in any such book, paper, writing, valuable security or account.

The offence of falsification of accounts read with cheating becomes a cognizable offence.

Remedial Measures

The preventive measures, for falsification of accounts should give more importance on the persons responsible for the maintenance of books and accounts and encashment of instruments. Inventory of the movable properties can also be a place of importance for this purpose, frequent internal audit system, crosschecking regarding identity, verification of particulars, etc. are useful.

6) Theft

Whoever, intending to take dishonestly any movable property out of the possession of any person without that person's consent, moves that property in order to such taking, is said to commit "theft". Theft in dwelling house is punishable under Section 380, IPC. Theft of property, in the possession of his master or employer, by a clerk or servant is punishable under Section 381, IPC. Theft after preparation made for causing death, hurt or restraint in order to the committing of theft is punishable under Section 382, IPC. These are all cognizable offences.

(14)


Common forms of thefts committed in bank are theft of cash, traveler’s cheques, draft, mail transfer and telegraphic transfer forms from strong rooms or currency chests, cash counters, lockers and safe deposit vaults, etc. Criminal law has taken particular care to protect the possession of movables rather than of immovables. In the case of immovables the disputes relating to ownership etc. are left to the civil law.

Criminal law interferes only when the disputes relating to immovable items of property are likely to lead to breach of the peace and to prevent insult, annoyance and intimidation to the person in possession. Thus, in the

case of movable property the list of the offence is the deprivation of possession or attempt at such deprivation is not sufficient to constitute an offence. Section 441 of the Indian Penal Code deals with the offence of trespass on land, which is unlawful interference with the possession of it.

The essential ingredients of the offence of theft are as under:

Dishonest intention to take property.

The property must be movable.

It should be taken out of the possession of another person.

It should be taken without the consent of that person.

There must be mere removal of the property in order to accomplish the taking of it.

The above stated ingredients have been explained by the Supreme Court in K.N. Mehra v. State of Rajasthan. As observed by Subba Rao, 'To commit theft one need not take movable property permanently out of the possession of another with the intention not to return it to him. It would satisfy the definition if he took any movable property out of the possession of another person though he intended to return it later on'.

A creditor who took movable property out of his debtor's possession, without his consent, with the intention of coercing him to pay his debt, committed the offence of theft.

(15)


Remedial Measures

Encashment of stolen travellers' cheques can be prevented if the bank clearly specifies the age, sex and two visible identification marks on the body of the person purchasing traveller's cheques on back-of the cheque leaf. This will help the paying bank to easily identify the cheque-holder. Theft from lockers and safe deposit vaults are not easy to commit because the master-key remains with the banker and the individual key of the locker is handed over to the customer with due acknowledgement. No one can singly open the locker. It has been found generally that cashier leaves cash unlocked and proper care is not exercised while handling cash. To avoid such incident effective supervision is required at each bank level.

8) Extortion

Whoever, intentionally puts any person in fear of any injury to that person, or to any other, and thereby dishonestly induces the person so put in fear to deliver to any person any property or valuable security, or anything signed or sealed which may be converted into valuable security commits "extortion". The offence is cognizable.

Burglary (House Breaking)

"House Breaking" which is commonly known as burglary. It may be roughly classified under five main heads, namely, (i) by manhole through a wall; (ii) by manhole through a roof; (iii) by drilling a small hole through the wall close to the fastening of the door and window; (iv) by breaking open iron grill provided to windows and skylight openings; and (v) by various kinds of lock breaking. In banks, strong rooms, currency chests, lockers and safe deposit vaults are vulnerable to burglary unless adequate security arrangements are provided particularly after sunset and before sunrise when burglary is successfully committed. The offence is cognizable.

(16)


9) Robbery and Dacoity

In all robbery there is either theft or extortion. Theft is "robbery" if, in order to the committing of the theft, or in committing the theft, or in carrying away or attempting to carry away property obtained by the theft, the offender, for that end .voluntarily causes or attempts to cause to any person death or hurt or wrongful restraint, or fear of instant death or of instant hurt, or of instant wrongful restraint.

Extortion is "robbery" if the offender, at the time of committing the extortion, is in the presence of the person put in fear, and commits the extortion by putting that person in fear of instant death, of instant hurt, or of instant wrongful restraint to that person or to some other person, and, by so

putting in fear, induces the person so put in fear then and there to deliver up the thing extorted.

When five or more persons conjointly commit or attempt to commit a robbery, or where the whole number of persons conjointly committing or attempting to commit a robbery, and persons present and aiding such commission or attempt, amount to five or more, every person so committing, attempting or aiding is said to commit "dacoity".

Attempt to commit robbery is punishable under Section 393, IPC and attempt to commit robbery or dacoity armed with deadly weapon is punishable under Section 398, IPC; Section 394, IPC (voluntarily' causing hurt in committing robbery); " Section 396, IPC (dacoity with death); and Section 397, IPC (robbery or dacoity with attempt to cause death or grievous hurt) provide enhanced punishment.

Punishment is also provided for making preparation to commit dacoity (Section 399, IPC);" for belonging to a gang of dacoits (Section 400, IPC); for belonging to a gang of thieves (Section 401, IPC and for assembling to commit dacoity). All the offences under robbery and dacoity are cognizable.33 Burglary, robbery and dacoity, snatching cash from the counter are external crimes in banks. The

(17)


vulnerability of the banks varies on the three different types of occasions, namely:

When the bank is totally closed,

When the bank i~ opened to the public for normal business transactions, and

The twilight hours when the bank strong room is opened before the commencement of the banking hours and again at the end of the banking hours, to take out cash and to put it back.

10) Criminal Conspiracy

Conspiracy is a substantive offence and has nothing to do with abetment. Criminal conspiracy is somewhat wider in amplitude than abetment by conspiracy. The very fact of the conspiracy constitutes the

offence and it is immaterial whether anything has been done in pursuance of the unlawful agreement. The ingredients of the offence are:

That there should be an agreement between the persons who are alleged to conspire, and

That the agreement should be

For doing of an illegal act, or

For doing by illegal means an act which may not itself by illegal.

In the case of State of Andhra Pradesh v. IBS Prasad Rao and Others the accused, who were clerks in a Cooperative Central Bank were all convicted of the offences of cheating under Section 420 read along with Section 120A. All the four accused had conspired together to defraud the bank by making false demand drafts and receipt vouchers.

(18)


11) Fraudulent loans

One way to remove money from a bank is to take out a loan, a practice bankers would be more than willing to encourage if they know that the money will be repaid in full with interest. A fraudulent loan, however, is one in which the borrower is a business entity controlled by a dishonest bank officer or an accomplice; the "borrower" then declares bankruptcy or vanishes and the money is gone. The borrower may even be a non-existent entity and the loan merely an artifice to conceal a theft of a large sum of money from the bank.

12) Stolen cheques

Some fraudsters obtain access to facilities handling large amounts of cheques, such as a mailroom or post office or the offices of a tax authority (receiving many cheques) or a corporate payroll or a social or veterans' benefit office (issuing many cheques). A few cheques go missing; accounts are then opened under assumed names and the cheques (often tampered or altered in some way) deposited so that the money can then be withdrawn by

thieves. Stolen blank chequebooks are also of value to forgers who then sign as if they were the depositor.

13) Bill discounting fraud

Essentially a confidence trick, a fraudster uses a company at their disposal to gain confidence with a bank, by appearing as a genuine, profitable customer. To give the illusion of being a desired customer, the company regularly and repeatedly uses the bank to get payment from one or more of its customers. These payments are always made, as the customers in question are part of the fraud, actively paying any and all bills raised by the bank. After time, after the bank is happy

(19)


with the company, the company requests that the bank settles its balance with the company before billing the customer. Again, business continues as normal for the fraudulent company, its fraudulent customers, and the unwitting bank. Only when the outstanding balance between the bank and the company is sufficiently large, the company takes the payment from the bank, and the company and its customers disappear, leaving no-one to pay the bills issued by the bank.

14) Duplication or skimming of card information

This takes a number of forms, ranging from a dishonest merchant copying clients' credit card numbers for later misuse (or a thief using carbon copies from old mechanical card imprint machines to steal the info) to the use of tampered credit or debit card readers to copy the magnetic stripe from a payment card while a hidden camera captures the numbers on the face of the card.Some thieves have surreptitiously added equipment to publicly accessible automatic teller machines; a fraudulent card stripe reader would capture the contents of the magnetic stripe while a hidden camera would sneak a peek at the user's PIN. The fraudulent equipment would then be removed and the data used to produce duplicate cards that could then be used to make ATM withdrawals from the victims' accounts.

15) Wire fraud

Wire transfer networks such as the international SWIFT interbank fund transfer system are tempting as targets as a transfer, once made, is difficult or impossible to reverse. As these networks are used by banks to settle accounts with each other, rapid or overnight wire transfer of large amounts of money are commonplace; while banks have put checks and balances in place, there is the risk that insiders may attempt to use fraudulent or forged documents which claim to request a bank depositor's money be wired to another bank, often an offshore account in some distant foreign country

(20)

http://en.wikipedia.org/wiki/Society_for_Worldwide_Interbank_Financial_Telecommunication


16)Forged or fraudulent documents

Forged documents are often used to conceal other thefts; banks tend to count their money meticulously so every penny must be accounted for. A document claiming that a sum of money has been borrowed as a loan, withdrawn by an individual depositor or transferred or invested can therefore be valuable to a thief who wishes to conceal the minor detail that the bank's money has in fact been stolen and is now gone.

17) Uninsured deposits

There are a number of cases each year where the bank itself turns out to be uninsured or not licensed to operate at all. The objective is usually to solicit for deposits to this uninsured "bank", although some may also sell stock representing ownership of the "bank". Sometimes the names appear very official or very similar to those of legitimate banks. For instance, the "Chase Trust Bank" of Washington DC appeared in 2002 with no licence and no affiliation to its seemingly apparent namesake; the real Chase Manhattan Bank is based in New York.

The risk is greatest when dealing with offshore or Internet banks (as this allows selection of countries with lax banking regulations), but not by any means limited to these institutions. There is an annual list of unlicensed banks on the US Treasury Department site which currently is fifteen pages in length.

18) Demand draft fraud

This fraud is usually done by one or more dishonest bank employees. They remove few DD leaves or DD books from stock and write them like a regular DD. Since they are insiders they know the coding, punching of a demand draft. These Demand drafts will be issued payable at distant town/city without debiting an account. Then it will be cashed at the payable branch. For the paying branch it is just another DD.

(21)

http://en.wikipedia.org/wiki/As_of_2004

http://www.occ.treas.gov/ftp/alert/2004-4a.pdf

http://www.jpmorganchase.com/


19) PHONE FRAUDS

Whether in the form of the consumer attempting to defraud the telephone company, the telephone company attempting to defraud the consumer, or a third party attempting to defraud either of them, fraud has been a part of the telephone system almost from the beginning.A carrier's bottom line is significantly impacted by billing fraud.

20) Automatic Teller Machine (ATM) Fraud

To use an ATM has always required the use of a PIN. There have been many very sophisticated methods devised to obtain this information plus the information on the magnetic strip, including dummy ATMs. The universal introduction of Chip and PIN means there will be far more opportunity for PINs to be compromised as PINs will need to be entered in relatively insecure locations (for example, at supermarket counters). The major banks in the UK are seriously concerned that ATM fraud will increase as a result of PINs being compromised at point of sale. In general the chip prevents counterfeit fraud. However, ATMs can still be vulnerable as the chip can effectively be disabled. The magnetic stripe contains a service code which tells the ATM what type of card it is. For instance, 101 identifies it is magnetic stripe, whilst 201 means it is a chip card. Also, on the chip there is a similar flag which tells the ATM whether it should read from the magnetic stripe or the chip. Further, if the chip malfunctions for some reason then many ATMs will default to using the magnetic stripe. Any fraud detection system must detect the status of the card to determine if there has been a failure of the chip. Many ATM used overseas continue to use the magnetic strip.

(22)

http://en.wikipedia.org/wiki/Telephone

http://en.wikipedia.org/wiki/Fraud

http://en.wikipedia.org/wiki/Telephone_company


E-Fraud

What is E-Fraud?

E-Fraud is an umbrella term that covers numerous activities across the Internet the common intent of which is to make money or obtain services using illegally or fraudulently obtained information. eFraud has a tremendous impact on the Internet Economy, both in terms of actual dollars stolen from accounts as well as lost revenue due to overall decreased confidence in eCommerce or eBanking and the damage done to the reputations of Brands being marked.

Before going on to describe some of the common manifestations of eFraud, some mention should be made of its non-technical underpinnings, whose influence can be discerned throughout.

1) Social Engineering

Whether used by efraudsters, normal scam artists or more reputable members of society such as overly-aggressive car salesmen or itinerant sellers of magazine subscriptions, Social Engineering encompasses a number of techniques intended to manipulate the “victim” into revealing or doing more than they otherwise would if the “victim” had the opportunity of thinking about what they are doing. The social engineer will frequently attempt to pressure the victim into acting immediately (e.g. “Your Account will be closed in 24 hours if you don’t click on the link below to update your Account info” or “I just had two other couples looking at this car earlier this morning!”) or entice the victim to act instinctively, playing on the ‘kindness of strangers’ (”If someone does not help me move my murdered husband’s money out of the country soon, the corrupt officials will pocket it all and leave my kids with nothing” or “Don’t you want to help me earn my way through college?”).

Other common ploys of the Social Engineer include the incorporation of information previously obtained to lend their effort more legitimacy; or to

(23)


present their approach so as to appear to be providing the victim with some valuable assistance.

While some examples of this may amuse us, the core techniques can be used to devastating effect in the hands of a good Social Engineer and while there will always be a technical element to contend with in regards to eFraud, the human element cannot be underestimated or easily dismissed.

2) Phishing

Otherwise known as “carding” or “brand spoofing”, phishing refers to the use of (usually) emails presented in such a way as to seem official communications of a banking, service or retail organization, prompting the victim to "confirm" some of their confidential data. Information targeted frequently includes login details, credit card or banking account details, Date of Birth and Social Security Number. Typically, the pretext of the communication is some sort of security measure being implemented or response to some possibly fraudulent use of the account, the scam being supported by the inclusion of official looking images and presented with some sense of urgency. The mechanism used to garner the target details can differ but frequently make use of an obfuscated link in the email apparently leading to the official site but in actuality leading to a hacked server that the perpetrator(s) of the scam uploaded web pages, images and scripts to. The gathered data is then either stored to a hidden area on the same server, or to a different hacked server or sent to a throw-away email account that the hacker will monitor for the duration of the scam.

3) Pharming

Somewhat of a trendy term for a type of phishing. Intended to describe a more elaborate form of phishing, involving more technical expertise to accomplish; in actuality it is just part of the broad spectrum of phishing.

(24)


4) Advanced Fee Fraud

Represented in large part by Nigerian or 419 Scams, these are typically represented by emails purporting to be from someone having large funds available overseas that, if not moved out of country soon, would be lost. The fraudster pleads with the victim for their help in moving these funds to the victim’s country, in return for which the fraudster generously gives a portion of the funds. However, having once baited the victim's interest, the victim needs to outlay some funds of his or her own in order to initiate the process. The descriptive details in the email play on the pity and kindness (not excluding a little bit of greed) on the part of the victim to further the scam.

5) Identity Theft

Identity Theft refers to the unauthorized use of falsely obtained personal information. This info is frequently used for things such as credit card applications, picture ID card applications, domain registrations, etc. The idea being that any use or misuse of those services would be traced back to the Identity Theft victim, thus embroiling them in having to disassociate themselves from the activities of their personal nemesis.

6) Credit Card Fraud

Whether obtained via phishing or key logging trojans, credit card information is actively traded publically in Web forums and IRC Channels or via more discreet means such as private Instant Messenging networks or emails. This info is then used to purchase goods or services, using various techniques to make it difficult to trace the recipient. The transactions are done on sites (termed as 'cardable') that do not restrict shipment of goods to the same address or region as the billing address of the card owner.

(25)


7) Mail Fraud

Mail fraud refers to any scheme which attempts to unlawfully obtain money or valuables in which the postal system is used at any point in the commission of a criminal offence. Mail fraud is a legal concept in the United States Code which can provide for increased penalty of any criminally fraudulent activity if it is determined that the activity involved used the United States Postal Service. As in the case of wire fraud, this statute is often used as a basis for a separate federal prosecution of what would otherwise have been only a violation of a state law. The concept is irrelevant in countries with non-federal legal systems: the activities listed below are likely to be crimes, but the fact that they are carried out by mail makes no difference to which authority may prosecute or the penalties which may be imposed

8) Internet Fraud and Online Auction Fraud

Internet fraud or wire fraud schemes may also qualify as mail fraud if the mails are being used at any point in the scheme, including a request that a money order be sent to pay for non-existent or undelivered auction merchandise. Many of these schemes are merely variants on the fraudulent mail-order scams in which the merchandise is never delivered as described or delivered at all.

(26)

http://en.wikipedia.org/wiki/Wire_fraud

http://en.wikipedia.org/wiki/Internet_fraud

http://en.wikipedia.org/wiki/Wire_fraud

http://en.wikipedia.org/wiki/United_States_Postal_Service

http://en.wikipedia.org/wiki/United_States_Code

http://en.wikipedia.org/wiki/United_States_Code

http://en.wikipedia.org/wiki/Postal_system


SECURITY REGIME IN BANKING SYSTEM

INTRODUCTION

Security implies sense of safety and of freedom from danger or anxiety. When a banker takes a collateral security, say in the form of gold or a title deed, against the money lent by him, he has a sense of safety and of freedom from anxiety about the possible non-repayment of the loan by the borrower. In a broader perspective, when a nation maintains a well-equipped and well-trained military force, the citizens have a sense of safety and of freedom from anxiety against possible aggression by other nations. All measures adopted to bring about the sense of safety are collectively called 'Security Measures'.

MEANING OF SECURITY

This aspect of information cannot be over emphasized especially when it comes to the banking industry. While confidentiality and privacy are our credo, there remains a dire necessity to address security issues through policies, procedure, practices and technology.

Security policies that outline the approach of the organization are vital. These should be communicated to all strata of the organization through appropriate means. Before enacting new policies in personal data handling procedures, the staff managers concerned should analyze current practices. To facilitate the explanation of their roles, information management guidelines should be drawn out by the organization.

Security procedure should be stated explicitly and agreed upon by each user in the specific environment. These procedures need to be clearly defined by the organization with respect to each information segment involved. Security practices should be adhered to strictly and need to be reviewed and supervised periodically. Such practices ensure information security and enhance availability.

(27)


Bank Security is essentially a defence-a defence against unforeseen attacks by thieves, dacoits and burglars. The deterioration of law and order situation in the country manifests upon the bankers in the following forms:

1. Theft,

2. Armed robbery / dacoity,

3. Burglary, and

4. Riots and violent activities during civil disturbances, causing damage to moveable and immoveable properties of banks.

The meanings of these terminologies have not been understood correctly by the banking industry. Theft, robbery and dacoity have in fact been defined in the Indian Penal Code.

But here, without going into the legal tangle, let us understand the correct meaning and concept of these terms.

1. Theft:

Theft is an act of stealing a moveable property that belongs to another person. Theft is never overt; it is always covert. In other words, a theft is always performed when the true owner or custodian of the stolen property is not aware of the act of stealing, though the true owner or custodian may be present on the scene.

2. Robbery:

Robbery is always performed when the owner or custodian is present. Robbery involves extortion under threat. It also involves violence.

3. Dacoity:

There is no difference between robbery and dacoity. The difference pertains only to the number of culprits involved. When there are four criminals or less in the incident, it is a robbery; when there are five or more persons involved, it is termed dacoity. There is another terminology 'Hold-up', which you might have come across. Hold-up is a colloquial name for robbery / dacoity.

(28)


4. Burglary:

Burglary is house-breaking at night or on days when the premises are locked and there is no occupant inside. Burglary involves making unauthorized entry.

5. Riots and Civil Disturbances:

Riots and civil disturbances are necessarily criminal activities. They spontaneous reactions to events. Criminal elements may make use of these opportunities to loot a bank. Besides, violent mobs can damage the property of banks fit of anger.

The damage caused or loss incurred due to these wanton activities and crimes have far-reaching repercussions on the nation as a whole and banking industry in particular, which calls for appropriate security measures at branches.

Bank dacoities and robberies are threatening the credibility of the whole banking industry which compelled the Government of India to review the security measures. The Government of India decided to provide security cover to branches depending on the degree of vulnerability. The following are the factors which determine vulnerability.

Cash Holding Limit:

Cash holding is the single most important factor to determine the vulnerability of branch. On the basis of cash holding the branches have been classified as follows:

Currency Chest Branches:

These are the branches having currency chests with them. Currency chests are guarded by police armed guards round the clock.

High Risk Branches :

These are the branches, whose authorized cash holding limit is Rs. 20 lakhs and above. All such branches should be guarded by two armed guards.

(29)


Normal Risk Branches :

Those branches, whose authorized cash holding limit is Rs.I0 lakhs and above but less than Rs. 20 lakhs come under this category. All such branches should be guarded by one armed guard.

Low Risk Branches :

These are branches, whose authorized cash holding limit is less than Rs.I0 lakhs. All such branches need not be guarded by armed guards. Nevertheless, banks can still declare a branch vulnerable considering the other factors like law and order situation

Prevention of Frauds in a Computerised Environment

While developments in the area of Information Technology have resulted in benefits such as Anywhere / Anytime banking, a disturbing factor has been the rising incidence of perpetration of computer frauds. As computer crime can be perpetrated from remote locations, computer criminals are afforded the required anonymity. The banking industry haste guard itself against such attacks, particularly since a large number of transactions are being put through the Internet. As banks will be major players in E Commerce and internet banking transactions will be regularly put through, suitable precautions will have to be taken. In this write-up, we discuss the safeguards that banks must take so that they do not unwittingly fall prey to computer crime and fraud.

Research has shown time and again that computer frauds occur mainly due to weaknesses in internal control systems that facilitate unauthorized / manipulated inputs by extending due dates on loans, changing names and addresses of clients, etc. In a computerized environment, software attacks by computer criminals through Trojan Horses, Viruses, Worms, Salamis and Logic Bombs, etc. can paralyze installations or destroy systems. Maintenance of security in a computerized environment is therefore a major concern and challenge for bankers today.

(30)


The key aspects of electronic information-related security are:

Confidentiality (making information available only to authorized users)

Integrity (information received appearing exactly as that sent or stored)

Availability (information stored / transmitted over communication networks being available whenever required, to the extent desired, within specified time limits)

Authenticity (implementing systems for establishing the bonafides of parties in an electronic transaction), and,

Non-Repudiability (ensuring that the parties cannot deny authorising a transaction or sending / receiving messages over the Internet).

In today’s world, two important tools are available for enhancing computer-related security. These are: Digital Signatures and Cryptography. When an electronic message is digitally signed, there is a coding (encryption) and decoding (decryption) process that enables the positive identification of the author of an electronic message(the writer of the message) and verification of the integrity of the message(whether the message has undergone any tampering during transmission).

Cryptography is a technique for coding messages in such a way that they cannot be read by any individual other than the intended recipient. In public key cryptography, two keys aroused, a public key and a private key, for encryption and decryption of the message.

There are five important computer controls that must be in place at banks, so that the incidence of frauds in computerized environment can be checked. These five key controls are:

1. Management Controls (drafting a sound Security Policy, Business Continuity Planning etc.)

2. Organizational Controls (segregation of duties between programmers, operators, etc.)

(31)


3. Operational Controls (checking physical access to computer resources, etc.)

4. Environmental Controls (control of Air-conditioning, humidity, etc.), and,

5. Application Controls (controls built into applications for checking security lapses). Such computer controls help in keeping computer fraudsters at bay.

Audit has an important role to play in strengthening computer security in banks

By way of summary it can be said that banks operating in a computer environment in India can protect themselves against computer frauds by implementing controls, appreciating the role of auditing strengthening computer-related security and by understanding the legal recourse available to them under the Information Technology Act, 2000.

Avoid E-Fraud

Although e-fraud is not commonplace (only about 0.03% of all business to consumer transactions), it does happen. Anytime you make an online purchase or sale you should be wary. Although impossible to eliminate, with the proper care you can ensure you are never the victim of online fraud. For anyone who has ever been a victim of e-fraud the problems with compensation can be endless due to the properties of the Internet. When online, you may never know exactly whom you are dealing with. It may be someone who lives on the other side of the world. Resolving problems with someone you do not know can be more complicated in long-distance or cross-border transactions. Tracking people down is very difficult, as individuals who commit online fraud can disappear without a trace. Websites can be created, used to commit fraud, and disappear in a matter of days. The almost complete anonymity of the Internet allows for many fraudsters to avoid being caught.

(32)


TIPS ON HOW TO AVOID E-FRAUD

The Internet is no different from the real world in that as long as you are careful you can avoid problems. You would never buy a product from a stranger who telephoned you offering something for sale and asking for your credit card number. So why would you buy something from a website you know nothing about?

The best advice for avoiding e-fraud is very simple: be careful.Avoiding e-fraud is not difficult, it just requires due diligence.

When dealing with a company, before you make a purchase, be sure that they are someone you know and trust. Conduct research about the company to find out their track record and where they are physically located. Knowing as much as possible about the company will allow for a faster resolution if there are any problems.

Make sure you completely understand the offer. Read all the information about the products or services the company is offering. Ask for more information if you do not feel there is enough provided. Legitimate companies will have no problem sending you more Information. If a company refuses or does not respond to your Enquiries do not take the risk of dealing with them.

Never judge a website by its appearance. Anyone can create a flashy website. Just because it looks professional does not mean it is run by a professional!

Never give out financial or other personal information such as bank account or credit card numbers unless you are sure that the company is legitimate and the information in necessary for the transaction.

Credit Card payment is safest because you can dispute the charges if the goods are misrepresented or never arrive.

(33)


FRAUDS IN TECHNOLOGICAL ENVIRONMENT

The history of computer crime is as old as the computer itself. Any new technology or development can be used for both constructive as well as destructive purposes. The same is true with computer and information technology. When most of the people are using computers for constructive, ethical and legal purposes, there are some who are using these for destructive, unethical or illegal purposes.

Broadly speaking, if a fraud is committed, with the help of a computer, it can be called "Computer Crime". Computer crime can be of any shape, type, colour or contour. Several attempts have been made to define computer crime by various experts, based on the circumstances. Although, there is no international consensus on the concept of computer crime, the following definitions are worth considering.

A group of experts that met within the framework of the Organization of Economic Cooperation and Development (OECD), adopted the following as a working definition- “Computer abuse is considered as any illegal, unethical or unauthorized behaviour relating to automatic processing and the transmission of data."

One expert has defined computer crime as: "Any illegal action in· which a computer is a tool or object of the crime, in other words, any crime, the means and purpose of which is to influence the function of a computer."

Another definition of computer abuse is: "Any incident associated with computer technology in which the victim suffered or could have' suffered loss, and the perpetrator, by intention, made or could have made a gain."

"Acts committed by someone with or without using computer, to make the computer and/or Network to behave in an undesired manner."

"If due to some person's act, the computer doesn't perform the functions for which it is being installed and causes the loss of money, goodwill or mental peace, then this act can be termed as computer crime."

An individual's attempt, fraudulently or otherwise:

To prevent the computer to perform its duties as designed, or

(34)


To slowdown its operations, or

To corrupt the data or software, or

To copy the data or software without authority are computer crimes.

In the new technological environment the computers can be used for committing various crimes through fraudulent means in the banking sector. These may include data related frauds and software-related frauds. The banks have developed services technical devices to check and control these frauds and other related crimes.

Check Fraud Tips for the Consumer

Fraud professionals have become increasingly skilled and sophisticated, thanks to advances in readily available technology such as personal computers, scanners and color photocopiers. Criminals today can defraud you and your financial institution quite easily with a blank check taken from your check book, a canceled check found in your garbage, or a check you mailed to pay a bill. Therefore, it is important to follow a common-sense, logical approach with the way you use and store your checks.

1) Make sure your checks are endorsed by your financial institution and incorporate security features that help combat counterfeiting and alteration.

2) Store your checks, deposit slips, bank statements and canceled checks in a secure and locked location. Never leave your checkbook in your vehicle or in the open.

3) Reconcile your bank statement within 30 days of receipt in order to detect any irregularities. Otherwise, you may become liable for any losses due to check fraud.

4) Never give your account number to people you do not know, especially over the telephone. Be particularly aware of unsolicited phone sales. Fraud artists can use your account without your authorization and you may end up being responsible.

(35)


6) Unless needed for tax purpose, destroy old canceled checks, account statements, deposit tickets, ATM receipts (they also frequently have your account number and worse yet, your account balance). The personal information on it may help someone impersonate you and take money from your account.

7) When you receive your check order, make sure all of the checks are there, and that none are missing. Report missing checks to your bank at once. Should you fail to receive your order by mail, alert your bank. Checks could have been stolen from mail box or lost in transient.

8) If your home is burglarized, check your supply of checks to determine if any have been stolen. Look closely, because thieves will sometimes take only one or two checks from the middle or back of the book. The longer it takes to detect any of your checks have been taken, the more time the criminal has to use them successfully.

9) If someone pays you with a cashier's check, have them accompany you to the bank to cash it. If at all possible, only accept a check during normal business hours so you can verify whether it is legitimate. Make sure you obtain identification information from the individual

10) Do not mail bills from your mailbox at night. It is a favorite location from which a criminal can gain possession of your check with the intent to defraud you. Criminals will remove a check from your mailbox and either endorse it using bogus identification, photocopy and cash it repeatedly, scan and alter the check, or chemically alter it. The Post Office is the best location from which to send your bill payment.

11) Limit the amount of personal information on your check. For example, do not include your Social Security, driver's license or telephone numbers on your check. A criminal can use this information to literally steal your identity by applying for a credit card or loan in your name, or even open a new checking account.

12) Don't leave blank spaces on the payee and amount lines.

13) The type of pen you use makes a difference. Most ballpoint and marker inks are dye based, meaning that the pigments are dissolved in the

(36)


ink. But, based on ink security studies, gel pens, like the Uniball 207 uses gel ink that contains tiny particles of color that are trapped into the paper, making check washing a lot more difficult.

14) Don't write your credit card number on the check.

15) Use your own pre-printed deposit slips, and make sure the account number on your slip is correct. Thieves occasionally alter deposit slips in the hope you won't notice and the money goes into their account.

16) Don't make a check payable to cash. If lost or stolen, the check can be cashed by anyone.

17) Never endorse a check until you are ready to cash or deposit it. The information can be altered if it is lost or stolen.

(37)


CASE STUDY

ICICI Bank Phishing

Did you know that e-mails, long considered the most convenient form of communication, can actually spring some nasty surprises for you? Recently, a few ICICI Bank customers in Mumbai, to their utter dismay, discovered that e-mails can be extremely hazardous, if not to their health, at least to their security. These ICICI Bank customers received an e-mail from someone who posed as an official of the bank and asked for sensitive information like the account holder's Internet login name and password and directed them to a Web page that resembled the bank's official site. When some customers wrote in to find out what the e-mail was about, the bank officials registered a complaint with the police.

What happened in the case of the e-mail scam involving ICICI Bank?

A few customers of ICICI Bank received an e-mail asking for their Internet login name and password to their account. The e-mail seemed so genuine that some users even clicked on the URL given in the mail to a Web page that very closely resembled the official site. The scam was finally discovered when an assistant manager of ICICI Bank's information security cell received e-mails forwarded by the bank's customers seeking to crosscheck the validity of the e-mails with the bank. Such a scam is known as 'phishing.'

What does phishing mean?

Phishing means sending an e-mail that falsely claims to be a particular enterprise and asking for sensitive financial information. Phishing, thus, is an attempt to scam the user into

(38)


surrendering private information that will then be used by the scammer for his own benefit Phishing uses 'spoofed' e-mails and fraudulent Web sites that look very similar to the real ones thus fooling the recipients into giving out their personal data. Most phishing attacks ask for credit card numbers, account usernames and passwords. According to statistics phishers are able to convince up to five per cent of the recipients who respond to them.

How can you make out if an e-mail is genuine or not?

There are ways to 'spoof' an e-mail so that it appears to come from someone other than the person who is actually sending it. E-mail spoofing is a popular way of scamming online. An e-mail can be spoofed by tweaking the settings of e-mail clients like Outlook Express, Netscape Messenger and Eudora. However, finding out whether an e-mail is genuine or not is not very difficult. Every e-mail message contains headers that have the following information:

Origin: which shows information about the machine that, sent it,Relay: which shows the sender machine relaying it to another &Final destination : which shows the machine that, receives it, the IP address and the domain name?

That sounds a little complicated. Is there any easier way?

Not really. But following these three guidelines can help protect you.

1) A legitimate financial institution will never ask for details of your account via an e-mail. A corollary to this rule is that never e-mail financial information over the Internet. E-mail is not a secure method for transmitting this kind of information. 2) If you initiate a transaction and want to provide your personal or financial information through an organisation's Web site, look

(39)


for indicators that the site is secure, like a lock icon on the browser's status bar or a URL for a Web site that begins 'https:' (the 's' stands for 'secure').

3) Unfortunately no indicator is foolproof, so always call your local bank and ask for verification before responding to any form of electronic correspondence that claims to come from the bank.

What are the other popular e-mail scams?

The Nigerian scam is another very popular e-mail related scam that has found a few victims in India. The scam itself is simple. An e-mail, which claims to be written by a prominent official from an African country asks the recipient to help them release millions in the bank and offers them a share of the bounty. Once the recipient responds he is asked to visit the (African) country and meet with officials to collect the money. But once there, instead of getting money, he is forced to cough up a considerable sum. This scam is known as the 'Advance Fee Fraud' or '419 Fraud,' after the section of the Nigerian Penal Code that specifically prohibits this con.

(40)


Micro World - ICICI Bank Phishing Scam Targets Customers in India - 06 July 2006

Phishing is a relatively new phenomenon in India, though United States, South America and Europe have been reeling under its impact for years now. The new scam mail targeting the rather soft Indian customer, who's naive in terms of awareness on such activities, goes ahead and tries a contemporary trend in international online fraud. It tells users that a popular bank is updating their online security mechanism, so the user should key-in his banking information in the website that the fake email leads them to!

Security Analysts at Micro World Technologies warn that a Phishing mail in the name of one of India's leading Banks, ICICI, has been found to be spammed to targeted user groups for the last couple of weeks, aiming to steal sensitive financial information.

The mail reads that the ICICI bank is upgrading to a new SSL Server to insulate customers against online Identity Theft and other criminal activities. Users are told to confirm their personal banking information following the link given in the mail. It also warns that if the user does not complete the form, the online bank account will be suspended till further notification. Once the user clicks on the link, he is taken to a bogus website that looks identical to the original one, where he is made to part with his account number, password and PIN number.

Phishing is the cyber form of Identity Theft using fake spam emails and fake websites of reputed financial organizations. You receive an email that seems to be coming from a reputed bank, Credit Card firm, Auction website or any other financial institution. The message tries one of the several tricks to induce you to click on a link provided in the mail and gets you to reveal your personal information. This stolen information is used for sophisticated Online Robbery, Identity Theft and other Internet related crimes.

(41)


The Anti-Phishing Working Group, an industry consortium formed to fight this mode of crime, says in its study that the attacks in recent months were double that of what were reported in the same months last year. With e-commerce growing rapidly, Phishing attempts may grow multifold this year, faking more brands and institutions to loot more victims around the globe.

Every single psychological ploy, right from shocking, luring, scaring and threatening directly have been used by scam artists as ways of mass "Social Engineering" to get the potential victims to fall in line. There were mails that posed as regular account verification from the banks, the ones that offered users free tickets and coupons for filling in a survey, the types that told users that their account is compromised by identity thieves and more recently, security warnings, like the ones witnessed in the ICICI bank scam.

(42)


Globalize Fraud Not Global Trust

Global Trust Bank was established in 1994 by Ramesh Gilli, a high profile public sector banker fancied himself as being among the top and most innovative banker In the country.

Gelli was the chairman & Managing Director of Vysya bank at the time when the government chooses to permit the entry. Once Global Trust Bank was created there was stopping for Gelli & his associates.

The search for high returns soon took the bank to the stock market, where its involvement in the speculative activities associated with the Ketan Parekh scam and its high exposure soon resulted in substantial losses.

This led to the exit of Ramesh Gelli in 2001, but matters did not improve under the new management. The which was under the instruction to clean up its balance sheets by inducting new capital and reforming its practices reported a net profit of Rs 40 crore and a positive networth of Rs 400 crore at the end of the financial year in March 2002.

(43)


Manipulated Figures

However the Reserve Bank of India (RBI) soon discovered that even the certified auditors of the bank had allowed a set of manipulated numbers to be reported and that actually the bank’s networth was negative.

A year later Global Trust Bank reported an overall loss, but also substantial reduction in Non Performing Assets (NPA), significant provisioning against loss, making assets & operating profit. The Reserve Bank of India (RBI) welcomed these developments, suggesting that under a new management the bank was on the mend.

But soon the RBI discovered that the net worth of the bank was turning worse and that it had no capital to sustain its operations. Circumstances had insured, despite the forbearance of the RBI in the hope of a solution, that unless substantial new capital was infused into the bank, there was no hope of revival.

Conclusion

The scramble for mergers in the banking sectors gives rise to many questions. Can mergers alone take care of the banking ills? Are these the only recipe for survival in globalize and competitive environment? And do size based merger strategies make good sense in a developing economy like India? These questions need to be addressed to evolve a framework of strategy for competition based environment & on organizations resources & capabilities.

Some banking experts believe that a merger with a right bank can help a bank to increase its networth & hence its capital

(44)


adequacy. In the case of private sector banks, where the promoters are required compulsorily to dilute their stake to the stipulated 40%, the deadline for which is March 2001, mergers can be useful to take care of the mandatory requirement. This apart, mergers would also expand the business opportunities for both the banks.

There is no doubt that the bank in India need to be sensitive to the fast changing economic environment, to achieve this, focus must be on ensuring that the funds mobilized by banks generate adequate returns in the excess of the cost of capital. Also, they should on an on going basis, endeavor to invest in technology that increases their reach & enhances customer satisfaction.

Mergers & Acquisitions (M & A) can help banks restructure in a way that gives them superior organizational capabilities, resulting in a sustainable competitive environment.

(45)


COOP. BANK SCAMS: EFFECTIVE GOVERNANCE STRUCTURE CRUCIAL

A SURGE OF DEPOSITORS INSIDE A COOPERATIVE BANK IN SECUNDERABAD IN THE WAKE OF REPORTS SUGGESTING THAT THE BANK HAS GONE TO SEED. — AP

WITH THE surfacing of the co-operative banks scam, once again the financial sector and its markets fell victim to the regulator's failure to check malpractices within the system. The new scam involving the co-operative sector points to a crying need to have a speedier and better coordinated process for dealing with financial frauds as well as an effective governance structure and settlement system for efficient functioning of financial institutions.

The present crisis is virtually a replica of the 1992-securities scam that involved Harshad Mehta. While Mehta used banker's receipts to have an easy access to huge funds, this time, Home Trade Ltd., a broking firm, used government securities (G-Secs) to avail itself of money. The Nagpur District Central Co-operative Bank gave Rs.124 crores to Home Trade on the assurance that the broking firm would deliver G-Secs worth the

(46)


same amount to the bank within 30 days. But these securities were never delivered. An analysis reveals that the scams more or less followed the same pattern — The Ketan Parekh — Madhavpura Mercantile Co-operative Bank (MMCB) scam occurred in 2001 and is also an instance of diversion of funds from the banking sector to the stock market, like the 1992 securities scam.

In 1994, close on the heels of the 1992-securities scam, the Reserve Bank of India put in place a delivery versus payment (DVP) system under the Public Debt Office (PDO) of the central bank. This is linked to Subsidiary General Ledger (SGL) accounts in banks. At the end of the day the buyer or seller will have to fill the SGL form and deliver it to the RBI. Now with the inception of Clearing Corporation of India Ltd. (CCIL), the SGL form filling procedure no longer exists.

However, co-operative banks are out of the purview of the DVP system. The RBI could have brought in co-operative banks under the ambit of DVP system when the MMCB scam broke-out. Last Monday all RBII-regulated entities have been asked to hold G-Sec in demat form. But the RBI waited for a scam to surface in order to initiated fire-fighting measures. Further, under no circumstances can the RBI allow a broker to act as a principal (a broker can only act as an intermediary between principals and cannot assume the role of a principal). In this case, Home Trade acted as a principal. Another issue is that many co-operative banks are not having Treasury divisions, which trade in securities. How the RBI allowed any bank without a Treasury division to operate in a debt market is a question that can be raised. In the case of co-operative banks, all the decisions of investment in securities are taken by the boards of directors which are elected rather than a full fledged Treasury that would otherwise be run by professionals.

The role of Primary Dealers (PDs) is also in focus at this point of time. PDs are interested only in large dealings rather than small deals of co-operatives. Moreover, PDs are interested in running a book to make proprietary trading profits rather than disseminating debt to and developing the non-wholesale debt

(47)


market for which they were set up. A banking source told The Hindu, that a large co-operative body has already approached the RBI to act as a PD for the co-operative sector. This could help the co-operative sector get professional help in the dealing of securities in the debt market.

(48)

Bank Fraudsss

Documents