Financial Frauds in Cyber Space - The Associated Chambers of ...
Financial Frauds in Cyber Space - The Associated Chambers of ...
Financial Frauds in Cyber Space - The Associated Chambers of ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>F<strong>in</strong>ancial</strong> <strong>Frauds</strong> <strong>in</strong> <strong>Cyber</strong><br />
<strong>Space</strong><br />
N. S. Napp<strong>in</strong>ai<br />
Advocate<br />
Napp<strong>in</strong>ai & Co.,<br />
Founder Member – Technology Law Forum<br />
napp<strong>in</strong>ai@napp<strong>in</strong>ai.com<br />
N S Napp<strong>in</strong>ai©
What’s the New Face <strong>of</strong><br />
Crime?<br />
• Chang<strong>in</strong>g pr<strong>of</strong>ile <strong>of</strong> the perpetrator;<br />
• Farther reach / larger victim base;<br />
• Assumed Anonymity;<br />
• Comity <strong>of</strong> Nations;<br />
• International Enforcement;<br />
• Practicalities – crimes aga<strong>in</strong>st Persons Vs. Crimes<br />
aga<strong>in</strong>st Nations;<br />
• Legal Black holes – procedures;<br />
N S Napp<strong>in</strong>ai©
What has India to <strong>of</strong>fer as<br />
protection?<br />
• Indian Penal Code (IPC);<br />
• Information Technology Act, 2000 (as<br />
amended) (IT Act);<br />
• Special Enactments – i.e., Prevention <strong>of</strong><br />
Money Launder<strong>in</strong>g Act, 2002; Prize Chits<br />
& Money Circulation Schemes (Bann<strong>in</strong>g<br />
Act, 1978);<br />
• Indian Contract Act, 1872<br />
N S Napp<strong>in</strong>ai©
<strong>Cyber</strong> Security – An<br />
Oxymoron?<br />
• Is “<strong>Cyber</strong> Security” as tenuous as the doma<strong>in</strong> it applies to?<br />
• Where is the emphasis? – <strong>in</strong> prevention or cure?<br />
• Broad Classifications:<br />
• Security <strong>of</strong> Nations – <strong>Cyber</strong> Terrorism;<br />
• Economy Driven – <strong>F<strong>in</strong>ancial</strong> <strong>Frauds</strong>; Bank <strong>Frauds</strong> / thefts<br />
onl<strong>in</strong>e; Phish<strong>in</strong>g; Hack<strong>in</strong>g; Credit Card <strong>Frauds</strong>; Nigerian<br />
<strong>Frauds</strong>; Protection <strong>of</strong> Confidential and proprietary data and<br />
<strong>in</strong>formation;<br />
• Privacy / Personal Data Protection – aga<strong>in</strong>st dissem<strong>in</strong>ation;<br />
use & misuse without permission (spamm<strong>in</strong>g; mapp<strong>in</strong>g;<br />
targeted market<strong>in</strong>g etc.,);<br />
N S Napp<strong>in</strong>ai©
Venture Global Eng<strong>in</strong>eer<strong>in</strong>g Vs. Satyam<br />
Computer Services Ltd (11.08.2010)<br />
• S.17 Indian Contract Act, 1872: `Fraud’ <strong>in</strong>cludes<br />
acts committed by a party to a contract, or with<br />
his connivance, or by his agent, with <strong>in</strong>tent to<br />
deceive another party thereto or his agent, or to<br />
<strong>in</strong>duce him to enter <strong>in</strong>to the contract:- (1) the<br />
suggestion, as a fact, <strong>of</strong> that which is not true, by<br />
one who does not believe it to be true; (2) the<br />
active concealment <strong>of</strong> a fact by one hav<strong>in</strong>g<br />
knowledge or belief <strong>of</strong> the fact;<br />
N S Napp<strong>in</strong>ai©
Contd., - “Fraud Def<strong>in</strong>ed”<br />
• (3) a promise made without any <strong>in</strong>tention <strong>of</strong><br />
perform<strong>in</strong>g it; (4) any other act fitted to deceive; (5)<br />
any such act or omission as the law specially<br />
declares to be fraudulent.<br />
• Explanation.-Mere silence as to facts likely to affect<br />
the will<strong>in</strong>gness <strong>of</strong> a person to enter <strong>in</strong>to a contract is<br />
not fraud, unless the circumstances <strong>of</strong> the case are<br />
such that, regard be<strong>in</strong>g had to them, it is the duty <strong>of</strong><br />
the person keep<strong>in</strong>g silence to speak, or unless his<br />
silence, is, <strong>in</strong> itself, equivalent to speech.<br />
N S Napp<strong>in</strong>ai©
Crim<strong>in</strong>al Law & Fraud<br />
• No def<strong>in</strong>ition <strong>in</strong> IPC. Most acts done with “dishonest”<br />
or “fraudulent” <strong>in</strong>tent however classified as crim<strong>in</strong>al<br />
<strong>of</strong>fences, like:<br />
• Cheat<strong>in</strong>g (417 – 420 IPC);<br />
• Misappropriation and crim<strong>in</strong>al breach <strong>of</strong> trust.<br />
(403; 405);<br />
• Forgery <strong>in</strong>clud<strong>in</strong>g <strong>of</strong> electronic records <strong>in</strong>clud<strong>in</strong>g<br />
with <strong>in</strong>tention to cheat; harm persons’ reputation;<br />
by employee etc.,; (463 – 471 IPC);<br />
• IT Act – S.43 r/w S.66; S.66C; 66D;<br />
N S Napp<strong>in</strong>ai©
Old W<strong>in</strong>e <strong>in</strong> a New Bottle<br />
– Boon or Bane?<br />
• S.66: Transpos<strong>in</strong>g S.43 to S.66 – <strong>of</strong>fence when<br />
same actions done with dishonest / fraudulent<br />
<strong>in</strong>tent (3 yrs & f<strong>in</strong>e up to Rs.5 Lacs):<br />
• secur<strong>in</strong>g unauthorized access;<br />
• download<strong>in</strong>g / copy<strong>in</strong>g <strong>of</strong> data stored <strong>in</strong> a<br />
computer / computer system;<br />
• <strong>in</strong>troduc<strong>in</strong>g computer viruses;<br />
• damag<strong>in</strong>g computers and / or data stored<br />
there<strong>in</strong>;
S.66 Contd.,<br />
• Section 66 Contd.,:<br />
• disrupt<strong>in</strong>g computers;<br />
• denial <strong>of</strong> access;<br />
• illegal charg<strong>in</strong>g for services onto account <strong>of</strong><br />
another.<br />
• Destroys, deletes or alters any <strong>in</strong>formation resid<strong>in</strong>g <strong>in</strong><br />
a computer etc., or dim<strong>in</strong>ishes its value, utility or<br />
affects it <strong>in</strong>juriously;<br />
• Steals, conceals, destroys, alters any computer source<br />
code or causes commission <strong>of</strong> such acts with <strong>in</strong>tent<br />
to cause damage;<br />
• Abetment <strong>of</strong> such acts by assist<strong>in</strong>g others;
Personal Security:<br />
Identity theft &<br />
Impersonation<br />
• S.66C: Identity <strong>The</strong>ft: Fraudulent or<br />
dishonest use <strong>of</strong> electronic signature,<br />
identity password or unique identification<br />
feature – punishable with imprisonment up<br />
to 3 yrs & f<strong>in</strong>e <strong>of</strong> up to Rs.1 Lac.;<br />
• S.66D: Cheat<strong>in</strong>g by impersonat<strong>in</strong>g –<br />
punishable with imprisonment up to 3 yrs &<br />
f<strong>in</strong>e <strong>of</strong> up to Rs.1 Lac.<br />
N S NAPPINAI ©
Hack & Crack<br />
• May 20, 2013: Current account <strong>of</strong> RPG Group hacked &<br />
Rs.2.34 Crores siphoned out us<strong>in</strong>g RTGS;<br />
• May 9, 2013: Global cyber crime r<strong>in</strong>g steals $45 million<br />
from two Middle Eastern banks by hack<strong>in</strong>g <strong>in</strong>to credit<br />
card process<strong>in</strong>g firms (In India & USA) & withdraw<strong>in</strong>g<br />
money from ATMs <strong>in</strong> 27 countries;<br />
• Norton security report: September 2012, 42 million<br />
Indians were victims <strong>of</strong> cyber crime los<strong>in</strong>g $8 billion<br />
dollars (Rs.44,000 Crores) <strong>in</strong> 12 months.<br />
• Mphasis Data theft case: huge impact on the BPO<br />
<strong>in</strong>dustry <strong>in</strong> India. highlighted the lack <strong>of</strong> Data Protection<br />
Laws <strong>in</strong> India;<br />
N S Napp<strong>in</strong>ai©
F<strong>in</strong>ance through Fraud!<br />
• Case <strong>of</strong> Pranab Mitra (a former executive <strong>of</strong><br />
Gujarat Ambuja Cement);<br />
• Daredevil fraud aga<strong>in</strong>st one V.R. N<strong>in</strong>awe, an<br />
Abu Dhabi based victim;<br />
• Culprit cheats by first pos<strong>in</strong>g as “Rita Basu” &<br />
then as “Ruchira Sengupta” & by concoct<strong>in</strong>g a<br />
case <strong>of</strong> suicide etc.,<br />
• Fraud to the tune <strong>of</strong> Rs.95 Lakhs!;<br />
N S Napp<strong>in</strong>ai©
Fraud Affect<strong>in</strong>g Individual<br />
Rights<br />
• MphasiS-MsourcE – Citibank e-bank<strong>in</strong>g Fraud<br />
(2005):<br />
• Employees misuse their position to obta<strong>in</strong> and<br />
reta<strong>in</strong> confidential details <strong>of</strong> account holders.<br />
• Get password/PIN numbers from customers on<br />
the phone;<br />
• Misuse data to siphon out funds;<br />
• One <strong>of</strong> the fastest and earliest detections <strong>of</strong><br />
<strong>Cyber</strong> Crime;<br />
N S Napp<strong>in</strong>ai©
Pr<strong>of</strong>essors or Police – Not<br />
spared<br />
• Mumbai Police lose lakhs to Greek Crim<strong>in</strong>als;<br />
• Debit card details illegally procured & <strong>in</strong> a<br />
sweep attack overnight about 37 a/cs<br />
<strong>in</strong>clud<strong>in</strong>g <strong>of</strong> 15 cops, cleaned out. After<br />
<strong>in</strong>quiry, Bank has reimbursed the victims;<br />
• Joy Kutty, Associate pr<strong>of</strong>essor <strong>of</strong> SNDT<br />
Women's University, loses Rs.88,000/-<br />
through Bank fraud – recovers after pursu<strong>in</strong>g<br />
crim<strong>in</strong>al action;<br />
N S Napp<strong>in</strong>ai©
Credit / Debit Card Fraud<br />
• Phish<strong>in</strong>g attacks – still a menace. Innumerable<br />
warn<strong>in</strong>gs – not paid heed to; <strong>in</strong>novation <strong>in</strong> same<br />
crime!<br />
• India – high on the phish<strong>in</strong>g site host<strong>in</strong>g chart;<br />
• Mumbai accounts for maximum phish<strong>in</strong>g attacks<br />
followed by Delhi and then Chennai & Bangalore;<br />
• Credit / Debit Card frauds still on the rise;<br />
• Banks’ liability Vs. Individual Liability;<br />
• Availability <strong>of</strong> Civil & Crim<strong>in</strong>al remedies;<br />
N S Napp<strong>in</strong>ai©
Civil Penalty proves<br />
efficacious<br />
• Umashankar Sivasubramaniam Vs. ICICI<br />
Bank (2010);<br />
• Case filed before Adjudicat<strong>in</strong>g Officer,<br />
Chennai;<br />
• Phish<strong>in</strong>g result<strong>in</strong>g <strong>in</strong> money transfer <strong>of</strong> about<br />
Rs.6.5 Lakhs<br />
• Adjudicat<strong>in</strong>g <strong>of</strong>ficer awards about Rs.12.85<br />
Lakhs compensation <strong>in</strong>clud<strong>in</strong>g travel costs <strong>of</strong><br />
Compla<strong>in</strong>ant, who was based on Abu Dhabi.<br />
N S Napp<strong>in</strong>ai©
<strong>F<strong>in</strong>ancial</strong> Institutions fall prey<br />
to Bank<strong>in</strong>g Fraud (2013)<br />
• West Bengal Infrastructure Development<br />
F<strong>in</strong>ance Corp. (WBIDFC) transfers about 120<br />
Crores to UCO Bank, Kolkatta, by RTGS on two<br />
tranches – August 2012 & January 2013 for<br />
start<strong>in</strong>g term deposits;<br />
• Amounts however siphoned out by one Pradeep<br />
Chongdar, Proprietor, SA Enterprises;<br />
• Documents submitted by Pradeep found to be<br />
fake; address fake – KYC?;<br />
• About 82 Lakhs siphoned out – still not traced!;<br />
N S Napp<strong>in</strong>ai©
Nigerian Fraud goes Global!<br />
• Email requests for f<strong>in</strong>ancial assistance cit<strong>in</strong>g dire<br />
straits – on the rise;<br />
• More focused and targeted crime – details too<br />
close to the truth!<br />
• Hacked accounts; personal data onl<strong>in</strong>e menace;<br />
• Some reported cases: Pune case <strong>of</strong> 6<br />
bus<strong>in</strong>essmen’s email a/c hacked and foreign<br />
counterparts contacted for funds;<br />
• KYC comes under scrut<strong>in</strong>y;<br />
N S Napp<strong>in</strong>ai©
Money Circulation & Money<br />
Launder<strong>in</strong>g onl<strong>in</strong>e<br />
• MLM Companies on the rise;<br />
• Onl<strong>in</strong>e presence broadens the victim base!<br />
• Money Launder<strong>in</strong>g – a proximate cause?<br />
• Greed as a driver?<br />
• Application <strong>of</strong> Prize Chits & Money<br />
Circulation Scheme (Bann<strong>in</strong>g) Act, upheld;<br />
• Efficacy <strong>of</strong> prosecutions;<br />
N S Napp<strong>in</strong>ai©
Jurisdiction <strong>in</strong> <strong>Cyber</strong><br />
<strong>Space</strong><br />
• Long Arm jurisdiction under IPC (179 IPC) & IT Act<br />
(S.75 IT Act);<br />
• Territorial Jurisdiction based on where<br />
consequences arise;<br />
• Efficacy <strong>of</strong> Long Arm Jurisdiction?;<br />
• Speed – A victim <strong>of</strong> circumstances?<br />
• Pivotal Role <strong>of</strong> Jurisdictional issues <strong>in</strong> the<br />
enforcement <strong>of</strong> <strong>Cyber</strong> Laws;<br />
• Shadow l<strong>in</strong>es make for strong Barriers!!<br />
• Extradition – out <strong>of</strong> reach?<br />
N S NAPPINAI ©
Q & A<br />
THANK YOU<br />
N S NAPPINAI<br />
ADVOCATE<br />
(napp<strong>in</strong>ai@napp<strong>in</strong>ai.com)<br />
N S Napp<strong>in</strong>ai©