Financial Frauds in Cyber Space - The Associated Chambers of ...

Financial Frauds in Cyber
Space
N. S. Nappinai
Advocate
Nappinai & Co.,
Founder Member – Technology Law Forum
nappinai@nappinai.com
N S Nappinai©

What’s the New Face of
Crime?
• Changing profile of the perpetrator;
• Farther reach / larger victim base;
• Assumed Anonymity;
• Comity of Nations;
• International Enforcement;
• Practicalities – crimes against Persons Vs. Crimes
against Nations;
• Legal Black holes – procedures;
N S Nappinai©

What has India to offer as
protection?
• Indian Penal Code (IPC);
• Information Technology Act, 2000 (as
amended) (IT Act);
• Special Enactments – i.e., Prevention of
Money Laundering Act, 2002; Prize Chits
& Money Circulation Schemes (Banning
Act, 1978);
• Indian Contract Act, 1872
N S Nappinai©

Cyber Security – An
Oxymoron?
• Is “Cyber Security” as tenuous as the domain it applies to?
• Where is the emphasis? – in prevention or cure?
• Broad Classifications:
• Security of Nations – Cyber Terrorism;
• Economy Driven – Financial Frauds; Bank Frauds / thefts
online; Phishing; Hacking; Credit Card Frauds; Nigerian
Frauds; Protection of Confidential and proprietary data and
information;
• Privacy / Personal Data Protection – against dissemination;
use & misuse without permission (spamming; mapping;
targeted marketing etc.,);
N S Nappinai©

Venture Global Engineering Vs. Satyam
Computer Services Ltd (11.08.2010)
• S.17 Indian Contract Act, 1872: `Fraud’ includes
acts committed by a party to a contract, or with
his connivance, or by his agent, with intent to
deceive another party thereto or his agent, or to
induce him to enter into the contract:- (1) the
suggestion, as a fact, of that which is not true, by
one who does not believe it to be true; (2) the
active concealment of a fact by one having
knowledge or belief of the fact;
N S Nappinai©

Contd., - “Fraud Defined”
• (3) a promise made without any intention of
performing it; (4) any other act fitted to deceive; (5)
any such act or omission as the law specially
declares to be fraudulent.
• Explanation.-Mere silence as to facts likely to affect
the willingness of a person to enter into a contract is
not fraud, unless the circumstances of the case are
such that, regard being had to them, it is the duty of
the person keeping silence to speak, or unless his
silence, is, in itself, equivalent to speech.
N S Nappinai©

Criminal Law & Fraud
• No definition in IPC. Most acts done with “dishonest”
or “fraudulent” intent however classified as criminal
offences, like:
• Cheating (417 – 420 IPC);
• Misappropriation and criminal breach of trust.
(403; 405);
• Forgery including of electronic records including
with intention to cheat; harm persons’ reputation;
by employee etc.,; (463 – 471 IPC);
• IT Act – S.43 r/w S.66; S.66C; 66D;
N S Nappinai©

Old Wine in a New Bottle
– Boon or Bane?
• S.66: Transposing S.43 to S.66 – offence when
same actions done with dishonest / fraudulent
intent (3 yrs & fine up to Rs.5 Lacs):
• securing unauthorized access;
• downloading / copying of data stored in a
computer / computer system;
• introducing computer viruses;
• damaging computers and / or data stored
therein;

S.66 Contd.,
• Section 66 Contd.,:
• disrupting computers;
• denial of access;
• illegal charging for services onto account of
another.
• Destroys, deletes or alters any information residing in
a computer etc., or diminishes its value, utility or
affects it injuriously;
• Steals, conceals, destroys, alters any computer source
code or causes commission of such acts with intent
to cause damage;
• Abetment of such acts by assisting others;

Personal Security:
Identity theft &
Impersonation
• S.66C: Identity Theft: Fraudulent or
dishonest use of electronic signature,
identity password or unique identification
feature – punishable with imprisonment up
to 3 yrs & fine of up to Rs.1 Lac.;
• S.66D: Cheating by impersonating –
punishable with imprisonment up to 3 yrs &
fine of up to Rs.1 Lac.
N S NAPPINAI ©

Hack & Crack
• May 20, 2013: Current account of RPG Group hacked &
Rs.2.34 Crores siphoned out using RTGS;
• May 9, 2013: Global cyber crime ring steals $45 million
from two Middle Eastern banks by hacking into credit
card processing firms (In India & USA) & withdrawing
money from ATMs in 27 countries;
• Norton security report: September 2012, 42 million
Indians were victims of cyber crime losing $8 billion
dollars (Rs.44,000 Crores) in 12 months.
• Mphasis Data theft case: huge impact on the BPO
industry in India. highlighted the lack of Data Protection
Laws in India;
N S Nappinai©

Finance through Fraud!
• Case of Pranab Mitra (a former executive of
Gujarat Ambuja Cement);
• Daredevil fraud against one V.R. Ninawe, an
Abu Dhabi based victim;
• Culprit cheats by first posing as “Rita Basu” &
then as “Ruchira Sengupta” & by concocting a
case of suicide etc.,
• Fraud to the tune of Rs.95 Lakhs!;
N S Nappinai©

Fraud Affecting Individual
Rights
• MphasiS-MsourcE – Citibank e-banking Fraud
(2005):
• Employees misuse their position to obtain and
retain confidential details of account holders.
• Get password/PIN numbers from customers on
the phone;
• Misuse data to siphon out funds;
• One of the fastest and earliest detections of
Cyber Crime;
N S Nappinai©

Professors or Police – Not
spared
• Mumbai Police lose lakhs to Greek Criminals;
• Debit card details illegally procured & in a
sweep attack overnight about 37 a/cs
including of 15 cops, cleaned out. After
inquiry, Bank has reimbursed the victims;
• Joy Kutty, Associate professor of SNDT
Women's University, loses Rs.88,000/-
through Bank fraud – recovers after pursuing
criminal action;
N S Nappinai©

Credit / Debit Card Fraud
• Phishing attacks – still a menace. Innumerable
warnings – not paid heed to; innovation in same
crime!
• India – high on the phishing site hosting chart;
• Mumbai accounts for maximum phishing attacks
followed by Delhi and then Chennai & Bangalore;
• Credit / Debit Card frauds still on the rise;
• Banks’ liability Vs. Individual Liability;
• Availability of Civil & Criminal remedies;
N S Nappinai©

Civil Penalty proves
efficacious
• Umashankar Sivasubramaniam Vs. ICICI
Bank (2010);
• Case filed before Adjudicating Officer,
Chennai;
• Phishing resulting in money transfer of about
Rs.6.5 Lakhs
• Adjudicating officer awards about Rs.12.85
Lakhs compensation including travel costs of
Complainant, who was based on Abu Dhabi.
N S Nappinai©

Financial Institutions fall prey
to Banking Fraud (2013)
• West Bengal Infrastructure Development
Finance Corp. (WBIDFC) transfers about 120
Crores to UCO Bank, Kolkatta, by RTGS on two
tranches – August 2012 & January 2013 for
starting term deposits;
• Amounts however siphoned out by one Pradeep
Chongdar, Proprietor, SA Enterprises;
• Documents submitted by Pradeep found to be
fake; address fake – KYC?;
• About 82 Lakhs siphoned out – still not traced!;
N S Nappinai©

Nigerian Fraud goes Global!
• Email requests for financial assistance citing dire
straits – on the rise;
• More focused and targeted crime – details too
close to the truth!
• Hacked accounts; personal data online menace;
• Some reported cases: Pune case of 6
businessmen’s email a/c hacked and foreign
counterparts contacted for funds;
• KYC comes under scrutiny;
N S Nappinai©

Money Circulation & Money
Laundering online
• MLM Companies on the rise;
• Online presence broadens the victim base!
• Money Laundering – a proximate cause?
• Greed as a driver?
• Application of Prize Chits & Money
Circulation Scheme (Banning) Act, upheld;
• Efficacy of prosecutions;
N S Nappinai©

Jurisdiction in Cyber
Space
• Long Arm jurisdiction under IPC (179 IPC) & IT Act
(S.75 IT Act);
• Territorial Jurisdiction based on where
consequences arise;
• Efficacy of Long Arm Jurisdiction?;
• Speed – A victim of circumstances?
• Pivotal Role of Jurisdictional issues in the
enforcement of Cyber Laws;
• Shadow lines make for strong Barriers!!
• Extradition – out of reach?
N S NAPPINAI ©

Q & A
THANK YOU
N S NAPPINAI
ADVOCATE
(nappinai@nappinai.com)
N S Nappinai©