1. I beg your pardon if I have missed any references or source.
LEGAL ASPECTS OF BUSINESS
Information Technology Act rather than giving Information &
Technology gives rise to more Cyber Crimes
Sr. No Particulars
1 Introduction: Information Technology
2 Information Technology Act 2000
3 Information Technology (Amendment) Act, 2008
4 Cyber Crime
5 Types of Cyber Crime
6 Caselets as per selected IT act section
7 National Association of Software and Service Companies
8 Role of Information Technology in Banking sector
9 Facts & Figures
10 Case Study
Connectivity via the Internet has greatly a bridged geographical distances and made
communication even more rapid. While activities in this limitless new universe are increasing
incessantly, the need for laws to be formulated to govern all spheres of this new revolution was
felt. In order to keep pace with the changing generation the Indian Parliament passed Information
Technology (IT) Act, 2000. The Indian Parliament enacted the Act called the Information
Technology Act, 2000. This Act is based on the Resolution A/RES/51/162 adopted by the
General Assembly of the United Nations on 30th January, 1997 regarding the Model Law on
Electronic Commerce earlier adopted by the United Nations Commission on International Trade
Law (UNCITRAL) in its twenty-ninth session. India was one of the States, which supported this
adoption of Law by the General Assembly.
The Act aims at providing legal recognition for transactions carried out by means of electronic
data interchange and other means of electronic communications commonly referred to as
"electronic commerce" which involve the use of alternative to paper based methods of
communication and storage of information and aims at facilitating electronic filing of documents
with the government agencies.
INTRODUCTION OF INFORMATION TECHNOLOGY ACT 2000
Information technology is one of the important law relating to Indian cyber laws. It had passed in
Indian parliament in 2000. This act is helpful to promote business with the help of internet. It
also set of rules and regulations which apply on any electronic business transaction. Due to
increasing crime in cyber space, Govt. of India understood the problems of internet user and for
safeguarding the interest of internet users, this act was made.
An Act to provide legal recognition for transactions carried out by means of electronic data
interchange and other means of electronic communication, commonly referred to as "electronic
commerce", which involve the use of alternatives to paper-based methods of communication and
storage of information, to facilitate electronic filing of documents with the Government agencies
and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers'
BooksEvidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected
therewith or incidental thereto.
Following issues are covered under this Act –
• Electronic transactions
• Digital signatures
• Network service providers
Objectives of the Act:
• To grant legal recognitions for any transactions carried out by means of Electronic Data
Interchange and other means of communication commonly referred to as – ‘Electronic
Commerce’, in place of paper based method of communication.
3. • To give legal recognitions to digital signature for authentication of any information or matter
which require authentication under any law.
• To facilitate electronic filing of documents with the government department.
• To facilitate electronic storage of data.
• To facilitate and give legal sanctions to electronic fund transfer between the bank and financial
• To give legal recognitions for keeping books of account by banker in electronic form.
• To Amend the Indian Penal Code 1860, The Indian Evidence, 1872, The Banker’s Book
Evidence Act,1891 and The Reserve Bank of India Act, 1934.
Scope of the Act:
The Information Technology Act 2000 extends to the whole of India. It applies also to any
offence or contravention there under committed outside India by any person.
However The Act does not apply to:
1. A negotiable instrument other than cheque. It means the Information Technology Act is
applicable to cheque.
2. A power-of-attorney.
3. A trust as defined in section 3 of the Indian Trusts Act, 1882.
4. A will.
5. Any contract for the sale or conveyance of immovable property or any interest in such
6. Any such class of documents or transactions as may be notified by the Central Government in
the Official Gazette.
Some of the Important Definition:
1."Adjudicating officer" means an adjudicating officer appointed under subsection of section
2."Affixing digital signature" with its grammatical variations and cognate expressions means
adoption of any methodology or procedure by a person for the purpose of authenticating an
electronic record by means of digital signature.
3."Appropriate Government" means as respects any matter-
(i) Enumerated in List II of the Seventh Schedule to the Constitution;
(ii) Relating to any State law enacted under List III of the Seventh Schedule to the Constitution,
the State Government and in any other case, the Central Government.
4."Asymmetric crypto system" means a system of a secure key pair consisting of a private key
for creating a digital signature and a public key to verify the digital signature.
5."Certifying Authority" means a person who has been granted a license to issue a Digital
Signature Certificate under section 24.
4. 6."Certification practice statement" means a statement issued by a Certifying Authority to
specify the practices that the Certifying Authority employs in issuing Digital Signature
7."Cyber Appellate Tribunal" means the Cyber Regulations Appellate Tribunal established
under sub-section (1) of section 48.
8."Digital signature" means authentication of any electronic record by a subscriber by means of
an electronic method or procedure in accordance with the provisions of section 3.
9."Digital Signature Certificate" means a Digital Signature Certificate issued under subsection
of section 35.
10."Electronic form" with reference to information means any information generated, sent,
received or stored in media, magnetic, optical, computer memory, micro film, computer
generated micro fiche or similar device.
11."Electronic Gazette" means the Official Gazette published in the electronic form.
12."Secure system" means computer hardware, software, and procedure that-
(a)are reasonably secure from unauthorized access and misuse,
(b)provide a reasonable level of reliability and correct operation,
(c)are reasonably suited to performing the intended functionsand
(d) adhere to generally accepted security procedures.
Advantages of I.T. Act 2000:
1. Helpful to promote e-commerce-
• Email is valid
• Digital signature is valid.
• Payment via credit card is valid.
• Online contract is valid
Above all things validity in eye of Indian law is very necessary. After making IT act 2000 , all
above things are valid and these things are very helpful to promote e-commerce in India .
2. Enhance the corporate business -
After issuing digital signature, certificate by Certifying authority, now Indian corporate business
3. Filling online forms -
After providing facility, filling online forms for different purposes has become so easy.
5. 4. High penalty for cyber crime -
Law has power to penalize for doing any cyber crime. After making of this law, nos. of cyber
crime has reduced.
Shortcoming of I.T. Act 2000:
1. Infringement of copyright has not been included in this law.
2. No protection for domain names.
3. The act is not applicable on the power of attorney, trusts and will.
4. Act is silent on taxation.
5. No, provision of payment of stamp duty on electronic documents.
INFORMATION TECHNOLOGY AMENDMENT ACT 2008
The IT Act 2000, being the first legislation on technology, computers, e-commerce and e-
communication, was the subject of extensive debates, elaborate reviews with one arm of the
industry criticizing some sections of the Act to be draconian and other stating it is too diluted and
lenient. There were some obvious omissions too resulting in the investigators relying more and
more on the time-tested (one and half century-old) Indian Penal Code even in technology based
cases with the IT Act also being referred in the process with the reliance more on IPC rather on
Thus the need for an amendment – a detailed one – was felt for the I.T. Act. Major industry
bodies were consulted and advisory groups were formed to go into the perceived lacunae in the
I.T. Act and comparing it with similar legislations in other nations and to suggest
recommendations. Such recommendations were analyzed and subsequently taken up as a
comprehensive Amendment Act and after considerable administrative procedures, the
consolidated amendment called the Information Technology Amendment Act 2008 was placed
in the Parliament and passed at the end of 2008. The IT Amendment Act 2008 got the President
assent on 5 Feb 2009 and was made effective from 27 October 2009.
Notable features of the ITAA 2008 are:
Focusing on data privacy
Focusing on Information Security
Defining cyber cafe
Making digital signature technology neutral
Defining reasonable security practices to be followed by corporate
Redefining the role of intermediaries
Recognizing the role of Indian Computer Emergency Response Team
Inclusion of some additional cyber crimes like child pornography and cyber terrorism
Authorizing an Inspector to investigate cyber offences (as against the DSP earlier)
The term “intermediary” has been defined under section 2(1)(w) of the Act. An “intermediary”
with respect to any particular electronic records, means any person who on behalf of another
person receives, stores or transmits that record or provides any service with respect to that record
and includes telecom service providers, network service providers, internet service providers,
web hosting service providers, search engines, online payment sites, online-auction sites, online
market places and cyber cafes. The definition of “intermediary” is intended to cover both
professional and non-professional intermediaries, i.e., any person (other than the originator and
the addressee) who performs any of the functions of an intermediary.
The Amendment Act, 2008 has given an inclusive definition of “intermediary” and identified a
set of service providers as “intermediary” – telecom service providers, network service
providers, Internet service providers, web hosting service providers, search engines, online
payment sites, online-auction sites, online market places and cyber cafes.
Digital signature means authentication of any electronic record by a subscriber by electronic
mode. It is like a handwritten signature. It should be difficult for the sender to forge and difficult
for the receiver to reproduce. Generation of digital signature uses a technology known as key
pair. The users who want to enter into electronic agreement should have key pair. The public key
is for distribution where as the private key is for user himself.
For any valid legal electronic document two requirements are there, one is integrity of the
document, i.e., document has not changed and authentication, i.e., document is signed. So an
electronic document to be a legal valid document is a two step process.
• Hash function is used for integrity of document.
• Digital signature used for authentication of documents
The hash function is an algorithm which is run over the message or content of the agreement and
it generates a big alphanumeric number know as message digest. This message digest is of
unique value for one message or content. If someone will change even a character in the original
message and then if the hash function will run over this message again, it will not generate the
same number. This change in value will indicate that the original message has been changed.
And there will always be the same number generated when the hash function algorithm will run
over the original message.
The hash function technique is used for checking the integrity of the message. After generating
the message digest from the message with the hash function, the message digest is encrypted
with the private key of the sender and it again generate a value and this value is known as the
digital signature. And this value is transmitted along with the original document in encrypted or
direct form. And at the receiving end, the receiver uses the public key of the sender to decrypt
the digital signature and it generates the message digest. The receiver again generates the
message digest by running the hash function over the actual message and if it generates the same
message digest which the receiver has obtained decrypting the digital signature, then it will
7. ensure that the message content has not been changed and the digital signature belongs to the
person who has given the public key to the receiver.
For transmitting the public key safely and providing a proof that the public key with the receiver,
belongs to the person who has claimed for this, a certificate is obtained from a certifying
authority who gives a digital certificate and ensure that the public key actually belongs to a
person who has claimed for it. The most popular certifying authority who issues the digital
certificate is known as VeriSign.
Section-3 Authentication of electronic records:
1. Subject to the provisions of this section, any subscriber may authenticate an electronic
record by affixing his digital signature.
2. The authentication of the electronic record shall be effected by the use of asymmetric
crypto system and hash function which envelop and transform the initial electronic record
into another electronic record.
3. Any person by the use of a public key of the subscriber can verify the electronic record.
4. The private key and the public key are unique to the subscriber and constitute a
functioning key pair.
Explanation: Any contract which is done by subscriber. If he signs the electronic agreement by
digital signature then it will be valid. In case bank, the verification of digital signature can be on
the basis of key pair.
Different between electronic signatures and Digital signatures:
Digital signature is a sub set of electronic signature. The Amendment Act, 2008, in order to
maintain continuity with the regime of the digital signature has introduced the concept of
‘electronic signature’. Examples of electronic signatures may include biometric signatures,
passwords, PINs, encryption applications etc.
The e-governance means the filling of any form, application or other document with the government
department in the electronic form and similarly issue or grant of any license or permit or receipt or payment
from the government offices and its agencies through the electronic means or electronic form. E -governance
is the application ofinformation and communication technology (ICT) for delivering government services,
exchange of information communication transactions, integration of various stand-alone systems and
services between government-to-citizens (G2C), government-to-business (G2B), government-to-
government (G2G) as well as back office processes and interactions within the entire government
framework. Through e-governance, government services will be made available to citizens in a convenient,
efficient and transparent manner. The three main target groups that can be distinguished in governance
concepts are government, citizens and businesses/interest groups. In e -governance there are no distinct
Generally four basic models are available – government to customer (citizen), government to
employees, government to government and government to business.
The e-governance will help in low cost, efficient and transparent working of the government
department. The issue of the man power shortage at the government office and bribe can be
avoided easily. Accuracy and record maintenance will be faster and smoother.
RULES OF ELECTRONIC GOVERNANCE:
The information technology Act provides a legal recognition for electronic records. It means
government department and government offices can accept the document in electronic form and
this will be treated as legal valid documents.
The Act also provides for legal recognition for the digital signature. It means any documents or
data digital signed will be treated as valid and authenticated electronic records. Filling of any
form and application to government can be done through electronic mean and similarly the
government department can issue or grant any license and permission through electronic means.
POSSIBLE USES OF E-GOVERNANCE:
The future of e-governance is very bright. With the help of information technology, the daily matters can be
effectively taken care of irrespective of the field covered by it. For instance, the Delhi Police Headquarter has
launched a website, which can be used for lodging a First Information Report Similarly; the Patna High Court
has taken a bold step of granting bail on the basis of an online bail application. The educational institutions,
including universities, are issuing admission forms electronically, which can be downloaded from their
respective websites. The results of examinations of various educational institutions, both school level and
university level, are available online, which can be obtained without any trouble. These are but some of the
instances of the use of technology for a better e-governance. The beneficial concept of e-governance can be
utilized for the following purposes:
To have access to public documents.
For making online payments of various bills and dues.
To file statutory documents online.
To file the complaints, grievances and suggestions of citizens online.
The online facility can be used to enter into a partnership the appropriate government in cases of
The citizens can use the online facility to file their income tax returns.
Section-4 Legal recognition of electronic records:
Where any law provides that information or any other matter shall be in writing or in the
typewritten or printed form, then, notwithstanding anything contained in such law, such
requirement shall be deemed to have been satisfied if such information or matter is-
(a) Rendered or made available in an electronic form; and
(b) Accessible so as to be usable for a subsequent reference.
Explanation: It explains in detail that all electronic records of government are acceptable unless
any other law has any rules regarding written or printed record.
9. In the era of cyber world as the usage of computers became more popular, there was expansion
in the growth of technology as well, and the term ‘Cyber’ became more familiar to the people.
The evolution of Information Technology (IT) gave birth to the cyber space wherein internet
provides equal opportunities to all the people to access any information, data storage, analyze
etc. with the use of high technology. Due to increase in the number of cybercitizens, misuse of
technology in the cyberspace was clutching up which gave birth to cyber crimes at the domestic
and international level as well. Though the word Crime carries its general meaning as “a legal
wrong that can be followed by criminal proceedings which may result into punishment” whereas
Cyber Crime may be “unlawful acts wherein the computer is either a tool or target or both”.It
could be hackers vandalizing your site, viewing confidential information, stealing trade secrets or
intellectual property with the use of internet. It can also include ‘denial of services’ and viruses
attacks preventing regular traffic from reaching your site.
Cyber crimes are not limited to outsiders except in case of viruses and with respect to security
related cyber crimes that usually done by the employees of particular company who can easily
access the password and data storage of the company for their benefits. Cyber crimes also
includes criminal activities done with the use of computers which further perpetuates crimes i.e.
financial crimes, sale of illegal articles, pornography, online gambling, intellectual property
crime, e-mail, spoofing, forgery, cyber defamation, cyber stalking, unauthorized access to
Computer system, theft of information contained in the electronic form, e-mail bombing,
physically damaging the computer system etc.
CYBER CRIME IS AN EVIL HAVING ITS ORIGIN IN THE GROWING
DEPENDENCE ON COMPUTERS IN MODERN LIFE.
“A simple yet sturdy definition of cyber crime would be unlawful acts wherein the computer is
either a tool or a target or both”. Defining cyber crimes, as “acts that are punishable by the
information Technology Act” would be unsuitable as the Indian Penal Code also covers many
cyber crimes, such as e-mail spoofing, cyber defamation, etc.
• Cybercrime in a narrow sense (computer crime): Any illegal behavior directed by means of
electronic operations that targets the security of computer systems and the data processed by
• Cybercrime in a broader sense (computer-related crime): Any illegal behavior committed by
means of, or in relation to, a computer system or network, including such crimes as illegal
possession [and] offering or distributing information by means of a computer system or network.
Types of Cyber Crime:
Cyber Crime refers to all activities done with criminal intent in cyberspace. These fall into three
• Those against persons.
• Against Business and Non-business organizations.
• Crime targeting the government.
Let us examine the acts wherein the computer is a tool for an unlawful act. This kind of activity
usually involves a modification of a conventional crime by using computer. Some examples are,
10. Hacking in simple terms means an illegal intrusion into a computer system and/or network.
There is an equivalent term to hacking i.e. cracking, but from Indian Laws perspective there is no
difference between the term hacking and cracking. Every act committed towards breaking into a
computer and/or network is hacking. Hackers write or use ready-made computer programs to
attack the target computer. They possess the desire to destruct and they get the kick out of such
destruction. Some hackers hack for personal monetary gains, such as to stealing the credit card
information, transferring money from various bank accounts to their own account followed by
withdrawal of money. They extort money from some corporate giant threatening him to publish
the stolen information which is critical in nature.
Government websites are the hot targets of the hackers due to the press coverage, it receives.
Hackers enjoy the media coverage.
2. E-Mail spoofing:
A spoofed email is one that appears to originate from one source but actually has been sent from
another source. A spoofed e-mail may be said to be one, which misrepresents its origin. This can
also be termed as E-Mail forging.
E.g. Pooja has an e-mail address email@example.com. Her enemy, Sameer spoofs her e-mail
and sends obscene messages to all her acquaintances. Since the e-mails appear to have originated
from Pooja, her friends could take offence and relationships could be spoiled for life. Email
spoofing can also cause monetary damage. In an American case, a teenager made millions of
dollars by spreading false information about certain companies whose shares he had short sold.
This misinformation was spread by sending spoofed emails, purportedly from news agencies like
Reuters, to share brokers and investors who were informed that the companies were doing very
badly. Even after the truth came out the values of the shares did not go back to the earlier levels
and thousands of investors lost a lot of money.
3. Cyber Defamation:
It is an act of imputing any person with intent to lower down the dignity of the person by hacking
his mail account and sending some mails with using vulgar language to unknown persons mail
account.This occurs when defamation takes place with the help of computers and or the
Internet.e.g. someone published defamatory matter about someone on a websites or sends e-mail
containing defamatory information to all of that person’s friends.
In computing, phishing is a form of social engineering, characterized by attempts to fraudulently
acquire sensitive information, such as passwords and credit card details, by masquerading as a
trustworthy person in an electronic communication. The term phishing arises from the use of
increasingly sophisticated lures to "fish" for users' financial information and passwords. Phishing
is typically carried out by email spoofing or instant messaging and it often directs users to enter
details at a fake website whose look and feel are almost identical to the legitimate one.
For Example:Criminal sends a message via e-mail like “ Congratulations you have won
$100,00,000” to a random persons e-mail address and thereby asks the receiver of the mail to fill
in some personal details so that the money can be transferred to the receiver of the mail. The
criminal also asks for some processing charges to be paid so that the amount can be transferred.
11. Many a times the person to whom the mail has been sent pays the processing charges but does
not receive the prize money mentioned in the mail.
5. Cyber squatting:
Cyber squatting (also known as domain squatting), is registering, trafficking in, or using a domain name
with bad faith intent to profit from the goodwill of a trademark belonging to someone else. The
cybersquatter then offers to sell the domain to the person or company who owns a trademark contained
within the name at an inflated price.
It means where two persons claim for the same Domain Name either by claiming that they had
registered the name first on by right of using it before the other or using something similar to that
previously. For example two similar names i.e. www.yahoo.com and www.yaahoo.com.
The term is derived from "squatting", which is the act of occupying an abandoned or unoccupied space or
building that the squatter does not own, rent, or otherwise have permission to use. Cyber squatting,
however, is a bit different in that the domain names that are being "squatted" are (sometimes but not
always) being paid for through the registration process by the cybersquatters. Cybersquatters usually ask
for prices far greater than that at which they purchased it. Some cybersquatters put up derogatory remarks
about the person or company the domain is meant to represent in an effort to encourage the subject to buy
the domain from them. Others post paid links viaGoogle, Yahoo!, Ask.com and other paid advertising
networks to the actual site that the user likely wanted, thus monetizing their squatting.
6. Cyber Terrorism:
Cyber terrorism is a major burning issue in the domestic as well as global concern. The common
form of these terrorist attacks on the Internet is by distributed denial of service attacks, hate
websites and hate e-mails, attacks on sensitive computer networks etc. Cyber terrorism activities
endanger the sovereignty and integrity of the nation.
Cyber Regulations Appellate Tribunal (CRAT):
A Cyber Regulations Appellate Tribunal (CRAT) is to be set up for appeals from the order of
any adjudicating officer. Every appeal must be filed within a period of forty-five days from the
date on which the person aggrieved receives a copy of the order made by the adjudicating
officer. The appeal must be the appropriate form and accompanied by the prescribed fee. An
appeal may be allowed after the expiry of forty-five days if sufficient cause is shown.
The appeal filed before the Cyber Appellate Tribunal shall be dealt with by it as expeditiously as
possible and endeavor shall be made by it to dispose of the appeal finally within six months from
the date of receipt of the appeal. The CRAT shall also have certain powers of a civil court.
As per Section 61, no court shall have the jurisdiction to entertain any matter that can be decided
by the adjudicating officer or the CRAT. However, a provision has been made to appeal from the
decision of the CRAT to the High Court within sixty days of the date of communication of the
order or decision of the CRAT. The stipulated period may be extended if sufficient cause is
shown. The appeal may be made on either any question of law or question of fact arising from
[Section6A] Delivery of Services by Service Provider (Inserted vide ITAA-
12. (1) The appropriate Government may, for the purposes of this Chapter and for efficient delivery of
services to the public through electronic means authorize, by order, any service provider to set
up, maintain and upgrade the computerized facilities and perform such other services as it may
specify, by notification in the Official Gazette.
Explanation: For the purposes of this section, service provider so authorized includes any
individual, private agency, private company, partnership firm, sole proprietor form or any such
other body or agency which has been granted permission by the appropriate Government to offer
services through electronic means in accordance with the policy governing such service sector.
(2) The appropriate Government may also authorize any service provider authorized under sub-
section (1) to collect, retain and appropriate service charges, as may be prescribed by the
appropriate Government for the purpose of providing such services, from the person availing
(3) Subject to the provisions of sub-section (2), the appropriate Government may authorize the
service providers to collect, retain and appropriate service charges under this section
notwithstanding the fact that there is no express provision under the Act, rule, regulation or
notification under which the service is provided to collect, retain and appropriate e- service
charges by the service providers.
(4) The appropriate Government shall, by notification in the Official Gazette, specify the scale of
service charges which may be charged and collected by the service providers under this section:
Provided that the appropriate Government may specify different scale of service charges for
different types of services.
Section 7 provides that the documents, records or information which is to be retained for any
specified period shall be deemed to have been retained if the same is retained in the electronic
form provided the following conditions are satisfied:
(i) The information therein remains accessible so as to be usable subsequently.
(ii) The electronic record is retained in its original format or in a format which accurately represents
the information contained.
(iii) The details which will facilitate the identification of the origin, destination, dates and time of
dispatch or receipt of such electronic record are available therein.
CASELETS AS PERSELECTED IT ACT SECTIONS
1. Section 43 - Penalty and Compensation for damage to computer, computer system,
13. Caselet: Mphasis BPO Fraud: 2005
In December 2004, four call centre employees, working at an outsourcing facility operated by
MphasiS in India, obtained PIN codes from four customers of MphasiS’ client, Citi Group.
These employees were not authorized to obtain the PINs. In association with others, the call
centre employees opened new accounts at Indian banks using false identities. Within two
months, they used the PINs and account information gleaned during their employment at
MphasiS to transfer money from the bank accounts of Citi Group customers to the new accounts
at Indian banks.
By April 2005, the Indian police had tipped off to the scam by a U.S. bank, and quickly
identified the individuals involved in the scam. Arrests were made when those individuals
attempted to withdraw cash from the falsified accounts, $426,000 was stolen; the amount
recovered was $230,000.
Verdict: Court held that Section 43(a) was applicable here due to the nature of unauthorized
access involved to commit transactions.
Section 43(A) – It deals with compensation for failure to protect data was introduced in the
ITAA -2008. This is another watershed in the area of data protection especially at the corporate
As per this Section, where a body corporate is negligent in implementing reasonable security
practicesand thereby causes wrongful loss or gain to any person, such body corporate shall be
liable to paydamages by way of compensation to the person so affected. The Section further
explains the phrase‘body corporate’ and quite significantly the phrases ‘reasonable security
practices and procedures’ and‘sensitive personal data or information’.Thus the corporate
responsibility for data protection is greatly emphasized by inserting Section 43Awhereby
corporates are under an obligation to ensure adoption of reasonable security practices.
Furtherwhat is sensitive personal data has since been clarified by the central government vide its
Notificationdated 11 April 2011 giving the list of all such data which includes password, details
of bank accounts orcard details, medical records etc. After this notification, the IT industry in the
nation including techsavvyand widely technology-based banking and other sectors became
suddenly aware of theresponsibility of data protection and a general awareness increased on what
is data privacy and what isthe role of top management and the Information Security Department
in organizations in ensuring data protection, especially while handling the customers’ and other
third party data.
Reasonable Security Practices:
Conformance to Standards, certification
Policies and adherence to policies
Policies like password policy, Access Control, email Policy etc
Periodic monitoring and review.
2. Section 65 - Tampering with Computer Source Documents
Caselet: Syed Asifuddin and Ors. Vs. The State of Andhra Pradesh
14. In this case, Tata Indicom employees were arrested for manipulation of the electronic 32- bit
number (ESN) programmed into cell phones theft were exclusively franchised to Reliance
Verdict: Court held that tampering with source code invokes Section 65 of the Information
3. Section 66 - Computer Related Offences
Caselet: Kumar v/s Whiteley
In this case the accused gained unauthorized access to the Joint Academic Network (JANET) and
deleted, added files and changed the passwords to deny access to the authorized users.
Investigations had revealed that Kumar was logging on to the BSNL broadband Internet
connection as if he was the authorized genuine user and ‘made alteration in the computer
database pertaining to broadband Internet user accounts’ of the subscribers.
The CBI had registered a cyber crime case against Kumar and carried out investigations on the
basis of a complaint by the Press Information Bureau, Chennai, which detected theunauthorized
use of broadband Internet. The complaint also stated that the subscribers had incurred a loss of
Rs 38,248 due to Kumar’s wrongful act. He used to ‘hack’ sites from Bangalore, Chennai and
other cities too, they said.
Verdict: The Additional Chief Metropolitan Magistrate, Egmore, Chennai, sentenced N G Arun
Kumar, the techie from Bangalore to undergo a rigorous imprisonment for one year with a fine
of Rs 5,000 under section 420 IPC (cheating) and Section 66 of IT Act (Computer related
4. Section 66A - Punishment for sending offensive messages through communication
Caselet: Fake profile of President posted by imposter
On September 9, 2010, the imposter made a fake profile in the name of the Hon’ble President
Pratibha Devi Patil. A complaint was made from Additional Controller, President Household,
President Secretariat regarding the four fake profiles created in the name of Hon’ble President on
social networking website, Facebook.
The said complaint stated that president house has nothing to do with the facebook and the fake
profile is misleading the general public. The First Information Report Under Sections 469 IPC
and 66A Information Technology Act, 2000 was registered based on the said complaint at the
police station, Economic Offences Wing, the elite wing of Delhi Police which specializes in
investigating economic crimes including cyber offences.
5. Section-66F Cyber Terrorism
Caselet: The Mumbai police have registered a case of ‘cyber terrorism’—the first in the state
since an amendment to the Information Technology Act—where a threat email was sent to the
BSE and NSE on Monday. The MRA Marg police and the Cyber Crime Investigation Cell are
jointly probing the case. The suspect has been detained in this case. The police said an email
challenging the security agencies to prevent a terror attack was sent by one ShahabMd with an
ID firstname.lastname@example.org to BSE’s administrative email ID email@example.com at
around 10.44 am on Monday.
The IP address of the sender has been traced to Patna in Bihar. The ISP is Sify. The email ID was
created just four minutes before the email was sent. “The sender had, while creating the new ID,
15. given two mobile numbers in the personal details column. Both the numbers belong to a photo
frame-maker in Patna,’’ said an officer.
Status: The MRA Marg police have registered forgery for purpose of cheating, criminal
intimidation cases under the IPC and a cyber-terrorism case under the IT Act.
6. Section 67 - Punishment for publishing or transmitting obscene material in
Caselet: This case is about posting obscene, defamatory and annoying message about a divorcee
woman in the Yahoo message group. E-mails were forwarded to the victim for information by
the accused through a false e- mail account opened by him in the name of the victim. These
postings resulted in annoying phone calls to the lady. Based on the lady’s complaint, the police
nabbed the accused.
Investigation revealed that he was a known family friend of the victim and was interested in
marrying her. She was married to another person, but that marriage ended in divorce and the
accused started contacting her once again. On her reluctance to marry him he started harassing
her through internet.
Verdict: The accused was found guilty of offences under section 469, 509 IPC and 67 of IT Act
2000. He is convicted and sentenced for the offence as follows:
As per 469 of IPC he has to undergo rigorous imprisonment for 2 years and to pay fine of
As per 509 of IPC he is to undergo to undergo 1 year Simple imprisonment and to pay Rs 500/-
As per Section 67 of IT Act 2000, he has to undergo for 2 years and to pay fine of Rs.4000/-
All sentences were to run concurrently.
The accused paid fine amount and he was lodged at Central Prison, Chennai. This is considered
the first case convicted under section 67 of Information Technology Act 2000 in India.
7. Section 67B. - Punishment for publishing or transmitting of material depicting
children in sexually explicit act, etc. in electronic form
Case let: JanhitManch&Ors. v. The Union of India 10.03.2010 Public Interest Litigation
The petition sought a blanket ban on pornographic websites. The NGO had argued that websites
displaying sexually explicit content had an adverse influence, leading youth on a delinquent path.
8. Section69 - Powers to issue directions for interception or monitoring or decryption
of any information through any computer resource
Caselet: In August 2007, LakshmanaKailash K., a techie from Bangalore was arrested on the
suspicion of having posted insulting images of ChhatrapatiShivaji, a major historical figure in the
state of Maharashtra, on the social-networking site Orkut.
The police identified him based on IP address details obtained from Google and Airtel -
Lakshmana’s ISP. He was brought to Pune and detained for 50 days before it was discovered that
the IP address provided by Airtel was erroneous. The mistake was evidently due to the fact that
while requesting information from Airtel, the police had not properly specified whether the
suspect had posted the content at 1:15 p.m.
PENALTIES, COMPENSATION AND ADJUDICATIONSECTIONS:
16. Section 43 - Penalty and Compensation for damage to computer, computer system
If any person without permission of the owner or any other person who is in-charge of a
computer, computer system or computer network –
(a) accesses or secures access to such computer, computer system or computer network or
(b) downloads, copies or extracts any data, computer data, computer database or information
from such computer, computer system or computer network including information or data held
or stored in any removable storage medium;
(c) introduces or causes to be introduced any computer contaminant or computer virus into any
computer, computer system or computer network-
(d) damages or causes to be damaged any computer, computer system or computer network,
data, computer database, or any other programmers residing in such computer, computer system
or computer network-
(e) disrupts or causes disruption of any computer, computer system, or computer network;
(f) denies or causes the denial of access to any person authorized to access any computer,
computer system or computer network by any means
(h) charges the services availed of by a person to the account of another person by tampering
with or manipulating any computer of a computer, computer system or computer network,
(g) provides any assistance to any person to facilitate access to a computer, computer system or
computer network in contravention of the provisions of this Act, rules or regulations made there
(h) charges the services availed of by a person to the account of another person by tampering
with or manipulating any computer, computer system, or computer network,
(i) destroys, deletes or alters any information residing in a computer resource or diminishes its
value or utility or affects it injuriously by any means,
(j) Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any
computer source code used for a computer resource with an intention to cause damage, he shall
be liable to pay damages by way of compensation to the person so affected.
Section 65 - Tampering with Computer Source Documents
If any person knowingly or intentionally conceals, destroys code or alters or causes another to
conceal, destroy code or alter any computer, computer program, computer system, or computer
network, he shall be punishable with imprisonment up to three years, or with fine up to two lakh
rupees, or with both.
Hacking with computer system -
‘Hacking’ is a term used to describe the act of destroying or deleting or altering any information
residing in a computer resource or diminishing its value or utility, or affecting it injuriously in
spite of knowing that such action is likely to cause wrongful loss or damage to the public or that
person. Section 66 provides that a person who commits hacking shall be punished with a fine up
to Rs.2 lakhs or with imprisonment upto 3 years, or with both.
Section - 66 Computer Related Offences
If any person, dishonestly, or fraudulently, does any act referred to in section 43, he shall be
punishable with imprisonment for a term which may extend to three years or with fine which
may extend to five lakh rupees or with both.
17. Section 66A - Punishment for sending offensive messages through communication
Any person who sends, by means of a computer resource or a communication device,
(a) any information that is grossly offensive or has menacing character;
(b)any information which he knows to be false, but for the purpose of causing annoyance,
inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill
will, persistently makes by making use of such computer resource or a communication device,
(c) any electronic mail or electronic mail message for the purpose of causing annoyance or
inconvenience or to deceive or to mislead the addressee or recipient about the origin of such
messages shall be punishable with imprisonment for a term which may extend to three years and
Section-66F Cyber Terrorism
(A) with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror
in the people or any section of the people by –
(i) denying or cause the denial of access to any person authorized to access computer resource; or
(ii) attempting to penetrate or access a computer resource without authorisation or exceeding
authorized access; or
(iii) introducing or causing to introduce any Computer Contaminant and by means of such
conduct causes or is likely to cause death or injuries to persons or damage to or destruction of
property or disrupts or knowing that it is likely to cause damage or disruption of supplies or
services essential to the life of the community or adversely affect the critical information
infrastructure specified under section 70, or
(B) knowingly or intentionally penetrates or accesses a computer resource without authorization
or exceeding authorized access, and by means of such conduct obtains access to information,
data or computer database that is restricted for reasons of the security of the State or foreign
relations; or any restricted information, data or computer database, with reasons to believe that
such information, data or computer database so obtained may be used to cause or likely to cause
injury to the interests of the sovereignty and integrity of India, the security of the State, friendly
relations with foreign States, public order, decency or morality, or in relation to contempt of
court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of
individuals or otherwise, commits the offence of cyber terrorism.
(2) Whoever commits or conspires to commit cyber terrorism shall be punishable with
imprisonment which may extend to imprisonment for life.
Section 67 - Punishment for publishing or transmitting obscene material in
Whoever publishes or transmits or causes to be published in the electronic form, any material
which is lascivious or appeal to the prurient interest or if its effect is such as to tend to deprave
and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or
hear the matter contained or embodied in it, shall be punished on first conviction with
imprisonment of either description for a term which may extend to three years and with fine
18. which may extend to five lakh rupees and in the event of a second or subsequent conviction with
imprisonment of either description for a term which may extend to five years and also with fine
which may extend to ten lakh rupees.
Section 67A - Punishment for publishing or transmitting of material containing
sexually explicit act, etc. in electronic form
Whoever publishes or transmits or causes to be published or transmitted in the electronic form
any material which contains sexually explicit act or conduct shall be punished on first
conviction with imprisonment of either description for a term which may extend to five years
and with fine which may extend to ten lakh rupees and in the event of second or subsequent
conviction with imprisonment of either description for a term which may extend to seven years
and also with fine which may extend to ten lakh rupees.
Exception: This section and section 67 does not extend to any book, pamphlet, paper, writing,
drawing, painting, representation or figure in electronic form-
(i) the publication of which is proved to be justified as being for the public good on the ground
that such book, pamphlet, paper, writing, drawing, painting, representation or figure is in the
interest of science, literature, art, or learning or other objects of general concern; or
(ii) which is kept or used bona fide for religious purposes.
Section 67B. Punishment for publishing or transmitting of material depicting
children in sexually explicit act, etc. in electronic form
(a) publishes or transmits or causes to be published or transmitted material in any
electronic form which depicts children engaged in sexually explicit act or conduct or
(b) creates text or digital images, collects, seeks, browses, downloads, advertises, promotes,
exchanges or distributes material in any electronic form depicting children in obscene or
indecent or sexually explicit manner or
(c) cultivates, entices or induces children to online relationship with one or more children
for and on sexually explicit act or in a manner that may offend a reasonable adult on the
computer resource or
(d) facilitates abusing children online or
(e) records in any electronic form own abuse or that of others pertaining to sexually
explicit act with children, shall be punished on first conviction with imprisonment of either
description for a term which may extend to five years and with a fine which may extend to
ten lakh rupees and in the event of second or subsequent conviction with imprisonment of
either description for a term which may extend to seven years and also with fine which
may extend to ten lakh rupees
Explanation:For the purposes of this section, "children" means a person who has not
completed the age of 18 years
Section 69 - Powers to issue directions for interception or monitoring or decryption
of any information through any computer resource
(1) Where the central Government or a State Government or any of its officer specially authorized
by the Central Government or the State Government, as the case may be, in this behalf may, if is
19. satisfied that it is necessary or expedient to do in the interest of the sovereignty or integrity of
India, defence of India, security of the State, friendly relations with foreign States or public order
or for preventing incitement to the commission of any cognizable offence relating to above or for
investigation of any offence, it may, subject to the provisions of sub-section (2), for reasons to be
recorded in writing, by order, direct any agency of the appropriate Government to intercept,
monitor or decrypt or cause to be intercepted or monitored or decrypted any information
transmitted received or stored through any computer resource.
(2) The Procedure and safeguards subject to which such interception or monitoring or decryption
may be carried out, shall be such as may be prescribed.
(3) The subscriber or intermediary or any person in charge of the computer resource shall, when
called upon by any agency which has been directed under sub section (1), extend all facilities
and technical assistance to -
(a)provide access to or secure access to the computer resource generating, transmitting, receiving or
storing such information; or
(b) intercept or monitor or decrypt the information, as the case may be; or
(c) provide information stored in computer resource.
(4) The subscriber or intermediary or any person who fails to assist the agency referred to in sub-
section 3 shall be punished with an imprisonment for a term which may extend to seven years
and shall also be liable to fine.
NASSCOM is India's National Association of Software and Service Companies, the premier
trade body and the chamber of commerce of the IT software and services industry in India.
NASSCOM is a global trade body with over 1100 members, of which over 250 are global
companies from the US, UK, EU, Japan and China. NASSCOM's member companies are in the
business of software development, software services, software products, IT-enabled/BPO
services and e-commerce.
NASSCOM was set up to facilitate business and trade in software and services and to encourage
advancement of research in software technology. It is a not-for-profit organization, registered
under the Societies Act, 1860.
NASSCOM has been the strongest proponent of global free trade in India. NASSCOM is
committed to work proactively to encourage its members to adopt world class management
practices, build and uphold highest quality standards and become globally competitive.
In India and around the world, NASSCOM members are participants in the new global economy
and are reputed for their cutting-edge business practices and social initiatives.
Aims and Objectives:
20. The primary objective of NASSCOM is to act as a catalyst for the growth of the software driven
IT industry in India. Other goals include facilitation of trade and business in software and
services, encouragement and advancement of research, propagation of education and
employment, enabling the growth of the Indian economy and provide compelling business
benefits to global economies by global sourcing.
NASSCOM also endeavors to leverage IT and narrow the digital divide in India and enable her
citizens to enjoy the benefits of IT. It also boosts the process of Innovation; IT workforce
development and enhance cyber security.
NASSCOM is achieving its objectives by following a seven fold strategy:
Partner with Government of India and State Governments in formulating IT policies and
legislation. Partner with global stakeholders for promoting the industry in global markets.
Strive for a thought leadership position and deliver world-class research and strategic inputs for
the industry and its stakeholders.
Encourage members to uphold world class quality standards.
Strive to uphold Intellectual Property Rights of its members.
Strengthen the brand equity of India as a premier global sourcing destination.
Expand the quantity and quality of the talent pool in India.
Continuous engagement with all member companies and stakeholders to devise strategies to
achieve shared aspirations for the industry and the country.
Partnership with the Government:
NASSCOM acts as an advisor, consultant and coordinating body for the software and services
industry in India. It has representatives in various committees in the Government of India
including the Ministry of Information Technology, Ministry of Commerce, the Ministry of
Finance, Department of Telecommunication, Ministry of Human Resources Development,
Ministry of Labor and the Ministry of External Affairs. NASSCOM also acts as a consulting
body for various State Governments in India.
NASSCOM has played a key role in enabling the government in India to develop industry
friendly policies. NASSCOM has been a proponent of free trade, arguing for zero tariff
protection, strong intellectual property and data protection laws, deregulation of the telecom
market and the creation of software technology parks and private sector participation in the
education system - measures which have resulted in significant growth of the industry.
NASSCOM has also been engaged with various governments overseas, to promote a win-win
partnership via global sourcing. NASSCOM also plays a role in engaging with global alliances
on software quality standards, immigration policies, WTO and free trade in services, and next-
generation best practices in global sourcing of services.
Research and Thought Leadership:
NASSCOM undertakes research on the ICT industry in India and the world in order to
continuously educate its members of new business opportunities, business practices in global
21. markets, potential threats to industry growth and attract additional investments in India.
NASSCOM research is currently the most credible in the country and is increasingly respected in
global markets. It is backed by strong methodology, proprietary analytical tools and processes,
and partnerships with best-of-breed companies in various areas of business, technology and
strategic research and consulting.
Quality of Products and Services:
NASSCOM encourages high standards of conduct to develop public confidence and respect for
its members and the industry. All the members maintain this by abiding by the formulated code
NASSCOM strongly believes in encouraging its members to provide global quality products and
services. The association provides assistance to its members in achieving international quality
certifications by organizing seminars and related programs on quality standards and
disseminating relevant information.
Intellectual Property Rights:
NASSCOM is an ardent supporter of strong intellectual property laws in India. In 1990,
NASSCOM began an active public awareness campaign to educate users about the lawful use of
software. NASSCOM also launched the country's first anti-piracy hotline and India's first anti-
piracy toll-free hotline. NASSCOM has also successfully facilitated enforcement laws against
software piracy in India and helped introduce Cyber Laws. NASSCOM continuously engages
with the Government of India for required changes in the IPR laws, keeping in line with WIPO
and other International Laws and treaties. NASSCOM also works closely with the Business
Software Alliance (BSA) to enforce copyright laws.
ITES-BPO Forum: The forum aims to build a sustainable ITES-BPO advantage in India
through research, events and manpower development initiatives.
Emerging Companies Forum: The forum provides a platform for the emerging companies
segment to share experiences, ally on critical projects and even focuses on partnerships to cater
to customer demands.
IT Workforce Development Program: The IT Workforce Development program aims to
catalyze IT industry interface with the Academia to ensure availability of globally employable
quality IT professionals.
Product &Innovation Forum: The forum work towards encouraging product development and
catalyzing innovation by providing relevant industry information, facilitate exchange of ideas,
identify issues related to marketing, branding, investments and IP (Intellectual Property) creation
and protection. Also showcases the innovative companies of India.
22. NASSCOM Initiative:
E-governance Initiative:The government and the IT-BPO industry are partnering to make e-
Governance successful in India. NASSCOM is enabling the ecosystem and supporting both the
government and industry segments.
The Indian Government has been leveraging solutions and services from the IT-BPO industry to
transform the manner in which it renders services. Deep focus on the e-Governance domain and
a partnership approach, have enabled the various members of NASSCOM to contribute
significantly to the success stories in e-Governance. The Department of Information Technology,
Government of India has helped in giving a fillip to e Governance initiatives, through its
National e Governance Program (NeGP) and several Mission Mode Projects, both at the centre
and the states.
Diversity and InclusivityInitiative:To contribute to India’s emergence as a global “soft power”
through partnering with government, industry and non-governmental bodies to include hitherto
marginalized and diverse groups (gender, social, cultural, economic) into the mainstream of
NASSCOM has broadened its vision to focus on Cultural, People with Disabilities, Generational
and Gender diversities. To bring this initiative into the mainstream a high powered Diversity
Forum has been created. All this intends to expand the employment pipeline by leveraging
India’s demographic dividend, drive more innovation and strengthen India’s competitiveness in
the global market place.NASSCOM has always pointed to the possibilities in the future and
delineated what needs to be done to convert that vision to reality.
Security Initiative: NASSCOM actively promotes India as a Trusted Sourcing destination.
Through its 4E initiative: Engagement, Education, Enactment and Enforcement, Forum aims to
create an enabling environment in the country for information security and compliance.
IT Domestic Market Initiative: IT Domestic Market Forum serves as the platform for a link of
the non IT sector with the IT industry and is strategizing to develop a vision for sustainable
growth of the domestic IT market.
NASSCOM Engineering Services Initiative: The forum aims to assist engineering service
providers to optimally exploit the potential for engineering services offshoring/ outsourcing and
help India achieve global dominance in this space.
National Skills Registry: Human resources are the key assets for IT-BPO industry in India and
the industry has focused on developing and implementing best practices in human capital
management, safety and security that span across employees, clients and other stakeholders.
NASSCOM in partnership with the industry has developed a unique initiative – National Skills
Registry –a national database of registered and verified knowledge workers in the industry. This
database is managed and run by NDML - a fully owned subsidiary of National Securities
Depository Limited (NSDL).
National Skills Registry (NSR) aims to build a robust and credible information repository on the
knowledge professionals in the sector. The data fields include permanent fact sheet of
information on the professional along-with Photograph & appropriate background checks (where
undertaken), thus providing identity security for the organization and its clients. Biometrics is
also included in this repository to ensure unique identification.
23. Education initiative: IT-ITeS SSC NASSCOM (SSC) aims to:
Fulfill industry sector talent needs for quality and quantity to enable a sustainable pipeline that is
industry ready. Research labour market information and intelligence to provide industry with
accurate real time inputs to assist in planning and delivery of training. Provide certification
information and access to all stakeholders in this ecosystem, thus reducing skill gaps and
shortages. Develop a delivery mechanism for industry relevant training w.r.t. occupations
identified in career paths. Set up standards to bring global best practices in industry.
Global Trade Development-The focus of the Global Trade Initiative at NASSCOM is to
engage with a wide variety of domestic and international stakeholders, such as Governments,
customers and associations, to collaborate on issues related to international policy, visa/work
permits and business partnerships. Since the regulatory environments continuously change the
world over and compliance issues are becoming important across the globe, NASSCOM is
helping the Indian IT-BPO industry remain abreast of these developments, and participate in
these markets while conforming to their new laws and modified policies.
Green IT initiative: NASSCOM in association with AMDOCS, NASSCOM Foundation,
MCCIA, Greenscape and SEAP launches campaign to encourage green practices among
businesses, their workforce & city government. The IT industry is playing a transformational
role in the way businesses, customers and citizens are serviced, and also leading the way in
establishing a new paradigm for Knowledge and Services led economy.
Greening the Industry through a combination of IT Solutions and Green Practices, is enabling
various Industry verticals to demonstrate leadership towards achieving the goals on sustainable
development of Urban Infrastructure and make city of Pune a greener place to live and work.
ROLE OF INFORMATION TECHNOLOGY IN BANKING SECTOR
With the globalization trends world over it is difficult for any nation big or small, developed or
developing, to remain isolated from what is happening around. For a country like India, which is
one of the most promising emerging markets, such isolation is nearly impossible. More
particularly in the area of Information technology, where India has definitely an edge over its
competitors, remaining away or uniformity of the world trends is untenable. Financial sector in
general and banking industry in particular is the largest spender and beneficiary from
information technology. This endeavors to relate the international trends in it with the Indian
banking industry. The last lot includes possibly all foreign banks and newly established Private
sector banks, which have fully computerized all the operations. With these variations in the level
of information technology in Indian banks, it is useful to take account of the trends in
Information technology internationally as also to see the comparative position with Indian banks.
The present article starts with the banks perception when they get into IT up gradation. All the
trends in IT sector are then discussed to see their relevance to the status of Indian banks.
Technological Developments in Banking Sector:
24. Developments in the field of information technology strongly supports the growth and
inclusiveness of the banking sector by facilitating inclusive economic growth . IT improves the
front end operations with back end operations and helps in bringing down the transaction costs
for the customers. The important events in the field of IT in the banking sector in India are:
● Arrival of card-based payments- Debit/ Credit card in late 1980s and 90s.
● Introduction of Electronic Clearing Services (ECS) in late 1990s.
● Introduction of Electronic Fund Transfer (EFT) in early 2000s.
● Introduction of RTGS in March 2004.
● Introduction of National Electronic Fund Transfer (NEFT) as a replacement to Electronic
Fund Transfer/Special Electronic Fund Transfer in 2005/2006.
● CTS in 2007.
Emerging Trends in Banking Technology:
● Financial Inclusion
● Mobile Banking
● Electronic Payments
● CRM Initiatives
● IT Implementation and Management
● IT for Internal Effectiveness
● Managing IT Risk
● IT for business innovation
Impact of IT in banking sector:
1. IT can reduce banks’ operational costs For example, internet helps banks to conduct
standardized, low value-added transactions (e.g. bill payments, balance inquiries, account
transfer) through the online channel, while focusing their resources into specialized, high-value
added transactions (e.g. small business lending, personal trust services, investment banking)
2. IT can facilitate transactions among customers within the same network (e.g. automated teller
machines (ATMs) by banks)
Electronic Crime in Banking Sector:
Banking system is the lifeblood and backbone of the economy. Information Technology has
become the backbone of the banking system. It provides a tremendous support to the ever –
increasing challenges and banking requirements. Presently, banks cannot think of introducing
financial product without the presence of Information Technology. Electronic crimes are illegal
activities committed by means of computer end of the criminal activity can be either a computer,
network operations. Electronic crimes are genus of crimes, through computers and its networks.
Electronic crime is a crime that is committed online in several areas with e-commerce. A
computer can be the target of an offence when unauthorized access of computer network occurs
and on other hand it affects E- COMMERCE. Electronic crimes can be of a variety of types such
as Telecommunications Piracy, Electronic Money Laundering and Tax Evasion, Sales and
Investment Fraud, Electronic Funds Transfer Fraud etc. The Indian Banking sector is riding up
25. with numerous revolutionary changes to transform the “Brick-and-mortar” bank branches to a
modified network system in “core banking solutions”.
Credit card Fraud-
A major kind of electronic crime is, credit card fraud. Indian banking sector is introducing new innova tions
against counterfeiting and fraud, which are highly sophisticated to profiting from or beating these systems.
Most of the credit card fraud is committed with the use of counterfeited cards. Credit card fraud is also
termed as Identity Theft in which a person may use the identity of other person for exercising fraud or
deception. Credit card fraud in banking sector can be committed as-
Use of unauthorized account or personal information to consider as an act of criminal deception
Illegal or unauthorized use of account for personal gain
Misrepresentation of account information to obtain services
Several new security measures are introduced to gradually to reduce the credit card fraud in one
part but it swiftly shifts to other part. Therefore, the problem of credit card fraud is serious and
occurring by stealing the cards and the accompanying information at the time of transaction
Throughout the precedent two decades, IT and Internet technologies have reached each one nook
and corner of the world. E-commerce has come into existence due to the attributes of Internet
like ease of use, speed, anonymity and its International nature. Internet has transformed the
planet into a frontier excluding market place that never sleeps. Computer networks and Internet
authorize relocate of funds electronically between trading partners, businesses and consumers.
This shift can be done in many ways like use of credit cards, Internet banking, e-cash, e- wallet
etc. for example, smart cards. In some other forms of computer-based e-money, there is no upper
Persons also can shift funds in a straight line using e- wallets. This problem is further
compounded by the fact that, in several countries, non-financial institutions are also allowed to
issue e-money. Monitoring the behavior of these institutions in a habitual manner is not possible.
Earlier, cross-border transactions were controlled by the central banks of respective countries.
With the entrance of Internet commerce, the jurisdictional technicalities come into battle and it is
another area that is being exploited by the money launderers. The competence to transfer
limitless amounts of money without having to go through strict checks makes cyber money
laundering an attractive proposition.
The main objective of these guidelines is to prevent the banking transactions from being used by
criminal intentionally or unintentionally as an element of money laundering. Banks and financial
institutions are the core targets or focus on anti-money laundering practices and combating of
financial terrorism laws due to their vulnerability and adherence of these laws to combat money
laundering a counter financing. The money laundering reduces the officially authorized quantity
of the banks business causes fluctuations in the exchange rate. Money laundering can undermine
the credibility of the banking system. Facilitating the activities of launderers even inadvertently
can set in motion the banks into problems with law enforcement agencies and also governments.
26. Over the past three decades, large number of banking customers depends on the ATM to
conveniently meeting their banking needs. In the recent years, there have been a large number of
accidents of ATMs frauds. It is necessary to manage the risk associated with ATM fraud as well
as diminishing its impact on the important issues that face financial institutions as fraud
techniques to become more advanced with increased occurrences.
The prevailing contemporary era has replaced long-established monetary instruments from a paper and
metal based currency to “plastic money” in the form of credit cards, debit cards, etc. This has resulted in the
escalating utilize of ATM all over the world. The use of ATM is not only safe and sound but also suitable. This
safety and convenience, has an evil side which is reflected in the form of “ATM FRAUDS” that is an
international problem. The use of plastic money is increasing for payment of shopping bills, electricity bills,
school fees, phone bills, insurance premium, traveling bills and even petrol bills. The convenience and safety
that credit cards carry with its use has been instrumental in increasing both credit card volumes and usage.
This growth is not only in positive use of the same but as well as the negative use of the same. The world at
large is struggling to increase the convenience and safety on the one hand and to reduce it misuse on the
other. A few of the accepted techniques used to carry out ATM crime in banks are:
1. ATM’s card reader is tampered with in order to trap a customer’s card through card jamming.
2. Card Skimming is the unlawful technique of stealing the card’s security information from the
card’s magnetic stripe.
3. Card Swapping, is another technique in which customer’s card is swapped with another card
without the knowledge of cardholder.
4. Website Spoofing, here a fresh fabricated site is prepared which looks valid to the user and
customers are asked to give their card number PIN and other information, which are used to
reproduce the card for use at an ATM.
5. ATM machine is physical attacked for removing the cash.
Every year, cyber crime in India is going up by 50 per cent and during the last five years, around
9,000 Indian websites including those of various government departments were hacked. Many
government websites, some of them carrying sensitive information have become victims of
cross-border hacking, mainly from Pakistan, Bangladesh, Nepal and China. As per IC3’s annual
report 2012, India, ranked among the top five nations for the maximum complaint of cyber crime
and it ranked 6th in terms of complainant loss to the tune of $3,740,736.53. Information and
Cyber insecurity has been ranked at third position in India Risk Survey 2013 to which companies
are most vulnerable. According to Norton cyber crime report 2012, a global financial loss of up
to $110 billion occurred due to cyber crime. The report also reveals that 66 per cent of Indian
online adults have been victims of cyber crime in their lifetime. In the past 12 months, 56 per
cent of online adults in India have experienced it (a little over 115,000 daily victims or 80 per
minute). In India, one in three online adults (32 per cent) has been a victim of either social or
mobile cyber crime in last 12 months, and 51 per cent of social network users have been victims
of social cyber crime. The report says most internet users take basic steps to protect themselves
and their personal information. These include deleting suspicious emails and being careful with
their personal details online. However, other core precautions are being ignored. For instance, 25
per cent don't use complex passwords or change their passwords frequently. And, 38 per cent do
not check for the padlock symbol in the browser before entering sensitive personal information,
such as banking details, online. Well over half (64 per cent) of online adults in India report
having been notified to change their password for a compromised email account. Close to 42
million people in India were hit by cyber crime attacks in the past 12 months, causing an
27. approximate loss of $8 billion (INR 44,500 Crore). The average direct financial cost per victim is
$192, up 18 per cent over 2011 ($163).
In India, cyber crime cases are registered under Indian Penal Code and under Information
Technology Act. The IT Act was enacted in year 2000 and later enacted in 2008. During year
2005, 302 persons were booked under IPC and 179 under IT Act, while in the year 2012, 2876
persons were charged under IT Act and 601persons where charged under IPC. It shows
awareness of IT Act among police personnel. It is also observed that in the year 2012, a total of
2064 persons were arrested in cyber crime cases and out of these, 1176 arrested persons were
between age group of 18-30 years. In year 2011, a total of 1630 persons were arrested, out of
these, 883 persons were age group 18-30 years.
Despite the increasing cases of cybercrime incidents, and arrests of culprits, the conviction rate is
very poor in India. There have only been few cybercrime convictions in the whole country,
which can be counted on fingers. The Computer crime can be convicted only on digital evidence
and lack of the same leads to low conviction. One of the reasons may be that, in India, most of
the police stations are not technically equipped for cyber crime investigation and collection of
digital evidences. Secondly, the purpose of setting up of specialized cyber crime cell is defeated
when police personnel from law and order are transferred into cyber crime police stations; they
hardly are of any help as they lack the expertise. Most of the time electronic evidence is not
captured, retained and preserved in the manner required by the Indian Evidence Act. The digital
evidence required to be collected as early as possible and by not acting on time contributes to the
cause of low convictions. Because of its inability to come up with credible and legally valid
electronic evidence, the police find it extremely difficult to defend their case in court of law.
Lack of legal awareness related to cyber laws, dearth of cyber law experts, insufficient number
of cyber cells across country, interdependence of cyber world and most importantly, rise of a net
savvy generation are chiefly responsible for making this risk very critical.
ACCUSESD IN RS 400 MILLION SMS SCAM ARRESTED IN MUMBAI
MUMBAI: The alleged mastermind behind a Rs 400 million SMS fraud that duped at least
50,000 people has been arrested along with an associate more than two months after the scam
28. was unearthed.
Jayanand Nadar, 30, and Ramesh Gala, 26, were arrested late on Monday from a hotel in Mira
Road in the western suburbs. Nadar, a first year college dropout, along with his brother Jayaraj
had allegedly duped at least 50,000 people of Rs.400 million, said officials in the city police's
Economic Offences Wing (EOW).
The two brothers along with Gala allegedly took help of SMS technology and launched the first-
of-its- kind SMS fraud in India.According to EOW sources, in August 2006 the duo launched an
aggressive and catchy advertisement campaign in the print media that read: "Nothing is
impossible. The word itself is: I M Possible."
As part of the attractive scheme, the Nadar brothers messaged random numbers, asking people
interested in 'earning Rs.10,000 per month' to contact them."The modus operandi adopted by the
brothers was alluring," an EOW official said Tuesday."Interested 'subscribers' were asked to
deposit Rs.500 each. The conmen duo claimed to be working with a US-based company named
Aropis Advertising Company, which wanted to market its client's products through SMS',"
senior inspector A Thakur said. "The brothers even put up a website (www.getpaid4sms. com) to
promote their scheme. Subscribers who registered with them received about 10 SMS' every day
about various products and were promised handsome commissions if they managed to rope in
more subscribers by forwarding the messages," Thakur said. In return, the Nadars promised to
pay Rs.10,000 over 16 months to the investors. The amount was to be paid in installments of
Rs.1,000 every few months.
The brothers are said to have told the subscribers that their American clients wanted to conduct a
study about local response to their advertisement and were using SMS as it was the latest
medium of communication.
The duo invited people to become agents and get more members for the scheme. Gala reportedly
looked after the accounts.Initially, the brothers paid up small amounts. But when cheques and
pay orders of larger sums issued by the duo were not honoured, the agents got worried. The
SMSes too suddenly stopped.On November 30, one of the duped agents approached the DN
Road police station and lodged a complaint after a bank failed to honour a pay order amounting
Rs.2.17 million issued by the Nadar brothers.Then suddenly, the Nadars and Gala disappeared,
leaving their agents and investors in the lurch.By December, the police were flooded with similar
complaints. The DN Road police station registered a case against the brothers and Gala and later
transferred it to the EOW.
"By December 2006 the scheme had an over 50,000 membership in Mumbai alone. And we
suspect that hundreds of thousands from across the country were also hooked to the scheme,
thanks to a massive agent network and a door-to-door campaign carried out by the firm's now
duped agents," Thakur said.
"We suspect that the fraud amount may be over Rs.1 billion. With the extent of the scam spread
across the country, we are still trying to get the details."During investigations, the EOW came to
know that the Nadars, residents of the up market Juhu-Tara Road, owned a fleet of imported
sport utility vehicles and sedans.
29. "The brothers led an extravagant life. They would stay in top five star hotels, throw massive
parties for investors and were also known faces in the city's Page-3 circuit," Thakur revealed.
"We are now looking for Jayaraj, who has eluded arrest. Gala, who is believed to have looked
after the accounts, and Jayanand have been remanded to police custody till March 5."
ICICI BANK PHISHING CASE
One financial Institute registered a crime stating that some persons (“perpetrators”) have
perpetrated certain acts through misleading emails ostensibly emanating from ICICI Bank’s
email ID. Such acts have been perpetrated with an intent to defraud the Customers.
The Investigation was carried out with help of those emails received by the customers of that
financial Institute and arrested the accused , the place of offence at Vijaywada was searched for
the evidence . There one Lap Top and Mobile Phone was seized which was used for the
commission of the crime
The arrested accused had used open source code email application software for sending spam
emails. He has down loaded the same software from net and then used it as it is.
He used only VSNL emails to spam the email to customers of financial Institute because VSNL
email service provider do not have spam box to block the unsolicited emails.
After spamming emails to financial Institute customers he got the response from around 120
customers of which 80 are genuine and others are not correct because it do not have debit card
details as required for e-banking.
The financial Institute customers those who have received his email felt that the email was
originated from the financial Institute bank. When they filled the confidential information and
submitted that time said information was directed to accused. This was possible because the
dynamic link was given in the first page (Home page) of the fake web site. The dynamic link
means when people click on the link provided in spamming email that time only the link will be
activated. The dynamic link was coded by handling the Internet Explorer on click event and the
information of the form will be submitted to the web server (Where the fake web site is hosted).
Then server will send he data to configured email address and in this case email configured was
to the accused email . So on submission of the confidential information the information was
directed to email ID accused email .The all the information after fishing (user name, password,
Transaction password, Debit card Number and PIN, mothers maiden name) which he had
received through Wi-Fi internet connectivity of Reliance.com which was available on his Acer
This crime has been registered u/s U/Sec. 66 of IT Act, sec 419, 420, 465, 468, 471 of I.P.C r/w
Sections 51, 63 and 65 of Copyright Act, 1957 which attract the punishment of 3 years
imprisonment and fine up to 2 lacs rupees which accused never thought of .
The IT (Amendment) Act, 2008, reduced the quantum of punishment for a majority of cyber crimes. This
needs to be rectified.
The majority of cyber crimes need to be made non-bailable offences.
The IT Act does not cover a majority of crimes committed through mobiles. This needs to be rectified.
30. A comprehensive data protection regime needs to be incorporated in the law to make it more effective.
Detailed legal regime needed to protect privacy of individuals and institutions.
Parts of Section 66A of the IT Act are beyond the reasonable restrictions on freedom of speech and
expression under the Constitution of India. These need to be removed to make the provisions legally
As we can see the incidents of cyber crimes have always followed an upward trend in spite of the
amendments made. We have tried to figure out the various possible reasons as to why cyber
crimes are on increasing in spite of there being high penalties and punishments. We have tried to
find out the system which is preventing the proper implementation of such a forceful act. Cyber
Law in India is in its infancy stage. A lot of efforts and initiatives are required to make it a
mature legal instrument.
The discussion group cum database will analyze Cyber Law of India that suffers from the
Non-inclusion of contemporary Cyber crimes and Contraventions like Phishing, Spamming,
Cyber extortions, Compromised e-mails, Cyber Terrorism, etc. An obscure position of Freedom
of speech and expression under the ITA act, 2000, Absence of Liability for illegal blocking of
websites, blogs, etc., Lack of Techno-Legal compliance under the IT Act, 2000.5, Lack of
Wireless security under the IT Act, 2000, Absence of legal protection pertaining to IPRs in
cyberspace, Absence of Private defense in cyberspace. On-dealing of issues like Cyber terrorism
and private defense, etc. Besides these grey areas India is also facing problems of lack of Cyber
Security as well as ICT Security. A techno-legal base is the need of the hour. Unfortunately, we
do not have a sound and secure ICT Security base in India and Cyber security in India is still an
ignored World. If opening of Cyber Cells and Cyber Units is Cyber Security than perhaps India’s
best in the World at managing Cyber Security issues. Unfortunately ICT Security in India is
equated with face saving exercises of false claims and redundant exercises. The truth remains
that ICT Security in India is a myth and not reality. The Cyber Law in India requires a dedicated
31. and proactive approach towards ICT and Cyber Security in India. In the absence of a dedicated
and sincere approach, the Cyber Law in India is going to collapse.
IT ACT 2000 – Penalties, offenses with case studies: Network Intelligence
IT ACT 2000 Published by the Gazette of India
www.dsci.in – Information Technology Act, 2000 and Information Technology (Amendment)
www.ijarcsse.com- ICT Penetration and Cybercrime in India: A Review
www.deity.gov.in – Electronic Governance