Banking Related Technological Frauds

: Sunayana Sahu

Net banking/on-line banking frauds• Phishing• Vishing• Skimming• Spoofing

Money Laundering

ATM Frauds

NET BANKING/ON-LINE BANKING FRAUDS

PHISINGPhishing is an attempt by fraudsters to 'fish' for your banking details. A phishing attempt usually is in the form of an e-mail that appears to be from your bank.

The e-mail usually encourages you to click a link in it that takes you to a fraudulent log-on page designed to capture your details.

What?

How do fraudster

s operate

?

•Persuading to give away confidential information •such as their credit card details or online banking passwords •on replica bank or credit card provider Web sites.

•However, one click on the link activates the downloading of a Trojan worm.•This malware then monitors the user's surfing activity •and when they enter their bank URL transports them to a bogus Web site, •giving criminals easy access to any confidential passwords and log-in details.

Web site spoofing is the act of creating a web site, as a hoax, with the intention of performing fraud.

To make spoof sites seem legitimate, phishers use the names, logos, graphics and even code of the actual web site.

Fraudsters send e-mails with a link to a spoofed web site asking you to update or confirm account related information.

This is done with the intention of obtaining sensitive account related information like your Internet Banking user ID, password, PIN, credit card / debit card / bank account number, card verification value (CVV) number, etc..

SPOOFING

Skimming is a method used by fraudsters to capture your personal or account information from your credit card.

Your card is swiped through the skimmer and the information contained in the magnetic strip on the card is then read into and stored on the skimmer or an attached computer.

SKIMMING

Vishing is a combination of Voice and Phishing that uses Voice over Internet Protocol (VoIP) technology wherein fraudsters feigning to represent real companies such as banks attempt to trick unsuspecting customers into providing their personal and financial details over the phone.

VISHING

The fraudster sets up an automatic dialler which uses a modem to call all the phone numbers in a region.

When the phone is answered, an automated recording is played to alert the customer that his/her credit card has had illegal activity and that the customer should call the recorded phone number immediately. The phone number is with a caller identifier that makes it appear that they are calling from the financial company they are feigning to represent.

When the customer calls the number, it is answered by a computer-generated voice that tells the customer they have reached 'account verification' and instructs the consumer to enter his/her 16-digit credit card number on the key-pad.

Modus Operandi

Once a customer enters his/her credit card number, the 'visher' has all of the information necessary to place fraudulent charges on his/her card. Those responding are also asked for the security number found on the rear of the card.

The call can then be used to obtain additional details such as security PIN, expiry date, date of birth, bank account number, etc.

Spam is an electronic 'junk mail' or unwanted messages sent to your email account or mobile phone.

They may try to persuade you to buy a product or service, or visit a website where you can make purchases; or they may attempt to trick you into divulging your bank account or credit card details.

Spam

Spyware such as Trojan Horse is generally considered to be software that is secretly installed on a computer and takes things from it without the permission or knowledge of the user.

Spyware may take personal information, business information, bandwidth; or processing capacity and secretly gives it to someone else.

Spyware

MONEY LAUNDERING

ATM FRAUDS

METHODS

By placing a device on an ATM that

prevents the machine from reading a card

Use of Skimmers and

fake Cards.

DUPLICATE ATMs

TECHNOLOGICAL SOLUTIONS• Biometric tokens• Enhanced security• ATM Monitoring• Customized software's• Customer motivation• Alerts

Preventive Solutions

CONCLUSIONDifficult to Investigate – being Faceless, No-

scene Crime. Being high tech crime, the normal investigator

does not have the proper background and knowledge. Special investigators have to be created to carry out the investigations.

The Reserve Bank of India has come up with different proposals to counter these frauds, they have enacted Electronic Fund Transfer Act and regulations have been amended. But the experience is limited and is in a very immature state.

The existing enacted laws of India are not at all adequate to counter cyber crimes. The Indian Penal code, evidence act, and criminal procedure code had no clue about computers when they were codified. It is highly required to frame and enact laws which would deal with those subjects which are new to the country specially cyber law; Intellectual property right etc.

Thank You.