• Admin


Author: Paikar Mustafa

Law Graduate, 2019

Law College Dehradun, Uttarakhand


The advent of the 21st century witnessed a wave of technology in the world we know and want to live in. The widespread use of computers and internet made the existing technological system efficiently run at unimaginable speed. Keeping of memos, inter alia, became a comparatively easy task for people effluent in and familiar with the use of technology. Almost every sector in our day to day lives is being made computerized and technologically efficient ways to keep up with the developments that focus on making life easy have been readily utilized.

The banking sector in India was no novice in adopting technological advancements and the surge of this development witnessed digital transactions, e-banks, electronic transactions, ATMs, cashless transactions, loans and deposit via internet et al. To put it precisely, the Banking sector is the biggest beneficiary of the IT revolution, the importance of which can be realised in the prevailing pandemic times, when the whole world is amidst the severest of crises of COVID-19 taking a toll on the lives of people, forcing social gatherings and physical appearance to go null. While the infotech revolution has catered to the needs and easy accessibility for people having the dimmest of means to avail them, it has wide opened the influx of unlawful doings in what is the least known and most trusted domain to keep safe the most considerate resources of people- their money.

Cyber Crimes

Cyber Crime has no definitive explanation and can be understood as a crime committed targeting computer via network. With the modernization of internet and technological revolution that includes the availability of smartphones and internet access in every hand, the tasks such as internet banking, online shopping, digital transactions can be done within a matter of seconds.

Subsequently, Cyber predators have taken advantage of this revolutionary phase and have fed on the lacunas in this system. Most cyber-crimes include hacking, phishing, spamming, etc. With regard to Banking sector - ATMs skimming, Account hacking, Spam Fraud calls convincing people to give their personal information directly linked to Bank Account by luring them with any fake schemes and profits etc. ATM machines are used as a host to commit crime, wherein, the machine is tampered to copy the data (PIN number) of the user thereby replicating it and duping money with the person unaware to the highest degree.

The tech-savvy offenders have created a consortium where they pose as a legitimate organisation and deceive people in funding them in the name of savings. Between the bank and the customer, there is a long list of unknown and unrecognised intermediaries who for the greed of monetary profits loot people. The anonymity of the web and the uncertainty of internet has rendered serious projection in the cyber-crimes. Credit card frauds and Saving schemes frauds are common sights in these times that require a steady regulation inn place to combat the same.

As per the data made available by the Reserve Bank of India, 13,083 and 11,997 cases related to ATM/credit/debit cards and net banking frauds were reported by the banks during 2014-15 and 2015-16 (up to December 2015), respectively. In addition, 44,679 and 49,455 cybersecurity incidents were recorded during 2014 and 2015, including phishing, scraping, malicious code, website intrusion, denial of service, etc., as per the details submitted to and monitored by the Indian Computer Emergency Response Team (CERT-In). The RBI stated that the total number of frauds reported by Scheduled commercial banks and select FIs during Financial Year 2019-20 is 84,545 and the amount involved therein is Rs 1,85,772.42 crore.[i]

In the financial year 2018-19 Fraud of Rs 71500 crore worth was detected in Indian Banking System while over 90 percent of these losses were to the government owned banks.[ii]


The constant rise in cybercrime in the banking sector, which mainly includes “insiders”, has alarmingly concerned people with no proper redressal to their grievances at all. In effect, Bank branches take time to register a complaint or detect an online fraud. The cumbersome procedure of which a common man is mostly unaware adds to the fear and torments of the public. Besides, the online black market referred to as “Dark Web” contains personal details of account holder’s financial worth. The cyber-security at the core is the main issue. The authorities [EP2] are without any exhaustive procedures, independent investigations and training techniques to combat and detect these frauds. The existing authorities viz., National Nodal Agency established under section 70-A of the IT Act, 2000 in respect of critical Information Infrastructure Protection; Indian Computer Emergency Response Team under section 70B for the collection and reporting of incidents relating to cyber-crimes should work in close proximity with Cyber Police Stations or Cyber cells in any Police Station where the aggrieved come as a first resort to find solution. The cyber Crime and Fraud Management committees formed by the Banks should on a regular basis monitor the complaints being lodged. The Police officers or local administration should be efficient in Cyber Crimes and Fraud Management Education and the certification of officers in these field should be made mandatory so as to ensure that the problem detected on the first instance should not go untracked because of inefficiency of the system and responsible authorities.

The field to chase and detect is global with changing addresses and more trained minds escaping detection. The statutory remedy at hand is dealt under Information Technology Act, 2000 which in itself is a half-baked law, rudimentary in its application. The sphere of cyber-crimes is increasing every minute and Banking sector remains the foremost branch of its modus operandi. The Reserve Bank of India has time and again come up with guidelines for the bank to ensure the cybersecurity of the customer with the liberty to the banks to modify it as the situation warrants. The Reserve Bank of India, taking into cognizance the steep hike in the cybercrimes in financial sector recently issued a comprehensive circular[iii] to all banks in India urging them to implement a cyber security framework . It provides for an ideal, robust and resilient approach to be adopted by the banks which address, and tackles risks posed by the cyber criminals by including adaptive incident response management and recovery system to deal with adversities.

Some guidelines inter alia are listed as follow:

1) Identify and assess risks, technologies implemented, regulatory compliance, delivery channels (online / mobile, etc.), organizational culture, internal and external challenges, and risk management and control processes and policies in place.

2) Continuous surveillance through vulnerability testing through an SOC (Security Operations Centre) that continues to update the nature of emerging cyber threats

3) IT infrastructure to promote security measures to be introduced by the bank after the readiness evaluation and to ensure that network connections to the database are allowed by a well-defined procedure and only by approved staff.

4) Formulating a Cyber Crisis Management Plan (CCMP) that will concentrate primarily on: identifying, reacting, restoring and containing different forms of cyber threats, including and not limited to: distributed denial of services (DDoS), ransom / crypto ware, disruptive malware, business email fraud including spam, email phishing, spear phishing, whaling, vishing fraud, drive-by downloads, browser gateway fraud etc.

5) Sharing of Cyber Security information: It is reiterated that banks need to report all cyber security incidents to the Reserve Bank of India. It was emphasized that global collaboration among entities facilitates timely measures in containing cyber risks.

Safeguard Against Cyber Crimes: Suggestions and Practice.

The banking system in any nation provides for the backbone of its economy. The “give and take” nature of Banking sector keeps the malady of financial emergency at bay. to combat cybercrimes flourishing in the banking sector and protect the customers the specialised security teams along with highly trained officers should be constituted for each and every branch of the banks that focus on the detection of cyber frauds and redressal mechanism.

Cyber awareness at the ground level should be made part of education, as it is rightly said: “prevention is better than cure