The purpose of this paper is to analyze whether the emergence of digital banking
is a boon or a bane or it is both. The transformation of the digital sector has
brought significant convenience in making financial transactions, however, it
has exposed financial institutions and the public to a multitude of cyber
threats. This paper probes into the multifaceted impact of cyber-crimes on
digital banking.
The paper shall delve into the drawbacks and lack of
implementation of cyber laws and the current state of digital frauds which
includes account takeover, identity theft, fraudulent payment, phishing, etc.
Introduction
The world's first computer was developed in the year 1940. However, it was
scarcely accessible to people during that period making it an unpopular
instance. With the rapid advancements in technology and digitalization, there is
a noticeable increase in the number of victims of cybercrimes. India launched
its digital program back in 2015[1], to develop robust digital infrastructure
leading to easy accessibility of public services.
- Robust digital infrastructure
- Accessible government services
- Empowered citizens
With the advancement of society via digitalization, there has been a surge in
certain illegal activities and the most prevalent one is cybercrimes, these are
the most evolving felonious undertakings as with the current state of any
developing techno-country these crimes tend to harm the individuals, companies,
banks, society, and nation as a whole, cybercrimes include, identity theft,
financial fraud, online harassment, intellectual property thefts etc.
The
coherent integration of nations all over the world and the extensive use of
digital services made available to us have opened a wide market for
cyber-criminals to exploit the systems, disrupt operations, and earn profit from
such illicit activities. Cybercrime is not narrowed by geographical margins;
attackers can operate from virtually anywhere, making it a worldwide concern
that requires synchronized international efforts.
The aftermath of these illegal
cyber activities is extreme as it affects an individual and society as a whole
by causing them financial distress, damage to one's reputation, physical duress,
privacy infringement, and in certain cases physical harm. Such situations pose
significant challenges to law enforcement officers, agencies, government,
organizations, and individuals, who must for a better and safer future
continuously evolve strategies to address budding threats and implement strong cybersecurity measures to alleviate risks.
The swelling use of conveniences provided by digitalization has brought
unparalleled benefits, offering customers easy transactions, online transfers,
managed accounts, and other aspects of finance. It has enabled users to pay
bills, transfer funds, loans, and so on in just a few taps.
The merger of
technology and banking has proved to be a significant contribution made by
humans for the humans, this has made a tedious process easy and accessible on a
larger scale. Online banking refers to transactions made via digital media and
which has evaporated the use of traditional banking methods which used to take
up long standing hours and delayed transactions.
The underlying consequences of the transition from physical to digital are far
more concerning, because the users sometimes themselves jeopardize themselves by
putting up their private information, this creates a fertile ground for cyber
criminals who are constantly and more effectively enhancing their tactics to
defraud people causing them great damage.
Due to this pervasiveness and adverse effects on individuals, businesses, and
society as a whole, it becomes crucial to study cybercrimes.
The following
points are outlined to understand the impact of cyber crimes:
- Economic Impact: the current state of digital safety in many aspects is lagging, and this can be corroborated by the increasing number of fraud incidents. Not only individuals, but also many businesses and governments as well have suffered the consequences.
- National Security: the growing cyber age has not only impacted the safety and security of individuals but also the nation as a whole. Cyber espionage can vandalize the security of an entire nation and can cause extensive damage.
- Social Impact: the use of fake identities is the reason for the erosion of public trust on digital platforms. The impact is not restricted to trust, but it has also influenced people in such a manner that they have tendencies of self-harm.
- Awareness and Legal Implications: the need to awaken people about the potential cyber risks they may face is direly required. The law enforcement should be made stringent. Cybercriminals must be investigated and prosecuted using specialist expertise and resources.
In conclusion, though digitalization is of great convenience, it can also bring
a rather greater inconvenience, although a great contribution to developing
India, it has exposed customers to the claws of cyber attackers, who very
effortlessly misuse the information of the customers. Studying cybercrimes is
important for effectively addressing the issues.
Objective of the study
The objective of the paper is to analyze different types of cyber threats that
are imposed on digital banking.
Types of Cybercrimes in Digital Banking
Cybercrimes related to banking include a variety of harmful activities, such as
phishing, DDoS, vishing, identity theft, etc. With the growing world,
digitalization remains the most prominent contribution, as nowadays a world
without digital media or sources is almost unimaginable, however, as rapid
development is taking place it has exposed users to the vulnerabilities of the
cyber world. Phishing is most common among the cybercrimes in digital banking.
"Cybercrime poses a significant threat to the financial services sector as it
tries to cause widespread disruption and serious economic damage," said Steve
Winterfeld, Advisory CISO at Akamai.[2]
- Phishing Attack
Phishing is the most commonly used cyber tactic by attackers. In this method, attackers lure customers and entrap them into providing private information such as passwords, OTP, credentials, bank details, etc. A scammer sends a message that appears to be from a reliable source, including emails, phone calls, or websites, to deceive people into sharing sensitive information. In the year 2023, phishing scams targeted the United States (55.9%), the United Kingdom (5.6%), and India (3.9%). India experienced over 79 million phishing attacks, making it the third most targeted country. Phishing continues to be the most common email attack method, accounting for 39.6% of all email threats.
- Identity Theft
Identity theft, as the term itself suggests, occurs when scammers use personal information to pose as someone else. They use information such as Social Security Numbers (SSN), Dates of Birth (DoB), or even scrap mail. Once they get hold of such information, they can open fake bank accounts, apply for loans, or engage in other illicit financial activities. In the year 2022, India ranked first worldwide by the number of identity theft cases, with an estimated 27.2 million cases, followed by the USA with approximately 13.5 million cases and Japan with 3 million cases annually.
- Ransomware
Ransomware is malicious malware that blocks a user's access to the system, either by locking the screen or user files, until a ransom is paid. A recent study by CERT revealed that in 2023, ransomware attacks surged by 51%. In the same year, ransomware attacks caused significant upheaval in Indian businesses, resulting in major financial losses. The average ransom demand was approximately ₹40 crores ($4.8 million) per incident, with recovery expenses estimated at ₹11 crore ($1.35 million).
- DDoS Attack
Distributed Denial of Service (DDoS) attacks drastically reduce the loading speed of websites, particularly those belonging to banking institutions. DDoS attacks occur when several systems overwhelm the bandwidth or resources of a targeted system. DORKBOT is a major botnet used for cybercrime, enabling theft of sensitive data, initiation of DoS attacks, disabling of security measures, and distribution of malware. In 2023, during the G20 summit, over 600 government and private entities in India were targeted by more than 30 hacktivist groups through DDoS attacks.
- Vishing Attack
A vishing attack, or voice phishing attack, deceives people over phone calls where scammers trick them into revealing sensitive information. Data shared by Delhi Police revealed that until June this year, 25,924 UPI-related complaints, 5,312 internet banking complaints, and 5,486 fraud calls or vishing complaints were filed on the National Cyber Crime Portal (NCRP).
Consequences of cybercrimes on digital banking:
- Impact on Consumer Trust
Trust is a critical element for the sustainability of digital banking services. Due to the surge in criminal activities in digital banking, consumers have become reluctant to entrust banks with their private and sensitive information, and this has drastically changed the dynamics of the relationship between a bank and a consumer. High-profile banking scams can erode the confidence a user puts in respective banks, and with the digitalization of almost every amenity nowadays, it's quite precarious to trust just anything.
- Financial Implications
With the increasing number of online frauds, the determination of the aftermath is unimaginable, as it has implications beyond customer dissatisfaction. Persistent disruptions can severely impact the cash flow, hampering the ability to meet financial responsibilities and potentially impacting its liquidity. Since banks are the backbone of every economy, and for developing nations like India, it is quintessential to have a strong cyber-secure network.
With digital payments being made every second, privacy has been exposed to the clutches of attackers. This has impacted not only the financial sector but other sectors as well, as every sector is somehow interlinked. Since banks are the backbone, if there is a disruption in their functioning, it can have some severe repercussions, such as delays in payroll processing, issues in supply chain payments, and overall economic instability.
- Damage to Sensitive Data
Cyberattacks induce a prominent threat to confidential personal and financial data, including account details, SSNs, and payment details. When such an infringement occurs, it endangers the individuals with a scale of privacy violations, which may include severe repercussions. The consequences of this are beyond the immediate loss of data.
- Operational Risks
Based on the Basel Committee's report on banking supervision "Consultative Document on Operational Risk," operational risk is defined as "the risk of direct or indirect loss as a consequence of inadequate or failed internal processes, people, and systems, or from external events." Cyberattacks such as ransomware pose difficulties to the banking operations by causing a halt in the regular transactions and other services. Bank services like payment processing, online banking, and customer support may become unavailable, leading to dissatisfaction among customers.
Instances of cyber-attacks:
- Cyberabad cybercrime police nab two for cheating techie to tune of Rs. 2.29 cr:
2 scammers hailing from Aurangabad, Maharashtra, duped a software engineer into transferring Rs. 2.29 cr. The duo had promised high returns through stock investments. However, the victim was only shown virtual profiles and could not withdraw the funds. The police took action and are now working to catch their absconding associates.
- 35-year-old woman falls prey to cyber fraud, loses Rs. 1 lakh in Hyderabad:
In yet another case, a 35-year-old woman residing in Hyderabad fell prey to a cyber fraud, losing around Rs. 1 lakh. The attackers contacted her via WhatsApp, posing as bank executives and claiming that she needed to update her bank details. They warned her that failing to comply would risk losing her access to transactions. When she denied their request, they threatened her with a penalty of Rs. 5000. The scammers gained access to her email and personal information, leading to Rs. 1,08,990 being deducted from her account.
- Ex-serviceman duped of Rs. 45 lakh by cyber criminals:
On July 21, 2024, an ex-serviceman received a call regarding a personal loan and installation of a mobile tower. The victim sent copies of his Aadhar card, PAN card, and bank passbook via WhatsApp. Believing he would receive a loan, he transferred a total amount of Rs. 18 lakh across five different bank accounts. Later, the fraudsters turned off their mobile phone.
- Woman loses Rs. 4 lakh in cyber fraud involving fake police call in Karnataka:
Fraudsters duped a 23-year-old woman of Rs. 4 lakh by posing as police officers from Mumbai investigating a supposed international parcel scam. The incident occurred on November 4, 2024, when the woman received a call from an unknown number. The call was about a FedEx parcel containing a laptop, five credit cards, and 420 grams of MDMA being sent from Mumbai to Iran.
The officer instructed the woman to install the Skype app to record her
statement, following which she got connected to an account named "MH0066OFFICIAL
CYBER DEPARTMENT", further in their claim they mentioned that an ICICI employee
released her bank details. She was then asked to apply for a loan of Rs. 3.8
lakhs through the ICICI bank mobile app. After the crediting of the loan amount,
she was directed to transfer Rs. 2 lakhs to 2 different bank accounts with the
claim that the amount would be refunded in 15 minutes.[22]
Methodology
This research is based on a qualitative method, it comprises insights from
various articles, publications, news articles, and statistical data and numbers
that depict the increasing instances of cyber-attacks. The sources are mostly
government documents, published academic papers, journals, print media, and
findings of RBI and NCRB.
Findings
Prevalence of Cyber-crimes
The findings of this paper indicate that identity theft remains the most
commonly reported cybercrime attack. Furthermore, it can be said that the
provision of e-banking has brought a certain level of convenience for the people
but it can be said that most people who still are not tech-savvy remain unaware
of the potential use of the service.
The easiest prey for the attackers is the
underprivileged group of people, who are still unaware of the remedies that can
be taken in case of any such infringement. Consequently, the surge in these
activities has severely affected consumer trust and has caused great havoc in
the Indian digital banking systems.
Financial Impact on Banks
These cybercrimes have not only affected individuals but their consequences
extend beyond that, as it has caused the banks to incur severe losses in the
form of data breaches, operational disruptions, implementing security measures,
coupled with regulatory fines, all such factors pose a continuous financial
strain on banks.
Legal provisions
-
IT Act 2000, which was amended in the year 2008, the amendment introduced the provision for electronic signatures, thereby creating new offenses.
-
Section 43 of the act states that anyone who, without the permission of the person in charge of the computer system, installs such a virus or accesses the data stored in the system or causes denial of access will be liable to pay a penalty up to Rs. 1 crore.
-
Section 66F of the act provides for deliberate attacks to disrupt the services or availability of networks, which would attract a punishment of 7 years and a fine.
-
Section 66D of the act states the provision for phishing, imposing a penalty of up to 3 years and a fine.
-
Section 66C of the act states the provision for penalties for identity theft, which involves punishment for up to 3 years and a fine.
-
BNS Section 303 states: "Whoever, intending to take dishonestly any movable property out of the possession of any person without that person's consent, moves that property to such taking, is said to commit theft."
In the case of Jagjeet Singh v. State of Punjab & Anr, the SC established that hacking and data theft would attract liability under IPC and not just the IT Act.
Conclusion
Cybercrime presents a substantial threat to the veracity and reliability of
online banking. As the financial sector continues to culminate and innovate, it
becomes vital for banks to make their cybersecurity top-notch and strong enough
to protect their customer's data.
References
- Dr. Vijayalakshmi P, Dr.V. Priyadarshini, Dr. Umamaheswari K: Impacts of cybercrime on Internet banking [26]
- Suman Acharya, Sujata Joshi: Impact of cyber-attacks on banking institutions in India: a study of safety mechanisms and preventive measures
- Adela BUÇPAPAJ: Digitalization and Crime
- DSCI Authors: Prasad Deore, Neha Mishra, Contributor Amit Kr. Ghosh, SEQRITE Authors: Jaswinder Singh, Shayak Tarafdar, Priyabrata Dash
: Communications India Cyber Threat report 2023: by Data Security Council of India (DSCI) and SEQRITE
- Manuj Aggarwal Ministry of Electronics & IT Delhi, India Ransomware Attack: An Evolving Targeted Threat
- Sameer Patil, & Sagnik Chakraborty, A Cyber Security Agenda for India's Digital Payment System
- Cyber Digest [27]
- Shri G Padmanabhan, Executive Director at the Sri Chithira Thirunal: Emerging Issues in Cyber Security in the Financial Sector
End Notes
- https://www.investindia.gov.in/team-india-blogs/digital-india-revolutionising-tech-landscape
- https://www.akamai.com/lp/soti/financial-services-trends-2024
- https://timesofindia.indiatimes.com/business/india-business/india-ranks-third-globally-for-phishing-attacks
- Hornet security's Cyber Security Report 2024
- https://www.statista.com/statistics/1389318/identity-theft-victims-in-selected-countries/#statisticContainer
- https://www.livemint.com/mint-lounge/business-of-life/ransomware-surge-india-digital-security-11730013128459.html
- https://www.statista.com/statistics/494947/ransomware-attacks-peryear-worldwide/ [Accessed May 05, 2023]
- https://www.meity.gov.in/writereaddata/files/Ransomware_Attack_An_Evolving_Targeted_Threat.pdf
- https://www.dsci.in/files/content/knowledge-centre/2023/India-Cyber-Threat-Report-2023_0.pdf
- https://economictimes.indiatimes.com/news/india/online-payment-frauds-surging-in-the-capital-how-scamsters-are-fooling-delhis-netizens/articleshow/114030764.cms
- https://rbi.org.in/scripts/PublicationReportDetails.aspx?ID=624#L2
- https://www.bis.org/publ/bcbsca07.pdf
- https://cybercrime.gov.in/Webform/dailyDigest.aspx
- https://telanganatoday.com/cyberabad-cybercrime-police-nab-two-for-cheating-techie-to-tune-of-rs-2-29-cr
- https://hyderabad-35-year-old-woman-falls-prey-to-cyber-fraud-loses-rs-1-lakh
- https://www.tribuneindia.com/news/ludhiana/ex-serviceman-duped-of-45-lakh-by-cyber-criminals
- https://www.newindianexpress.com/states/karnataka/2024/Nov/11/woman-loses-rs-4-lakh-in-cyber-fraud-involving-fake-police-call-in-karnataka
- https://rbi.org.in/scripts/PublicationReportDetails.aspx?ID=624#L7
- Special Leave Petition (Criminal) No. 3583 of 2021
- https://www.livelaw.in/top-stories/supreme-court-hacking-and-data-theft-case-information-technologyitact-indian-penal-codeipc-174560
- https://www.researchgate.net/publication/351891885_IMPACTS_OF_CYBER_CRIME_ON_INTERNET_BANKING
Award Winning Article Is Written By: Ms.Lavanya Chittora
Authentication No: NV433204565391-1-1124 |
Please Drop Your Comments