Cyber crimes and banking industry are standing at a cross road. More and more banking frauds are reported in India these days. The banking industry of India is facing novel and innovative financial and banking frauds in India. For instance, Internet banking frauds, ATM frauds, RTGS frauds, etc have significantly increased in India. Similarly IT and cyber frauds in Indian companies are also increasing. The cyber law and cyber security trends of 2013 provided by Perry4Law have also proved this scenario.
The cyber security of banking segment of India is in poor condition. The online banking cyber security is not upto the mark despite repeated reminder by the Reserve Bank of India (RBI). Even the regulations pertaining to security and risk mitigation measures for card present transactions in India have been brought into force by RBI.
However, despite various regulations and guidelines by RBI, the banks in India have not only failed to secure their online systems but they have also failed to secure the ATMs installed at their premises. As a result ATM frauds in India have significantly increased. Similarly, the mobile payment cyber security in India is also not in a proper state.
Sophisticated malware have also been specifically designed to target the banking industry of India. For instance, the Vskimmer Trojan designed to steal credit card information from Windows system is already in circulation. Similarly, the Malware Dump Memory Grabber is also targeting POS systems and ATMs of major U.S. banks. These malware are creating havoc in India and international levels.
Recently, the RAKBANK and Bank of Muscat Oman became victims of international ATM heist. The hacking prompted authorities in the US and Europe to launch an international manhunt. Authorities made arrests soon after in Germany and the US, and most of the money was recovered, with one of the ringleaders, being found dead in mysterious circumstances, with $100,000 in his possession.
The Computer Emergency Response Team (CERT) of India has even started investigation in this international ATM heist case as it has Indian connections as well. However, till now nothing concrete has resulted from investigations made by India in this regard.
Now DNA India has reported that the Karnataka police have speeded up their investigation into the international ATM heist case. One of the payment processing company that was hacked into is a city-based company enStage Software, situated in Cambridge Road, Halasuru, which managed payments processing for Muscat Bank of the Sultanate of Oman. The Karnataka CID is now pursuing the case, after Muscat Bank complained that someone in enStage Software may have been involved in hacking its data center maintained by the provider. Earlier the case was investigated by Halasuru police and CCB (Central Crime Branch) and after local police could not probe this hi-tech and international case, the state DGP office asked CID (Economic Offence Wing) to pursue the case. Halasuru police registered a case under section 66(C) of IT Act-2000 and also under 420 and other sections of IPC. Since the case involved huge amount of money stolen, the case was transferred to Central Crime Branch (CCB). They investigated the case and found it difficult to probe as it involves international transactions and lack of cyber tools. Thus the DG&IGP transferred this case to CID for further investigation on December 23, 2013, sources said.
Sources said the CID obtained the statement of preliminary findings of Muscat Bank, details of 12 pre-paid travel cards, the usage and processing service agreement of enStage Software, Operation Processing Manual of Muscat Bank, final report of computer forensic investigation for investigation with the help of Cyber police. The CID may seek Interpol’s help to investigate the accused arrested in foreign countries.
The problem with the cases like these is that they are transnational in nature and the cyber criminals take advantage of the conflict of laws in cyberspace. Further, we have no cyber forensics best practices in India. There is also an urgent need to strengthen cyber forensics and cyber crimes investigation capabilities of India. On the legislation front, India needs a new and better cyber law and the old one must be repealed. Indian law enforcement agencies must be well equipped with modern technologies and suitable trainings and Indian government must pay a special attention to modernisation of police force of India.