I beg your pardon if I have missed any references or source.
LEGAL
ASPECTS OF BUSINESS
Information Technology Act rather than giving
Information & Technology gives rise to more Cyber Crimes
INDEX
Sr.
No
|
Particulars
|
1
|
Introduction:
Information Technology
|
2
|
Information
Technology Act 2000
|
3
|
Information
Technology (Amendment) Act, 2008
|
4
|
Cyber
Crime
|
5
|
Types
of Cyber Crime
|
6
|
Caselets
as per selected IT act section
|
7
|
National
Association of Software and Service Companies (NASSCOM)
|
8
|
Role of
Information Technology in Banking sector
|
9
|
Facts
& Figures
|
10
|
Case
Study
|
11
|
Conclusion
|
12
|
Bibliography
|
Introduction
|
|
Connectivity via the Internet has
greatly a bridged geographical distances and made communication even more
rapid. While activities in this limitless new universe are increasing
incessantly, the need for laws to be formulated to govern all spheres of this
new revolution was felt. In order to keep pace with the changing generation
the Indian Parliament passed Information Technology (IT) Act, 2000. The
Indian Parliament enacted the Act called the Information Technology Act,
2000. This Act is based on the Resolution A/RES/51/162 adopted by the General
Assembly of the United Nations on 30th January, 1997 regarding the Model Law
on Electronic Commerce earlier adopted by the United Nations Commission on
International Trade Law (UNCITRAL) in its twenty-ninth session. India was one
of the States, which supported this adoption of Law by the General Assembly.
The Act aims at providing legal
recognition for transactions carried out by means of electronic data
interchange and other means of electronic communications commonly referred to
as "electronic commerce" which involve the use of alternative to
paper based methods of communication and storage of information and aims at
facilitating electronic filing of documents with the government agencies.
|
|
INTRODUCTION OF INFORMATION
TECHNOLOGY ACT 2000
Information technology is one of the important law relating
to Indian cyber laws. It had passed in Indian parliament in 2000. This act is
helpful to promote business with the help of internet. It also set of rules and
regulations which apply on any electronic business transaction. Due to
increasing crime in cyber space, Govt. of India understood the problems of
internet user and for safeguarding the interest of internet users, this act was
made.
An Act to provide legal recognition for transactions carried
out by means of electronic data interchange and other means of electronic
communication, commonly referred to as "electronic commerce", which
involve the use of alternatives to paper-based methods of communication and storage
of information, to facilitate electronic filing of documents with the
Government agencies and further to amend the Indian Penal Code, the Indian
Evidence Act, 1872, the Bankers' BooksEvidence Act, 1891 and the Reserve Bank
of India Act, 1934 and for matters connected therewith or incidental thereto.
Following
issues are covered under this Act –
• Electronic transactions
• Digital signatures
• Hacking
• Network service providers
Objectives
of the Act:
• To grant legal recognitions for any
transactions carried out by means of Electronic Data Interchange and other
means of communication commonly referred to as – ‘Electronic Commerce’, in
place of paper based method of communication.
• To give legal recognitions to
digital signature for authentication of any information or matter which require
authentication under any law.
• To facilitate electronic filing of
documents with the government department.
• To facilitate electronic storage of
data.
• To facilitate and give legal
sanctions to electronic fund transfer between the bank and financial
institution.
• To give legal recognitions for
keeping books of account by banker in electronic form.
• To Amend the Indian Penal Code 1860,
The Indian Evidence, 1872, The Banker’s Book Evidence Act,1891 and The Reserve
Bank of India Act, 1934.
Scope
of the Act:
The Information Technology Act 2000 extends to
the whole of India. It applies also
to any offence or contravention there under committed outside India by any
person.
However The Act does not apply to:
1. A negotiable instrument other than cheque. It means the
Information Technology Act is applicable to cheque.
2. A power-of-attorney.
3. A trust as defined in section 3 of the Indian
Trusts Act, 1882.
4. A will.
5. Any contract for the sale or conveyance of
immovable property or any interest in such property;
6. Any such class of documents or transactions
as may be notified by the Central Government in the Official Gazette.
Some of the Important Definition:
1."Adjudicating officer" means an adjudicating officer
appointed under subsection of section 46.
2."Affixing digital
signature" with its grammatical variations and cognate expressions
means adoption of any methodology or procedure by a person for the purpose of
authenticating an electronic record by means of digital signature.
3."Appropriate
Government" means as respects any matter-
(i) Enumerated in List II of the Seventh Schedule
to the Constitution;
(ii) Relating to any State law enacted under List III of the Seventh
Schedule to the Constitution, the State Government and in any other case, the
Central Government.
4."Asymmetric crypto system" means a system of a secure
key pair consisting of a private key for creating a digital signature and a
public key to verify the digital signature.
5."Certifying Authority" means a person who has been
granted a license to issue a Digital Signature Certificate under
section 24.
6."Certification practice statement" means a statement
issued by a Certifying Authority to specify the practices that the Certifying
Authority employs in issuing Digital Signature Certificates.
7."Cyber Appellate Tribunal" means the Cyber Regulations
Appellate Tribunal established under sub-section (1) of section 48.
8."Digital signature" means authentication of any
electronic record by a subscriber by means of an electronic method or procedure
in accordance with the provisions of section 3.
9."Digital Signature Certificate" means a Digital
Signature Certificate issued under subsection of section 35.
10."Electronic form" with reference to information means
any information generated, sent, received or stored in media, magnetic,
optical, computer memory, micro film, computer generated micro fiche or similar
device.
11."Electronic
Gazette" means the Official Gazette published in the electronic form.
12."Secure system" means computer hardware, software, and
procedure that-
(a)are reasonably secure from unauthorized access and
misuse,
(b)provide a reasonable level of reliability and correct operation,
(c)are reasonably suited to performing the intended functionsand
(d) adhere to generally accepted security procedures.
(b)provide a reasonable level of reliability and correct operation,
(c)are reasonably suited to performing the intended functionsand
(d) adhere to generally accepted security procedures.
Advantages
of I.T. Act 2000:
1. Helpful to promote e-commerce-
• Email is valid
• Digital signature is valid.
• Payment via credit card is valid.
• Online contract is valid
Above all things validity in eye of Indian law is very
necessary. After making IT act 2000 , all above things are valid and these
things are very helpful to promote e-commerce in India .
2. Enhance the corporate business -
After issuing digital signature, certificate by Certifying
authority, now Indian corporate business can enhance.
3. Filling online forms -
After providing facility, filling online forms for different
purposes has become so easy.
4. High penalty for cyber crime -
Law has power to penalize for doing any cyber crime. After
making of this law, nos. of cyber crime has reduced.
Shortcoming
of I.T. Act 2000:
1.
Infringement of copyright has not been included in this law.
2.
No protection for domain names.
3.
The act is not applicable on the power of attorney, trusts and will.
4.
Act is silent on taxation.
5.
No, provision of payment of stamp duty on electronic documents.
INFORMATION TECHNOLOGY AMENDMENT ACT
2008
The IT Act 2000, being the first legislation on
technology, computers, e-commerce and e-communication, was the subject of
extensive debates, elaborate reviews with one arm of the industry criticizing
some sections of the Act to be draconian and other stating it is too diluted
and lenient. There were some obvious omissions too resulting in the
investigators relying more and more on the time-tested (one and half
century-old) Indian Penal Code even in technology based cases with the IT Act
also being referred in the process with the reliance more on IPC rather on the
ITA.
Thus the need for an amendment – a detailed one
– was felt for the I.T. Act. Major industry bodies were consulted and advisory
groups were formed to go into the perceived lacunae in the I.T. Act and
comparing it with similar legislations in other nations and to suggest
recommendations. Such recommendations were analyzed and subsequently taken up
as a comprehensive Amendment Act and after considerable administrative
procedures, the consolidated amendment called the Information Technology Amendment Act 2008 was placed in the
Parliament and passed at the end of 2008. The IT Amendment Act 2008 got the
President assent on 5 Feb 2009 and was made effective from 27 October 2009.
Notable features of the
ITAA 2008 are:
· Focusing on data privacy
· Focusing on Information
Security
· Defining cyber cafe
· Making digital signature
technology neutral
· Defining reasonable
security practices to be followed by corporate
· Redefining the role of
intermediaries
· Recognizing the role of Indian
Computer Emergency Response Team
· Inclusion of some additional cyber
crimes like child pornography and cyber terrorism
· Authorizing an Inspector to
investigate cyber offences (as against the DSP earlier)
Intermediary:
The term “intermediary” has been
defined under section 2(1)(w) of the Act. An “intermediary” with respect to any
particular electronic records, means any person who on behalf of another person
receives, stores or transmits that record or provides any service with respect
to that record and includes telecom service providers, network service
providers, internet service providers, web hosting service providers, search
engines, online payment sites, online-auction sites, online market places and
cyber cafes. The definition of “intermediary” is intended to cover both professional
and non-professional intermediaries, i.e., any person (other than the
originator and the addressee) who performs any of the functions of an
intermediary.
The Amendment Act, 2008 has given
an inclusive definition of “intermediary” and identified a set of service
providers as “intermediary” – telecom service providers, network service
providers, Internet service providers, web hosting service providers, search
engines, online payment sites, online-auction sites, online market places and
cyber cafes.
DIGITAL
SIGNATURE
Digital signature means authentication of any electronic
record by a subscriber by electronic mode. It is like a handwritten signature.
It should be difficult for the sender to forge and difficult for the receiver
to reproduce. Generation of digital signature uses a technology known as key
pair. The users who want to enter into electronic agreement should have key
pair. The public key is for distribution where as the private key is for user
himself.
For any valid legal electronic document two requirements are
there, one is integrity of the document, i.e., document has not changed and
authentication, i.e., document is signed. So an electronic document to be a
legal valid document is a two step process.
• Hash function is used for integrity
of document.
• Digital signature used for
authentication of documents
Hash
Function:
The hash function is an algorithm which is run over the
message or content of the agreement and it generates a big alphanumeric number
know as message digest. This message digest is of unique value for one message
or content. If someone will change even a character in the original message and
then if the hash function will run over this message again, it will not
generate the same number. This change in value will indicate that the original
message has been changed. And there will always be the same number generated
when the hash function algorithm will run over the original message.
The hash function technique is used for checking the
integrity of the message. After generating the message digest from the message
with the hash function, the message digest is encrypted with the private key of
the sender and it again generate a value and this value is known as the digital
signature. And this value is transmitted along with the original document in
encrypted or direct form. And at the receiving end, the receiver uses the
public key of the sender to decrypt the digital signature and it generates the
message digest. The receiver again generates the message digest by running the
hash function over the actual message and if it generates the same message
digest which the receiver has obtained decrypting the digital signature, then
it will ensure that the message content has not been changed and the digital
signature belongs to the person who has given the public key to the receiver.
For transmitting the public key safely and providing a proof
that the public key with the receiver, belongs to the person who has claimed
for this, a certificate is obtained from a certifying authority who gives a
digital certificate and ensure that the public key actually belongs to a person
who has claimed for it. The most popular certifying authority who issues the
digital certificate is known as VeriSign.
Section-3
Authentication of electronic records:
- Subject to the provisions of this section, any subscriber may
authenticate an electronic record by affixing his digital signature.
- The authentication of the electronic record shall be effected by the
use of asymmetric crypto system and hash function which envelop and
transform the initial electronic record into another electronic record.
- Any person by the use of a public key of the subscriber can verify the
electronic record.
- The private key and the public key are unique to the subscriber and
constitute a functioning key pair.
Explanation: Any contract which
is done by subscriber. If he signs the electronic agreement by digital signature then it will be valid. In case bank,
the verification of digital signature can be on the basis of key pair.
Different between
electronic signatures and Digital signatures:
Digital signature is a sub set of electronic
signature. The Amendment Act, 2008, in order to maintain continuity with the
regime of the digital signature has introduced the concept of ‘electronic
signature’. Examples of electronic signatures may include biometric signatures,
passwords, PINs, encryption applications etc.
ELECTRONIC GOVERNANCE
The e-governance means the filling of
any form, application or other document with the government department in the
electronic form and similarly issue or grant of any license or permit or
receipt or payment from the government offices and its agencies through the
electronic means or electronic form. E-governance is the application of information and
communication technology (ICT) for delivering government services, exchange of information
communication transactions, integration of various stand-alone systems and
services between government-to-citizens (G2C), government-to-business (G2B), government-to-government (G2G) as well as back office
processes and interactions within the entire government framework. Through
e-governance, government services will be made available to citizens in a
convenient, efficient and transparent manner. The three main target groups that
can be distinguished in governance concepts are government, citizens and
businesses/interest groups. In e-governance there are no distinct boundaries.
Generally four
basic models are available – government to customer (citizen), government to
employees, government to government and government to business.
BENEFITS:
The e-governance
will help in low cost, efficient and transparent working of the government
department. The issue of the man power shortage at the government office and
bribe can be avoided easily. Accuracy and record maintenance will be faster and
smoother.
RULES
OF ELECTRONIC GOVERNANCE:
The information technology Act provides a legal
recognition for electronic records. It means government department and
government offices can accept the document in electronic form and this will be
treated as legal valid documents.
The Act also provides for legal recognition for the
digital signature. It means any documents or data digital signed will be
treated as valid and authenticated electronic records. Filling of any form and
application to government can be done through electronic mean and similarly the
government department can issue or grant any license and permission through
electronic means.
POSSIBLE USES OF E-GOVERNANCE:
The
future of e-governance is very bright. With the help of information technology,
the daily matters can be effectively taken care of irrespective of the field
covered by it. For instance, the Delhi Police Headquarter has launched a
website, which can be used for lodging a First Information Report Similarly;
the Patna High Court has taken a bold step of granting bail on the basis of an
online bail application. The educational institutions, including universities,
are issuing admission forms electronically, which can be downloaded from their
respective websites. The results of examinations of various educational
institutions, both school level and university level, are available online,
which can be obtained without any trouble. These are but some of the instances
of the use of technology for a better e-governance. The beneficial concept of
e-governance can be utilized for the following purposes:
·
To have access to
public documents.
·
For making online
payments of various bills and dues.
·
To file statutory
documents online.
·
To file the
complaints, grievances and suggestions of citizens online.
·
The online
facility can be used to enter into a partnership the appropriate government in
cases of government contracts.
·
The citizens can
use the online facility to file their income tax returns.
Section-4 Legal
recognition of electronic records:
Where any law provides
that information or any other matter shall be in writing or in the typewritten
or printed form, then, notwithstanding anything contained in such law, such
requirement shall be deemed to have been satisfied if such information or matter
is-
(a) Rendered or made available
in an electronic form; and
(b) Accessible so as to be usable for a subsequent reference.
Explanation: It explains in detail that all electronic records of government are
acceptable unless any other law has any rules regarding written or printed
record.
CYBER
CRIME
In the era of cyber world as the usage of computers
became more popular, there was expansion in the growth of technology as well,
and the term ‘Cyber’ became more familiar to the people. The evolution of
Information Technology (IT) gave birth to the cyber space wherein internet
provides equal opportunities to all the people to access any information, data
storage, analyze etc. with the use of high technology. Due to increase in the
number of cybercitizens, misuse of technology in the cyberspace was clutching
up which gave birth to cyber crimes at the domestic and international level as
well. Though the word Crime carries its general meaning as “a legal wrong that
can be followed by criminal proceedings which may result into punishment”
whereas Cyber Crime may be “unlawful acts wherein the computer is either a tool
or target or both”.It could be hackers vandalizing your site, viewing
confidential information, stealing trade secrets or intellectual property with
the use of internet. It can also include ‘denial of services’ and viruses
attacks preventing regular traffic from reaching your site.
Cyber crimes are not limited to outsiders except in
case of viruses and with respect to security related cyber crimes that usually
done by the employees of particular company who can easily access the password
and data storage of the company for their benefits. Cyber crimes also includes
criminal activities done with the use of computers which further perpetuates
crimes i.e. financial crimes, sale of illegal articles, pornography, online
gambling, intellectual property crime, e-mail, spoofing, forgery, cyber
defamation, cyber stalking, unauthorized access to Computer system, theft of
information contained in the electronic form, e-mail bombing, physically
damaging the computer system etc.
CYBER CRIME IS AN EVIL HAVING ITS
ORIGIN IN THE GROWING DEPENDENCE ON COMPUTERS IN MODERN LIFE.
“A simple yet sturdy definition of cyber crime would be
unlawful acts wherein the computer is either a tool or a target or both”.
Defining cyber crimes, as “acts that are punishable by the information
Technology Act” would be unsuitable as the Indian Penal Code also covers many
cyber crimes, such as e-mail spoofing, cyber defamation, etc.
• Cybercrime in a narrow sense
(computer crime):
Any illegal behavior directed by means of electronic operations that targets
the security of computer systems and the data processed by them.
• Cybercrime in a broader sense
(computer-related crime):
Any illegal behavior committed by means of, or in relation to, a computer
system or network, including such crimes as illegal possession [and] offering
or distributing information by means of a computer system or network.
Types
of Cyber Crime:
Cyber Crime refers to all activities done with criminal
intent in cyberspace. These fall into three slots.
• Those against persons.
• Against Business and Non-business
organizations.
• Crime targeting the government.
Let us examine the acts wherein the computer is a tool for
an unlawful act. This kind of activity usually involves a modification of a
conventional crime by using computer. Some examples are,
1. Hacking:
Hacking in
simple terms means an illegal intrusion into a computer system and/or network.
There is an equivalent term to hacking i.e. cracking, but from Indian Laws
perspective there is no difference between the term hacking and cracking. Every
act committed towards breaking into a computer and/or network is hacking.
Hackers write or use ready-made computer programs to attack the target
computer. They possess the desire to destruct and they get the kick out of such
destruction. Some hackers hack for personal monetary gains, such as to stealing
the credit card information, transferring money from various bank accounts to
their own account followed by withdrawal of money. They extort money from some
corporate giant threatening him to publish the stolen information which is
critical in nature.
Government
websites are the hot targets of the hackers due to the press coverage, it
receives. Hackers enjoy the media coverage.
2. E-Mail spoofing:
A spoofed email is one that appears to originate from one
source but actually has been sent from another source. A spoofed e-mail may be said to be one, which
misrepresents its origin.
This can also be termed as E-Mail forging.
E.g. Pooja has an e-mail address pooja@asianlaws.org. Her enemy, Sameer
spoofs her e-mail and sends obscene messages to all her acquaintances. Since
the e-mails appear to have originated from Pooja, her friends could take
offence and relationships could be spoiled for life. Email spoofing can also
cause monetary damage. In an American case, a teenager made millions of dollars
by spreading false information about certain companies whose shares he had
short sold. This misinformation was spread by sending spoofed emails,
purportedly from news agencies like Reuters, to share brokers and investors who
were informed that the companies were doing very badly. Even after the truth
came out the values of the shares did not go back to the earlier levels and
thousands of investors lost a lot of money.
3. Cyber Defamation:
It is an act of imputing any person with intent to
lower down the dignity of the person by hacking his mail account and sending
some mails with using vulgar language to unknown persons mail account.This occurs when defamation takes
place with the help of computers and or the Internet.e.g. someone published
defamatory matter about someone on a websites or sends e-mail containing
defamatory information to all of that person’s friends.
4.
Phishing:
In computing, phishing is a form of social engineering, characterized by
attempts to fraudulently acquire sensitive information, such as passwords and
credit card details, by masquerading as a trustworthy person in an electronic
communication. The term phishing arises from the use of increasingly sophisticated
lures to "fish" for users' financial information and passwords.
Phishing is typically carried out by email spoofing or instant messaging and it
often directs users to enter details at a fake website whose look and feel are
almost identical to the legitimate one.
For Example:Criminal sends a
message via e-mail like “ Congratulations you have won $100,00,000” to a random
persons e-mail address and thereby asks the receiver of the mail to fill in
some personal details so that the money can be transferred to the receiver of
the mail. The criminal also asks for some processing charges to be paid so that
the amount can be transferred. Many a times the person to whom the mail has
been sent pays the processing charges but does not
receive the prize money
mentioned in the mail.
5. Cyber
squatting:
Cyber squatting
(also known as domain squatting), is registering, trafficking in, or using a
domain name with bad faith intent to profit from the goodwill of a trademark
belonging to someone else. The cybersquatter then offers to sell the domain to
the person or company who owns a trademark contained within the name at an
inflated price.
It means where two persons claim for the same Domain Name either by
claiming that they had registered the name first on by right of using it before
the other or using something similar to that previously. For example two
similar names i.e. www.yahoo.com and www.yaahoo.com.
The term is derived from "squatting",
which is the act of occupying an abandoned or unoccupied space or building that
the squatter does not own, rent, or otherwise have permission to use. Cyber squatting,
however, is a bit different in that the domain names that are being
"squatted" are (sometimes but not always) being paid for through the
registration process by the cybersquatters. Cybersquatters usually ask for
prices far greater than that at which they purchased it. Some cybersquatters
put up derogatory remarks about the person or company the domain is meant to
represent in an effort to encourage the subject to buy the domain from them.
Others post paid links via Google, Yahoo!, Ask.com and
other paid advertising networks to the actual site that the user likely wanted,
thus monetizing their squatting.
6. Cyber Terrorism:
Cyber terrorism is a major burning issue in the
domestic as well as global concern. The common form of these terrorist attacks
on the Internet is by distributed denial of service attacks, hate websites and
hate e-mails, attacks on sensitive computer networks etc. Cyber terrorism
activities endanger the sovereignty and integrity of the nation.
Cyber Regulations Appellate Tribunal (CRAT):
A Cyber Regulations Appellate Tribunal (CRAT) is to be set up for appeals
from the order of any adjudicating officer. Every appeal must be filed within a
period of forty-five days from the date on which the person aggrieved receives
a copy of the order made by the adjudicating officer. The appeal must be the
appropriate form and accompanied by the prescribed fee. An appeal may be
allowed after the expiry of forty-five days if sufficient cause is shown.
The appeal filed before the Cyber Appellate Tribunal shall be dealt with by
it as expeditiously as possible and endeavor shall be made by it to dispose of
the appeal finally within six months from the date of receipt of the appeal.
The CRAT shall also have certain powers of a civil court.
As per Section 61, no court shall have the jurisdiction to entertain any
matter that can be decided by the adjudicating officer or the CRAT. However, a
provision has been made to appeal from the decision of the CRAT to the High
Court within sixty days of the date of communication of the order or decision
of the CRAT. The stipulated period may be extended if sufficient cause is
shown. The appeal may be made on either any question of law or question of fact
arising from the order.
[Section 6A] Delivery
of Services by Service Provider (Inserted vide ITAA-2008):
(1)
The appropriate Government may, for the purposes of
this Chapter and for efficient delivery of services to the public through
electronic means authorize, by order, any service provider to set up, maintain
and upgrade the computerized facilities and perform such other services as it
may specify, by notification in the Official Gazette.
Explanation: For the
purposes of this section, service provider so authorized includes any
individual, private agency, private company, partnership firm, sole proprietor
form or any such other body or agency which has been granted permission by the
appropriate Government to offer services through electronic means in accordance
with the policy governing such service sector.
(2) The
appropriate Government may also authorize any service provider authorized under
sub-section (1) to collect, retain and appropriate service charges, as may be
prescribed by the appropriate Government for the purpose of providing such
services, from the person availing such service.
(3) Subject
to the provisions of sub-section (2), the appropriate Government may authorize
the service providers to collect, retain and appropriate service charges under
this section notwithstanding the fact that there is no express provision under
the Act, rule, regulation or notification under which the service is provided
to collect, retain and appropriate e- service charges by the service providers.
(4) The
appropriate Government shall, by notification in the Official Gazette, specify
the scale of service charges which may be charged and collected by the service
providers under this section:
Provided that the appropriate Government may specify different scale of
service charges for different types of services.
Section 7 provides that the
documents, records or information which is to be retained for any specified
period shall be deemed to have been retained if the same is retained in the
electronic form provided the following conditions are satisfied:
(i) The information therein
remains accessible so as to be usable subsequently.
(ii) The electronic record is
retained in its original format or in a format which accurately represents the
information contained.
(iii) The details which will
facilitate the identification of the origin, destination, dates and time of dispatch
or receipt of such electronic record are available therein.
CASELETS AS PERSELECTED
IT ACT SECTIONS
1. Section 43 - Penalty and Compensation for damage to computer,
computer system, etc
Caselet: Mphasis BPO
Fraud: 2005
In December 2004, four call centre employees,
working at an outsourcing facility operated by MphasiS in India, obtained PIN
codes from four customers of MphasiS’ client, Citi Group. These employees were
not authorized to obtain the PINs. In association with others, the call centre
employees opened new accounts at Indian banks using false identities. Within
two months, they used the PINs and account information gleaned during their
employment at MphasiS to transfer money from the bank accounts of Citi Group
customers to the new accounts at Indian banks.
By April 2005, the Indian police had tipped off
to the scam by a U.S. bank, and quickly identified the individuals involved in
the scam. Arrests were made when those individuals attempted to withdraw cash
from the falsified accounts, $426,000 was stolen; the amount recovered was
$230,000.
Verdict: Court held that
Section 43(a) was applicable here due to the nature of unauthorized access
involved to commit transactions.
Section 43(A) – It deals with compensation for failure to protect data
was introduced in the
ITAA -2008. This
is another watershed in the area of data protection especially at the corporate
level.
As per this
Section, where a body corporate is negligent in implementing reasonable security
practicesand thereby causes wrongful loss or gain to any person, such body
corporate shall be liable to paydamages by way of compensation to the person so
affected. The Section further explains the phrase‘body corporate’ and quite
significantly the phrases ‘reasonable security practices and procedures’
and‘sensitive personal data or information’.Thus the corporate responsibility
for data protection is greatly emphasized by inserting Section 43Awhereby
corporates are under an obligation to ensure adoption of reasonable security
practices. Furtherwhat is sensitive personal data has since been clarified by
the central government vide its Notificationdated 11 April 2011 giving the list
of all such data which includes password, details of bank accounts orcard
details, medical records etc. After this notification, the IT industry in the
nation including techsavvyand widely technology-based banking and other sectors
became suddenly aware of theresponsibility of data protection and a general
awareness increased on what is data privacy and what isthe role of top
management and the Information Security Department in organizations in ensuring
data protection, especially while handling the customers’ and other third party
data.
Reasonable Security Practices:
·
Site certification
·
Security
initiatives
·
Awareness
Training
·
Conformance to
Standards, certification
·
Policies and
adherence to policies
·
Policies like
password policy, Access Control, email Policy etc
·
Periodic
monitoring and review.
2. Section 65 - Tampering with Computer Source Documents
Caselet: Syed Asifuddin
and Ors. Vs. The State of Andhra Pradesh
In this case, Tata Indicom employees were
arrested for manipulation of the electronic 32- bit number (ESN) programmed
into cell phones theft were exclusively franchised to Reliance Infocomm.
Verdict:
Court
held that tampering with source code invokes Section 65 of the Information
Technology Act.
3. Section 66 - Computer Related Offences
Caselet: Kumar v/s
Whiteley
In this case the accused gained unauthorized
access to the Joint Academic Network (JANET) and deleted, added files and
changed the passwords to deny access to the authorized users.
Investigations had revealed that Kumar was
logging on to the BSNL broadband Internet connection as if he was the
authorized genuine user and ‘made alteration in the computer database
pertaining to broadband Internet user accounts’ of the subscribers.
The CBI had registered a cyber crime case
against Kumar and carried out investigations on the basis of a complaint by the
Press Information Bureau, Chennai, which detected theunauthorized use of
broadband Internet. The complaint also stated that the subscribers had incurred
a loss of Rs 38,248 due to Kumar’s wrongful act. He used to ‘hack’ sites from
Bangalore, Chennai and other cities too, they said.
Verdict:
The
Additional Chief Metropolitan Magistrate, Egmore, Chennai, sentenced N G Arun
Kumar, the techie from Bangalore to undergo a rigorous imprisonment for one
year with a fine of Rs 5,000 under section 420 IPC (cheating) and Section 66 of
IT Act (Computer related Offence).
4. Section 66A - Punishment for sending offensive messages through
communication service
Caselet: Fake profile of
President posted by imposter
On September 9, 2010, the imposter made a fake
profile in the name of the Hon’ble President Pratibha Devi Patil. A complaint
was made from Additional Controller, President Household, President Secretariat
regarding the four fake profiles created in the name of Hon’ble President on
social networking website, Facebook.
The said complaint stated that president house
has nothing to do with the facebook and the fake profile is misleading the
general public. The First Information Report Under Sections 469 IPC and 66A
Information Technology Act, 2000 was registered based on the said complaint at
the police station, Economic Offences Wing, the elite wing of Delhi Police
which specializes in investigating economic crimes including cyber offences.
5. Section-66F Cyber
Terrorism
Caselet: The Mumbai police have registered a case of
‘cyber terrorism’—the first in the state since an amendment to the Information
Technology Act—where a threat email was sent to the BSE and NSE on Monday. The
MRA Marg police and the Cyber Crime Investigation Cell are jointly probing the
case. The suspect has been detained in this case. The police said an email
challenging the security agencies to prevent a terror attack was sent by one
ShahabMd with an ID sh.itaiyeb125@yahoo.in to BSE’s administrative email ID corp.relations@bseindia.com
at around 10.44 am on Monday.
The IP address of the sender has been traced to
Patna in Bihar. The ISP is Sify. The email ID was created just four minutes
before the email was sent. “The sender had, while creating the new ID, given
two mobile numbers in the personal details column. Both the numbers belong to a
photo frame-maker in Patna,’’ said an officer.
Status: The MRA Marg police
have registered forgery for purpose of cheating, criminal intimidation cases
under the IPC and a cyber-terrorism case under the IT Act.
6. Section 67 - Punishment
for publishing or transmitting obscene material in electronic form
Caselet: This case is about
posting obscene, defamatory and annoying message about a divorcee woman in the
Yahoo message group. E-mails were forwarded to the victim for information by
the accused through a false e- mail account opened by him in the name of the victim.
These postings resulted in annoying phone calls to the lady. Based on the
lady’s complaint, the police nabbed the accused.
Investigation revealed that he was a known
family friend of the victim and was interested in marrying her. She was married
to another person, but that marriage ended in divorce and the accused started
contacting her once again. On her reluctance to marry him he started harassing
her through internet.
Verdict: The accused was found
guilty of offences under section 469, 509 IPC and 67 of IT Act 2000. He is
convicted and sentenced for the offence as follows:
· As per 469 of IPC he has to undergo rigorous imprisonment
for 2 years and to pay fine of Rs.500/-
· As per 509 of IPC he
is to undergo to undergo 1 year Simple imprisonment and to pay Rs 500/-
· As per Section 67 of IT
Act 2000, he has to undergo for 2 years and to pay fine of Rs.4000/- All
sentences were to run concurrently.
The accused paid fine
amount and he was lodged at Central Prison, Chennai. This is considered the
first case convicted under section 67 of Information Technology Act 2000 in
India.
7. Section 67B. -
Punishment for publishing or transmitting of material depicting children in
sexually explicit act, etc. in electronic form
Case let: JanhitManch&Ors. v. The Union of India
10.03.2010 Public Interest Litigation
The petition sought a blanket ban on
pornographic websites. The NGO had argued that websites displaying sexually
explicit content had an adverse influence, leading youth on a delinquent path.
8. Section 69 - Powers to
issue directions for interception or monitoring or decryption of any
information through any computer resource
Caselet: In August 2007, LakshmanaKailash K., a techie
from Bangalore was arrested on the suspicion of having posted insulting images
of ChhatrapatiShivaji, a major historical figure in the state of Maharashtra,
on the social-networking site Orkut.
The police identified him based on IP address
details obtained from Google and Airtel - Lakshmana’s ISP. He was brought to
Pune and detained for 50 days before it was discovered that the IP address
provided by Airtel was erroneous. The mistake was evidently due to the fact
that while requesting information from Airtel, the police had not properly
specified whether the suspect had posted the content at 1:15 p.m.
PENALTIES,
COMPENSATION AND ADJUDICATIONSECTIONS:
Section
43 - Penalty and Compensation for damage to computer, computer system
If
any person without permission of the owner or any other person who is in-charge
of a computer, computer system or computer network –
(a)
accesses or secures access to such computer, computer system or computer
network or computer resource
(b)
downloads, copies or extracts any data, computer data, computer database or
information from such computer, computer system or computer network including
information or data held or stored in any removable storage medium;
(c)
introduces or causes to be introduced any computer contaminant or computer
virus into any computer, computer system or computer network-
(d)
damages or causes to be damaged any computer, computer system or computer
network, data, computer database, or any other programmers residing in such
computer, computer system or computer network-
(e)
disrupts or causes disruption of any computer, computer system, or computer
network;
(f)
denies or causes the denial of access to any person authorized to access any
computer, computer system or computer network by any means
(h)
charges the services availed of by a person to the account of another person by
tampering with or manipulating any computer of a computer, computer system or
computer network,
(g)
provides any assistance to any person to facilitate access to a computer,
computer system or computer network in contravention of the provisions of this
Act, rules or regulations made there under,
(h)
charges the services availed of by a person to the account of another person by
tampering with or manipulating any computer, computer system, or computer
network,
(i)
destroys, deletes or alters any information residing in a computer resource or
diminishes its value or utility or affects it injuriously by any means,
(j)
Steals, conceals, destroys or alters or causes any person to steal, conceal,
destroy or alter any computer source code used for a computer resource with an
intention to cause damage, he shall be liable to pay damages by way of
compensation to the person so affected.
Section
65 - Tampering with Computer Source Documents
If
any person knowingly or intentionally conceals, destroys code or alters or
causes another to conceal, destroy code or alter any computer, computer program,
computer system, or computer network, he shall be punishable with imprisonment
up to three years, or with fine up to two lakh rupees, or with both.
Hacking
with computer system -
‘Hacking’
is a term used to describe the act of destroying or deleting or altering any
information residing in a computer resource or diminishing its value or
utility, or affecting it injuriously in spite of knowing that such action is
likely to cause wrongful loss or damage to the public or that person. Section
66 provides that a person who commits hacking shall be punished with a fine up
to Rs.2 lakhs or with imprisonment upto 3 years, or with both.
Section
- 66 Computer Related Offences
If
any person, dishonestly, or fraudulently, does any act referred to in section
43, he shall be punishable with imprisonment for a term which may extend to three
years or with fine which may extend to five lakh rupees or with both.
Section
66A - Punishment for sending offensive messages through communication service
Any
person who sends, by means of a computer resource or a communication device,
(a)
any information that is grossly offensive or has menacing character;
(b)any
information which he knows to be false, but for the purpose of causing
annoyance, inconvenience, danger, obstruction, insult, injury, criminal
intimidation, enmity, hatred, or ill will, persistently makes by making use of
such computer resource or a communication device,
(c)
any electronic mail or electronic mail message for the purpose of causing
annoyance or inconvenience or to deceive or to mislead the addressee or
recipient about the origin of such messages shall be punishable with
imprisonment for a term which may extend to three years and with fine.
Section-66F
Cyber Terrorism
(1)
Whoever-
(A)
with intent to threaten the unity, integrity, security or sovereignty of India
or to strike terror in the people or any section of the people by –
(i) denying or cause the denial of access
to any person authorized to access computer resource; or
(ii) attempting to penetrate or access a
computer resource without authorisation or exceeding authorized access; or
(iii) introducing or causing to introduce
any Computer Contaminant and by means of such conduct causes or is likely to
cause death or injuries to persons or damage to or destruction of property or
disrupts or knowing that it is likely to cause damage or disruption of supplies
or services essential to the life of the community or adversely affect the
critical information infrastructure specified under section 70, or
(B)
knowingly or intentionally penetrates or accesses a computer resource without
authorization or exceeding authorized access, and by means of such conduct
obtains access to information, data or computer database that is restricted for
reasons of the security of the State or foreign relations; or any restricted
information, data or computer database, with reasons to believe that such
information, data or computer database so obtained may be used to cause or
likely to cause injury to the interests of the sovereignty and integrity of
India, the security of the State, friendly relations with foreign States,
public order, decency or morality, or in relation to contempt of court,
defamation or incitement to an offence, or to the advantage of any foreign
nation, group of individuals or otherwise, commits the offence of cyber
terrorism.
(2) Whoever
commits or conspires to commit cyber terrorism shall be punishable with
imprisonment which may extend to imprisonment for life.
Section
67 - Punishment for publishing or transmitting obscene material in electronic
form
Whoever publishes or transmits or causes to be
published in the electronic form, any material which is lascivious or appeal to
the prurient interest or if its effect is such as to tend to deprave and
corrupt persons who are likely, having regard to all relevant circumstances, to
read, see or hear the matter contained or embodied in it, shall be punished on
first conviction with imprisonment of either description for a term which may extend
to three years and with fine which may extend to five lakh rupees and
in the event of a second or subsequent conviction with imprisonment of either
description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.
Section
67A - Punishment for publishing or transmitting of material containing sexually
explicit act, etc. in electronic form
Whoever publishes or transmits or causes to be
published or transmitted in the electronic form any material which contains
sexually explicit act or conduct shall
be punished on first conviction with
imprisonment of either description for a term which may extend to five years
and with fine which may extend to ten lakh rupees and in the event of second or
subsequent conviction with imprisonment of either description for a term which
may extend to seven years and also with fine which may extend to ten lakh
rupees.
Exception: This section and
section 67 does not extend to any book, pamphlet, paper, writing, drawing,
painting, representation or figure in electronic form-
(i) the
publication of which is proved to be justified as being for the public good on
the ground that such book, pamphlet, paper, writing, drawing, painting,
representation or figure is in the interest of science, literature, art, or
learning or other objects of general concern; or
(ii) which
is kept or used bona fide for religious purposes.
Section
67B. Punishment for publishing or transmitting of material depicting children
in sexually explicit act, etc. in electronic form
Whoever:-
(a) publishes or transmits or causes to be published
or transmitted material in any electronic form which depicts children engaged
in sexually explicit act or conduct or
(b) creates text or digital images, collects, seeks,
browses, downloads, advertises, promotes, exchanges or distributes material in
any electronic form depicting children in obscene or indecent or sexually
explicit manner or
(c) cultivates, entices or induces children to online
relationship with one or more children for and on sexually explicit act or in a
manner that may offend a reasonable adult on the computer resource or
(d) facilitates abusing children online or
(e) records in any electronic form own abuse or that
of others pertaining to sexually explicit act with children, shall be punished
on first conviction with imprisonment of either description for a term which
may extend to five years and with a fine which may extend to ten lakh rupees
and in the event of second or subsequent conviction with imprisonment of either
description for a term which may extend to seven years and also with fine which
may extend to ten lakh rupees
Explanation:For the purposes of this section,
"children" means a person who has not completed the age of 18 years
Section
69 - Powers to issue directions for interception or monitoring or decryption of
any information through any computer resource
(1)
Where
the central Government or a State Government or any of its officer specially
authorized by the Central Government or the State Government, as the case may
be, in this behalf may, if is satisfied that it is necessary or expedient to do
in the interest of the sovereignty or integrity of India, defence of India,
security of the State, friendly relations with foreign States or public order
or for preventing incitement to the commission of any cognizable offence
relating to above or for investigation of any offence, it may, subject to the
provisions of sub-section (2), for reasons to be recorded in writing, by order,
direct any agency of the appropriate Government to intercept, monitor or
decrypt or cause to be intercepted or monitored or decrypted any information
transmitted received or stored through any computer resource.
(2)
The
Procedure and safeguards subject to which such interception or monitoring or
decryption may be carried out, shall be such as may be prescribed.
(3)
The
subscriber or intermediary or any person in charge of the computer resource
shall, when called upon by any agency which has been directed under sub section
(1), extend all facilities and technical assistance to -
(a)provide access to or secure access to
the computer resource generating, transmitting, receiving or storing such
information; or
(b) intercept or monitor or decrypt the
information, as the case may be; or
(c) provide information stored in computer
resource.
(4) The subscriber or intermediary or any
person who fails to assist the agency referred to in sub-section 3 shall be
punished with an imprisonment for a term which may extend to seven years and
shall also be liable to fine.
NASSCOM
NASSCOM is India's National Association of Software and Service Companies, the premier trade body and the chamber of commerce of the IT software and services industry in India. NASSCOM is a global trade body with over 1100 members, of which over 250 are global companies from the US, UK, EU, Japan and China. NASSCOM's member companies are in the business of software development, software services, software products, IT-enabled/BPO services and e-commerce.
NASSCOM was set up to
facilitate business and trade in software and services and to encourage
advancement of research in software technology. It is a not-for-profit
organization, registered under the Societies Act, 1860.
NASSCOM has been the
strongest proponent of global free trade in India. NASSCOM is committed to work
proactively to encourage its members to adopt world class management practices,
build and uphold highest quality standards and become globally competitive.
In India and around the
world, NASSCOM members are participants in the new global economy and are
reputed for their cutting-edge business practices and social initiatives.
Aims
and Objectives:
The primary objective of
NASSCOM is to act as a catalyst for the growth of the software driven IT
industry in India. Other goals include facilitation of trade and business in
software and services, encouragement and advancement of research, propagation
of education and employment, enabling the growth of the Indian economy and
provide compelling business benefits to global economies by global sourcing.
NASSCOM also endeavors to
leverage IT and narrow the digital divide in India and enable her citizens to
enjoy the benefits of IT. It also boosts the process of Innovation; IT
workforce development and enhance cyber security.
NASSCOM
is achieving its objectives by following a seven fold strategy:
·
Partner with Government of India and State
Governments in formulating IT policies and legislation. Partner with global
stakeholders for promoting the industry in global markets.
·
Strive for a thought leadership position and
deliver world-class research and strategic inputs for the industry and its
stakeholders.
·
Encourage members to uphold world class
quality standards.
·
Strive to uphold Intellectual Property Rights
of its members.
·
Strengthen the brand equity of India as a
premier global sourcing destination.
·
Expand the quantity and quality of the talent
pool in India.
·
Continuous engagement with all member
companies and stakeholders to devise strategies to achieve shared aspirations
for the industry and the country.
Partnership
with the Government:
NASSCOM acts as an advisor,
consultant and coordinating body for the software and services industry in
India. It has representatives in various committees in the Government of India
including the Ministry of Information Technology, Ministry of Commerce, the
Ministry of Finance, Department of Telecommunication, Ministry of Human
Resources Development, Ministry of Labor and the Ministry of External Affairs.
NASSCOM also acts as a consulting body for various State Governments in India.
NASSCOM has played a key
role in enabling the government in India to develop industry friendly policies.
NASSCOM has been a proponent of free trade, arguing for zero tariff protection,
strong intellectual property and data protection laws, deregulation of the
telecom market and the creation of software technology parks and private sector
participation in the education system - measures which have resulted in
significant growth of the industry.
NASSCOM has also been
engaged with various governments overseas, to promote a win-win partnership via
global sourcing. NASSCOM also plays a role in engaging with global alliances on
software quality standards, immigration policies, WTO and free trade in
services, and next-generation best practices in global sourcing of services.
Research
and Thought Leadership:
NASSCOM undertakes research
on the ICT industry in India and the world in order to continuously educate its
members of new business opportunities, business practices in global markets,
potential threats to industry growth and attract additional investments in
India. NASSCOM research is currently the most credible in the country and is
increasingly respected in global markets. It is backed by strong methodology,
proprietary analytical tools and processes, and partnerships with best-of-breed
companies in various areas of business, technology and strategic research and
consulting.
Quality
of Products and Services:
NASSCOM encourages high
standards of conduct to develop public confidence and respect for its members
and the industry. All the members maintain this by abiding by the formulated
code of conduct.
NASSCOM strongly believes
in encouraging its members to provide global quality products and services. The
association provides assistance to its members in achieving international
quality certifications by organizing seminars and related programs on quality
standards and disseminating relevant information.
Intellectual
Property Rights:
NASSCOM is an ardent
supporter of strong intellectual property laws in India. In 1990, NASSCOM began
an active public awareness campaign to educate users about the lawful use of
software. NASSCOM also launched the country's first anti-piracy hotline and
India's first anti-piracy toll-free hotline. NASSCOM has also successfully
facilitated enforcement laws against software piracy in India and helped
introduce Cyber Laws. NASSCOM continuously engages with the Government of India
for required changes in the IPR laws, keeping in line with WIPO and other
International Laws and treaties. NASSCOM also works closely with the Business
Software Alliance (BSA) to enforce copyright laws.
NASSCOM
Forum:
·
ITES-BPO Forum:
The forum aims to build a sustainable ITES-BPO advantage in India through
research, events and manpower development initiatives.
·
Emerging Companies Forum:
The forum provides a platform for the emerging companies segment to share
experiences, ally on critical projects and even focuses on partnerships to
cater to customer demands.
·
IT Workforce Development Program: The
IT Workforce Development program aims to catalyze IT industry interface with
the Academia to ensure availability of globally employable quality IT
professionals.
·
Product &Innovation Forum: The
forum work towards encouraging product development and catalyzing innovation by
providing relevant industry information, facilitate exchange of ideas, identify
issues related to marketing, branding, investments and IP (Intellectual
Property) creation and protection. Also showcases the innovative companies of
India.
NASSCOM Initiative:
·
E-governance
Initiative:The
government and the IT-BPO industry are partnering to make e-Governance
successful in India. NASSCOM is enabling the ecosystem and supporting both the
government and industry segments.
The Indian Government has been
leveraging solutions and services from the IT-BPO industry to transform the
manner in which it renders services. Deep focus on the e-Governance domain and
a partnership approach, have enabled the various members of NASSCOM to contribute significantly to the success
stories in e-Governance. The Department of Information Technology, Government
of India has helped in giving a fillip to e Governance initiatives, through its
National e Governance Program (NeGP) and several Mission Mode Projects, both at
the centre and the states.
·
Diversity
and InclusivityInitiative:To contribute to
India’s emergence as a global “soft power” through partnering with government,
industry and non-governmental bodies to include hitherto marginalized and
diverse groups (gender, social, cultural, economic) into the mainstream of
national development.
NASSCOM has broadened its vision to
focus on Cultural, People with Disabilities, Generational and Gender
diversities. To bring this initiative into the mainstream a high powered
Diversity Forum has been created. All this intends to expand the employment
pipeline by leveraging India’s demographic dividend, drive more innovation and
strengthen India’s competitiveness in the global market place.NASSCOM has always
pointed to the possibilities in the future and delineated what needs to be done
to convert that vision to reality.
·
Security Initiative:
NASSCOM actively promotes India as a Trusted Sourcing destination. Through its
4E initiative: Engagement, Education, Enactment and Enforcement, Forum aims to
create an enabling environment in the country for information security and
compliance.
·
IT Domestic Market Initiative: IT
Domestic Market Forum serves as the platform for a link of the non IT sector
with the IT industry and is strategizing to develop a vision for sustainable
growth of the domestic IT market.
·
NASSCOM Engineering Services Initiative:
The forum aims to assist engineering service providers to optimally exploit the
potential for engineering services offshoring/ outsourcing and help India
achieve global dominance in this space.
· National Skills Registry: Human
resources are the key assets for IT-BPO industry in India and the industry has
focused on developing and implementing best practices in human capital
management, safety and security that span across employees, clients and other
stakeholders.
NASSCOM
in partnership with the industry has developed a unique initiative – National
Skills Registry –a national database of registered and verified knowledge
workers in the industry. This database is managed and run by NDML - a fully
owned subsidiary of National Securities Depository Limited (NSDL).
National Skills Registry (NSR) aims
to build a robust and credible information repository on the knowledge
professionals in the sector. The data fields include permanent fact sheet of
information on the professional along-with Photograph & appropriate
background checks (where undertaken), thus providing identity security for the organization
and its clients. Biometrics is also included in this repository to ensure
unique identification.
· Education initiative: IT-ITeS
SSC NASSCOM (SSC) aims to:
Fulfill industry sector talent needs for quality and
quantity to enable a sustainable pipeline that is industry ready. Research
labour market information and intelligence to provide industry with accurate
real time inputs to assist in planning and delivery of training. Provide
certification information and access to all stakeholders in this ecosystem,
thus reducing skill gaps and shortages. Develop a delivery mechanism for
industry relevant training w.r.t. occupations identified in career paths. Set
up standards to bring global best practices in industry.
· Global Trade Development-The
focus of the Global Trade Initiative at NASSCOM is to engage with a wide
variety of domestic and international stakeholders, such as Governments,
customers and associations, to collaborate on issues related to international
policy, visa/work permits and business partnerships. Since the regulatory
environments continuously change the world over and compliance issues are
becoming important across the globe, NASSCOM is helping the Indian IT-BPO
industry remain abreast of these developments, and participate in these markets
while conforming to their new laws and modified policies.
· Green IT initiative: NASSCOM
in association with AMDOCS, NASSCOM Foundation, MCCIA, Greenscape and SEAP
launches campaign to encourage green practices among businesses, their
workforce & city government. The IT industry is playing a transformational
role in the way businesses, customers and citizens are serviced, and also
leading the way in establishing a new paradigm for Knowledge and Services led
economy.
Greening
the Industry through a combination of IT Solutions and Green Practices, is
enabling various Industry verticals to demonstrate leadership towards achieving
the goals on sustainable development of Urban Infrastructure and make city of
Pune a greener place to live and work.
ROLE
OF INFORMATION TECHNOLOGY IN BANKING SECTOR
Introduction:
With the globalization
trends world over it is difficult for any nation big or small, developed or
developing, to remain isolated from what is happening around. For a country
like India, which is one of the most promising emerging markets, such isolation
is nearly impossible. More particularly in the area of Information technology,
where India has definitely an edge over its competitors, remaining away or
uniformity of the world trends is untenable. Financial sector in general and
banking industry in particular is the largest spender and beneficiary from
information technology. This endeavors to relate the international trends in it
with the Indian banking industry. The last lot includes possibly all foreign
banks and newly established Private sector banks, which have fully computerized
all the operations. With these variations in the level of information
technology in Indian banks, it is useful to take account of the trends in
Information technology internationally as also to see the comparative position
with Indian banks. The present article starts with the banks perception when
they get into IT up gradation. All the trends in IT sector are then discussed
to see their relevance to the status of Indian banks.
Technological
Developments in Banking Sector:
Developments in the field
of information technology strongly supports the growth and inclusiveness of the
banking sector by facilitating inclusive economic growth . IT improves the
front end operations with back end operations and helps in bringing down the
transaction costs for the customers. The important events in the field of IT in
the banking sector in India are:
●
Arrival of card-based payments- Debit/ Credit card in late 1980s and 90s.
● Introduction of Electronic Clearing Services (ECS) in
late 1990s.
● Introduction of Electronic Fund Transfer (EFT) in early
2000s.
● Introduction of RTGS in March 2004.
● Introduction of National Electronic Fund Transfer
(NEFT) as a replacement to Electronic Fund
Transfer/Special Electronic Fund Transfer in 2005/2006.
● CTS in 2007.
Emerging
Trends in Banking Technology:
● Financial Inclusion
● Mobile Banking
● Electronic Payments
● CRM Initiatives
● IT Implementation and Management
● IT for Internal Effectiveness
● Managing IT Risk
● IT for business innovation
Impact
of IT in banking sector:
1. IT can reduce banks’ operational
costs For example, internet helps banks to conduct standardized, low
value-added transactions (e.g. bill payments, balance inquiries, account
transfer) through the online channel, while focusing their resources into specialized,
high-value added transactions (e.g. small business lending, personal trust
services, investment banking) through branches.
2. IT can facilitate transactions
among customers within the same network (e.g. automated teller machines (ATMs)
by banks)
Electronic
Crime in Banking Sector:
Banking system
is the lifeblood and backbone of the economy. Information Technology has become
the backbone of the banking system. It provides a tremendous support to the
ever –increasing challenges and banking requirements. Presently, banks cannot
think of introducing financial product without the presence of Information
Technology. Electronic crimes are illegal activities committed by means of
computer end of the criminal activity can be either a computer, network operations.
Electronic crimes are genus of crimes, through computers and its networks.
Electronic crime is a crime that is committed online in several areas with
e-commerce. A computer can be the target of an offence when unauthorized access
of computer network occurs and on other hand it affects E- COMMERCE. Electronic
crimes can be of a variety of types such as Telecommunications Piracy,
Electronic Money Laundering and Tax Evasion, Sales and Investment Fraud,
Electronic Funds Transfer Fraud etc. The Indian Banking sector is riding up
with numerous revolutionary changes to transform the “Brick-and-mortar” bank
branches to a modified network system in “core banking solutions”.
Credit card Fraud-
A major kind of electronic crime is, credit card fraud.
Indian banking sector is introducing new innovations against counterfeiting and
fraud, which are highly sophisticated to profiting from or beating these
systems. Most of the credit card fraud is committed with the use of
counterfeited cards. Credit card fraud is also termed as Identity Theft in
which a person may use the identity of other person for exercising fraud or
deception. Credit card fraud in banking sector can be committed as-
·
Use of unauthorized account or personal
information to consider as an act of criminal deception
·
Illegal or unauthorized use of account for
personal gain
·
Misrepresentation of account information to
obtain services
Several new
security measures are introduced to gradually to reduce the credit card fraud
in one part but it swiftly shifts to other part. Therefore, the problem of
credit card fraud is serious and occurring by stealing the cards and the
accompanying information at the time of transaction delivery.
Money Laundering-
Throughout
the precedent two decades, IT and Internet technologies have reached each one
nook and corner of the world. E-commerce has come into existence due to the
attributes of Internet like ease of use, speed, anonymity and its International
nature. Internet has transformed the planet into a frontier excluding market
place that never sleeps. Computer networks and Internet authorize relocate of
funds electronically between trading partners, businesses and consumers. This
shift can be done in many ways like use of credit cards, Internet banking,
e-cash, e- wallet etc. for example, smart cards. In some other forms of
computer-based e-money, there is no upper limit.
Persons
also can shift funds in a straight line using e- wallets. This problem is
further compounded by the fact that, in several countries, non-financial
institutions are also allowed to issue e-money. Monitoring the behavior of
these institutions in a habitual manner is not possible. Earlier, cross-border
transactions were controlled by the central banks of respective countries. With
the entrance of Internet commerce, the jurisdictional technicalities come into
battle and it is another area that is being exploited by the money launderers.
The competence to transfer limitless amounts of money without having to go
through strict checks makes cyber money laundering an attractive proposition.
The
main objective of these guidelines is to prevent the banking transactions from
being used by criminal intentionally or unintentionally as an element of money
laundering. Banks and financial institutions are the core targets or focus on
anti-money laundering practices and combating of financial terrorism laws due
to their vulnerability and adherence of these laws to combat money laundering a
counter financing. The money laundering reduces the officially authorized
quantity of the banks business causes fluctuations in the exchange rate. Money
laundering can undermine the credibility of the banking system. Facilitating
the activities of launderers even inadvertently can set in motion the banks
into problems with law enforcement agencies and also governments.
ATMs Frauds-
Over
the past three decades, large number of banking customers depends on the ATM to
conveniently meeting their banking needs. In the recent years, there have been
a large number of accidents of ATMs frauds. It is necessary to manage the risk
associated with ATM fraud as well as diminishing its impact on the important
issues that face financial institutions as fraud techniques to become more
advanced with increased occurrences.
The prevailing contemporary era has replaced long-established
monetary instruments from a paper and metal based currency to “plastic money”
in the form of credit cards, debit cards, etc. This has resulted in the
escalating utilize of ATM all over the world. The use of ATM is not only safe
and sound but also suitable. This safety and convenience, has an evil side
which is reflected in the form of “ATM FRAUDS” that is an international
problem. The use of plastic money is increasing for payment of shopping bills,
electricity bills, school fees, phone bills, insurance premium, traveling bills
and even petrol bills. The convenience and safety that credit cards carry with
its use has been instrumental in increasing both credit card volumes and usage.
This growth is not only in positive use of the same but as well as the negative
use of the same. The world at large is struggling to increase the convenience
and safety on the one hand and to reduce it misuse on the other. A few of the
accepted techniques used to carry out ATM crime in banks are:
1. ATM’s card reader is tampered with in
order to trap a customer’s card through card jamming.
2. Card Skimming is the unlawful technique
of stealing the card’s security information from the card’s magnetic stripe.
3. Card Swapping, is another technique in
which customer’s card is swapped with another card without the knowledge of
cardholder.
4. Website Spoofing, here a fresh
fabricated site is prepared which looks valid to the user and customers are
asked to give their card number PIN and other information, which are used to
reproduce the card for use at an ATM.
5.
ATM machine is physical attacked for removing the cash.
Every year, cyber crime in
India is going up by 50 per cent and during the last five years, around 9,000
Indian websites including those of various government departments were hacked.
Many government websites, some of them carrying sensitive information have
become victims of cross-border hacking, mainly from Pakistan, Bangladesh, Nepal
and China. As per IC3’s annual report 2012, India,
ranked among the top five nations for the maximum complaint of cyber crime and
it ranked 6th in terms of complainant loss to the tune of $3,740,736.53.
Information and Cyber insecurity has been ranked at third position in India
Risk Survey 2013 to which companies are most vulnerable. According to Norton
cyber crime report 2012, a global financial loss of up to $110 billion occurred
due to cyber crime. The report also reveals that 66 per cent of Indian online
adults have been victims of cyber crime in their lifetime. In the past 12
months, 56 per cent of online adults in India have experienced it (a little
over 115,000 daily victims or 80 per minute). In India, one in three online
adults (32 per cent) has been a victim of either social or mobile cyber crime
in last 12 months, and 51 per cent of social network users have been victims of
social cyber crime. The report says most internet users take basic steps to
protect themselves and their personal information. These include deleting
suspicious emails and being careful with their personal details online.
However, other core precautions are being ignored. For instance, 25 per cent don't
use complex passwords or change their passwords frequently. And, 38 per cent do
not check for the padlock symbol in the browser before entering sensitive
personal information, such as banking details, online. Well over half (64 per
cent) of online adults in India report having been notified to change their
password for a compromised email account. Close to 42 million people in India
were hit by cyber crime attacks in the past 12 months, causing an approximate
loss of $8 billion (INR 44,500 Crore). The average direct financial cost per
victim is $192, up 18 per cent over 2011 ($163).
In India, cyber crime cases
are registered under Indian Penal Code and under Information Technology Act.
The IT Act was enacted in year 2000 and later enacted in 2008. During year
2005, 302 persons were booked under IPC and 179 under IT Act, while in the year
2012, 2876 persons were charged under IT Act and 601persons where charged under
IPC. It shows awareness of IT Act among police personnel. It is also observed
that in the year 2012, a total of 2064 persons were arrested in cyber crime
cases and out of these, 1176 arrested persons were between age group of 18-30
years. In year 2011, a total of 1630 persons were arrested, out of these, 883
persons were age group 18-30 years.
Despite the increasing
cases of cybercrime incidents, and arrests of culprits, the conviction rate is
very poor in India. There have only been few cybercrime convictions in the
whole country, which can be counted on fingers. The Computer crime can be convicted
only on digital evidence and lack of the same leads to low conviction. One of
the reasons may be that, in India, most of the police stations are not
technically equipped for cyber crime investigation and collection of digital
evidences. Secondly, the purpose of setting up of specialized cyber crime cell
is defeated when police personnel from law and order are transferred into cyber
crime police stations; they hardly are of any help as they lack the expertise.
Most of the time electronic evidence is not captured, retained and preserved in
the manner required by the Indian Evidence Act. The digital evidence required
to be collected as early as possible and by not acting on time contributes to
the cause of low convictions. Because of its inability to come up with credible
and legally valid electronic evidence, the police find it extremely difficult
to defend their case in court of law. Lack of legal awareness related to cyber
laws, dearth of cyber law experts, insufficient number of cyber cells across country,
interdependence of cyber world and most importantly, rise of a net savvy
generation are chiefly responsible for making this risk very critical.
CASE STUDY
ACCUSESD IN
RS 400 MILLION SMS SCAM ARRESTED IN MUMBAI
MUMBAI: The alleged mastermind
behind a Rs 400 million SMS fraud that duped at least 50,000 people has been
arrested along with an associate more than two months after the scam was
unearthed.
Jayanand Nadar, 30, and Ramesh Gala, 26, were arrested late on Monday from a hotel in Mira Road in the western suburbs. Nadar, a first year college dropout, along with his brother Jayaraj had allegedly duped at least 50,000 people of Rs.400 million, said officials in the city police's Economic Offences Wing (EOW).
Jayanand Nadar, 30, and Ramesh Gala, 26, were arrested late on Monday from a hotel in Mira Road in the western suburbs. Nadar, a first year college dropout, along with his brother Jayaraj had allegedly duped at least 50,000 people of Rs.400 million, said officials in the city police's Economic Offences Wing (EOW).
The two brothers along with Gala
allegedly took help of SMS technology and launched the first-of-its- kind SMS
fraud in India.According to EOW sources, in August 2006 the duo launched an
aggressive and catchy advertisement campaign in the print media that read:
"Nothing is impossible. The word itself is: I M Possible."
As part of the attractive scheme,
the Nadar brothers messaged random numbers, asking people interested in
'earning Rs.10,000 per month' to contact them."The modus operandi adopted
by the brothers was alluring," an EOW official said
Tuesday."Interested 'subscribers' were asked to deposit Rs.500 each. The
conmen duo claimed to be working with a US-based company named Aropis
Advertising Company, which wanted to market its client's products through
SMS'," senior inspector A Thakur said. "The brothers even put up a
website (www.getpaid4sms. com) to promote their scheme. Subscribers who
registered with them received about 10 SMS' every day about various products
and were promised handsome commissions if they managed to rope in more
subscribers by forwarding the messages," Thakur said. In return, the
Nadars promised to pay Rs.10,000 over 16 months to the investors. The amount
was to be paid in installments of Rs.1,000 every few months.
The brothers are said to have told the subscribers that their American clients wanted to conduct a study about local response to their advertisement and were using SMS as it was the latest medium of communication.
The brothers are said to have told the subscribers that their American clients wanted to conduct a study about local response to their advertisement and were using SMS as it was the latest medium of communication.
The duo invited people to become
agents and get more members for the scheme. Gala reportedly looked after the
accounts.Initially, the brothers paid up small amounts. But when cheques and
pay orders of larger sums issued by the duo were not honoured, the agents got
worried. The SMSes too suddenly stopped.On November 30, one of the duped agents
approached the DN Road police station and lodged a complaint after a bank
failed to honour a pay order amounting Rs.2.17 million issued by the Nadar
brothers.Then suddenly, the Nadars and Gala disappeared, leaving their agents
and investors in the lurch.By December, the police were flooded with similar
complaints. The DN Road police station registered a case against the brothers
and Gala and later transferred it to the EOW.
"By December 2006 the scheme had an over 50,000 membership in Mumbai alone. And we suspect that hundreds of thousands from across the country were also hooked to the scheme, thanks to a massive agent network and a door-to-door campaign carried out by the firm's now duped agents," Thakur said.
"By December 2006 the scheme had an over 50,000 membership in Mumbai alone. And we suspect that hundreds of thousands from across the country were also hooked to the scheme, thanks to a massive agent network and a door-to-door campaign carried out by the firm's now duped agents," Thakur said.
"We suspect that the fraud
amount may be over Rs.1 billion. With the extent of the scam spread across the
country, we are still trying to get the details."During investigations,
the EOW came to know that the Nadars, residents of the up market Juhu-Tara
Road, owned a fleet of imported sport utility vehicles and sedans.
"The brothers led an
extravagant life. They would stay in top five star hotels, throw massive
parties for investors and were also known faces in the city's Page-3
circuit," Thakur revealed.
"We are now looking for Jayaraj, who has eluded arrest. Gala, who is believed to have looked after the accounts, and Jayanand have been remanded to police custody till March 5."
"We are now looking for Jayaraj, who has eluded arrest. Gala, who is believed to have looked after the accounts, and Jayanand have been remanded to police custody till March 5."
ICICI BANK PHISHING
CASE
One financial Institute registered a
crime stating that some persons (“perpetrators”) have perpetrated certain
acts through misleading emails ostensibly emanating from ICICI Bank’s email ID.
Such acts have been perpetrated with an intent to defraud the Customers.
The Investigation was carried out
with help of those emails received by the customers of that financial Institute
and arrested the accused , the place of offence at Vijaywada was searched
for the evidence . There one Lap Top and Mobile Phone was seized which was used
for the commission of the crime
The arrested accused had used open
source code email application software for sending spam emails. He has down
loaded the same software from net and then used it as it is.
He used only VSNL emails to spam the email to customers of financial Institute because VSNL email service provider do not have spam box to block the unsolicited emails.
He used only VSNL emails to spam the email to customers of financial Institute because VSNL email service provider do not have spam box to block the unsolicited emails.
After spamming emails to financial
Institute customers he got the response from around 120 customers of which 80
are genuine and others are not correct because it do not have debit card
details as required for e-banking.
The financial Institute customers
those who have received his email felt that the email was originated from the
financial Institute bank. When they filled the confidential information and
submitted that time said information was directed to accused. This was possible
because the dynamic link was given in the first page (Home page) of the fake
web site. The dynamic link means when people click on the link provided in
spamming email that time only the link will be activated. The dynamic link was
coded by handling the Internet Explorer on click event and the information of
the form will be submitted to the web server (Where the fake web site is
hosted). Then server will send he data to configured email address and in this
case email configured was to the accused email . So on submission of the
confidential information the information was directed to email ID accused email
.The all the information after fishing (user name, password, Transaction
password, Debit card Number and PIN, mothers maiden name) which he had received
through Wi-Fi internet connectivity of Reliance.com which was available on his
Acer Lap Top.
This crime has been registered u/s
U/Sec. 66 of IT Act, sec 419, 420, 465, 468, 471 of I.P.C r/w Sections
51, 63 and 65 of Copyright Act, 1957 which attract the punishment of 3 years
imprisonment and fine up to 2 lacs rupees which accused never thought of .
SUGGESTIONS
·
The IT (Amendment)
Act, 2008, reduced the quantum of punishment for a majority of cyber crimes.
This needs to be rectified.
·
The majority of
cyber crimes need to be made non-bailable offences.
·
The IT Act does not
cover a majority of crimes committed through mobiles. This needs to be
rectified.
·
A comprehensive data
protection regime needs to be incorporated in the law to make it more
effective.
·
Detailed legal
regime needed to protect privacy of individuals and institutions.
·
Parts of Section 66A
of the IT Act are beyond the reasonable restrictions on freedom of speech and
expression under the Constitution of India. These need to be removed to make
the provisions legally sustainable.
CONCLUSION
As we can see the incidents of cyber crimes have
always followed an upward trend in spite of the amendments made. We have tried
to figure out the various possible reasons as to why cyber crimes are on
increasing in spite of there being high penalties and punishments. We have
tried to find out the system which is preventing the proper implementation of
such a forceful act. Cyber Law in India is in its infancy stage. A lot of
efforts and initiatives are required to make it a mature legal instrument.
The discussion group cum database will analyze Cyber
Law of India that suffers from the following drawbacks:
Non-inclusion of contemporary Cyber crimes and
Contraventions like Phishing, Spamming, Cyber extortions, Compromised e-mails,
Cyber Terrorism, etc. An obscure position of Freedom of speech and expression
under the ITA act, 2000, Absence of Liability for illegal blocking of websites,
blogs, etc., Lack of Techno-Legal compliance under the IT Act, 2000.5, Lack of
Wireless security under the IT Act, 2000, Absence of legal protection pertaining
to IPRs in cyberspace, Absence of Private defense in cyberspace. On-dealing of
issues like Cyber terrorism and private defense, etc. Besides these grey areas
India is also facing problems of lack of Cyber Security as well as ICT
Security. A techno-legal base is the need of the hour. Unfortunately, we do not
have a sound and secure ICT Security base in India and Cyber security in India
is still an ignored World. If opening of Cyber Cells and Cyber Units is Cyber
Security than perhaps India’s best in the World at managing Cyber Security
issues. Unfortunately ICT Security in India is equated with face saving
exercises of false claims and redundant exercises. The truth remains that ICT
Security in India is a myth and not reality. The Cyber Law in India requires a
dedicated and proactive approach towards ICT and Cyber Security in India. In
the absence of a dedicated and sincere approach, the Cyber Law in India is
going to collapse.
BIBLIOGRAPHY
IT ACT 2000 – Penalties, offenses with case studies:
Network Intelligence
IT ACT 2000 Published by the Gazette of India
www.dsci.in
– Information Technology Act, 2000 and Information Technology (Amendment) Act,
2008
www.ijarcsse.com-
ICT Penetration and Cybercrime in India: A Review
Business Law – Tejpal Seth
0 comments:
Post a Comment
Click to see the code!
To insert emoticon you must added at least one space before the code.