Project on :

INFORMATION TECHNOLOGY ACT –

RATHER THAN GIVING RISE TO
INFORMATION AND TECHNOLOGY GIVES
RISE TO CYBER CRIME

SUBMITTED BY:
MMS Batch 2022 | Group 2

Roll no. Name

20106A1002 Vaibhav Gorad

20106A1004 Sanket Khairkar

20106A1006 Sahil Mujawar

20106A1008 Simran Shinde

20106A1010 Anagha Koroth

20106A1012 Neelakshi Mane

20106A1014 Bhakti Mane

20106A1016 Rutuja Raut

20106A1018 Harshita Saraswat

20106A1021 Amol Tarwade

1
 INDEX

SR No. CONTENT Page No.

1. Introduction 3

2. Data Confidentiality / Data Hacking 4

3. Short Information on NASSCOM 6

Impact of Information Technology on Banking Sector

4. 4.1 Introduction 7
4.2 Positive impact of IT on Banking sector
4.3 Negative impact of IT on Banking sector

5. Comparison of Indian IT Act with other countries 10

6. Case Study 13
6.1 Pune Citi bank Mphasis Call Center Fraud
6.2 Air India’s Massive Data Breach

7. COVID-19 a boon or bane for Information Technology 17

8. Conclusion 20

9. Webliography 22

2
 1. INTRODUCTION

In today’s era, computer, internet and Information and Communication Technology has totally
changed the lifestyle of the people where everyone is dependent on the evolution of technologies.
Though technology has made life easy still it has its own pros and cons, and one of the cons is the rise
in cyber-crimes. To tackle the crimes related to computer or network Information Technology Act
2000 was passed on 9 June 2000 and commenced on 17 October 2000 which provides legal
recognition for transactions carried out by means of Electronic Data Interchange (EDI). Cyber-crime
is not an old sort of crime to the world. It is defined as any criminal activity which takes place on or
over the medium of computers or internet or other technology recognised by the Information
Technology Act. With the passage of time, developing technology and its vast usage has led to new
methods of committing crimes  so IT Act 2000 was amended, and a reform Act was passed
Information Technology (Amendment) Act 2008 which was made effective from 27 October 2009.

Data or information are very sensitive and confidential from a person’s , from company’s as well as
from a nation’s perspective. To keep the data secured from any wrongful possession or any form of
illegal handling various high-quality technologies are used to protect them from the reach of criminals
and even the laws are passed to put an end to the criminals. Cyber-crime is the one major drawbacks
of developing technology, but the same time technologies has made peoples life better in personal as
well as in their professional life. Every now and then cyber crime takes place around the world be it
extracting money , illegally handling information , causing disruption in a system, hacking into
personal accounts and many more. In India as a developing country even the people need to
understand the correct and wrong way of the usage of technology, people still lack the knowledge in
this fast-paced world of technology and various bodies are present to deal with the cyber-crimes.

2. Data confidentiality/ Data Hacking

3
Data confidentiality is a basic security service for data protecting. It is about protecting data against
international, unlawful, or unauthorized access, disclosure, or theft. Confidentiality has to do with the
privacy of information, password, including authorizations to view, share and use it, which must
remain confidential to protect the system and accounts. Low confidentiality data considered as
“public” or otherwise not threatening if exposed beyond its audience. High confidentiality data is
considered “secret” and must be kept confidential to prevent identity theft, compromise of accounts
and system, legal damage, and other consequences.

Examples of data with high confidentiality includes: -

 Social security numbers and credit card numbers, which must remain confidential to prevent
identity theft.
  Passwords and security codes, which must remain confidential to protect systems and
accounts.

2.1 Importance of Data Confidentiality: -

In organization, when the risk of data is shared publicly can cause to lose customer and employee
trust and loyalty. There is a risk of lawsuits if the organization do not follow specific federal rules that
were established to enforce data confidentiality. One of these federal laws is “ The Privacy Act of
1974”, this was established to protect data from being shared publicly. A person can be fines up to
$5000 if he or she breaks the federal law of privacy.

Provision regarding anti hacking in India: -

Section 43 and section 66 of IT act cover fraud or manipulation of data on criminal and civil offences.
Section 43A was introduced in 2008 amendment to include the business or their data protection,
where any worker stole the information or data from company’s system or storage. Section 66B refers
to fines against the individual who has stolen the data or computer information from company.
According to section 43, a simple civil offence, where any person stoles information or removes the
data or harm to the data which is stored in system without the permission of owner, then that person
shall be liable to civil liability and shall be liable to pay compensation to the owner.
“Under the IT act 2000, the overall pay-out limit was fine for Rs. 1 crore”. However, this limit was
removed in the change made in year 2008. Now, the penalty requires one year of imprisonment or a
fine of Rs. 1 lakh or both.

The internet is a fundamental part of our lives, and because of this rise in the use of the internet, the
threat of cybercrime and data hacking also rises day to day. Hackers are stealing or compromising

4
billions of pounds worth of data from business and companies' systems each year. The companies that
hold the personal information have a legal duty to keep it safe. There also, the hackers get access to
the company system and steal the data from the system.
Examples of famous hackers in history are Kevin Mitnick, Jahan Helsinguis, Linus Torvalds, Robert
Morris, and so many others.
 Examples: -
  Yahoo data hacked in 2017.
  LinkedIn data hacked in 2021.
 Facebook data hacked in 2019. 
Types of hacking: -
  Website hacking, Network hacking.
 Ethical hacking and Email or Password hacking.
 Online banking hacking and Computer hacking.

Three interrelated concepts that affect the protection of data are Privacy, Confidentiality and Security.
Privacy is both legal and an ethical concept. Privacy protections vary between jurisdictions and are
defined by law and regulations.
Confidentiality relates to the right of individuals to protect their data during its storage, transfer and
use to prevent unauthorized disclosure of information.
Security discussion should include identification of threats to system and data, and they must address
both the protection of data from inadvertent or malicious disclosure of data due to system failure or
errors.

When you got hacked, do the following steps: -

 Shutdown the system.
 Separate the system from the network.
 Reinstall the system with backup.
 Reboot all the system.

5
 3. Short Information on NASSCOM

The National Association of Software and Services Companies is a not-for-profit trade association for
the Information technology and Business Process Management (BPM) industry in India. NASSCOM
was established in 1988 since then it has been the supportive body for the IT BPM industry and
dedicated to expanding India’s role in the global IT order by creating a valuable business
environment, simplifying policies and procedures, promoting intellectual capital, and strengthening
the talent pool. NASSCOM facilitates business and trade in software and services and encourages the
advancement of research in software technology. It is registered under the Indian Societies Act, 1860.
It’s head-quarter is in New Delhi, India.

NASSCOM acts as an advisor to the Indian government as well as to state levels and forms a global
level partnership in promoting Indian IT BPM industry. It conducts in depth research on IT BPM
industries to keep its members aware of the global trends, best practices, threats, and opportunities. It
maintains high quality products and services with the aim of developing public confidence for its
members and the industry. It creates business opportunities for its members in India and on a global
platform. It conducts various seminars, webinars, and events for its members to build their networks.
It works with the government of India and support in policy making to enable the industry to meet its
growth and over the years it has been an industry trusted partner in policy framing and review.

During this pandemic India’s IT BPM sector showed a growth of 2.3% to $194 billion in the financial
year 2020-21. IT services grew 2.7% to $99 billion, BPM grew 2.3% to $38 billion and IT exports
showed a growth of 1.9% which is $150 billion whereas engineering R&D degree 0.2% to $31 billion.
As there was a shift in the working environment of working from the offices to work from anywhere
using new technologies showed a digital transformation which in-turn showed 28-30% growth in the
digital revenue of 50-53 billion dollars. As an industry, the vision is to grow to a 300-350 bn dollar
sector by 2025. This requires building and expanding market opportunities in India, in emerging
markets and existing markets.
NASSCOM made detailed memorandum of suggestions to Ministry of Finance (MoF) and members
of GST Council with respect to the Goods and Services Tax (GST) to enable growth and ease of
doing business for the Information Technology (IT) - Business Process Management (BPM)/ IT
enabled Services (ITeS) Industry.

4. Impact of Information Technology on Banking Sector

6
4.1 Introduction
The emerging information technology and cyber devices heralded a new world and brought
tremendous change in all the sectors of the economy. One of them is the Banking sector which is the
backbone of Indian financial system and in today’s era, technology support is very important for the
successful functioning of the banking sector. Banking sector always stands at the forefront of the
economy and innovation has paramount concern to the application of modern technical devices. 
Competition from fintech firms and big tech giants, increased expectations from the consumer, and
new innovations connecting data to digital delivery are requiring banks and credit unions to embrace
new technologies to build winning strategies.  

Some of the Technology’s advancement used in Banking sector are described below:

 ATM :  Automated Teller Machines are computerized machines placed by the local banks in
various places of a city or town to enable customers to access their accounts and perform
certain banking operations. 
  Net Banking: It provides personal banking services that gives complete control over all
banking demands online
 Mobile Banking: It provides all banking solutions on one’s mobile handset. This makes
banking operations very convenient for all those who own a mobile phone
  RTGS: Real-time gross settlement' systems (RTGS) are specialist funds transfer systems
where transfer of money or securities takes place from one bank to another on a "real time"
and on "gross" basis. Settlement in "real time" means payment transactions are not subjected
to any waiting period.
 IMPS: Using Immediate Payment Service (IMPS) the payment can be made in 24*7 and 365
days in a year. IMPS payments are safe and secured as they are end-to-end encrypted. IMPS
offers intra and inter-bank electronic fund transfer service through mobile phone. 
 UPI: Unified Payments Interface (UPI) is an instant real-time payment system developed by
National Payments Corporation of India which allows users to transfer money between banks.
It is a system which holds multiple bank accounts into a single mobile application having
several banking features. It eliminates the need to enter bank details or other sensitive
information each time a customer initiates a transaction.
 Debit and Credit Clearing System: A credit clearing system is an arrangement in which the
members of an association of traders, each of whom is both a buyer and a seller, agree to
allocate to one another sufficient credit to facilitate their transactions amongst themselves.

7
  MICR Technology: Magnetic Ink Character Recognition (MICR) is a machine which  reads,
processes and records information by identifying the readable code which is printed on the
cheque. It has enhanced security against fraud and mechanization of check processing.
 CTS: Cheque Truncation System (CTS) is a cheque clearing system using the electronic
image of the cheque which transmits vital information like MICR, date , bank information etc.
This would eliminate the need to move the physical instruments across the banks and it will
enhance the customers convenience along with an efficient way rather than the paper
clearance system.

4.2 Positive Impact of IT on Banking Sector: 

 Information Technology offers great potential and various opportunities to the Indian Banking
sector. It provides cost-effective, rapid, and systematic provision of services to the customer. 
 Banking process is faster than before and more reliable, even maintaining and retrieving
documents and records is much faster.
 Transparency between the banks and the customers regarding each transaction and the
activity carried out by both are recorded.
 Technology has brought customers' relation with the banks into greater focus. It is an
instrument to cost reduction and effective communication with people and the institutions
associated with the banking business.
 Banks produce large amounts of data and transactions every now and then which are
confidential and need to be protected. So Banks deploys advanced analytics ,real time
monitoring and AI to detect threats and voluntarily stops it from happening.  
 Using Artificial Intelligence (AI) banks can easily carry out and even  transform their services
according to customer’s needs. 
 The scope of frauds in banks is being minimised using passwords, double authentication in
online banking.
 The modern technology helps in tracking the key customers and provides them better
services.
 Owing to lower branch maintenance and manpower cost such banks can offer competitive
pricing for their product and services as compared to traditional banks.
  IT also provides the framework for the banking industry to meet challenges in the present
competitive environment. 

8
4.3 Negative Impact of IT on Banking Sector:

 Banks and other financial institutions are now-a-days suffering from cybercrimes as they have
personal data of clients that possess valuable information for the banks.
 In the current era of digitalization workforces, services have shifted from traditional banking
to online banking. If the bank does not have a proper security system , it will come under
cyber security threats. 
 Technology has taken the place of men in banks as the services and information are easily
made available to the customers.
 Fraudsters make use of technologies to dupe money from a person's accounts and transfer it to
its desired account.
 Banking services turned online with the use of mobile made life easy but at the same time
with the use of mobile criminals collect data from the people.
 Hacking is  one of common ways to get unauthorized access by cracking the systems or by
trying to bypass the security mechanisms and get into banking sites and even the accounts of
the customers.
 Online credit card frauds take place when customers use their credit card or debit card for any
online payment if another person with malafide intentions, uses such card details and
password by hacking and misusing the customers' hacked card details.
 Key logging are activity-monitoring software programs by which fraudsters record actual
keystrokes and mouse clicks to get access to your personal data. Criminals make use of all
sensitive data and try to steal the money from the banks of the customer.

The technology on one hand serves as a powerful tool for customer servicing, on the other hand, it
itself results in depersonalising of the banking services. This has an adverse effect on relationship
banking. A decade of computerization can probably never substitute a simple or a warm handshake.
At the same time in the pace of innovation and digitization , money cheating has increased using
various methods with the use of the same technologies. Cyber Crime is a Technology related offence
and Information Technology Act comes in to reduce the cybercrimes in India. According to the
National Crime Records Bureau, it was found that there has been a huge increase in the number of
cyber-crimes in India in the past three years. Electronic crime is a serious problem. In cases of cyber-
crime, there is not only financial loss to the banks but the faith of the customer upon banks is also
undermined.

9
 5. Comparison of Indian IT Act with other countries
Australia
Norton claimed that more than
5.4 million Australians were
victims of cyber-crime – a
quarter of the country’s total
population; those crimes cost
Australia $1.65 billion over that
year, and the Australian
Government to stay above $1
billion a year for the foreseeable
future.
Cyber-crime v. Cyber-
warfare
Both terms “cyber crime” and
“cyber attack” are mentioned in
Australian policy documents in
different contexts; thus, the
distinction is apparent, even
though there is no clear
definition provided for either of
the terms.
Where to focus?
Australian Government's Cyber
Security Strategy was launched
on 23 November 2009, as an
outcome of the E-security
Review 2008.
The strategy articulates a
number of strategic priorities,
among which on the first place
is “Threat Awareness and
Response” set to “improve the
detection, analysis, mitigation
and response to sophisticated
New Zealand
According to 2010 data, 70% of
New Zealand adults have been
the targets of some form of
cyber-crime, with the most
common complaints being
computer scams, fraud and
viruses/malware.
Cyber-crime v. Cyber-
warfare
The difference between “cyber-
crime” and “cyber-attack” is
defined in New Zealand’s
Cyber Security Strategy as
follows:
Cyber-attack – An attempt to
undermine or compromise the
function of a computer-based
system, access information, or
attempt to track the online
movements of individuals
without their permission.
Cyber-crime (or computer
crime) – Any crime where
information and communication
technology is :- 1) used as a tool
in the commission of an offence
,2) the target of an offence ,3) a
storage device in the
commission of an offence.
Where to focus?
The distinction between cyber-
crime and cyber-attacks was
important in formulating the
Cyber Security Strategy.
A cyber-attack can be classified
as a computer or cyber-crime,
yet from New Zealand’s Cyber
Security Strategy it is evident
that the following cyber threats
require a special response and
are more serious than domestic
India
According to the report, a
whopping 27 million Indian
adults were victims of identity
theft in the past 12 months, and
52% of adults in the country do
not know how to protect
themselves from cyber crime.
“In a year of lockdowns and
restrictions, cybercriminals have
not been deterred. More Indian
adults fell victim to identity
theft in the past 12 months and
most are concerned about data
privacy,"
Cyber-crime v. Cyber-
warfare
India is positioned among the
third-tier countries on a
spectrum of cyber warfare
capabilities. Researchers from
the International Institute for
Strategic Studies (IISS) ranked
countries on a spectrum of
cyber capabilities, from the
strength of their digital
economies and the maturity of
their intelligence and security
functions to how well cyber
facilities were integrated with
military operations. The study,
published by the ISS comes as a
series of hacking campaigns
that have highlighted the
growing threat of online
espionage by hostile states.
Where to focus?
The IT Act was amended last in
2011. Despite an unprecedented
increase in cyber frauds, data
breaches and general cyber
security concerns, no changes
have been made in the IT Act in
almost 9 years.
 In February 2020, the Ministry
of Electronics and Information
Technology announced that it
will revamp the IT Act with a
stronger focus on framework for
10
cyber threats, with a focus on
government, critical
infrastructure and other systems
of national interest”.
Other priorities include
educating the Australians with
information and practical tools
to protect themselves online,
cooperate with businesses to
promote cyber security,
promote the development of a
skilled cyber security
workforce, model best practice
in the protection of government
ICT systems, and promote a
secure global electronic
operating environment that
supports Australia's national
interests.
The Law and the need for
Warrants
The Ministry for Home Affairs
and Justice and the Police are
the authorities responsible for
cyber-crime.
The Ministry released the
Protocol for Law Enforcement
Agencies on Cybercrime
Investigations in 2011.
The protocol provides a cyber-
crime investigation matrix that
outlines the most appropriate
agencies to deal with particular
types of complaints, and
provide specific arrangements
for sharing information to cyber
crime investigations between
jurisdictions.
6.
crimes: cyber-espionage,
hacktivism and terrorist use of
the Internet.
In 2012 New Zealand passed
the Search and Surveillance
Act.35 The Act unified the
powers that previously were
scattered across roughly 70
agencies.
The Secret Intelligence Service
and the Government
Communications Security
Bureau are still governed by
their own legislation.
The Law and the need for
Warrants
The following offences are
identified as “crimes involving
computers” and are subjected to
punishment according to
Crimes Act:
Section 249 – “Accessing
computer system for dishonest
purpose”
Section 250 specifies
imprisonment for a term not
exceeding 10 years to everyone
who intentionally damages or
alters any computer system “if
he or she knows or ought to
know that danger to life is likely
to result”. Any damage to
computer system, interference
with data without authorisation,
causing computer system to fail
or deny service to any
authorised user is punishable by
imprisonment for up to 7 years.
 Section 251 Making, selling,
or distributing or possessing
software for committing a crime
– imprisonment for up to 2
years
cyber security.
Emerging technologies,
explosion of digital business
models and a substantial
increase in the instances of
cybercrimes have triggered the
government to take steps to fast
track the process of amending
the IT Act.
On 23 February 2003, the
MeitY designated the Indian
Computer Emergency Response
Team (“CERT-In”) as the
authority to issue instructions
for blocking websites under the
IT Act to prevent online
obscenity[5].  In 2009, CERT-
In was later nominated as the
national agency to respond to
cyber-security incidents
The Law and the need for
Warrants
It is clear from the new Cyber
Security Strategy that the
Finnish government attributes a
great importance on securing
the key businesses, crucial
governmental institutions and
critical infrastructure providers
from cyber-attacks that pose
political or economic threat than
on solving cyber-crime or
enforcing legislation.
The Cyber Security Strategy
outlines the responsibilities of
current and to-be-established
legislative authorities and
emphasizes the cooperation
between different private and
public sectors to secure
cyberspace and prepare for
effective crisis management.
However, the Cyber Security
Strategy is not meant to
establish laws or set any legal
framework; its purpose is to
outline the national strategic
vision.
11
 6. Case Study
6.1 Pune Citibank v Mphasis Call Center Fraud

Introduction :
In 2005, US $ 3,50,000 which was almost INR 1.5 Cr back then were dishonestly transferred to fake
accounts in Pune from Citibank accounts of four US customers , through the internet.
Some employees of a call centre under the guise of helping the customers to get out of difficult
situations gained the confidence of the US customers and obtained their PIN numbers. But later they
used these numbers to commit fraud.

How the Fraud Operated:

Back then the first thing that was taught to employees was to strike a friendly conversation with
Citibank’s global customers, while getting calls from them with problems related to their bank
accounts and credit cards. For security reasons the call center employees were checked when they go
in and out so they cannot copy down numbers. Therefore, in this case, all the 3 employees memorized
the numbers of 4 USA customers and went straight to the cyber-café; after leaving the office and
accessed the accounts of the Citibank customers.

The fake accounts were then opened in Pune and the money from those Citibank customers got
transferred into those accounts. Later when luckily a customer complained about his money being
transferred to the accounts in Pune and the police came into action. Citigroup Investigation Services
in Mumbai were alerted about the situation. The team contacted the recipient banks and confirmed the
fraud. When the main accused came to check the transfer, the police caught him and made a total of
16 arrests. They used SWIFT i.e. Society for Worldwide Interbank Financial Telecommunication to
transfer the funds. When the bank accounts were made in Pune, fake email accounts were also made
because of which the original account holders never received the confirmations, which they would
have received during the transferring of funds. In March 2005, with the help of two home loan agents
ICICI whose role was to facilitate illegal accounts the money was being moved to a dozen bank
accounts which were made by them. They were not from BPO but were part of the scam and also
among the people who were arrested.

Judgement :
● The Court held the accused under Section 43(a) of IT Act, 2000 as it is applicable in the
present case because of the presence of the unauthorized access to the "Electronic Account
Space" of the customers that are involved to commit transactions and is therefore firmly
within the domain of "Cyber Crimes".

12
 ● The accused were charged under Section 66 of the same Act and Sections 420 i.e., cheating,
465, 467, and 471 i.e., forgery.
ITA-2000 is versatile enough to accommodate the aspects of crime not covered by ITA-2000 but
covered by other statutes since any IPC offence committed with the use of "Electronic Documents"
can be considered as a crime with the use of a "Written Documents". "Cheating", "Conspiracy",
"Breach of Trust", etc. are therefore applicable in the above case in addition to the section in ITA-
2000.

Conclusion :
● The strict background check needs to be done compulsorily for the companies while
appointing call center executives. Though the background check cannot eliminate the
possibility of such security breaches but still it must be ensured that the checks should not be
ignored while hiring the employees.
● The customers should be educated by the banks to not fall under such traps. Customers need
to be open-eyed while dealing with call-centre agents. Sharing of passwords, PINs or blank
cheques with your signature on it is nothing less than a dumb act itself. Even the verification
code at the back of a credit card should not be shared. Also, customers should keep
monitoring their accounts and statements routinely to spot any unauthorised transaction if
any.

Suggestions :
 One should make sure never to disclose any personal information to strangers via any means.
 One must avoid sending photographs to strangers online as misusing and breaching of
photograph incidents is increasing day by day.
 You should never share your credit card number to any site that is not secured.
 Web servers running public sites must be separately protected from internal corporate
networks to maintain privacy.
 An updated Antivirus software should be used by everyone to guard against virus attacks. To
control information on sites, It is better to use a security program by the body corporate .
 To break down the criminal activities relating to cyberspace and protection of computer
systems, the IT department should pass guidelines and notifications and should also bring out
some more strict laws.
 Special police task force which is expert in the technical field can be allotted for the
protection of such acts.

13
 6.2 Air India's Massive Data Breach

Introduction :
In May 2021 Air India made an announcement that its customer database had suffered from a massive
security breach. They informed that the breach involved personal data registered of passengers
registered between August 2011 and February 2021”
The airline announced that the breach took place due to breach from the SITA passenger service
system which is a technology-based company located in Switzerland, specializing in information
technology and air transport communications. The data breach involved information of around 45
lakh passengers.
Leaked data included passenger’:
● Name
● Contact information
● Date of birth
● Ticket information
● Passport information
● Credit card data
● Frequent flyer data
The details of the security breach are not entirely clear yet. The only thing known was the breach
occurred due to a cybersecurity attack of the airline’s third-party data processor, in which not only Air
India but many airlines all over the world got affected by.

Air India’s Response to the Security Breach

In response to this massive security breach, Air India took the following steps to ensure passenger
data safety by:
● Investigating the whole security breach case
● Securing all the servers that were compromised during the breach
● Working with data security case specialists
● Notifying all the credit card issuers and working with them to avoid any mishappening
● Asking Frequent Flyers to reset their passwords.
The airline further also stated that no abnormal activity was observed in the data processor after
securing the compromised servers and they have continued to take remedial actions to ensure safety of
their personal data.

14
Conclusion :
Now-a-days, cyberattacks have been reported frequently by many companies, which are posing a
serious threat towards the privacy of every individual. With the rise in digitalization
across the globe there's an increase in the cyber-crimes and cyber-attacks by the criminals.
Within six months the Air India security breach was India’s second airline data breach. In December
2020, IndiGo’s servers were hacked, and they announced that it is possible that the stolen information
could be uploaded on public websites by hackers.
The question is, are these big companies like Air India and others doing enough from a data security
and data privacy point of view??? Are they doing enough to protect themselves and their customers
who put their trust in them? It is very important that organizations take steps to bulletproof their data
from hackers, especially if they are using external third-party services.
Compliance with best-practice data security guidelines is also a crucial task that these companies
should consider and international standards is a significant step to prevent future breaches. also, to
mitigate the potential damage of breaches that may occur, it is of utmost importance that an
organisation employs a strong encryption strategy and operational processes.

Suggestions :
Air India must ensure that:
● Even at rest its data remains encrypted in its databases.
● Its data is encrypted while in transit when it migrates between clients, applications, and Air
India personnel.
● The HSMs (hardware security module) are not accessible by the third-party data processor.
● All key management is performed only by Air India.
● Its encryption keys are never in a third-party's data processor and remain stored in Air India’s
secured data center.
● Third parties do not have access to any kind of readable data.
● The multifactor authentication of clients is implemented so that there is limited access to data
and only to authorized persons like passengers who can only view their personal data.
These steps towards best practice stress the need for strong cryptography using HSMs and lifecycle
key management, which enables a business to be confident that its sensitive data is even at rest or in
use is fully protected against breaches - so confidential data remains encrypted even if attackers gain
access to it.

15
 7. COVID a boon or bane for Information Technology.

Nature is inevitable. The predictions and expectations are not in our hand. The example of the same is
Covid 19. While everything was going normal suddenly the phenomenal change occurred and
changed everything. The phenomenal change was a virus, a virus named corona that hit the whole
world round. As the virus has risen one thing will surely happen that is nothing going to be same
again and India is the most affected country because of it. The virus had brought many changes in
every person’s life. Pre lockdown or before lockdown when everything was normal people were
working in their own comfort zones like maximum in the office and minimum from home or vice
versa or a place from where they can work. But now situation has reversed covid had made everyone
sit home and work. This situation is the new normal.

The spread of pandemic Covid-19 has drastically disrupted every aspect of human life including
Indian IT sector. It has created an unusual test on IT sector. In many IT companies around the world,
offices are closed, and work is done from home. One can clearly see that over a decade IT Sector has
been India’s one of the blooming and leading sector to economic growth of India. This sector has
have become a dream of many in fulfilling their accomplishments. However, due to coronavirus
Covid-19 outbreak, players in India’s IT services, according to industry analyst says that there will be:

 A huge challenge for business continuity for IT sector.

 Significant slowdown in growth during this financial year.
 Companies like Tata Consultancy Services, Infosys, and HCL Technologies, will be impacted
most by the lessened technology spending from clients in the US and Europe following
lockdowns across the globe.
 Also work from home will raise a concern for cyber security.

Benefit of Covid to IT sector: -

 WFH increased the cost and productivity.

 Reduce long distance travelling which reduce air pollution.
 Blessing for women who are not able to continue with their careers because of family
commitments, as they can continue devoting some time for work.
 Increased the productivity of work.
 IT industry is expected to have an enormous market boom from US$ 131 Billion in 2020 to
US$ 295 in the next five years by 2025
 The increase in the economy for this industry is the increased demand for software and social
media platforms such as Google Hangouts, WhatsApp Video call, Zoom, and Microsoft

16
 Teams. All these teleconferencing tools help the people who are in quarantine to stay in touch
with their family members as well as have conference meetings and work at the same time.

Covid is Boon for IT sector because: -

 Most organizations do not have a tech stack in place for a reliable business continuity plan
(BCP). due to enhanced remote work scenarios, IT department will play a larger role in future
BCPs and will need help from IT service providers in producing devices, setting up a
resilient, flexible, and secure network, disaster recovery systems, IT security, etc.
 The need for even-faster access to data and automation will enhance the focus on network
equipment and communications as never before, speeding up 5G network deployments and
adoption of 5G equipment. Due to the coronavirus, a lot of opportunities opened in the IT
industry, such as the growing need for the 5th generation. This will help increase connections
that support the primed remote interactions. This has become the top priority for many
organizations due to the pandemic.
 IT has become the most prominent internal function in the aftermath of COVID-19, with
business and other functions expecting IT services and support like never. IT will truly
become the backbone of business in the post COVID-19 period.
 Because of IT sector people are getting diagnosed, treated, and operated without the need of
a physician to be physically present. A lot of apps have been built in the past few months to
help achieve this. There are many patients who are in self-quarantine who need medical
supervision and medical assistance every day, and these applications could help them achieve
that.

According to Business Standard report the pandemic has been a blessing in disguise and will lead to a
larger number of people to work from home in the post coronavirus world says two expert

 Largest software exporter TCS's Chief Executive and Managing Director Rajesh Gopinathan
said that over a decade, IT companies' model was based on employees trooping-in to cubicles
often in specially erected or hired campuses for work, but the lockdown resulted in a quick
shift to the WFH model.
 Chief Executive of business process management player WNS and former Chairman of  IT
industry lobby grouping NASSCOM Keshav Murugesh, Chief Executive of business process
management player WNS and former Chairman of IT industry lobby grouping NASSCOM,
said the association responded to the challenge by helping its members transport over 25 lakh
desktops from offices to associates' residences within a fortnight, which ensured work can
continue. Once they started working from home, companies are seeing gains on costs as well

17
 as efficiencies, and now, business leaders are certain that fewer people will be manning the
cubicles spread across campuses.

So here one can state that initially it was a bane for the It sector because at the start of the pandemic or
lockdown the IT sector was affected badly. As no one had a clue about how to manage whole working
system from home, pre covid work from home used to happen on certain days but lockdown made it
permanent. While every situation was new the IT sector faced certain problems like providing laptops
to every employee, to see whether employee’s internet facilities are working well or not etc. At that
moment everything seemed difficult but as days passed IT sector condition started to normalize. The
sector is looking forward to continues the permanent work from home. However, it is saving
companies expenses and employee travelling time. It will boon for IT sector in coming years.

18
 8. CONCLUSION

As one can see the growth in the technology’s day by day, this directly creates lots of data or
information which lies openly in the cyber space. With so many cyber-crimes happening all over the
world these days, data or information are at risk of getting misused by criminals. Hacking is becoming
a serious problem, and it is not something that can be put to an end. It seems the technologies have
paved the way for these hackers too. Cyber-crime has become a great threat to mankind and in various
sectors of industries such as Banking sectors , Company’s confidential information , customers data,
etc. getting leaked and many others. To slow down the rate of crime it is not only the responsibility of
government or cyber-crime control departments, but it is the responsibility of each person who is part
of society to be aware of such frauds and should use the cyber space diligently. 

What we can do at our personal level.

 You should make sure never to disclose any personal information to strangers via any means.
 You should never share your bank details or any account related details at any unauthorized
site without making sure the security of your information.
 One must avoid sending photographs to strangers online as misusing and breaching of
photograph incidents is increasing day by day.
 One must be aware of the fraud call and should make sure to report it to the officials as soon
as possible to save yourself and others.
 Elders in the house must be educated regarding the fraud call where they state that they are  
part of banks and trap them in giving their details resulting in getting duped.
 An updated Antivirus software should be used by everyone to guard against virus attacks.

 What Companies can do to protect them from cyber-crime.

 An updated Antivirus software should be used by everyone to guard against virus attacks. To
control information on sites, it is better to use a security program by the body corporate.
 Web servers running public sites must be separately protected from internal corporate
networks to maintain privacy.
 Even at rest companies should make sure that their data remains encrypted in its databases.
 Rather than with third party’s data processors, companies should make sure that the data’s
encryption keys are in the company's secured data center.
 Third parties should not be given access to any kind of readable data.

19
  The strict background check needs to be done compulsorily for the companies while
appointing call center executives. Though the background check cannot eliminate the
possibility of such security breaches but still it must be ensured that the checks should not be
ignored while hiring the employees.
 The customers should be educated by the banks to not fall under such traps. 
 

What Government or law do to control Cyber-crime.

 To break down the criminal activities relating to cyberspace and protection of computer
systems, the IT department should pass guidelines and notifications and should also bring out
some more strict laws.
 Special police task force which is expert in the technical field can be allotted for the
protection of such acts
 Cybercrime is not a particular states or country’s problem but a worldwide crime affecting
lakhs and crores of people. So instead of making different laws for different countries,
universal laws should be made for cyber-crime and accordingly the punishments should be
given to decrease the threat or fear people have nowadays because of cybercrimes happening.

So, to decrease cyber-crimes, we should not just depend on officials or authorities but should become
aware of all these happening in the cyber world we are living in these days.

20
 9. Webliography/ Bibliography
 https://www.indiacode.nic.in/handle/123456789/1999 

 https://nasscom.in/ 

 https://timesofindia.indiatimes.com/business/india-business/it-iindustry-to-grow-2-3-to-
194bn-in-fy21-nasscom/articleshow/80954964.cms
 https://www.legalserviceindia.com/legal/article-3073-cyber-frauds-in-the-indian-banking-
industry.html 
 https://www.mygreatlearning.com/blog/biggest-cyber-security-threats-indian-banking-sector/  

 https://www.business-standard.com/article/finance/cyber-crime-is-growing-risk-to-bank-
ratings-s-p-121052500341_1.html  
 https://www1.udel.edu/security/data/confidentiality.html  

 https://www.hayesconnor.co.uk/cyber-crime/data-hacking/  

 https://bnwjournal.com/2020/07/17/pune-citibank-mphasis-call-center-fraud/  

 http://www.indiancybersecurity.com/case_stuty_pune_citibank_mphasis_call_center_fraud.p
hp 
 https://www.ecommercetimes.com/story/42112.html 

 https://www.lawctopus.com/academike/cyber-crimes-other-liabilities/  

 https://www.thehindu.com/news/national/telangana/impact-of-covid-19-bane-for-many-boon-
for-some/article31193295.ece 
 https://community.nasscom.in/communities/covid-19/is-covid-19-a-boon-or-bane.html  

 https://solidstatetechnology.us/index.php/JSST/article/view/5208 

 https://www.google.com/search?
q=Pune+Citibank+MphasiS+call+center+fraud+judgments&sa=X&biw=1366&bih=657&sxs
rf=ALeKk00DOAKXUkVDbvA3k14nb841ycUWxQ:1628405569634&tbm=isch&source=iu
&ictx=1&fir=EWNreTG4KUBj4M%252C1aS9lDsMSQ8bMM%252C_&vet=1&usg=AI4_-
kSIOy-
b4A_fCi_P5sQAUjUJ2vjYtg&ved=2ahUKEwi60Zy866DyAhWW73MBHeaDAdgQ9QF6B
AggEAE#imgrc=EWNreTG4KUBj4M 

21