Professional Documents
Culture Documents
Research
Research
A PROJECT REPORT
Submitted by
PUSHPAK KUMAR CHAUDHARY
(22MBF10102)
Chandigarh University
APRIL 2024
2
BONAFIDE CERTIFICATE
SIGNATURE SIGNATURE
DECLEARATION
ACKNOWLEDGEMENT
During the development of this project, right from the initiation stage to the
implementation stage, so many people have helped us in doing these right
things at the right time and in the right way.
We are very thankful to everyone who all supported us, for we have
completed our project report effectively and moreover on time.
We feel grateful to all the persons who helped us in studying the system,
researching, developing and at last preparing the document. Our completion
of the project could not have been accomplished without the support of our
teachers, classmates, and friends who helped us in one way or the other. We
might likewise want to express gratitude towards Chandigarh University for
giving us such a chance to study this field.
We would like to thank our team members who helped us a lot in gathering
different information, collecting data, and guiding us. we also thank my friends
who were there with their suggestions and comments for my project. we
learned a lot of new things by doing this project, so we are very grateful to
them.
THANKING YOU
5
TABLE OF CONTENT
6
ABSTRACTS
This research paper presents an in-depth examination of the escalating issue of
online fraud within the Indian banking sector, with a focused case study on Yes Bank.
The study outlines the evolution of digital banking in India and its concurrent
vulnerabilities to cyber threats, which have significantly impacted consumer trust and
financial security. By analyzing the Yes Bank crisis, this paper sheds light on how
lapses in cybersecurity measures and governance can lead to substantial financial
losses and erode public confidence in banking institutions. The research navigates
various dimensions of online fraud, including phishing, hacking, and malware
attacks, that have plagued Yes Bank and other financial institutions. It critically
evaluates the regulatory responses the Reserve Bank of India (RBI) spearheaded to
mitigate such risks and safeguard the banking ecosystem. Additionally, the paper
explores innovative technological solutions and best practices for enhancing digital
security and resilience against online fraud. Through this case study of Yes Bank, the
research aims to contribute to the broader discourse on cybersecurity in banking,
offering valuable insights for policymakers, banking professionals, and researchers
to fortify the Indian banking sector against the burgeoning threat of online fraud.
INTRODUCTION
In the rapidly evolving landscape of the Indian banking sector, the integration of
digital technologies has heralded a new era of convenience and efficiency. However,
this transformation has also exposed banks to heightened risks of online fraud,
posing significant challenges to financial stability and consumer trust. The case of
Yes Bank Ltd. (YBL), a prominent new-age private sector bank founded in November
2003 by Mr. Rana Kapoor and the late Mr. Ashok Kapoor, exemplifies the intricate
nexus between banking sector vulnerabilities and the incidence of online fraud.
Ascending to India's fifth-largest private lending bank position, Yes Bank's ambitious
journey was abruptly disrupted by a severe financial crisis, as evidenced by the
Reserve Bank of India's (RBI) intervention on March 5th, 2020. The RBI's drastic
measure to replace the bank's Board of Directors due to a "serious decline in the
financial position" of the bank, coupled with a withdrawal limit imposition and a
catastrophic plunge in share prices from Rs.404 to Rs.5.65, underscores the
profound impact of governance lapses and operational risks on banking stability.
This introduction sets the stage for an in-depth study into the increasing online fraud
within the Indian banking system, with a focused examination of the Yes Bank crisis
as a pivotal case study. It aims to unravel the multifaceted causes leading to Yes
Bank's predicament, including potential vulnerabilities to online frauds, and to
scrutinize the role of the Central Bank of India (RBI) in orchestrating a recovery. By
dissecting this critical episode, the paper seeks to contribute to a broader
understanding of the dynamics between digital banking advancements and the
escalation of cybersecurity threats, offering insights into effective strategies for
7
preventing online fraud and ensuring the resilience of the banking sector in the face
of digital challenges.
OBJECTIVES OF STUDY
The study on increasing online fraud in Indian banking, with a focus on Yes Bank,
aims to achieve the following objectives:
RESEARCH METHODOLOGY
Our investigation into the crisis involved an exploratory research approach, where we
gathered secondary data spanning from 2015 to 2019, specifically focusing on quarterly and
annual reports from Yes Bank. Additionally, our data collection extended to the bank's
website, resources from the Reserve Bank of India (RBI), BSE India.com, and various print
and digital media sources. Our aim was to delve into the root causes of the crisis, examine
the steps taken by the central bank to mitigate the situation, and assess the overall impact of
the crisis on a private banking institution.
Asset Quality & Risk Management Practices - An Analysis on Yes Bank’ (DR.
ARUNA POLISETTY, 2019)
In this study, the author has been tried to understand the risk management attributes by
studying how it is practiced at the bank. Asset quality numbers are being collected over
years and analysis is done to determine how they are maintained. The Government of India
and the RBI have taken up the task of cleaning up the bank balance sheets on a priority
basis. Several approaches have been used in dealing with loans and the IBC and AMC
concepts are major steps towards this. This study perceives that regular monitoring of risk
management, asset quality (Gross NPA & Net NPA status, NPA Ratio, PCR, Concentration of
NPAs and Divergence) and knowledge banking, size of bank and other attributes are
9
actually helping the bank to be with manageable NPA figures. Volatility in asset quality and
larger divergences are a cause of concern level of non-performing assets (NPAs) best and
negatively impacted the price.
To conclude, this research paper is based on how the yes bank shares will perform in
the near future (based on their performance since December).
Shares of Yes Bank hit its 52-Week low on Friday 6th March, 2020 due to external
factor of government capping the withdrawal limit on the lender to Rs.50000.
Around noon even the BSE SENSEX fell by 3%.
A consortium of lenders, led by the State Bank of India, will acquire a controlling
stake in Yes Bank.
Capital Structure Analysis and Financials Analysis of Yes Bank in India (By
Hardik Brahmbhatt,2018)
This research aims to compare the capital structure and financial analysis of selected banks
through some measurements. The annual financial statements of the commercial banks
were used for this study which covers a period of two years from 2015 to 2017 for debt
equity and overall financial analysis. The study assesses the capital structure of the banking
measured by total debt to equity ratio (DER), f-test have been used to show the capital
structure of banks and its performance. However, this study concludes that there is no
significant difference in debt equity ratio amongst the years and future prospects are much
profitable and growth oriented as per financials. The investors are tending to get the profit if
invested during this phase of year. Coming years for the yes bank are the years of achieving
of the target and mission which is set for the year 2020.
10
(The figures are extracted from the Annual Report of YES Bank)
Analysis:
11
Typically, the perfect Credit- deposit ratio is 80% to 90%. A Credit- deposit ratio of one
hundred pc means a bank loaned one rupee to customers for each rupee received in
deposits it received and it results a high liquidity crunch. During this case, the said ratio has
been reported 92.57% within the year 2017 and it absolutely was exceeding 100% within the
year 2018 and 2019. That happens because of the loan mess, customers withdrew large
amounts, leading to the credit-deposit ratio of Yes Bank crossing 100% (it lent over what it
received) in FY18 and 19, which was creating an alarming situation, but the Bank
Management have ignored that situation and pulled the bank into the Crisis.
At least nine companies of the Reliance Anil Ambani Group considered for NPAs
worth Rs 12,800 crore.
Further, Dewan Housing Finance Corporation and Belief Realtors Private Ltd of the
DHFL Group have taken loans amounting to Rs 4,735 crore
while Yes Bank had exposure of over Rs 2,500 crore to IL&FS that turned bad.
Yes Bank has additionally learned to have loaned Rs 1,100 crore to Jet Airways.
Kerkar Group whose two companies Cox & Kings and Go Travels have taken loans
of around Rs 1,000 crore;
Analysis:
In step with the estimates, the maximum amount as 25% of all Yes Bank loans were
extended to Non-Banking Financial Companies, land firms, and also the construction sector.
These were the three sectors of the Indian economy that have struggled the foremost over
the past few years. The India’s fifth largest private lending Bank was overexposed to those
virulent assets. What made it more vulnerable to bankruptcy was its inability to honestly
recognize its Non-Performing Assets. On the three different occasions, the last being in
November 2019, the RBI pulled it up for divergence of NPAs by under reporting — and
adequately provide for such bad loans.
Gross NPA Ratio (%) (d) 3.3 1.3 1.5 0.8 0.4
(The figures are extracted from the Annual Report of YES Bank)
Analysis:
From the above table we have found that, the Gross NPA ratio was below 1% up to March
2016 and exceeds 1% in the financial year 2016-17 and 2017-18. Unfortunately, the bank
was reported a Gross NPA of Rs.7882.56 in the F.Y 2018- 19 with an increasing trend of 3%
and such trend was still continuing to the F.Y. 2019-20. The bank's gross NPAs stood at Rs
40,709.2 crore in Q3 FY20 up from Rs 5,158.6 crore at Q3 FY19 and as of the September
2019 ended quarter, Yes Bank had a gross NPA ratio of 7.39 percent.
13
Divergence:
In FY19, per the private lender’s exchange notification, the RBI assessed the extent of gross
non-performing assets at Rs 11,159 crore. The bank had disclosed gross NPAs of Rs 7,882
crore, implying a divergence of Rs 3,277 crore or 41 percent. The divergence in reporting of
net NPAs for the year stood at Rs 2,299 crore or 51 percent of the net NPA amount reported
by the bank, the notification said. As per the RBI’s rules, banks are required to disclose any
divergence of quite 15 percent. The market regulator recently specified that this divergence
should be disclosed to investors within daily of the receipt of RBI’s report.
Analysis:
The above Table presents the Net NPA Ratio, It can be noticed that Net NPA ratio has
resulted within the first Four years of study i.e. from 2014-15 to 2017-18 is below 1%. But in
the year 2018-19, it has been reported 1.88%, which is double then the previous years. The
bank had didn’t make sufficient provisions against NPA in that year. Many borrowers started
defaulting. The bank’s gross non- performing asset percentage, that’s the proportion of loans
overdue for over 90 days, zoomed to 7.39% as of September 2019, the highest among
comparable banks. As per the info collected, the bank's gross NPAs stood at Rs 40,709.2
crore in Q3 FY20 up from Rs 5,158.6 crore at Q3 FY19, the YES Bank said in an
exceedingly regulatory filing to BSE. The net NPAs of the bank stood at Rs 11,114.72 in Q3
FY20, up from Rs 2,876.3 crore in Q3 FY19 and as of September 2019 ended quarter, Yes
Bank had a gross NPA ratio of 7.39 percent and a net NPA ratio of 4.35 percent.
14
5. Loan spree and high NPA meant poor profitability, gauged by Yes Bank’s
sinking Return on Assets:
The loan spree & high NPA meant poor profitability, gauged by Yes Bank’s sinking
Return on Assets (ROA). Banks with higher NPAs effectively have fewer funds to
advance due to the upper provisioning that they have to provide i.e. lesser funds on
which they will potentially earn interest income. Other negative impacts of high NPAs
are that the upper NPAs will increase the quantity of provisioning thereby impacting
the profitability of the banks. Thus Banks may face difficulty in keeping up the capital
adequacy ratio. There’ll be increased pressure on Net Interest Margin (NIM) and
compulsiveness to cut back high NPAs.
(ROA = Net Profit / Total Assets)
Return on Asset (ROA) (%) (Rs. In Crore)
Year Ended on Mar’ 2019 Mar’2018 Mar’ 2017 Mar’2016 Mar’2015
Net Profit/ (Loss) 1,720.27 4,224.56 3,330.10 2,539.45 2,005.36
Gross NPA 7,882.56 2,626.80 2,018.56 748.98 313.4
(The figures are extracted from the Annual Report of YES Bank)
Analysis:
As an example, Yes Bank's ROA in FY19 was 0.45, in FY18 it absolutely was 1.35, Thus the
y-o-y change of -0.90 in FY19 is shown within the above table, that happens, because of the
increment in NPA within the year 2019 i.e. 100% Increase in Gross NPA and more 100%
increase in Net NPA. As a result, the Bank has been reported a Profit of Rs. 1720.27 Crore
within the year 2018-19, which was decreased by Rs.2504.29 Crore from the year 2017-18
and also the bank has suffered a loss of Rs 18,564 crore in December quarter in FY20
because of provisions and contingencies of Rs 24,567 crore. This is often its worst quarterly
loss in history. It absolutely was showing a nasty signal for the bank and pulled towards the
greater crisis.
Analysis:
While bad loans assembled, Yes Bank didn’t make enough provisions in its profits. Its
Provision Coverage Ratio within financial year 2019 was 43.1%, the bottom among
comparable banks. RBI says a PCR of >70% is desirable, we wish to imply the above
situation that, the YES Bank was maintaining the Low PCR %, is below the quality since
2016. The bank made provisions of Rs 1,336 crore for the 3rd quarter of the F.y.2019-20.
The total outstanding advance of the said bank stood at Rs 2.24 lakh crore within the quarter
under review, below the 6.3 percent year-on-year. For the F.Y 2018-19, Its provisions were at
the bottom among comparable banks, which is expressed as under;
ICICI 70.60
HDFC 71.36
Kotak 71.90
SBI 78.73
Divergence:
On 12th November’2020 (Tuesday) the bank reported a lower net profit of Rs 1,084.03 crore
for 2018-19 compared to Rs 1,720.28 crore announced earlier due to higher NPA evaluated
by the Reserve Bank of India. The divergence in net non-performing assets (NPAs) of the
YES Bank --the difference in bad loans reported by the said bank and therefore the
assessment done by the RBI stood at Rs 2,299 crore for the financial year 2018-19, Yes
Bank said in an exceedingly regulatory filing. The private sector financer had reported a net
profit of Rs 1,720.28 gr., in 2018- 19.
16
According to a report, the adjusted (notional) net profit after tax of the said bank for the
financial year ended on 31 ^ pi March 2019 after taking into consideration the divergence in
provisioning was at Rs 1,084.03 crore and also the variance in provisioning was
at Rs 978 crore.
7. Redemption Pressure
The YES Bank was facing a regular outflow of liquidity. It means that the Depositors
withdrew huge amounts, leading to the credit-deposit ratio crossing 100% in the FY 2018-19.
That means it lent more than it received from the depositors More than *20,000 crore of
deposits was withdrawn by the depositors from the bank during the six months due to fear of
bankruptcy. So, the bank was facing a liquidity problem and pulled it into a crisis within the
third quarter of 2019, the most popular Tirupati temple trust withdrew its deposits from
Yes Bank worth Rs 1,300 crore. The main points are shown in the following figure,
9. Governance Issues
In recent years the YES Bank has also experienced serious governance issues and
practices, which have led to a gradual decline in financial position. Take, as an example, the
17
bank under- reported Non-Performing Assets to the tune of Rs 3,277 crore in the year 2018-
19. That was prompted Reserve Bank of India to dispatch Mr. R Gandhi, a former Deputy
Governor, to the Board of Directors of the bank.
later, the case was completely different, and therefore the Stock price of Yes Bank fell
gradually, because of the forced sale of 1 (crore equity shares on the rear of the invocation
of pledged shares by a large stakeholder during the Ex 2018-18. Kapoor and his group
entities had sold 2.16 percent of their stake within the bank amounting to Rs 510 crore
through the open market transaction on September 26-27 2019.
After this, Kapoor and his group entities' stake in the Yes Bank had been reduced to 4.72
percent and gradually it became worse because the investors were losing their confidence in
the management of Yes Ban and went for the redemption of their capital. This can be the
foremost important cause for the bank's crisis.
11. Less engagement of Investors to invest their capital into the bank
In the past couple of years, the engagement of the investors was very low in infusing the
capital into the Yes Bank. The investors kept on discussing with some senior officials of the
Reserve Bank of India, but because of various reasons, they didn’t put any capital into the
said bank. The reason behind not putting the capital was that the investors were not serious
enough to place their capital into the bank.
18
The renowned private banking player Yes Bank, which once had a commanding position
within the country saw its NPAs growing rapidly with the bank’s primary lenders was
undergoing steep valuation declines or started undergoing an investigation itself. The
resultant cash crisis was accountable for the trickle-down effect that not only affected the
direct account holders but had an effect on various other fronts still. These are discussed as
under;
The crisis in Yes Bank Ltd and its impact on customers all over the country has yet again
raised the questions on accountability of banks. The need of the hour is taking effective
20
remedial steps to ensure good health and credibility of the Indian banking system and
restore the trust of depositors and investors in the Country. The rapidly deteriorating financial
position of the Yes Bank Ltd. relating to liquidity, capital and other critical parameters, and
the absence of any credible plan for infusion of capital has necessitated Reserve Bank of
India to take immediate action in public interest and particularly in the interest of the
depositors. The following action has been taken by the RBI for the restoration of Yes Bank.
C. Reconstruction Scheme:
In the month of March’2020, The Reserve Bank of India or RBI published a draft scheme of
revival Yes Bank, the public lender that has been put under the control of the Reserve Bank
of India. India's biggest nationalized bank, SBI has expressed its interest to infuse capital
into Yes Bank Ltd. and participate in its reconstruction scheme. Such Draft Reconstruction
Scheme was implemented within April 2020 and also the Scheme may be called ‘Yes Bank
Ltd. Reconstruction Scheme, 2020’. The Scheme covers the subsequent Points.
Here are important things to know about RBI's ‘Yes Bank reconstruction scheme’:
i. For Deposits:
According to the Yes Bank Reconstruction Scheme, all deposits with Yes Bank Ltd will be
continued within the same manner and with identical terms and conditions, completely
unaffected by the new scheme.
reconstructed Yes Bank Ltd. at a price not less than Rs. 10 (face value of Rs. 2) and
premium of Rs.8.
During this reconstruction, seven investors infused Rs. 12000 crores in Yes Bank. These
investors are the State Bank of India, ICICI Bank Ltd, HDFC Bank Ltd, Axis Bank Ltd, Kotak
Mahindra Bank, Rakesh Jhunjhunwala, Radhakishan Damani, and Azim Premji Trust. Out of
which the SBI has invested Rs 7,250 crore in the sufferer bank to overcome the financial
crisis and remains a 49% stake capital owner of Yes Bank. Further, ICICI Bank Ltd and
mortgage lender HDFC have been invested in Rs. 1,000 crores each. Axis Bank has also
invested Rs.600 crores, while Kotak Mahindra Bank was putting into Rs. 500 crores.
Bandhan Bank and Federal Bank have been infused Rs. 300 crore each, while IDFC First
Bank was putting into Rs.250 crore.
iii. Three-Year Lock-In-Period for Investors: The investor bank shall not reduce
its holding below 26% before the completion of three years from the date of infusion
of the capital into Yes Bank.
iv. Constitution of the Board of Directors:
From the appointed date, the office of the administrator of Yes Bank, appointed by the
Reserve Bank, shall stand vacated, and a new board will be constituted:
(1) CEO &Managing Director
(2) Non-Executive Chairman
(3) Non-Executive Director
(4) Non-Executive Director
Accordingly, the Bank has constituted its Board of Directors and Mr. Prasant Kumar is
working as CEO & Managing Director.
v. Nominee Directors:
As per the Conditions of ‘Yes Bank’s Reconstruction Scheme, the investor bank shall have to
appoint two nominee directors on the board of directors of the reconstructed Yes Bank Ltd.
to discontinue the services of the key managerial personnel (KMPs) at any point in time after
following the due proceeding.
The failure of India's 5th Largest Private lender, Yes Bank Ltd. comes on the heels of crises
at different non-banking finance companies, IL&FS, and DHFL, and frauds in banks like
PMC Bank and PNB. It involved serious lapses in any respect levels, including at the Board
of Directors, auditors, and regulators. Now the question comes, what should be done to
forestall or reduce such type of instances in the future?
The subsequent ten points suggest a way to prevent the failure/ crisis of commercial banks
in the future:
a. Strict Supervision:
The banks are the backbone of an economy. Once the banks become bankrupt, it impacts
both the economy and the general public. So, Supervision is required to be strict for the
banks. RBI gave an enormous rope to Yes Bank management despite finding loopholes
within the management.
23
Cyber Crime can be simply stated as crimes that involve the use of computer and a network
as a medium, source, instrument, target, or place of a crime. With the growing aspect of e-
commerce and e-transactions, the economic crime has drifted towards the digital world.
Cybercrimes are increasing globally and India too has been witnessing a sharp increase in
cybercrimes related cases in the recent years.
In 2016, a study by Juniper Research estimated that the global costs of cybercrime could be
as high as 2.1 trillion by 2019. However, such estimates are only indicative and the actual
cost of cybercrime including unreported damages is beyond estimation.
Cyber Crimes can be broadly classified into categories such as cyber terrorism, Cyber-
bullying, Computer Vandalism, Software Piracy, Identity Theft, Online Thefts and Frauds,
Email Spam and Phishing and many more.
However, from the aspect of financial cyber-crimes committed electronically, the following
categories are predominant:
25
The Indian baking industry is enjoying joyous growth. With the credit card and debit card
users increasing every day and new technologies like internet wallets slowly gaining
popularity, financial transactions are touching all-time highs.
This firm progression in the mounting paperless transactions numbers where a total of
9545797438 transactions were commenced using credit and debit cards in the year 2015
alone (Fig 1) can be partially accredited to the recent developments in the e-banking and e-
commerce verticals.
Fig 1: Credit/Debit Card Transactions in
In order to provide improved support for cashless transactions, a steady increase in the
number ATM and POS machines is inevitable. Fig 2 highlights the growth in the number of
ATM machines and POS machines installed across India in 2015.
activities like internet banking, online shopping, paying utility bills and are constantly in the
eyes of criminals to obtain access to confidential information.
Amongst the various motivations for committing a cybercrime, Financial Gain remains the
constant winner for the past many years overtaking other motives including revenge,
extortion and political causes. (Fig 3)
Alarmingly, simple phishing attacks enjoy a success rate of 45% due to lack of awareness
regarding the common safeguards to protect against the shrewd cyber criminals.
The span of cybercrime can be estimated from the figures of 3855 cybercrimes committed
for financial gain (NTRO) and 534 phishing incidents (CERT-In) in year 2015. These
incidents only correspond to the reported incidents and do not comprise the incidents that
went unreported and/or unnoticed.
Banks across the globe are increasing becoming prime targets of distributed denial-of-
service (DDoS) attacks launched sometimes as a part of the plan to distract the security
professional’s attention to the depleting resources, while carrying out some additional
dangerous activity in parallel like insertion of malware, or tampering with the IT assets. Such
an embedded hacking campaign with a hidden agenda is usually referred to as Advanced
Persistent Threat and is the latest kid on the board with enhanced complexity and
shrewdness.
In the cases, where the attackers are not able to yield some valuable information, they
deface the banks website as a measure to take revenge against their failed attempts.
28
Besides the resulting financial gains from successful cyber-attacks, the presence of online
black markets commonly referred to as the „Dark web‟ adds to the motivation of committing
cybercrimes as a commonplace for exchanging personal information, latest exploits and
sophisticated hacking kits. Sensitive information including stolen/leaked credit card numbers,
online banking accounts, medical records and administrative access to servers are traded
for money in these online fraud communities.
Financial organizations in today’s date require well laid cyber security teams with
distinguished digital leaders. According to PWC‟s year’s global economic crime survey,
2016, too many organizations are leaving first response to their IT teams without adequate
intervention or support from senior management and other key players.
Specialized security teams with an upbeat mix of competent professionals should be
employed to take a proactive stance when it comes to cybersecurity and privacy
29
Organizations in the BFSI sector need to undergo rigorous and continuous cybercrime risk
assessments to precisely assess, identify and improve their present security posture by
viewing the organization’s policies from an attacker’s perspective and thus facilitate
enhanced security, operations, organizational management.
Additionally, as long-term planning, cyber awareness needs to introduced at a fundamental
level in educational institutions with specialized security courses at graduate level to provide
hands-on training on the latest attack methodologies and mitigation techniques using
concepts like virtual cyber labs.
A comprehensive threat intelligence technology is essential to foster organized and analyzed
threat information about potential or current attacks from the organization’s perspective.
Alongside, threat intelligence helps organizations in understanding the common threat actors
including the latest vulnerabilities, exploits and advanced persistent threats (APTs)
campaigns.
On a national level, there is an urgent necessity to build capability of inspecting critical
infrastructure in critical industry sectors before these are deployed in production to avoid any
malicious intruders by leveraging the trusted hardware/software.
Finally, cooperation between Indian government sector and industrial groups is bound to
strengthen the legal framework for cybersecurity with each blending in a different array of
cyber risks and preventive mechanisms.
The most dramatic revolution in payment methods in the past few decades has undoubtedly
been the introduction and usage of plastic money. Payment through credit card is a mode of
payment that provides its holders with multifarious benefits. They include the relatively safe
and secure way of carrying monetary value, a means of making payments abroad, and
obtaining foreign exchange by consolidating payment of numerous transactions, of obtaining
credit card and usually a limited period of interest-free credit, include methods of spreading
payments and in the case of credit card, of securing the creditor’s indemnity for any
misrepresentation or breach of contract by the supplier.
The payment revolution spread internationally with the establishment of cash dispensers and
electronic terminals. The international interbank cash dispenser network now has two
hundred card holders in our country. This is in addition to the credit cards issued by VISA,
Master Card, American Express, and the like. Credit cards are a subset of the general
category of “Payment Cards” that card whose production (whether or not any other action is
required) enables the person to whom it is issued (the holder) to discharge his obligation to a
supplier in respect of payments for the acquisition of goods, services, accommodation or
facilities, with the supplier being reimbursed by a third party, whether or not the issuer of the
card, and whether or not a fee is imposed for such reimbursement.
30
A credit card has been defined as a payment card, the holder of which is permitted under his
contract with the issuer of the card to discharge less than the whole of any outstanding
balance on his payment card account on or before the expiry of a specified period, subject to
any contractual requirements concerning minimum or fixed amount of payments. The card
permits the holder to obtain credit to a stated maximum amount from the issuer upon the
car's presentation to a merchant. The card issuer sends the cardholder’s statements
describing the purchases made. The cardholder may settle the debt without interest by
paying the entire amount on receipt of the statements or paying interest on the outstanding
amount.
Retail and service-based businesses that cannot accept credit card payments are at a
disadvantage against their competitors. In the United States alone, 250 billion dollars a year
are spent with credit cards. It is no wonder that businesses want to accept credit cards even
though it means paying a percentage of each credit card sale to the acquiring bank or
processor. The impact of technology on credit card operations is formidable. An example is
Citibank’s “New Millennium” banking a project that has been implemented only in New York
and Bangalore. This involves the reduction of bank visits by customers to an absolute
minimum- to the extent that the customers are charged for a visit to the bank. The reason is
that the technology used is such that the bank is confident that its customer's demands can
be met on the phone.
Similarly, further refinement in the use of ATMs- for example, allowing a person with the card
of one bank to withdraw cash from an ATM of any other bank also would add considerably to
the use of credit cards. Electronic Data Capture (EDC) machines help to enable online
settlements for merchants, which considerably adds to the lure of credit cards to the retailer.
Internet banking fraud and credit card fraud are growing in India. The Internet is global, with
no single territory and jurisdiction. This is both beneficial as well as harmful. It is beneficial as
it connects people and organizations and helps them in interacting efficiently. It is dangerous
as well as it provides the means to commit cyber crimes by its misuse.
The contemporary era has replaced these traditional monetary instruments from paper and
metal-based currency with “plastic money” in the form of credit cards, debit cards, etc. This
has resulted in the increasing use of ATMs all over the world. The use of ATMs is not only
safe but also convenient. This safety and convenience, unfortunately, has an evil side as
well that does not originate from the use of plastic money but rather from the misuse of the
same. This evil side is reflected in the form of ATM fraud which is a global problem. The
world at large is struggling to increase convenience and safety on the one hand and to
reduce its misuse on the other.
1. Theft of Credit/Debit Card Data: Data of credit/debit cards are stolen from data
processing centers or at points of payment, that is when payments are made at
the store physically or on websites. These may be committed either by persons
lawfully receiving such data or by hackers, who either gain access to the point
where data is entered, i.e. to the victim’s computer or the point of receipt of such
data, that is to the entity is receiving and /or processing such data. The Mphasis
31
case of data theft of credit/debit card details of American customers at the data
processing center in Pune is a classic example of this mode of credit/debit card
fraud. In this instance, several million US dollars were stolen by misusing the data
stolen.
2. Skimming: Skimmer devices are part of our everyday existence. It is just that we
may not even be aware of their existence or may fail to register the import of the
machines we see every day. The swipe machine is attached to computers at every
supermarket or store, whereby credit or debit card details are captured and stored
in the computers of such stores are skimmers.
These or similar devices are used to skim credit/debit card details (i.e. from the
magnetic strip on the reverse of all plastic cards) and use this information with the
CVV of PINs, which fraudsters may obtain either through physical video grabs or
key loggers, money is siphoned out. Skimmers may be attached at any place
including doors given access to ATMs or even inside the ATM providing the slot
for inserting the credit or debit cards.
3. Phishing of Data: Phishing including through voice calls or Vishing, as set out
above in other methods of acquiring card defiles, which is then used online for
making illicit purchases. Banks have repeatedly warned customers not to part with
credit/debit card details CVV numbers or PINs, for this reason.
4. Data leak from the online transaction: Credit card/debit card even net banking
details may be acquired through an online transaction on unsecured platforms.
Data, which may even be acquired for legal purposes on such an e-commerce
platform may then be used illegally for making other online purchases. Regulators
globally have, therefore, advised two levels of verification for online transactions,
that is, where Credit/ Debit cards related crimes were subject to prosecution by
invoking IPC provision about cheating under sections 418to 420 of the Indian
Penal Code, and forgery section 464 -471 of IPC, even before the enactment of
the IT Act. The IT Act provisions have strengthened the possibility of prosecution
with the addition of provisions for identity theft (section 66C of the IT Act) and
cheating by personation (Section 66D of the IT Act).
5. CREDIT & DEBIT CARDS FRAUDS: The use of credit cards Debit cards or
plastic money is quite a popular means of effecting payments both in the
conventional and online worlds.5 On the internet usually, the credit card number is
required and the three-digit number (CVV) at the back of the credit card is also
needed to make an online payment. The websites that use credit cards as a
means to accept payment use SSL (Secure Socket Layer Technology) which
automatically encrypts the data that is being transmitted for security reasons.6
Certain websites request credit card details over the telephone. Credit Cards are
being used to purchase software, make payments to utility service providers, to do
shopping online, or even play games as entertainment. In the United Kingdom,
consumers pay using a credit card as they are protected under the Consumer
Credit Act, 1947.7 The e-merchant is required to sign up an account with the
issuer of the card to accept payment through a credit card. This entails heavy
costs and opens the risk of chargebacks. At the same time, however, there are
many advantages to using credit cards or e-transaction.
32
One of the prime advantages is the stipulated time window of credit without charging
interest. Encryption platform for use of credit cards offers varied combinations to use
a credit card to make payments at the point of sales or an ATM, net-banking or
through CC Avenue. Several acceptable credit insurers operate this business
including Visa Card, Master Card, American Express, among other service providers.
In a nutshell, a credit card is a payment card wherein the holder enters into a contract
that provides that the issuer can “discharge less than whole of any outstanding
balance on his payment card account on or before the expiry of specified periods
subject to any contractual requirement with respect to minimum of fixed amount of
payments.” The cardholder may avail credit to the highest amount stated on the card
and pay against statements with or without interest. Interest is payable on the
outstanding amount as per the bank's policy. Although credit cards can be used with
much ease, there are growing concerns about security threats, Cybercriminals may
adopt skimming, install a hidden camera near the ATM machine, clone the
stolen credit card or introduce a virus to steal secret pin and passwords to create an
unauthorized and fraudulent transaction. Due to these technical vulnerabilities, credit
card frauds are a risk. New solutions are being devised to counter cybercrimes
attacks. One of the common methods is to segregate the purchase transaction from
the payment process.
For example, when a user shops a product online through a telephonic call, the credit card
number may be disclosed. However, this system may have flaws and additional burdens
such as more manpower requirements and a chance of misuse of the information. Another
method suggested is the use of Secure Socket Layer Server which uses cryptography to
transmit any sensitive use.
6. PIN COMPROMISE
The report, Payments Fraud and Control Survey Report (Feb 10, 2021),
The survey showed that 82 percent of companies were targets of payment fraud
last year (2018), demonstrating the crucial need for cybersecurity protocols and
strict control governance.
33
PIN compromise methods range from the very technically sophisticated to the
relatively easy technique known as shoulder surfing. Shoulder surfing involves the
perpetrator standing close enough to the consumer to observe the numbers
entered on the keypad. A more sophisticated method of observation or surveillance
involves the use of a miniature camera that can either transmit the image of the
PIN being entered or store the recording within the device. With the increase in the
number of mobile phones with video capture capabilities, such phones are adapted
to compromise PINs.
7. CARD SKIMMING
Card skimming involves making a copy of the information encoded on the
magnetic stripe of the card. There are different types of skimming devices
designed to be used in different environments, from handheld devices through
door access skimmers to miniature card entry slot skimmers. Handheld skimming
devices are more commonly associated with card skimming in restaurants and
other retail establishments.
8. CASH TRAPPING
Cash trapping is the term used to describe attacks where the consumer's cash is
trapped and prevented from being presented or delivered to the consumer. The
variety of trapping devices is significant, ranging from those that require insertion
within the ATM's cash dispenser through false fronts to well-engineered electro-
mechanical devices that simulate the removal of the cash by the consumer.
9. TRANSACTION REVERSAL
Transaction reversal techniques involve highly skilled manipulation of the ATM
during a transaction with the result that the host computer believes that the
consumer did not receive his cash and thus re-credits or reverses the transaction.
card number of the manifold problem that credit card transactions over the net have become
involved with, the possibility the most formidable is that of security. The Internet is perceived
as a medium in which security and privacy are practically non-existent. Therefore, with the
possibility of credit card fraud looming large over them, customers are reluctant to even
enter into a transaction that could involve the transmission of “Sensitive” information over the
internet. The consequence of this has been that several corporations are engaged in the
process of creating a system with some measure of security. These form the subject matter
of examination –
One of the simplest methods in use is simply de-linking the purchase process from the
Internet. Thus, once the item is selected over the Net, the credit card number has to be
independently delivered through a phone call to the retailer. This system while being
relatively secure has many disadvantages. Firstly, it requires the presence of additional staff
to receive a call and cater to customers. Further, the process is not fully automated;
something the internet and any merchant would inevitably aim at.
Another method that is currently used by many sites is hosting the www sites on a secure
server. A secure server uses a protocol such as SSL or S-HTTP to transmit data between the
browser and the server. These protocols encrypt the data being transmitted, so when one
submits their credit card number through their WWW it travels to the server encrypted.
These methods help to ease people’s fear, but they still do not go enough for many people to
feel comfortable using their credit cards online. To ensure customers, trust, and still maintain
the security of credit card transactions on the net, some companies have evolved systems to
cater to the unique nature of the Internet.
One of these is First Virtual. This came into operation in 1994 and is regarded as one of the
simplest systems currently available.11 The first virtual system ensures credit card numbers
through the use of substitute numbers namely “First virtual personal identification number”
(PINs). These numbers are of no use, even if intercepted because purchases cannot be
charged to them. The first virtual system works by ensuring that a person’s account is never
charged without e-mail verification from them, whereby the cardholder accepts the charge.
First Virtual uses email to communicate with a buyer to confirm charges against their
account. Sellers use either email or automated programs that make use of First Virtual’s
Simple MIME Exchange Protocol (SMXP) to verify accounts and initiate the payment
transaction.
CYBER CASH:
Cyber Cash operates on a different footing from First Virtual. It simply ensures encrypted
passage over the internet for the credit card data. The authorization procedure is almost
identical to the normal procedure used at the point-of-sale terminal in the case of ordinary
credit card transactions. Moreover, cyber cash requires a special program (Cyber Cash
wallet software program). The user must then register with Cyber Cash. Registration would
include certain of a “wallet ID” and a password. The Cyber Cash system works like an
electronic contractual transaction. The customer first indicates his requirement to purchase
from the merchant’s site by clicking on Cyber Cash. The merchant’s software responds with
35
an invoice to the buyer’s Cash Cash Wallet Software this is followed by the buyer selecting
the credit card on which he wishes to charge the transaction. The software then sends both
the invoice and the credit card information as a package to the Cyber Cash server,
requesting authorization for the transaction. Cyber Cash then moves the package to an
office line machine, decrypts it to ensure the absence of any tampering, and sends it to the
acquiring bank, using dedicated lines and encrypted data. This is then processed by the
banks like any other credit card transaction. The bank then sends its approval or denial to
Cyber Cash. This is in turn encrypted and sent to the merchant. This entire process is
supposed to take 15-20 seconds. This system has an advantage over First Virtual in that the
merchant’s account is credited without any time lag. The corresponding disadvantage
however accounts for an acquiring bank that accepts the Cyber Cash system.
2000 provides that the Act applies to any offense or contravention committed outside by any
person.
Section 75 of the IT Act, 2000 states that the provisions of the Act also apply to any offense
or contravention committed outside India by any person irrespective of his nationality if it
involves a computer, computer system, or computer network located in India. Recently, the
Reserve Bank of India Act, 1934 was amended by the IT Act, 2000.18 In the case of Section
58(2) after clause (p), the amendments inserted a provision to regulate electronic fund
transfer and prescribed rights and obligations of parties and conditions to be complied with
for effecting fund transfer. Through the amendments, the Reserve Bank of India was
empowered to prescribe norms for electronic fund transfer and real-time gross settlement. It
becomes important at this stage to discuss the regulatory regime that the Reserve Bank of
India has in place to govern the electronic payment system in India.
On the issue of credit cards, the banks are required to independently analyze the risk of
giving credit and add-on cards which may have been issued on the basis that the basic
liability will be that of the main cardholder. The bank ought to also assess the credit limit that
the customer avails from other banks before deciding the credit limit for a customer. All Know
Customer (KYC) norms are required to be complied with. The United Nations Guidelines for
Consumer Protection (UNGCP) provides the Protection of Customer Rights – Guidelines,
Customer’s rights regarding credit card operations primarily relate to personal privacy, clarity
relating to rights and obligations, preservation of customer records, maintaining the
confidentiality of customer information and fair practices in debt collection.
However, this circular also describes the Right to Privacy-
a. Card issuing banks/NBFCs avoid issuance of unsolicited cards which
attracts penalties besides such persons approaching the Banking
Ombudsman for compensation for loss of time, expenses, harassment,
mental anguish, and so on.
37
c. The consent for the cards issued or the other products offered along with
the card has to be explicit and should not be implied.
transfer of funds. Certain other unique features viz. accepting cash for originating
transactions, initiating transfer requests without any minimum or maximum amount
limitations, facilitating one-way transfers to Nepal, receiving confirmation of the date/time of
credit to the account of the beneficiaries, etc., are available in the system.
account statements online by entering his account number and personal identification
numbers, commonly known as the login id and passwords. The bank verifies the user’s
identity allowing access to the service available online such as recharging of mobile
numbers and other activity.31Most banks offer special e-services and in certain
countries, even virtual banks exist. The websites of banks not only provide static
information about the services it provides to its customers, it also receives complains or
feedback from its customers through e-mails, blogs, twitter, chat room or other means.
Banks also accept the online request of its customer to transfer money to make
payments for sale and purchases of securities, book air tickets, thereafter shows, or
purchase other products and services online. Most conventional nationalized bank have
also transformed their functioning by adding internet banking facilities to the rage of
service they offer.32The banks are constantly improving their business processes and
security parameters such as installing a PKI system to enhance security protection.
On the legislative front, The Negotiable Instruments Act, 1881 was amended to facilitate
cheque truncation and making e-cheque legally valid and admissible in India.The
Negotiable Instrument Act, 1881 which is the main legislation governing cheque-based
payment mechanism in India includes the ‘electronic image of a truncated cheque’ and a
cheque in the electronic form33 within the definition of the cheque. The Information
Technology Act, 2000, and The Reserve Bank of India Act, 1934 conferred legal
recognition and validity to the use of electronic payment systems in India. For electronic
payment systems such as ECS and EFT, a contract is signed between the participants
and the manager of the system. The Payment and Settlement System Act, 2007, was
recently passed to explain the term ‘netting and finality of settlement’. The Payment and
Settlement System Act, 2007 also defines ‘payment obligation, payment instrument,
payment system, and gross settlement system, netting, settlement in section 2(1) of the
Act, a settlement is defined as “settlement of payment instructions received and this
includes the settlement of securities, foreign exchange or derivative or other transaction”.
The settlement can be affected either on a net basis or on a gross basis.
(i) The Basic Level Service is the banks’ websites that disseminate information on
different products and services offered to customers and members of the public
in general. It may receive and reply to customers’ queries through e-mail,
42
(ii) In the next level are Simple Transactional Websites which allow customers to
submit their instructions, applications for different services, queries on their
account balances, etc., but do not permit any fund-based transactions on their
accounts,
(iii) The third level of Internet banking services is offered by Fully Transactional
Websites which allow the customers to operate on their accounts for the
transfer of funds, payment of different bills, subscribing to other products of the
bank, and transaction purchase and selling of securities, etc.
The above forms of Internet banking services are offered by traditional banks, as an
additional method of serving the customer or by new banks, who deliver banking services
primarily through the Internet or other electronic delivery channels as the value-added
services. Some of these banks are known as ‘virtual’ banks or ‘Internet-only’ banks and
may not have any physical presence in a country despite offering different banking
services. From the perspective of banking products and services being offered through
the Internet, Internet banking is nothing more than traditional banking services delivered
through an electronic communication backbone, viz, the Internet. But, in the process, it
has thrown open issues that have ramifications beyond what a new delivery channel
would normally envisage and, hence, has compelled regulators the world over to take
note of this emerging channel.
4. It poses a strategic risk of loss of business to those banks who do not respond in
time, to this new technology, being the efficient and cost-effective delivery
mechanism of banking services,
5. A new form of competition has emerged both from the existing players and new
players of the market who are not strictly banks.
6. The Regulatory and Supervisory concerns in I- banking arise mainly out of the
distinctive features outlined above. These concerns can be broadly addressed
under three broad categories, viz, Legal and regulatory issues, Security and
technology issues, and Supervisory and operational issues.
43
CONCLUSION
The banking sector in India has experienced a remarkable transformation, primarily
attributed to the integration of Information Technology (IT), which has revolutionized
both the operational efficiency and security of financial transactions. The advent of
mobile and internet banking is on the verge of further transforming the sector,
promising enhanced accessibility and convenience for customers while
simultaneously demanding a heightened focus on cybersecurity measures to
counteract the escalating threats of financial fraud and cyber-attacks. The
exponential growth in electronic payments and online banking activities necessitates
robust systems capable of detecting and mitigating financial crimes effectively. This
digital evolution, coupled with the projected rapid expansion in retail banking, home
loan disbursements, and the proliferation of banking facilities to accommodate the
burgeoning bankable population, underscores the dynamic trajectory of the Indian
banking sector towards embracing more inclusive, efficient, and secure financial
services.
However, recent tumultuous events, such as the crisis faced by Yes Bank,
underscore the critical importance of stringent regulatory oversight and governance
in safeguarding the stability and credibility of the banking industry. The Reserve Bank
of India's (RBI) role as a vigilant supervisor has been pivotal in navigating crises,
highlighting the necessity for both public and private sector banks to adhere to
regulatory frameworks and ethical banking practices. The challenges encountered by
Yes Bank and similar institutions reveal the vulnerabilities within the banking sector
and the imperative for continual reassessment and strengthening of governance
structures. As the sector strides forward, leveraging technological advancements and
expanding its reach, the lessons learned from past pitfalls must inform strategies to
fortify the financial system against potential threats, thereby ensuring the enduring
trust and confidence of depositors and investors in the resilience and integrity of the
Indian banking system.
54
REFERENCES:
1. Bercoff, J. J., Giovanniz., J. d., & Grimardx, F. (2002). Argentinean Banks, Credit
Growth and the Tequil a Crisis: A Duration Analysis.
2. Hosmani, A., & Jagadish, H. (2011, December). Unerthing the epidemic of Non-
Performing Assets - A study with reference to Public Sector Banks in India.
International Journal of Multidisciplinary Research, 1(8), 447-459.
3. Prasad, G. V., & Veena, D. (2011). NPAs Reduction Strategies for Commercial Banks
in India. International Journal of Management & Business Studies, 47-53.
5. Sikdar, P., & Munish, M. (2013). Role of Non-Performing Assets in the Risk
Framework of Commercial Banks – A Study of Select Indian Commercial Banks.
AIMA Journal of Management & Research, 7(2/4), 1 - Retrieved September 9, 2018,
from https://apps.aima.in/ejournal_new/articlesPDF/PallabSikdar.pdf
6. Yes Bank. (2005-19). Annual Reports and the Quarterly Financial Report of Yes Bank
for the F.Y. 2019-20
7. Net Losses: Estimating the Global Cost of Cybercrime (Rep.). (2014). Intel Security.
10. The Economic Impact of Cybercrime and Cyber Espionage (Rep.). (2013). McAfee.