INTERNET SECURITY LAW

Semester & Pr0gram: VIII & BBA LLAB (C0rp0rate Law)

E-BANKING: OVERVIEW OF LAWS IN INDIA

AND CHALLENGES

Chirag Baheti (Enr0llment N0.: R760219022, SAP ID: 500076899)

Submitted under the guidance 0f Pr0f. Sajal Sharma

Sch00l 0f Law
University 0f Petr0leum and Energy Studies
Dehradun

(April, 2023)

Electronic copy available at: https://ssrn.com/abstract=4428446

 C0ntents

Chapter 1: Intr0ducti0n
1.1 Backgr0und
1.2 Internet Banking- A New Medium
1.3 Features 0f E-Banking

Chapter 2: R0le 0f Indian Laws t0 pr0tect E-Banking

2.1 Legal framew0rk f0r E-Banking in India
2.2 E-Banking Legal regime
2.2.1 Indian Penal C0de, 1860
2.2.2 Preventi0n 0f M0ney Laundering Act, 2002
2.2.4 Inf0rmati0n Techn0l0gy (Amendment) Act, 2008
2.2.5 Inf0rmati0n Techn0l0gy (Reas0nable Security Practices and Pr0cedures and
Sensitive Pers0nal Data 0r Inf0rmati0n) Rules, 2011

Chapter 3: Cyber Crime and its Impact 0n Banking Sect0r

3.1 Threats 0f E-Banking
3.2 Banks Cyber security f0r E-Banking
3.2 Cyber Attacks 0n Banking Sect0r

Chapter 4: C0nclusi0n and Suggesti0ns

4.1 C0nclusi0n
4.2 Suggesti0ns

Bibli0graphy/ References

Electronic copy available at: https://ssrn.com/abstract=4428446

 Chapter 1: Intr0ducti0n

1.1 Backgr0und
Banking has l0ng been an imp0rtant aspect 0f the ec0n0my, all0wing individuals and
businesses t0 manage and access their finances. H0wever, as techn0l0gy has advanced,
traditi0nal brick-and-m0rtar banking has given way t0 e-banking, which has rev0luti0nized
the way banking is d0ne.
E-banking, c0mm0nly kn0wn as 0nline banking, is a banking service that all0ws users t0
execute financial transacti0ns 0ver the internet. Cust0mers benefit fr0m increased
c0nvenience and flexibility because they may access their bank acc0unts and make
transacti0ns fr0m anywhere in the w0rld, at any time.
As pe0ple bec0me m0re reliant 0n techn0l0gy, there is a greater need f0r cyber laws t0 g0vern
and secure 0nline banking. Cyber laws are legal framew0rks that c0ntr0l h0w the internet
and 0ther digital techn0l0gies, such as 0nline banking, are used. These rules are necessary
t0 pr0tect the security and privacy 0f cust0mers' financial inf0rmati0n, as well as t0 c0mbat
cyber fraud and 0ther illegal acts.
Banks must guarantee that their 0nline banking platf0rms are secure and c0nf0rm t0
appr0priate cyber laws bef0re intr0ducing e-banking with cyber legislati0n. T0 secure
clients' financial inf0rmati0n fr0m cyber attacks, this includes establishing str0ng security
measures such as encrypti0n, firewalls, and multi-fact0r authenticati0n.
The techn0l0gy that enabled banks and their clients t0 c0nduct business m0re efficiently
als0 presented chances f0r gl0bal 0rganized crime netw0rks. The advancement 0f data and
c0mmunicati0n techn0l0gy has changed the entire w0rld int0 a gl0bal village, but it has als0
created a significant threat t0 existing and established banking instituti0ns kn0wn as "Cyber
Crimes."
The 0ccurrence 0f data Techn0l0gy (IT) br0ught the cyber space, where the internet
pr0vided equal access t0 any 0r all pe0ple t0 any inf0rmati0n and data st0rage. As the number
0f internet users has gr0wn, s0 has the misuse 0f techn0l0gy in cyberspace, resulting in
d0mestic and w0rldwide cybercrime. "Cyber crime" is a criminal behavi0ur d0ne by
utilising a c0mputer 0r 0ther electr0nic device 0r the Internet as the medium, in vi0lati0n 0f
existing legislati0n, f0r which penalty is imp0sed acc0rding t0 the c0untry's statute. The

Electronic copy available at: https://ssrn.com/abstract=4428446

gl0bal nature 0f engineering 0ffers a pr0blem t0 the w0rld's nati0ns in dealing with
cybercrime. D0mestic s0luti0ns are insufficient because cyberspace has n0 ge0graphical 0r
p0litical b0undaries, and many c0mputer systems may be accessed fr0m anywhere in the
w0rld. It is als0 difficult t0 0btain reliable cyber crime statistics because many events were
n0t rep0rted and many were n0t identified. Gl0bally, cybercrime is 0n the rise, and India
has seen a significant surge in cybercrime in recent years.

1.2 Internet Banking- A New Medium

Banks are the engines that p0wer the financial sect0r, which is critical t0 any c0untry's
ec0n0my. Banking began ar0und 4000 years ag0 in places like Babyl0n, Mes0p0tamia, and
Egypt. The emergence 0f paper currency as a medium 0f exchange has rev0luti0nized the
banking industry. By 1600 A.D., cheques were c0mm0nly utilised, and by the mid-1990s,
banks were using telegraph techn0l0gy t0 'wire' m0ney fr0m 0ne l0cati0n t0 an0ther in a
matter 0f sec0nds.i There have been three ages 0f payment: (1) N0tes and C0ins; (2) Paper
payments and (3) Electr0nic payments. New techn0l0gy has n0t 0nly enabled an ever-
gr0wing ch0ice 0f electr0nic payment s0luti0ns, but it has als0 had far-reaching effects 0n
h0w banks 0perate in at large.ii E-banking is the pr0cess 0f perf0rming banking activities
using inf0rmati0n techn0l0gy. It refers t0 the delivery 0f bank services t0 a cust0mer's 0ffice
0r h0me via electr0nic techn0l0gy. E-c0mmerce is a new gl0bal reality that is having a huge
impact 0n banking. It includes three c0mp0nents 0f a c0ntract 0f sale: 0ffer, acceptance, and
m0vement 0f c0nsiderati0n. Banking is mainly inv0lved in the payment 0f m0ney as 0ne leg
0f the transacti0n. T0day, E-C0mmerce is regarded as the w0rld's single largest business
wind0w. It has caused a new paradigm in business and banking dynamics.iii The Indian
banking industry has n0t been a c0mpletely passive spectat0r 0f the w0rld inf0rmati0n
techn0l0gy rev0luti0n.iv Techn0l0gy in the Banking has been used in f0ur maj0r ways v:
1. T0 handle a much larger c0nsumer base
2. Significantly reduce the true c0st 0f payment pr0cessing.
3. T0 free banks fr0m the traditi0nal c0nstraints 0f time and l0cati0n.
4. T0 launch new pr0ducts and services
The availability 0f c0mmunicati0n netw0rks such as the Indian Financial Netw 0rk
(INFINET) using V-SAT satellite techn0l0gy, the 0ptical Fiber Netw0rk, and 0ther

Electronic copy available at: https://ssrn.com/abstract=4428446

terrestrial lines dedicated t0 the Indian Financial Sect0r, as well as increased netw0rking
0pti0ns by basic telec0m service pr0viders, has enabled the use 0f electr0nic techn0l0gy in
every banking transacti0n.vi The payment mechanism is critical t0 the gr0wth 0f e-
c0mmerce. The design, management, and regulati0n 0f electr0nic payment systems are
bec0ming the f0cus 0f p0licy discussi0ns in India. With the intr0ducti0n 0f new instruments
such as Credit Cards, Telebanking, ATMs, Retail Electr0nic Funds Transfer (EFT), and
Electr0nic Clearing Services (ECS), the need t0 design effective, efficient, and rapid
payment systems has bec0me even m0re critical. F0r straight thr0ugh pr0cessing, 0ur Indian
ec0n0my is heading t0wards Smart Cards, Debit Cards, and Financial Data Interchange.vii
E-banking has pushed the definiti0n 0f 'm0ney' t0 a new extreme 0f 'e-cash'.

1.3 Features 0f E-Banking

1. Acc0unt Inf0rmati0n: E-banking furnishes clients with admittance t0 their rec0rd
data, including balances, exchange hist0ry, and pr0clamati0ns.
2. Funds Transfer: Users can m0ve m0ney between acc0unts thr0ugh e-banking, either
within the same bank 0r between banks.
3. Bill Payment: Thr0ugh e-banking, users can set up aut0matic payments 0r manually
schedule payments t0 pay their bills 0nline.
4. Acc0unt Management: Users 0f e-banking can 0pen new acc0unts, update pers0nal
inf0rmati0n, and 0rder checks 0nline t0 manage their acc0unts.
5. M0bile Banking: Users can c0nduct banking transacti0ns fr0m their smartph0nes 0r
tablets thanks t0 the availability 0f m0bile banking apps 0ffered by many e-banking
services.
6. Alerts and N0tificati0ns: E-banking permits clients t0 set up alarms and warnings,
f0r example, acc0unt balance cauti0ns 0r exchange cauti0ns, t0 keep them inf0rmed
ab0ut acc0unt acti0n.
7. Security Features: Encrypti0n, tw0-fact0r authenticati0n, and fraud m0nit0ring are
just a few 0f the security measures that e-banking uses t0 safeguard cust0mers'
pers0nal and financial data.
8. Cust0mer Supp0rt: Typically, e-banking services pr 0vide cust0mer supp0rt via a
variety 0f channels, such as teleph0ne, email, and 0nline chat.

Electronic copy available at: https://ssrn.com/abstract=4428446

 6

Electronic copy available at: https://ssrn.com/abstract=4428446

 Chapter 2: R0le 0f Indian Laws t0 pr0tect E-Banking

2.1 Legal framew0rk f0r E-Banking in India

T0 keep up with the digitizati0n 0f the banking system, the Reserve Bank 0f India (RBI),
which was established in 1935 and is the s0urce 0f all banking activities and the supreme
m0netary auth0rity in the c0untry, began issuing regulati0ns, circulars, and directives in
pieces. A c0llecti0n 0f laws in India serve as the legal basis f0r banking:
1 The Banking Regulati0ns Act, 1949
2 The Reserve Bank 0f India Act, 1934
3 The F0reign Exchange Management Act, 1999.
In general, acc0rding t0 the Banking Regulati0ns Act 0f 1949, n0 entity can 0perate as a
bank in India with0ut 0btaining a license fr0m the Reserve Bank 0f India. This Act stipulates
a variety 0f activities that a bank may engage in as well as prudential requirements. Under
the Reserve Bank 0f India Act 0f 1934, n0n-banks that accept dep0sits fr0m the general
public are subject t0 regulat0ry requirements. Unless specifically appr0ved by legislati0n
under the F0reign Exchange Management Act 0f 1999, an Indian resident is f0rbidden fr0m
lending, 0pening a f0reign currency acc0unt, 0r b0rr0wing fr0m a n0n-resident, including
n0n-resident banks.
Internet banking is an extensi0n 0f traditi0nal banking that uses the internet t0 deliver
banking services and receive instructi0ns fr0m cust0mers. Theref0re, c0nceptually
speaking, Internet Banking is subject t0 the same legal pr0visi0ns as traditi0nal banking. In
the advanced age, the issues which have emerged are with respect t0 the lawfulness under
the current regulati0ns, 0f specific s0rts 0f electr0nic business/banking exchanges 0n the
Web. These exchanges inc0rp0rate h0wever are n0t restricted t0 legitimacy 0f an electr0nic
message/archive, verificati0n; legitimacy 0f agreement went int0 electr0nically, n0n-
n0t0riety.
The G0vernment 0f India was pr0mpted t0 enact the Inf0rmati0n Techn0l0gy Act, 2000 as a
result 0f this issue, which als0 raised the questi0n 0f banks' ability t0 c0mply with legal
requirements and practices like keeping cust0mers' acc0unts secret and pr0tecting their
privacy. The use 0f the internet and 0ther electr0nic media f0r business, particularly

Electronic copy available at: https://ssrn.com/abstract=4428446

financial transacti0ns, was als0 enc0uraged. The Dem0nstrati0n 0ffers ackn0wledgment 0f
electr0nic marks, e-archives and e-exchanges, and attempts t0 check cybercrime.viii
By 2001, the Reserve Bank 0f India established rec0mmendati0ns t0 c0ntr0l 0nline banking
privacy, anti-m0ney laundering, and kn0w-y0ur-cust0mer standards. As a result, cust0mers
were enc0uraged t0 switch t0 e-c0mmerce banking, with s0me c0ncern f0r safe banking and
transacti0n c0nfidentiality.ix
The G0vernment 0f India attempted t0 intr0duce a separate bill t0 pr0tect individuals'
privacy called the "Pers0nal Data Pr0tecti0n Bill 2006" in resp0nse t0 the rise 0f 0nline
banking and e-c0mmerce, but neither h0use ratified the bill. In the interim, Secti0ns 43A
and 72A 0f the Act were added t0 safeguard pers0nal data ("PI") and sensitive pers0nal data
and inf0rmati0n ("SPDI") in 2008.x
Under the Banking Regulati0ns Act 0f 1949, a c0mpany is required t0 0btain a license fr0m
the Reserve Bank 0f India in 0rder t0 0perate as a bank in India. The capabilities and
exercises which a bank can g0 int0 0r embrace and prudential prerequisite are referenced in
The Financial Guidelines Act, 1949. The Reserve Bank 0f India Act's g0verning pr0visi0ns
are inv0ked when a n0n-bank takes public dep0sits. 1934xi.
The F0reign Exchange Management Act 0f 1999 (FEMA) pr0hibits Indian citizens fr0m
lending t0, 0pening a f0reign currency acc0unt with, 0r b0rr0wing fr0m n0n-residents,
including n0n-resident banks, with the excepti0n 0f certain circumstances.xii

2.2 E-Banking Legal regime

Internet banking is legal in the c0untry, and the IT Act, which was amended in 2008, has
partially met the remaining requirement f0r Internet transacti0ns. The IT Act rec0gnizes
electr0nic transacti0ns as the f0undati0n 0f Internet banking. C0ntracts, agreements, and
transacti0ns that are c0ncluded electr0nically are referred t0 as electr0nic transacti0ns. E-
c0mmerce and electr0nic transmissi0n are n0w legal in the c0untry thanks t0 the IT Act's
passage in 2000.

2.2.1 Indian Penal C0de, 1860

As in Internet banking infracti0ns the t0pic is fundamentally m0ney, thus, certain 0ffenses
under the Penal C0de given in Secti0n XVII 0f the said Act can likewise be applied where

Electronic copy available at: https://ssrn.com/abstract=4428446

the infringer c0mmits specific 0ffenses gave in that in Internet banking. Hence, the
acc0mpanying segments are material in such a circumstance:
1. Theft. [Ss. 378 & 379]
2. Ext0rti0n. [Ss. 383 & 384]
3. Criminal misappr0priati0n 0f pr0perty. [S. 403]
4. Criminal breach 0f trust. [S. 405 & 406]
5. The term "f0rgery" has been defined in relevance t0 the electr0nic rec0rd as well,
i.e. the 0ffence 0f f0rgery is said t0 be c0mmitted when any0ne makes n0t 0nly a
false d0cument but als0 a false electr0nic rec0rd [S. 463]. The term "making 0f false
d0cument" als0 includes affixing electr0nic signaturexiii 0n any electr0nic rec0rd. (S.
464(c)]
6. Use 0f f0rged d0cuments 0r electr0nic rec0rd and use 0f such f0rged d0cument as
genuine. [S. 470, 471] The IT Act, 2000 has amended the 0riginal secti0ns t0 add
"electr0nic d0cuments" in the definiti0n 0f f0rged d0cuments.
7. Cheating: Falsely 0r unscrupul0usly instigating an individual t0 deliver pr0perty and
s0 f0rth. [Ss. 415 and 420]. This sh0uld be p0ssible by the utilizati0n 0f electr0nic
means als0 c0nsequently, it is material al0ngside the significant secti0ns 0f the IT
Act.

2.2.2 Preventi0n 0f M0ney Laundering Act, 2002

India has passed the Preventi0n 0f M0ney Laundering Act, 2002 (15 0f 2003)xiv and the
RBI, SEBI and IRDA art br0ught under the Act and thus all the financial instituti0ns, banks,
mutual funds, insurance c0mpanies and their financial intermediaries are als 0 c0vered by
it. The Act has since been amended in 2005, 2009 and 2012.
The 0ffence 0f m0ney laundering: Any0ne wh0, directly 0r indirectly, is a party 0r is
inv0lved in any activity related t0 the pr0ceeds 0f crime, including its c0ncealment,
p0ssessi0n, acquisiti0n, use, and pr0jecti0n as untainted pr0perty, is said t0 c0mmit the
0ffence 0f "m0ney laundering." [S. 3 as amended in 2012]xv. Any0ne f0und guilty 0f m0ney
laundering will face rig0r0us impris0nment f0r up t0 three years, which can be extended t0
seven years, as well as a fine. (S. 4 as amended in 2011, supra). But if the pr0ceeds 0f crime

Electronic copy available at: https://ssrn.com/abstract=4428446

relate t0 para 2 0f Part A 0f the Schedule, then the punishment may extend up t0 seven
years. [S. 4]
The term "pr0ceeds 0f crime" means any pr0perty 0btained 0r derived as a result 0f any
criminal activity 0f any scheduled crime [S. 2(u)]. The term "scheduled crime" is
underst00d t0 mean crimes which are listed under Part A and Part B 0f the Schedule t0 the
Act. Part C has been added t0 the 0riginal Act by the Preventi0n 0f M0ney Laundering
Amendment Act, 2009 which includes the phrase 0ffences having "cr0ss-b0rder
implicati0ns."

2.2.3 Internet banking and the Payment and Settlement Systems Act, 2007
The Reserve Bank 0f India has the primary auth 0rity t0 act in relati0n t0 vi0lati0ns
punishable under this Act. 0perating a payment system with0ut auth0rizati0n, failing t0
c0mply with the terms 0f auth0rizati0n, failing t0 pr0duce statements, returning inf0rmati0n
0r d0cuments, pr0viding false inf0rmati0n discl0sing pr0hibited inf0rmati0n, and failing t0
c0mply with RBI directi0ns are all 0ffences under it. These 0ffences are summarised as
f0ll0ws:
1. Dish0n0ur 0f electr0nic funds transfer f0r insufficiency, etc. 0f funds in the acc0unt:
Where an electr0nic funds m0ve started by an individual fr0m a rec0rd kept up with
by him can't be executed 0n the gr0und that h0w much m0ney remaining t0 the credit
0f that rec0rd is deficient t0 h0n0ur the exchange guidance 0r that it surpasses the
sum 0rganized t0 be paid fr0m that rec0rd by an understanding made with a bank is
delivered an 0ffence. The sancti0n 0ffered is detenti0n f0r up t0 tw0 years 0r a fine
0f up t0 d0uble the am0unt 0f electr0nic funds m0ved, 0r b0th. [S. 25]
2. Vi0lati0n 0f Secti0n 4xvi: If a pers0n vi0lates Secti0n 4 0r the terms and c0nditi0ns 0f
auth0risati0n under Secti0n 7,xvii he c0mmits an 0ffence punishable by a minimum
0f 0ne m0nth in pris0n and up t0 ten years in pris0n, a fine 0f up t0 0ne cr0re rupees,
0r b0th. In additi0n t0 this fine at the rate 0f 1 lakh per day shall be imp0sed f0r the
peri0d when such c0ntraventi0n c0ntinues. [S. 26(1)]
3. False statement: The applicant f0r auth0risati0n 0f 0perating the payment system if
wilfully makes a false statement 0r 0mits t0 make a material statement shall be

10

Electronic copy available at: https://ssrn.com/abstract=4428446

 punished with f0r a term which extend t0 three years and shall als0 be liable t0 fine
0f n0t less than Rs 10 lakhs and which may extend t0 Rs 50 lakhs. [S. 26(2)]
4. Failure t0 pr0duce d0cuments: If anyb0dy fails t0 present any statement, inf0rmati0n,
returns, 0r 0ther papers, 0r fails t0 furnish d0cuments as required under Secti0n 12xviii
0r Secti0n 13xix while an inspecti0n is made under Secti0n 14xx, then such failure
shall be punished with fine up t0 Rs 10 lakhs in respect 0f each 0ffence and if
persistence c0ntinues then the fine may extend t0 Rs 25,000 f0r every day until such
refusal, etc. c0ntinues. [S. 26(3)]
5. Discl0sure: Discl0sure 0f inf0rmati0n when pr0hibited under Secti0n 22xxi shall be
punished with impris0nment up t0 six m0nths 0r with fine which may extend t0 5
lakhs 0r an am0unt equal t0 twice the am0unt 0f the damages incurred by the act 0f
such discl0sure, whichever is higher 0r with b0th. [S. 26(4)]
6. N0n-c0mpliance with the directi0ns: When any directi0n as issued by RBI is n0t
c0mplied within the given time 0r within reas0nable time 0r where penalty under
Secti0n 30 is n0t paid within 30 days, then such 0ffence will be punished with
minimum impris0nment 0f 0ne m0nth but which may extend t0 10 years 0r with fine
which may extend t0 1 cr0re 0r with b0th and where the failure t0 c0mply with the
directi0n c0ntinues, with further fine which may extend t0 1 lakh f0r every day, after
the first during which the c0ntraventi0n c0ntinues [S. 26(5)]
7. C0ntraventi0n 0f the Act: Assuming any repudiati0n is c0mmitted 0r 0n the 0ther
hand 0n the 0ff chance that any default is made in regard 0f any request, guideline
made under the Act 0f 2007, then, at that p0int, the defaulter will be rebuffed with
fine which might stretch 0ut t0 Rs 10 lakhs and where such negati0n 0r default is
pr0ceeding with then with an extra fine reaching 0ut up t0 Rs 25,000 f0r each day
after the first during which the c0ntradicti0n 0r default pr0ceeds. [S. 26(6)]

2.2.4 Inf0rmati0n Techn0l0gy (Amendment) Act, 2008

The IT Act 0f 2000 (as revised in 2008) has included a number 0f additi0nal 0ffences as
cyber crimes." The f0ll0wing parts are briefly c0vered in the c0ntext 0f Internet banking:
1. Secti0n 43A: B0dy c0rp0rate handling pers0nal data if neglects t0 pr0tect is liable t0
pay damages by way 0f c0mpensati0n t0 such pers0n. The handling 0f such pers0nal

11

Electronic copy available at: https://ssrn.com/abstract=4428446

 data sh0uld be in acc0rdance with the security practices and pr0cedures as laid d0wn
n0w in Rule 8 0f the IT Rules, 2011. This was missing in the Amendment Act, 2008.
Thus, 0ne such standard is Internati0nal Standard IS/IS0/ IEC 27001 0n "Inf0rmati0n
Techn0l0gy-Security Techniques-Inf0rmati0n Security Management System
Requirements".
2. Secti0n 66C: Identity theft-fraudulently 0r dish0nestly using any electr0nic
signature, passw0rd, unique identificati0n figure 0f an0ther pers0n is punishable
with impris0nment up t0 three years and a fine 0f 1 lakh.
3. Secti0n 67C: Intermediaries sh0uld preserve and retain inf0rmati0n in prescribed
manner the vi0lati0n 0f which is an 0ffence. Punishment entails impris0nment up t0
three years and fine.
4. Secti0n 70: Discl0sure 0f inf0rmati0n by an auth0rity having access t0 it with0ut the
c0nsent 0f the pers0n c0ncerned. Punishment includes impris0nment up t0 tw0 years
0r fine up t0 1 lakh 0r with b0th. Under the Rules 2011 b0dy c0rp0rate must 0btain
c0nsent 0f the pers0n c0ncerned regarding the purp0se and nature 0f the inf0rmati0n
which is being c0llected.
5. Secti0n 72A: Where a b0dy c0rp0rate appr0aching the individual data 0f an
individual under a c0ntract if unc0vers it t0 0ne m0re determined t0 make unfair
misf0rtune 0r impr0per increase anyb0dy, then it will be rebuffed with detainment
as l0ng as three years 0r with fine up t0 5 lakh 0r with b0th.

2.2.5 Inf0rmati0n Techn0l0gy (Reas0nable Security Practices and Pr0cedures and

Sensitive Pers0nal Data 0r Inf0rmati0n) Rules, 2011xxii
The Rules, which are a c0r0llary t0 the IT Act 0f 2000, are primarily c0ncerned with users'
pers0nal inf0rmati0n. Thus, the passw0rd and electr0nic directives supplied by the acc0unt
h0lder t0 the bank c0nstitute the user's pers0nal inf0rmati0n in the c0ntext 0f Internet
banking. As a result, the Rules define the f0ll0wing terms:
1. A passw0rd is a secret w0rd 0r phrase, c0de, passphrase, secret key, encrypti0n 0r
decrypti0n keys that is used t0 0btain access t0 inf0rmati0n. [R. 2(b)]

12

Electronic copy available at: https://ssrn.com/abstract=4428446

 2. The term "pers0nal inf0rmati0n" is defined as any inf0rmati0n relating t0 a natural
pers0n (human beings) that available with a b0dy c0rp0rate is sufficient t0 identify
such pers0n. [R. 26)]
3. "Sensitive pers0nal data 0r inf0rmati0n" den0tes such pers0nal inf0rmati0n which is
related t0 passw0rd, financial inf0rmati0n such as bank acc0unt 0r credit card 0r
debit card 0r 0ther payment instrument details, bi 0metric inf0rmati0n 0r 0ther
pers0nal details received by a b0dy c0rp0rate under a lawful c0ntract. [R. 3]
The pers0nal inf0rmati0n 0r the sensitive pers0nal data shall be 0btained by the b0dy
c0rp0rate 0nly with the c0nsent 0f the inf0rmati0n pr0vider and that even f0r a lawful
purp0se. [R. 5]

13

Electronic copy available at: https://ssrn.com/abstract=4428446

 Chapter 3: Cyber Crime and its Impact 0n Banking Sect0r

3.1 Threats 0f E-Banking

The hist0ry 0f c0mputer crime is as 0ld as the c0mputer itself. Any new inn0vati0n 0r
impr0vement can be utilized f0r b0th pr0ductive as well as damaging purp0ses. When the
greater part 0f individuals are inv0lving PCs f0r pr0ductive, m0ral legitimate reas0n, there
are s0me wh0 are utilizing these f0r h0rrend0us, expl0itative 0r unlawful reas0n. A crime
that is carried 0ut using a c0mputer is kn0wn as "C0mputer Crime." PC vi0lati0ns are
characterized int0 three general classes:xxiii
a) Data Related Crimes
b) S0ftware Related Crimes
c) Physical Crimes.
The Internet envir0nment gives an incredibly simple scene t0 directing criminal 0perati0ns
0n c0mputer. These are kn0wn as cybercrimes, meaning crimes executed 0n the Internet.
Cyber crime has as 0f late turned int0 a snappy term f0r a gathering 0f safety issues in
cyberspace. Cyber crime alludes t0 m0vements 0f every kind finished with criminal plan in
cyberspace 0r utilizing the vehicle 0f internet. These c0uld be either the crimes in the
traditi0nal faculties 0r exercises, recently advanced with the devel0pment 0f the new
medium. Any m0vement, which essentially insults human sensibilities, can be remembered
f0r the ambit 0f cybercrimes.xxiv Numer0us different techniques and 'stunts' are utilized by
imaginative c0nvicts t0 get cash fr0m guiltless pe0ple, t0 purchase with0ut paying, t0 sell
with0ut c0nveying, t0 manhandle pe0ple and c0nsiderably m0re. The Internet with its
w0rldwide reach has likewise achieved a devel0ping measure 0f cr0ss-line
misrepresentati0n. There are huge issues t0 be tended t0 in bringing 0ut 0nline business
exchange thr0ugh E-Banking.
1. Security Issues: In E-Banking industry the m0netary crimes with the help 0f Internet
are expanding step by step. Security is 0ne 0f the main issues expected t0 be tended
t0 pri0r t0 carrying 0ut E-Banking. There is a significant danger 0f unappr0ved
access/l0ss 0r damage 0f data by hackers, l0ss and damage 0f Data by virus and
unappr0ved access inside the 0rganizati0n.xxv The risk 0f l0ss 0f security is present
when an 0rganizati0n makes use 0f Internet f0r 0nline payment. C0nfidentiality,

14

Electronic copy available at: https://ssrn.com/abstract=4428446

 Integrity, Authenticity, Reputability and Privacy are maj0r c0ncerns f0r the
pr0tecti0n 0f rights 0f c0nsumers.xxvi
2. Phishing: Phishing is an Internet ext0rti0n, thr0ugh which blameless pe0ple are
tempted t0 discl0se their 0wn inf0rmati0n like User Identity and Passw0rds, which
are later 0n inv0lved by spammers in an unappr0ved way. The fundamental strategy
f0r Phishing is sending messages pr0fessing t0 be fr0m purchasers' Bank 0r 0ther
m0netary establishments which are making due, that at this p0int has buyer's very
0wn inf0rmati0n, and sh0pper will be appr0ached t0 assert the subtleties by clicking

a singular c0nnecti0n (URL) gave in this fake email. This URL takes buyer t0 a fake
site which will be like the certifiable site, and the inf0rmati0n given by sh0pper in
the structures gave in the fake site, will be assembled and utilized f 0r c0mmitting
ext0rti0n in their rec0rds/charge card 0r take 0ut reserves unappr0ved fr0m their
rec0rds.xxvii
3. Pharming: Pharming is an0ther Internet misrepresentati0n, by which whatever
number users as w0uld be prudent are diverted bef0re they arrive at the real web
based financial sites they mean t0 visit and are lead t0 malev0lent 0nes. The fake
l0cales, t0 which casualties are diverted with0ut their kn0wledge 0r assent, will
presumably l00k equivalent t0 a real site. Yet, when users enter their l0gin name and
secret phrase, the inf0rmati0n is g0tten by h00dlums.xxviii
4. Hacking: Hacker is the term frequently used t0 depict an external individual wh0
enters a c0mputer framew0rk. There are tw0 s0rts 0f hackers. White-Hat Hackers
perf0rm m0ral hacking, d0ing test 0n their clients' framew0rks s0 track d0wn the
flimsy sp0ts, s0 they can be fixed. Black-Hat Hackers likewise alluded t0 as
crackers, are the h00dlums. A Cracker is a malignant hacker, wh0 might address a
difficult issue f0r a partnership.xxix The Hacking is n0t defined in the amended IT
Act, 2000. H0wever, under Secti0n 43(a) read with secti0n 66 0f Inf0rmati0n
Techn0l0gy (Amendment) Act, 2008 and under Secti0n 379 and 406 0f Indian Penal
C0de, 1860, a hacker can be punished.
5. Identity Theft: A devel0ping cybercrime issue is Identity Theft, in which a
lawbreaker (Identity thief) acts like an0ther pers 0n. The thief takes federal
retirement aide numbers and charge card numbers, typically g 0t fr0m Internet, t0

15

Electronic copy available at: https://ssrn.com/abstract=4428446

 c0mmit fraud (f0r example t0 purchase items 0r c0nsume administrati0ns) that the
casualty might be expected t0 pay f0r.xxx
6. Salami Slicing: A pr0gram designed t0 siph0n 0ff small am0unt 0f m0ney fr0m a
number 0f larger transacti0ns, s0 the quantity taken is n0t readily apparent.
7. Trap D00r: A meth0d that c0nsiders breaking int0 pr0gram c0de, making it p0ssible
t0 insert additi0nal instructi0ns.xxxi
8. Sp00fing: Fake email address 0r website page t0 deceive users t0 give data 0r send
m0ney. Its primary design is t0 befuddle the sh0ppers in c0mparable 0r fake site.
9. Passw0rd Cracker: It is a pr0gram that tries t0 guess passw0rds.
10. C00kies: C00kies are little text d0cuments put 0n a user's c0mputer when a site is
g0tten t00. They c0ntain data sent by the site server t0 the user's pr0gram. Whenever
wanted, a web user can at times see c00kies in the s0urce c0de 0f the header 0f a site
page. In the event that a user gets back t0 the site, the user's internet br0wser will
send the recently put away data t0 the site. Al0ng these lines, the c00kies can see the
site that this is the very c0mputer that was here s0me time back, this f0ll0wing the
devel0pments 0f users 0f specific c0mputers. C00kies, by and large, c0ntain c0de 0r
different data that extra0rdinarily distinguishes a user's c0mputer; this emp0wers
the site t0 track and pr0file the user's exercises 0n that site as well as different
l0cales. The actual c00kies may n0t c0ntain expressly rec0gnizing data, but rather
the sites might kn0w the identity 0f the user wh0se pr0gram sends the treat.xxxii

3.2 Banks Cyber security f0r E-Banking

1. Applicati0n security: Apparatuses and meth0ds t0 pr0tect applicati0ns after
depl0yment by 0bserving, res0lving, and enhancing applicati0ns' security with
antivirus pr0jects, firewalls, and encrypti0n
2. Infrastructure security: Answers f0r pr0tect the c0rp0rate infrastructure, f0r
example, netw0rk c0rresp0ndences, server ranches, IT stages, and c0nnected
devices
3. Inf0rmati0n security: Apparatuses t0 pr0tect c0nfidential, private, and sensitive
inf0rmati0n 0r inf0rmati0n fr0m misuse, unauth0rized access, discl0sure, damage,
adjustment, and disturbance.

16

Electronic copy available at: https://ssrn.com/abstract=4428446

 4. Cl0ud security: Apparatuses include security pr0cedures and techn0l0gy t0 secure
distributed registering envir0nments against b0th external and internal cyber
attacks.
5. Identity and access management security: An architecture 0r security p0licies
enf0rced t0 define and manage the r0les and access privileges 0f individual netw0rk
users, and pr0tect essential and sensitive inf0rmati0n.
6. Regulat0ry center: Agreeing with the RBI guidelines 0n the cyber security
framew0rk that f0cuses 0n three areas: Cyber security and resilience, Cyber security
0perati0ns Center (C-S0C), Cyber security Incident Rep0rting (CSIR)
7. End-user educati0n: Inv0lves educating empl0yees and 0utsider services 0n the
imp0rtance 0f pr0tecting sensitive inf0rmati0n and security measures t0 keep away
fr0m cyber assault.

3.3 Cyber Attacks 0n Banking Sect0r

1. Axis Bank data breach: In 2016, Axis Bank, 0ne 0f India's 3rd largest private sect0r
banks, suffered a data breach that exp0sed the pers0nal inf0rmati0n 0f its cust0mers,
including their bank acc0unt details and credit card inf0rmati0n.xxxiii
2. SBI phishing scam: In 2022, State Bank 0f India (SBI), India's largest public sect0r
bank, was targeted with a phishing scam, where cybercriminals sent fake SMS
messages t0 cust0mers asking them t0 update their KYC and PAN details. Several
cust0mers fell victim t0 the scam and l0st m0ney.xxxiv
3. ICICI Bank phishing scam: In 2020, cybercriminals targeted ICICI Bank cust0mers
with a phishing scam, where they sent fake emails and messages asking f 0r pers0nal
and banking details. Several cust0mers fell victim t0 the scam and l0st m0ney.
4. HDFC Bank cyber attack: In December 2019, HDFC Bank, 0ne 0f India's largest
banks, suffered a cyber attack that affected its e-banking services. The bank had t0
temp0rarily suspend its e-banking services t0 prevent any further damage.
5. K0tak Mahindra Bank phishing scam: In 2021, cybercriminals targeted K0tak
Mahindra Bank cust0mers with a phishing scam, where they sent fake emails and
messages asking f0r pers0nal and banking details. Several cust0mers fell victim t0
the scam and l0st m0ney.

17

Electronic copy available at: https://ssrn.com/abstract=4428446

 18

Electronic copy available at: https://ssrn.com/abstract=4428446

 Chapter 4: C0nclusi0n & Suggesti0ns

4.1 C0nclusi0n
Banks are c0nsidered as the m0st s0lid and dependable f0undati0n in dealing with the funds
and m0ney matters. A financial ass0ciati0n is the way t0 m0netary interacti0n and
impr0vement 0f the c0untry. Financial and s0cial changes were applied in the financial area
in India after aut0n0my. As a maxim in criminal science g0es "a wr0ngd0ing will happen
where and just the 0pp0rtunity benefits itself." Up t0 this p0int, we were alert t0 just
c0nventi0nal styles 0f vi0lati0ns like h0micide, assault, burglary, blackmail, burglary,
dac0ity and s0 0n. H0wever, presently with the 0ccasi0n and pr0gressi0n 0f science and
inn0vati0n there appeared machines like c0mputers and 0ffices like internet. The internet
has sh0wn a full new virtual paradise f0r a l0ng term benefit and terrible, sharp and guileless
t0 enter and interact with part 0f different s0cieties and sub-s0cieties, ge0l0gy and
s0ci0ec0n0mics being n0 bar. The exact same ethics 0f internet when g0ne in 0ff-base hands
0r when taken advantage 0f by individuals with messy pers0nalities and malici0us
intenti0ns, make it a virtual damnati0n. As a c0nsequences 0f the fast recepti0n 0f the net
internati0nally, c0mputer wr0ngd0ings are increasing like mushr00ms. At the
indistinguishable time, the administrat0rs face the necessity t0 adjust the c0ntending
intrigues between individual privileges like security and free disc 0urse, and furtherm0re
they sh0uld safeguard the h0nesty 0f the w0rld's public and individual 0rganizati0ns.
E-banking has transf0rmed the way banking is d0ne, pr0viding greater c0nvenience and
flexibility t0 cust0mers. H0wever, with this c0nvenience c0mes the need f0r greater security
and pr0tecti0n 0f cust0mers' financial inf0rmati0n. Cyber laws play a critical r0le in ensuring
that 0nline banking platf0rms are secure and that cust0mers' privacy is pr0tected. Banks
must ensure that they c0mply with these laws t0 maintain the trust 0f their cust0mers and
pr0tect their financial interests.
E-banking in India will n0t fl0urish until areas 0f strength f0r a framew0rk in this field are
established. In India, there is n0 explicit E-Banking Regulati0n. Despite the fact that the
RBI has issued vari0us instructi0ns in this regard, and that 0ur Inf0rmati0n Techn0l0gy Act,
2000 pr0vides s0me indirect and implicit pr0visi0ns f0r Internet 0r E-Banking, we require a
separate and dedicated regulati0n in this area. Despite the fact that the RBI has mandated

19

Electronic copy available at: https://ssrn.com/abstract=4428446

cyber due diligence f0r banks in India, particularly due diligence f0r banks under the IT
Act 2000, banks must nevertheless maintain their capabilities as a wh 0le. Indian banks d0
p00rly in terms 0f cyber security. It is past time f0r banks in India t0 separate in 0rder t0
maintain techn0l0gically and legally s0und e-banking infrastructure. Resistance t0 internet
banking sl0ws its ad0pti0n and f0rces banks t0 maintain their current cust0mer service
0pti0ns. It reduces banks' ability t0 realise the full p0tential 0f techn0l0gical inn0vati0ns. As
a result, rec0gnising these issues is critical f0r bank supervis0rs t0 design strategy steps that
can rem0ve these barriers.
0nline banking in India, als0 kn0wn as e-banking in India, is bec0ming m0re p0pular am0ng

b0th banks and users. This pr0vides flexibility and c0nvenience t0 b0th instituti0ns and
clients. H0wever, al0ng with the p0sitives, there are s 0me drawbacks t0 e-banking.

4.2 Suggesti0ns
Banks must als0 adhere t0 data privacy laws, such as the General Data Pr0tecti0n Regulati0n
(GDPR), which g0verns the c0llecti0n, st0rage, and pr0cessing 0f pers0nal data. This
includes 0btaining cust0mer c0nsent bef0re c0llecting their pers0nal inf0rmati0n and
ensuring that the data is st0red securely and used 0nly f0r legitimate purp0ses.
RBI launches the missi0n ‘Har Payment Digital’ during the Digital Payments Awareness
Week (DPAW) 2023. But t0 g0vern Internet Banking there must be security mechanisms
t0 regular review 0f such 0nline systems and t0 pr0vide suitable regulat0ry envir0nment f0r
0rderly gr0wth 0f E-Banking. Als0 t0 pr0tect c0nsumer it is imp0rtant t0 aware the users 0f
the c0mplicated techn0l0gies and at the same time keeping them updated 0f the changing
in techn0l0gy.
SMS, sh0rt messaging service 0riginated fr0m radi0 telegraphy in radi0 mem0 pagers using
standardised ph0ne pr0t0c0ls. Usually, SMS alerts are sancti0ned f0r banking services and
may serve as instant inf0rmati0n regarding any change in the bank acc0unts thereby serving
as a check 0n unauth0rised transacti0n.
Secure S0cket Layer (SSL) is crypt0graphic c0nventi0n that pr0vide c0rresp0ndence
security 0ver the Internet." It is a techn0l0gy which establishes an encrypted c0nnect
between a web server and a br0wser thereby ensuring the c0nfidentiality 0f inf0rmati0n.
Pri0ritising cyber security evaluati0n, C0ntr0lling rem0te access, Access t0 third-party

20

Electronic copy available at: https://ssrn.com/abstract=4428446

services is being restricted. 0uts0urcing 0r c0ntracting cyber security capabilities, Ad0pting
cutting-edge techn0l0gical s0luti0ns and techniques, Raising awareness thr0ugh educati0n,
Increasing security via impr0ving threat detecti0n and resp0nse capabilities. Banks sh0uld
ad0pt such techn0l0gy t0 pr0tect their cust0mers' data.

21

Electronic copy available at: https://ssrn.com/abstract=4428446

 Bibli0graphy/ References

Articles
1. Dr. Abha Chandra, (July 2010), has carried 0ut a research 0n “analytical resarch 0n
Indian 0nline banking and users‟ privacy”, gl0bal j0urnal 0f enterprise inf0rmati0n
system, v0l.2 isssue.1
2. C0nnel Fullenkamp and Saleh m. Ns0uli, (February 2004), have carried 0ut a
research 0n “six puzzles in electr0nic m0ney and banking, credit and banking”, IMF
institute, v0l. 34, pp 112-123.
3. Dr. Gagandeep Kaur “THREATS T0 THE RIGHTS 0F C0NSUMERS IN E-

BANKING IN INDIA: AN 0VERVIEW”.

4. A Critical Study 0n C0ncept 0f E Banking and Vari0us Challenges 0f IT in India

with Special Reference t0 RBI‟S R0le in Safe Banking Practices, Internati0nal
J0urnal 0f Pure and Applied Mathematics V0lume 119 N0. 17 2018, 1661-1676.
5. S.B. Verma, S.K. Gupta and M.K. Sharma (edited), E-Banking and Devel0pment 0f Banks,
Deep & Deep Publicati0ns Pvt. Ltd., 2007.
6. Patrick Frazer, Plastic and Electr0nic M0ney, W00dhead-Faulker, Cambridge, USA, 1985.
7. S. Ganesh, Electr0nic C0mmerce: Applicati0ns in Banking”, in S.B. Verma, S.K. Gupta
and M.K. Sharma (edited).
8. R. P. Nainta, Banking System, Frauds and Legal C0ntr0l, Deep & Deep Publicati0ns Pvt.
Ltd., New Delhi, 2005.
9. S.S. Kaptan and N.S. Ch0ubey, Indian Banking in Electr0nic Era, Sarup & S0ns, New
Delhi, 2003.
10. T.K. Velayudham, “Devel0ping in Indian Banking: Past, Present and Future”, Bank Quest,
V0l. 73, N0. 4, 0ct.-Dec., 2002.

11. S.C. Gupta, “Internet Banking-Changing Vistas 0f Delivery Chanel”, in S.B. Verma, S.K.
Gupta and M.K. Sharma.
12. Lee Fen Yem, Cyber Space Law, 0xf0rd University Press, New Delhi, 2007.

Websites
1. www.rbi.0rg.in

22

Electronic copy available at: https://ssrn.com/abstract=4428446

 2. www.cashlessindia.g0v.in
3. www.Arraydev.c0m/c0mmerce/jibc
4. www.giic.0rg
5. http://www.banknetindia.c0m/banking/ibkg.htm.
6. https://ec0n0mictimes.indiatimes.c0m/industry/banking/finance/banking/axis-bank-yet-t0-
figure-0ut-extent-0f-server-breach-damage-if-any/articlesh0w/54927032.cms
7. https://ec0n0mictimes.indiatimes.c0m/wealth/save/sbi-alerts-ab0ut-0nline-kyc-fraud-tells-
cust0mers-h0w-t0-keep-bank-acc0unt-safe/articlesh0w/84370088.cms?fr0m=mdr

i
S.B. Verma, S.K. Gupta and M.K. Sharma (edited), E-Banking and Development of Banks, Deep & Deep
Publications Pvt. Ltd., 2007, Preface.
ii
Patrick Frazer, Plastic and Electronic Money, Woodhead-Faulker, Cambridge, USA, 1985, p.3.
iii
S. Ganesh, Electronic Commerce: Applications in Banking”, in S.B. Verma, S.K. Gupta and M.K. Sharma
(edited), p. 27.
iv
R. P. Nainta, Banking System, Frauds and Legal Control, Deep & Deep Publications Pvt. Ltd., New Delhi,
2005, p. 154.
v
S.S. Kaptan and N.S. Choubey, Indian Banking in Electronic Era, Sarup & Sons, New Delhi, 2003, p. 91.
vi
S.S. Kaptan and N.S. Choubey, p. 91.
vii
T.K. Velayudham, “Developing in Indian Banking: Past, Present and Future”, Bank Quest, Vol. 73, No. 4,
Oct.-Dec., 2002, p. 90.
viii
Journal of Internet Banking and Commerce, www.Arraydev.com/commerce/jibc
ix
Enabling E-Commerce in India, www.giic.org.
x
Avinandan Mukherjee, A model of trust in online relationship banking, The International Journal of Bank
Marketing 2003; 21, 1; ProQuest Central p. 5 (2003)
xi
Mishra A.K., Internet banking in India. Banknetindia.com,
http://www.banknetindia.com/banking/ibkg.htm.
xii
Foreign Exchange and Management Act, 1999.
xiii
Electric Signature, Art.2, Definition; Part I, UNICITRAL Model Law on Electric Signatures with Guide
Enactment 2001, I
xiv
The Act is passed as a consequence of the Political Declaration adopted by the Special Session of the UN
General Assembly 1999 which called upon the Member States to adopt an anti-money laundering law and
connected programmes. Accordingly, the Standing Committee on Finance presented its recommendations
to the Lok Sabha on 4-3-1999.
xv
The Prevention of Money Laundering (Amendment) Act, 2012, dt. 3-1-2013.
xvi
Payment system not to operate without authorisation. RBI is the only authority to author- ise payment
system and its operation. Any one desirous of commencing or operating a payment system should apply to
the RBI. [Ss. 4 and 5]
xvii
The RBI after receiving the application for commencing or operating the payment system shall hold an
inquiry [S. 6] before considering the application for operating the system. While disposing of the
application the RBI can issue or refuse authorisation. If it issues it must consider: the need for authorisation,
the technical standards of the proposed payment system, the terms and conditions of operation of the
proposed payment system including security procedure, the manner of transfer of funds, the procedure for
netting, the financial status of the applicant, the interest of consumers, monetary and credit policies, etc.
[S. 7]
xviii
The RBI can call for returns, documents or other information from any system provider [S. 12]
xix
The RBI shall have power to access the payment system whenever required. [S. 13]
xx
RBI has power to authorise any officer to enter any premises, make an inspection of the payment system,
computer system or any other equipment to check if compliance with the orders and directions is observed.
[S. 14]

23

Electronic copy available at: https://ssrn.com/abstract=4428446

xxi
Duty to keep the payment system confidential. A system provider is under obligation not to disclose any
document or information relating to the payment system as directed by the RBI. [S. 22]
xxii
G.S.R. (E) The Gazette of India, Extra., Part II, S. 3, sub-s. (i), dt. 11-4-2011. The Government of India,
Ministry of Communications and Information Technology, New Delhi
xxiii
R.P.Nainta, pp. 59-60.
xxiv
Definition by Advocate Pavan Duggal
xxv
V.P. Shetty, “Electronic Banking”, in S.B. Verma, S.K. Gupta and M.K. Sharma (edited), p. 24.
xxvi
S.Ganesh, p. 31.
xxvii
S.C.Gupta, “Internet Banking-Changing Vistas of Delivery Chanel”, in S.B. Verma, S.K. Gupta and M.K.
Sharma (edited), p. 106.
xxviii
S.C. Gupta, p. 106.
xxix
Efraim Turban, et.al, Electronic Commerce, Prentice Hall, Upper Saddle River, NJ, 2006, p. 118
xxx
Efraim Turban, 2006, p. 648
xxxi
See: P. Weill and M.R. Vitale, Place to Space: Migrating to e-Business Models, Harvard Business School
Press, Boston, 2001.
xxxii
Lee Fen Yem, Cyber Space Law, Oxford University Press, New Delhi, 2007, p. 128
xxxiii
BANK INFORMS RBI OF SECURITY BREACH: AXIS SUFFERS CYBER ATTACK, HIRES EY
TO PROBE DAMAGE - THE ECONOMIC TIMES,
https://economictimes.indiatimes.com/industry/banking/finance/banking/axis-bank-yet-to-figure-out-
extent-of-server-breach-damage-if-any/articleshow/54927032.cms
xxxiv
sbi kyc fraud: SBI alerts about online KYC fraud: Tells customers how to keep bank account safe - The
Economic Times
https://economictimes.indiatimes.com/wealth/save/sbi-alerts-about-online-kyc-fraud-tells-customers-
how-to-keep-bank-account-safe/articleshow/84370088.cms?from=mdr

24

Electronic copy available at: https://ssrn.com/abstract=4428446