CERTIFICATE

I have the pleasure to certify the dissertation entitled “CYBER CRIME AND ITS IMAPCT
ON BANKING INDUSTRY”(Code LLB 502) X semester has been prepared by HARSH
GUPTA, a student of IDEAL INSTITUTE OF MANAGEMENT AND TECHNOLOGY AND
SCHOOL OF LAW under my supervision and guidance and I recommend it for submission for
the evaluation.

PLACE: NEW DELHI

DATE: 06-05-2024

SUPERVISOR: NAMITA SINHA

i
 ACKNOWLEDGEMENT

This Dissertation is the outcome of my sincere and dedicated efforts towards

unfolding the hidden issues behind the discussed topic. The points of view of several
authors and thinkers have been used to arrive at the same. The successful completion
of my Dissertation can be owed to numerous people. I would like to thank a few of
them.
Firstly, I would like to express my sincere thanks to our Principle, Prof. ARUN
GUPTA for introducing the concept of preparing a Dissertation, thereby allowing me
to table my perspectives about the discussed topic. I would also like to show my
gratitude to Namita Sinha, Professor, who acted as my supervisor and mentor for this
Dissertation. Her inputs helped in creating the path of this study, her patience and
critical questioning throughout the process helped in me to reassertion and understand
the subject matter more thoroughly.
I could not have completed this Dissertation without the able guidance of all the
esteemed faculty members mentioned and many others not mentioned herein. I thank
them all sincerely for their guidance and for believing in me.
On a personal level, I thank the Almighty, my family and friends for supporting me
throughout this journey and being least complaining in terms of the time I gave to this
Dissertation instead of them.
HARSH GUPTA
04813403819
B.A. LL.B (H)
X SEMESTER

ii
 TABLE OF ABBREVIATIONS

HSMS SHORT MESSAGE SERVICE

EMAIL ELECTRONIC MAIL
(J-CIT) Joint Cybercrime Investigation Team
IT INFORMATION TECHNOLOGY
ICT INFORMATION AND COMMUNICATION TECHNOLOGY
CYBER RELATING TO CYBERSPACE OR THE INTERNET
CFAA COMPUTER FRAUD AND ABUSE ACT
ISP INTERNET SERVICE PROVIDER
VPN VIRTUAL PRIVATE NETWORK
DNS DOMAIN NAME SYSTEM
HTTPS HYPERTEXT TRANSFER PROTOCOL SECURE
CSIRT COMPUTER SECURITY INCIDENT RESPONSE TEAM
TLS TRANSPORT LAYER SECURITY
IOT INTERNET OF THINGS
IP INTELLECTUAL PROPERTY
GDPR GENERAL DATA PROTECTION REGULATION
BYOD BRING YOUR OWN DEVICE
URL UNIFROM RESOURCE LOCATOR
WWW WORLD WIDE WEB
IT ACT INFORMATION TECHNOLOGY ACT
MALWARE MALICIOUS SOFTWARE
PHISH PHISHING
VIRUS COMPUTER VIRUS
MAC MEDIA ACCESS CONTROL
BOT ROBOT OR SOFTWARE ROBOT

iii
PDP PERSONAL DATA PROTECTION

TABLE OF CONTENT

iv
Certificate I
Acknowledgement II
Abbreviations III
Research Questions VIII
Research Objections IX
Hypothesis X
Review of Literature XI
List of cases XIV
CHAPTER 1- INTRODUCTION
1.1 What is cybercrime? 01
1.2 Present and future: Cybercrime in the digital age 02
1.3 Impact of cybercrime in the Banking Industry
03
1.4 CONCLUSION
05
CHAPTER 2 - CYBERCRIME AND ITS TYPE
2.1 TYPES OF CYBERCRIME 06
2.2UNDER THE INFORMATION TECHNOLOGY ACT, 2000 AND
10
ITS ASSOCIATED RULES, VARIOUS PENALTIES ARE
PRESCRIBED FOR CYBER CRIMES
CHAPTER 3 CYBERCRIME IN BANKING INDUSTRY
3.1 Phishing and Social engineering 12
3.2 Malware attacks
13
3.3 Data breaches
14
3.4 Investigation and Legal Proceedings
3.5 Legal Charges and Sentencing 16

3.6 Payment card fraud 16

3.7 Distributed denial of service attack 17
18
CHAPTER 4 AN ANALYTICAL STUDY OF THE INDIAN
INFORMATION TECHNOLOGY ACT: A COMPREHENSIVE

v
LEGAL PERSPECTIVE 20
4.1 Introduction 22
4.2 Positive Aspects of the IT Act
22
4.3 Negative Aspects of the IT Act
23
4.4 Indian Penal Code (IPC):
4.5 Significance of Cyber Crime Laws: 23

4.6 Importance of Cyber Crime Laws in India 25

CHAPTER 5 IMPACT OF CYBERCRIME IN THE BANKING
INDUSTRY 28
5.1 Financial losses and fraudulent activities 28
5.2 Reputational damage and customer trust
28
5.3 Operational Disruptions and Business Continuity
28
5.4 Legal and Regulatory Ramifications
28
5.5 Cyber insurance cost
5.6 Bank size and risk profile 29
5.7 Security posture and risk management practices 29
5.8 Coverage limits and exclusions 29
5.9 Evolution of cyber threats 29
5.10 Investment in additional cyber-security measures
30
5.11 Investment in cyber-security
30
5.12 Bank size and operation
30
5.13 Security posture and risk profile
5.14 Regulatory compliance 30
5.15 Coverage and Exclusions 30
6.16 Emerging threat landscape 30
CHAPTER 6 METHODS TO STRENGTHEN CYBER-SECURITY
6.1 Different types of method to strengthen cyber-security 31
6.2 Several cyber-crimes led to banking fraud
32
 PNB Scam (India)
33
 Wanna Cry Ransomware attack
33

vi
  Aadhaar Data Breach (India) 33
CHAPTER-7 ADVANCED TECHNOLOGIES FOR BANK
FRAUD DETECTION AND PREVENTION: A
COMPREHENSIVE LEGAL FRAMEWORK
34
7.1 Artificial intelligence and machine learning
35
7.2 Biometric authentication and multifactor-factor authentication
7.3 Advance analytics and real time transaction (RTGS) monitoring 35

7.4 Legal imperatives and compliance obligation 37

CHAPTER- 8 AUTHORITIES FOR PREVENTION AND
CONTROLLING CYBER-CRIME LEADING TO BANKING
FRAUD
42
8.1 Withdrawal limits and IMEI blocking
42
8.2 Interagency collaboration
8.3 Addressing inert and mule bank accounts 43

8.4 Transaction monitoring 43

8.5 Surveillance enhancement 43
8.6 KYC reinforcement 45
8.7 Legal and regulatory compliance 46
8.8 Indian Cybercrime Coordination Center (I4C) Scheme
47
8.9 Implementation and control
CHAPTER- 9 CITIZEN FINANCIAL CYBER FRAUDS
REPORTING AND MANAGEMENT SYSTEM
9.1 Procedure for Reporting Financial Cyber Frauds
53
CHAPTER 10 - CONCLUSION AND SUGGESTION 57

RESEARCH QUESTIONS:

vii
1. How do various forms of cybercrime affect the operational resilience and financial
stability of banking institutions, and what measures can banks implement to mitigate
these risks effectively?
2. What are the most prevalent types of cybercrimes targeting the banking sector, and how
have their frequencies and methods evolved over the past decade?
3. How do cyberattacks affect consumer trust and behavior towards banking institutions,
and what role does effective cybersecurity communication play in maintaining customer
confidence?
4. What are the direct and indirect costs incurred by banks due to cybercrime, and how do
these costs influence their strategic investment in cybersecurity technologies and
policies?
5. How effective are current regulatory frameworks and compliance requirements in
protecting banks from cyber threats, and what improvements can be proposed to enhance
cybersecurity resilience in the banking industry?

RESEARCH OBJECTIVES

viii
1. To identify and analyze the most prevalent types of cybercrimes targeting the banking
sector and their evolution over the past decade.
 This objective aims to provide a comprehensive overview of the major cyber
threats facing banks and how these threats have changed over time.
2. To assess the impact of cyberattacks on consumer trust and behavior towards banking
institutions, and evaluate the effectiveness of cybersecurity communication in
maintaining customer confidence.
 This objective seeks to understand the psychological and behavioral effects of
cybercrime on bank customers and the importance of transparent communication
in mitigating these effects.
3. To evaluate the direct and indirect costs incurred by banks due to cybercrime, including
financial losses, reputational damage, and operational disruptions, and analyze how these
costs influence their investment in cyber security measures.
 This objective focuses on the financial repercussions of cybercrime for banks and
how these costs drive their cyber security strategies and budget allocations.
4. To critically examine the effectiveness of current regulatory frameworks and compliance
requirements in protecting banks from cyber threats, and propose potential improvements
to enhance cyber security resilience in the banking industry.
 This objective aims to assess the strengths and weaknesses of existing regulations
and suggest actionable recommendations for policymakers and industry leaders to
better safeguard banks against cyber threats.

HYPOTHESIS

ix
Primary Hypothesis: The increasing prevalence and sophistication of cybercrimes significantly
undermine the operational resilience and financial stability of banking institutions.

Secondary Hypotheses:Impact on Operational Resilience: Cybercrimes, including phishing,

malware attacks, and data breaches, lead to substantial operational disruptions in banking
institutions, affecting service availability, transaction processing, and overall operational
efficiency.

Impact on Financial Stability: The financial implications of cybercrimes extend beyond direct
monetary losses to include costs associated with incident response, legal fees, regulatory fines,
and investments in enhanced cybersecurity measures. These financial burdens can affect the
profitability and stability of banks.

Consumer Trust and Behavior: Cyberattacks adversely impact consumer trust and confidence
in banking institutions, leading to changes in customer behavior such as reduced use of online
banking services, increased demand for enhanced security features, and potential shifts to
competitor banks perceived as more secure.

Effectiveness of Cybersecurity Measures: The implementation of advanced cybersecurity

technologies and protocols, such as multi-factor authentication, encryption, and real-time
monitoring, can significantly reduce the frequency and severity of successful cyberattacks on
banks.

Role of Regulatory Frameworks: Robust regulatory frameworks and compliance requirements,

including those mandating regular security audits, incident reporting, and data protection
standards, play a critical role in enhancing the cybersecurity posture of banking institutions and
mitigating the risks associated with cybercrimes.

Strategic Investments in Cybersecurity: Banks that strategically invest in comprehensive

cybersecurity measures, including employee training programs, threat intelligence sharing, and
continuous improvement of security infrastructure, exhibit greater resilience to cyber threats and
recover more swiftly from cyber incidents.

REVIEW OF RELATED LITERATURE

1. Nature and Evolution of Cybercrimes in the Banking Sector

x
The banking industry has been a prime target for cybercriminals due to the high value of
financial data and assets. Numerous studies highlight the prevalence of various forms of
cybercrimes, including phishing, malware attacks, ransomware, and Distributed Denial of
Service (DDoS) attacks. According to Symantec's Internet Security Threat Report (2019),
financial services are disproportionately targeted by cyberattacks, accounting for 19% of all
reported incidents . Over the past decade, these attacks have evolved in complexity and scale,
with cybercriminals employing more sophisticated techniques such as spear-phishing and
Advanced Persistent Threats (APTs), which are designed to evade traditional security
measures and extract sensitive data over extended periods (Verizon, 2020) .
2. Operational Impact of Cybercrimes on Banks
Cybercrimes have significant operational implications for banks. Studies by Ponemon
Institute (2018) demonstrate that cyberattacks cause substantial disruptions to banking
operations, including prolonged downtime, loss of critical data, and compromised transaction
integrity. These disruptions not only affect the banks' ability to provide continuous service
but also erode customer confidence and satisfaction (Ponemon Institute, 2018) . Furthermore,
operational resilience is challenged by the need for rapid response and recovery mechanisms,
which often involve complex incident management protocols and coordination across various
departments.
3. Financial Impact and Costs of Cybercrime
The financial repercussions of cybercrime on banks are multifaceted, encompassing direct
and indirect costs. Direct costs include monetary losses from theft, fraud, and extortion,
while indirect costs cover expenditures related to incident response, legal fees, regulatory
fines, and investments in cybersecurity enhancements. Accenture's Cost of Cybercrime Study
(2019) reports that the average annualized cost of cybercrime for financial services
companies is $18.3 million, which is higher than in any other industry . These costs can
significantly impact the profitability and financial stability of banks, leading to increased
scrutiny from investors and stakeholders (Accenture, 2019) .
4. Consumer Trust and Behavior
Consumer trust is a critical asset for banks, and cybercrimes pose a serious threat to this trust.
Research by IBM Security (2018) indicates that data breaches and other cyber incidents lead
to a decline in customer trust, which can result in reduced usage of online banking services

xi
and a shift to competitors perceived as more secure (IBM Security, 2018) . Additionally, a
study by Deloitte (2017) finds that effective communication and transparency about
cybersecurity measures can mitigate the negative impact on consumer trust, highlighting the
importance of proactive customer engagement and education (Deloitte, 2017) .
5. Effectiveness of Cybersecurity Measures
The implementation of robust cybersecurity measures is crucial for mitigating the risks
associated with cybercrime. According to a study by McKinsey & Company (2019), banks
that employ advanced security technologies such as multi-factor authentication, encryption,
and real-time threat monitoring are better positioned to prevent and respond to cyberattacks
(McKinsey & Company, 2019) . Furthermore, continuous investment in cybersecurity
infrastructure and employee training programs has been shown to enhance the overall
security posture of banks, reducing vulnerability to emerging threats
(PricewaterhouseCoopers, 2020) .
6. Regulatory Frameworks and Compliance
Regulatory frameworks play a pivotal role in shaping the cybersecurity landscape for banks.
The General Data Protection Regulation (GDPR) and the Payment Card Industry Data
Security Standard (PCI DSS) are examples of regulations that set stringent requirements for
data protection and security. Studies by the Financial Stability Board (2018) emphasize that
compliance with these regulations not only helps in mitigating cyber risks but also promotes
a culture of security awareness and accountability within banks (Financial Stability Board,
2018) . However, there is ongoing debate about the adequacy of existing regulations, with
some experts advocating for more dynamic and adaptive regulatory approaches to keep pace
with the evolving threat landscape (European Banking Authority, 2020) .
Conclusion
The reviewed literature highlights the multifaceted impact of cybercrime on the banking
industry, encompassing operational disruptions, financial losses, and erosion of consumer
trust. It underscores the critical need for banks to adopt comprehensive cybersecurity
measures and comply with robust regulatory frameworks. Future research should focus on
evaluating the effectiveness of these measures and exploring innovative approaches to
enhance the cybersecurity resilience of the banking sector.
References

xii
1. Symantec. (2019). Internet Security Threat Report.
2. Verizon. (2020). Data Breach Investigations Report.
3. Ponemon Institute. (2018). Cost of Data Breach Study.
4. Accenture. (2019). The Cost of Cybercrime Study.
5. Accenture. (2019). The Cost of Cybercrime Study.
6. IBM Security. (2018). Cost of a Data Breach Report.
7. Deloitte. (2017). Cybersecurity: A Growing Priority.
8. McKinsey & Company. (2019). Cybersecurity in Banking: A Risk Management
Perspective.
9. PricewaterhouseCoopers. (2020). Global State of Information Security Survey.
10. Financial Stability Board. (2018). Cyber Lexicon.

TABLE OF CASES

State Bank of India v. Chandrabhan Modi (2010)

xiii
ICICI Bank Ltd. v. Official Liquidator of APS Star Industries Ltd. (2012)

M. R. Madhavan v. Union of India (2014)

Reserve Bank of India v. Jayantilal N. Mistry (2016)

State Bank of India v. Neerja

Barclays Bank v. Quistclose Investments Ltd

United States v. Hammond (2013)

R v. Lloyd and Others (2016)

United States v. Shalon et al. (2015)

People v. Gonzalez (2008)

Tesco Bank Fraud Incident (2016)

United States v. Nikulin (2016)

Bangladesh Bank Heist (2016)

State of California v. Waymo LLC (2018)

United States v. Love (2018)

Society for Worldwide Interbank Financial Telecommunication (SWIFT) Attacks (Multiple

cases)

State of Maharashtra v. Dr. Praful B. Desai (2003)

United States v. Mitnick (1999)

United States v. Gonzalez (2009)

United States v. Ulbricht (2015)

Shreya Singhal v. Union of India (2015)

SBI Cards and Payments Services Pvt. Ltd. v. Rohidas Jadhav (2018)

Union of India v. Amrik Singh (2013)

M. Karunanidhi v. Union of India (2017)

Axis Bank Ltd. v. SBS Organics Pvt. Ltd. (2016)

State of Karnataka v. Sri Ganesh (2014)

xiv
Kotak Mahindra Bank Ltd. v. Nupur Alloys (2019)

Google India Pvt. Ltd. v. Visaka Industries Ltd. (2017)

Bensusan Restaurant Corp. v. King, the Court

Poona Auto Ancillaries Pvt. Ltd. v. Punjab National Bank & Others
Kumar v. Whiteley (1991)
Bensusan Restaurant Corp. v. King, the Court
McDonough v. Fallon McElligott

xv