Understanding the cyber crime of financial frauds in India and the legal actions that can be taken under Indian laws
Fraud is a crime, but for penalisation it must be committed wilfully. Any sort of negligence or incompetency in managing a business that may lead to the unintentional loss of a company’s assets do not normally constitute fraud.
According to Section 447 of the Companies Act, 2013, fraud in relation to affairs of a company or any body corporate, includes any act, omission, concealment of any fact or abuse of position committed by any person or any other person with the connivance in any manner, with intent to deceive, to gain undue advantage from, or to injure the interests of, the company or its shareholders or its creditors or any other person, whether or not there is any wrongful gain or wrongful loss.
Meaning of Financial Fraud
Financial fraud can be broadly defined as an intentional act of deception involving financial transactions for purpose of personal gain. Financial fraud is an act of deceptively or unlawfully depriving someone of their money, capital or attacking their financial health. Financial fraud is a form of crime wherein a person or an entity illegally takes money or property and uses it in an illicit manner, with the motive of gaining a benefit or profit out of it.
In a globalised and liberalised business environment, the growth of financial frauds is unprecedented. Financial fraud is big business, contributing to an estimated 20 billion USD in direct losses annually. Industry experts suspect that this figure is actually much higher, as firms cannot accurately identify and measure losses due to fraud. The worst effect of financial frauds is on FDI inflows into India.Some examples of financial frauds that are taking place are:
- Bribery and Corruption: These illegal acts adversely impact trust in institutions. The former is usually given to someone to influence their behaviour whereas the latter is an act of gaining advantages through illegal means.
- Investment Fraud: It basically means to falsify the financial information in order to mislead or misguide the investors. It also includes omitting or hiding information that is important to know for an investor before investing.
- Identity Theft: As the name suggests, identity theft means stealing someone’s identity, basically it means to impersonate. The attacker uses the victim’s personal information (e.g. credit card number, social security number, bank account number) to make fraudulent withdrawals
- Phishing: Phishing is a type of fraud which uses deceptive e-mails and websites as a weapon to gather personal information. The aim is to trick the email recipient into accepting that the mail received is regarding something they want or need. Phishing is basically a cyber attack which steals user data, including login credentials, passwords and credit card numbers as soon as a trusted entity deceives a victim in opening the mail, instant message, text message or any spiteful link attached with these messages, it can lead to the installation of malware, the freezing of the system or the revealing of sensitive information.
- Skimming: Skimming is a credit card theft. When a credit card or debit card is swiped through a skimmer, the device captures and stores all the details stored in the card’s magnetic stripe. Fraudsters then use this stored information for online purchases or to reproduce the card.
- Mass Marketing Fraud: The fraud is committed through mass or spam mails, telephone calls etc. They can also take place in the way of fake prizes, charities, or lotteries etc. These modes are used to steal personal financial information or to raise contributions to fraudulent organisations.
- Siphoning of funds: It means to illegally or dishonestly take money from a person or an organization and use it for a purpose for which it was not intended.
- Theft of valuables: Fraudsters open bank lockers to take key impressions of other lockers and then use duplicate keys to steal assets.
Provisions which can be attracted in case of financial frauds are as follows:
The Information Technology Act, 2000
Section 66C- Punishment for identity theft: “Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh.” When an attacker impersonates the victim by using the victim’s personally identifiable information to make fraudulent withdrawals, the abovementioned section will be attracted. For example- when an attacker accesses the victim’s bank account by stealing his debit card information or PIN, he will be liable under this section. The maximum punishment under this section is imprisonment of up to three years and fine up to Rupees One Lakh.
Section 66D- Punishment for cheating by personation by using computer resource: “Whoever, by means of any communication device or computer resource cheats by personation, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.” When an attacker by means of any computer resource or communication device cheats by personation, the abovementioned section will be attracted. The maximum punishment under this section is imprisonment of up to three years and fine up to Rupees One Lakh.
Section 43– Penalty and compensation for damage to computer, computer system, etc: “If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network steal, conceal, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage shall be liable to pay damages by way of compensation to the person so affected.” This section provides that if any attacker accesses a computer system without the permission of the owner and conceals or destroys any data or important information in order to make financial gains, then the attacker shall be liable to pay damages by way of compensation to the person so affected.
Section 43A– Compensation for failure to protect data: “Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected.” This deals with the Civil liability which arises out of failure to protect sensitive or personal information as specified under Central Government’s notification dated 11th April, 2011 which classifies the details which are corporates are under legal duty to protect like bank account details, passwords etc. This provision was added by the amendment act of 2008 and emphasised the Corporate responsibility in data protection and mandates that corporates have to enforce reasonable and responsible measures to protect data of the general public. This section is usually attracted when a company fails to use adequate security procedures to protect personal information and this results in wrongful financial loss to the victim.
Section 72A– Punishment for disclosure of information in breach of lawful contract : “Save as otherwise provided in this Act or any other law for the time being in force, any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person, shall be punished with imprisonment for a term which may extend to three years, or with fine which may extend to five lakh rupees, or with both.” While performing a contract, when a service provider discloses any personal information of victim without his or her permission despite knowing the fact that such disclosure can cause wrongful loss to the victim, the service provider shall be liable to imprisonment of up to three years, a fine up to Rupees Five Lakh or both.
Section 74– Publication for fraudulent purpose: “Whoever knowingly creates, publishes or otherwise makes available a [electronic signature] Certificate for any fraudulent or unlawful purpose shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.” If any person creates, publishes or makes an electronic signature certificate available for any fraudulent or unlawful purposes which can result in wrongful financial loss, then that person shall be punished with imprisonment of up to two years or with fine up to Rupees One Lakh.
The Companies Act, 2013
Section 36– Punishment for fraudulently inducing persons to invest money: “Any person who, either knowingly or recklessly makes any statement, promise or forecast which is false, deceptive or misleading, or deliberately conceals any material facts, to induce another person to enter into, or to offer to enter into,— (a) any agreement for, or with a view to, acquiring, disposing of, subscribing for, or underwriting securities; or (b) any agreement, the purpose or the pretended purpose of which is to secure a profit to any of the parties from the yield of securities or by reference to fluctuations in the value of securities; or (c) any agreement for, or with a view to obtaining credit facilities from any bank or financial institution, shall be liable for action under section 447.” Investment Frauds are one of the most common types of frauds in the present time. When an attacker makes any false or deceptive statement or promise with the motive of convincing the victim to investment, this section will be attracted. The maximum punishment for frauds as specified in Section 447 is imprisonment for a term which shall not be less than six months but which may extend to ten years and fine which shall not be less than the amount involved in the fraud but may extend to three times the amount involved in fraud. If the fraud is in anyway related to public interest, the term of imprisonment will not be less than three years.
Section 448– Punishment for false statement: “Save as otherwise provided in this Act, if in any return, report, certificate, financial statement, prospectus, statement or other document required by, or for, the purposes of any of the provisions of this Act or the rules made thereunder, any person makes a statement,— (a) which is false in any material particulars, knowing it to be false; or (b) which omits any material fact, knowing it to be material, he shall be liable under section 447.” If in any return, report, certificate, financial statement, prospectus, statement or other document, the attacker makes any statement which is false in any material particulars or omits any material fact, he or she will be liable under section 447. Such false statement can lead to financial loss of the victim.
The Indian Penal Code, 1860
Section 405– Criminal breach of trust: “Whoever, being in any manner entrusted with property, or with any dominion over property, dishonestly misappropriates or converts to his own use that property, or dishonestly uses or disposes of that property in violation of any direction of law prescribing the mode in which such trust is to be discharged, or of any legal contract, express or implied, which he has made touching the discharge of such trust, or wilfully suffers any other person so to do, commits “criminal breach of trust.” When a person who is entrusted with property or any dominion over property, fraudulently converts that property into his own use so as to gain wrongful profit at the cost of making the victim suffer will be liable for criminal breach of trust. For example- if an executor of will who is supposed to divide the property in accordance with the will appropriates the will to his own use in order to get wrongful financial gains. The punishment for criminal breach of trust is imprisonment of up to three years or with fine or both, as prescribed under Section 406.
Section 409– Criminal breach of trust by public servant, or by banker, merchant or agent: “Whoever, being in any manner entrusted with property, or with any dominion over property in his capacity of a public servant or in the way of his business as a banker, merchant, factor, broker, attorney or agent, commits criminal breach of trust in respect of that property, shall be punished with 1 [imprisonment for life], or with imprisonment of either description for a term which may extend to ten years, and shall also be liable to fine.” If a person entrusted with property in his capacity of a public servant, banker, merchant, broker attorney etc, misuses his power in order to gain personal wrongful gains, will be liable under this section. For example – If a banker uses the victim’s bank account information and withdraws money without the knowledge of the victim, he or she will be liable under this section. The punishment prescribed under this section is imprisonment for life or imprisonment of up to ten years and fine.
Section 415– Cheating: “Whoever, by deceiving any person, fraudulently or dishonestly induces the person so deceived to deliver any property to any person, or to consent that any person shall retain any property, or intentionally induces the person so deceived to do or omit to do anything which he would not do or omit if he were not so deceived, and which act or omission causes or is likely to cause damage or harm to that person in body, mind, reputation or property, is said to “cheat”. To attract this section, the attacker must deceive the victim and the victim should be induced to deliver any property to any person. The victim must be deceived to omit or to do anything which he would have not done otherwise and this act is likely to cause damage or harm to the body, mind, reputation or property of the victim. For example- the attacker puts a counterfeit mark on an item and convinces the victim that the item is of a reputed brand and fraudulently induces the victim to pay for the article and wrongfully gain financial profit from the victim. The punishment for cheating is imprisonment of up to one year or fine or both, as prescribed under Section 417.
Section 416: Cheating by personation: “A person is said to “cheat by personation” if he cheats by pretending to be some other person, or by knowingly substituting one person for or another, or representing that he or any other person is a person other than he or such other person really is.” Most of the financial frauds take place by using personation as a weapon. The attacker pretends to be the victim in order to gain wrongful profit. For example- A cheats by pretending to be a certain rich banker of the same name. A cheats by personation. The punishment for cheating by personation is imprisonment of up to three years or fine or both, as prescribed under Section 419.
Section 418– Cheating with knowledge that wrongful loss may ensue to person whose interest offender is bound to protect: “Whoever cheats with the knowledge that he is likely thereby to cause wrongful loss to a person whose interest in the transaction to which the cheating relates, he was bound, either by law, or by a legal contract, to protect, shall be punished with imprisonment of either description for a term which may extend to three years, or with fine, or with both”. This section states that whoever cheats with the knowledge that he is likely to cause wrongful loss to such a person whose interest in the transaction to which the cheating relates, he was bound to protect shall be punished with imprisonment of up to three years or with fine or both.
Section 420– Cheating and dishonestly inducing delivery of property: “Whoever cheats and thereby dishonestly induces the person deceived to deliver any property to any person, or to make, alter or destroy the whole or any part of a valuable security, or anything which is signed or sealed, and which is capable of being converted into a valuable security, shall be punished with imprisonment of either description for a term which may extend to seven years, and shall also be liable to fine.” This section talks about the offence which is committed by the person who cheats another person and thereby induces the deceived to deliver any property or to make, alter or destroy any valuable security or anything which is sealed or is capable of being converted into a valuable security by falsely representing something so that the person is deceived. The maximum punishment under this section is imprisonment of up to seven years and fine.
Section 468– Forgery for purpose of cheating: “Whoever commits forgery, intending that the [document or electronic record forged] shall be used for the purpose of cheating, shall be punished with imprisonment of either description for a term which may extend to seven years, and shall also be liable to fine.” Forgery consists of a false document, signature, or other imitation of an object which is of value used with the intention of deceiving the victim. Those who commit forgery are often charged with the crime of fraud. For example- the attacker can photocopy the victim’s signature and then place it on a document without the victim’s consent in order to gain wrongful profit. The punishment for forgery is imprisonment of up to two years or fine or both, as prescribed under Section 465.
In 2012, the Central Bureau of Investigation (CBI) announced that it is developing a Bank Case Information System (BCIS) to curb banking frauds. This database contains the names of accused persons, borrowers and public servants compiled from the past records. Even RBI has released a new guideline to check loan frauds wherein it gives red flag to the defaulters and defaulters shall have no access to further banking finance. RBI is also planning to set up a Central Fraud Registry which can be accessed by all Indian banks.
CONCLUSION The need of the hour is to equip businesses against fraud risks and to spread awareness among public warning them against the increasing number of financial frauds. There should be transparency in organizations for better management. There should be a separate team or department in every organization comprising of qualified staff to ensure that efficient technological solutions are implemented. Financial institutions should duly enhance their
 The Companies Act, 2013; https://www.mca.gov.in/Ministry/pdf/CompaniesAct2013.pdf
 The Information Technology Act, 2000; https://www.indiacode.nic.in/bitstream/123456789/1999/3/A2000-21.pdf
 The Companies Act, 2013; https://www.mca.gov.in/Ministry/pdf/CompaniesAct2013.pdf
 The Indian Penal Code, 1860; https://www.iitk.ac.in/wc/data/IPC_186045.pdf
For further information on Cyber Laws in India, please write to us at firstname.lastname@example.org.
To know more about Information technology law in India, read below: