Skip to content Skip to footer

Cyber Crimes in Banking Sector


Do you remember the time when the whole Indian Banking sector was shaken? It’s the Cosmo Bank Cyber Attack which happened in Pune. The hackers stole Rs. 94.42 crores from Cosmos Cooperative Bank Ltd. and took advantage of the bank’s ATM server access to steal a significant amount of visa and rupee debit cardholders’ personal information. Money was taken, and hacker groups from as many as 28 different countries immediately withdrew the money after being informed[1].

In the twenty-first century, cybercrime has become one of the deadliest retaliation tools and anyone can employ to threaten or defraud someone. Cybercrime is an issue even if the banking industry has increased its services and strives to offer exceptional customer service through innovation. Cybercriminals have easy access to contact information on the internet. This results in significant financial losses for banks as well as customers, which has an impact on the economy of the nation. Moreover, Non-monetary cybercrime occurs when viruses are created and propagated across other devices or when confidential corporate data is shared online.

The flow of the article will be to first know about cybercrime and e-banking, then what are the cybercrime which are related to the banking sector and their impacts on this sector.


Cybercrime refers to the use of a computer to advance illicit activities like fraud, the trafficking of child pornographic material and other intellectual property, identity theft, privacy invasions, etc. It entails spreading viruses, downloading files unlawfully, engaging in phishing schemes, and stealing personal data like bank account numbers, etc. Thus, a crime can be identified as a “cybercrime” if “computer” and “internet” are among its primary components. Because of this, computer crimes are frequently used to refer to cybercrimes. The majority of cyberattacks fall under the category of “economic crimes,” which are typically carried out by highly organized criminals and employ the most cutting-edge technologies.

The number of cases of financial fraud has risen along with the rate of innovation. Different methods are being used by cybercriminals to gather bank information and conceal their funds. The banks have employed a number of specific procedures to protect against these frauds, yet the problem persists. This is explained by the fact that the security measures currently available through banks are also available in public or in other places where they can be exploited by cybercriminals who can simply breach security measures.

Banking sector has suffered an impact of cyber crimes. RBI has defined bank fraud has as, “A deliberate act of omission or commission by any person, carried out in the course of a banking transaction or in the books of accounts maintained manually or under computer system in banks, resulting into wrongful gain to any person for a temporary period or otherwise, with or without any monetary loss to the bank.”


A system where financial transactions are handled utilising information and computer technology rather than human resources is known as electronic banking, or e-banking. E-banking differs from typical banking services in that there is no direct contact between the bank and its clients. By using several platforms that may be utilised with a variety of terminal devices, such as a personal computer and a mobile phone with browser or desktop software, telephone, or digital television, banks can give information and services to their customers via e-banking. Cyber banking, home banking, and virtual banking are other names for e-banking. Internet banking, mobile banking, RTGS, ATMs, credit cards, debit cards, smart cards, and other forms of e-banking are all included.



Hacking is a crime, which means an attempt to bypass the security of the banking sites or accounts of the customers. The Hacking offence is not defined in the amended IT Act, 2000. But under section 43(a) read with section 66 of Information Technology (Amendment) Act, 2008 and under section 379 & 406 of Indian Penal Code, 1860, a hacker can be punished.

Canara Bank’s ATM servers were the subject of a cyberattack in 2018. Several bank accounts saw the clearing of twenty lakh rupees. Sources claim that 50 people were victims altogether as a result of cybercriminals having access to more than 300 individuals’ ATM information. Hackers used equipment known as skimmers to obtain debit cardholders’ personal information. The value of transactions containing stolen data ranged from Rs. 10,000 to Rs. 40,000.


The most common method of stealing internet banking passwords is spyware. Fake “pop up” advertisements requesting users to download software are used to install it. Such software is identified and removed by antivirus programmes, typically by preventing its download and installation before it can infect the machine.

  1. VIRUS

A virus is a piece of software that corrupts an executable file and causes it to behave strangely afterward. It spreads by affixing itself to executable files, such as those used by operating systems and application programmes. The executable file can spread the infection by being run. Worms, on the other hand, are programmes that can duplicate themselves; they don’t change or remove any files, instead, they just grow and spread copies of themselves from the victim’s computer to other computers.


Online credit card fraud occurs when customers use their credit card or debit card for any type of online payment and another person, with malicious intentions, uses such card details and password by hacking and misusing it for online purchases using the customers’ hacked card details, or when a fraud is committed by a devil34. When electronic transactions are not secure, the hacker can abuse the credit card by pretending to be the cardholder.


By caching previously received query results, DNS servers are put on a company’s network to increase resolution response performance. By taking advantage of a DNS software weakness, poisoning attacks are launched against DNS servers. Due to this, the server improperly verifies DNS replies to guarantee they are from reliable sources. Incorrect items will eventually be cached locally by the server, which will then serve them to subsequent users who submit the same request. An attacker may utilise a server controlled by criminals to serve malware to victims of a banking website or to trick bank clients into giving their login information to a fake version of a legitimate website. If a hacker uses a specific DNS server to spoof an IP address and DNS entries for a bank website.


Key logging is a technique used by scammers to keep track of real keystrokes and mouse clicks. The “Trojan” software packages known as keyloggers aim at the operating system and are “installed” by use of a virus. These could be especially risky because The scammer records the user name, password, and account number, as well as any other inputted characters.


Pharming is related to “farming” and “phishing.” In phishing, an attacker takes control of a bank’s URL so that when a customer logs in to the bank website, they are forwarded to a different website that is fake yet appears to be the real website of the bank. Pharming takes place online, and ATMs can also be used for skimming.

A bank management trainee was engaged to be married and the couple communicated via email on the company’s computers. This is the Bank NSP Case. After some time, they separated, and the young woman created some fictitious email addresses, like “Indian bar associations,” and used them to send emails to the boy’s overseas clientele. She utilised the bank’s computer for this. The boy’s firm suffered significant customer losses and sued the bank in court. Because the emails were sent through the bank’s technology, the court decided to hold the bank accountable.


The spread of mobile networks and the advancement of information and technology (IT) have both led to the expansion of financial services to the general public. However, technological innovation has increased the potential of being a target of cyberattacks while also making banking services more accessible and affordable.

In addition to using advanced tactics to steal money, cybercriminals are now able to spy on businesses and obtain crucial company data, which has an indirect impact on the bank’s profits. Furthermore, cybercrime in the banking sector would violate the privacy of the customers. Anyone, i.e., any hacker can misuse the identity of people and threaten them to do illicit activity and steal their money.



The banking industry is the foundation of our economy. Our economy has suffered significant losses as a result of the rising number of cybercrime cases. Cyber-attacks should be avoided by ensuring that the appropriate law is adequately applied. It is important to inform both the banks and the customer about the danger and safety precautions. To combat cybercrime, there must be coordination among the many parties.

The current situation calls for an increase in cooperation amongst the nations regarding the instruments and methods that can successfully allow them to combat electronic crime worldwide. Developing countries like India that are plagued by electronic and cybercrime pose a significant issue due to the lack of instruction in the areas relevant to the inquiry of cybercrime and electronic crime. Moreover, Global macroeconomic and geopolitical events have created a challenging and thought-provoking position for the banking sector. The banking sector is being obliged to examine its current procedures in order to better analyse and reduce risks. Technology-driven methods have been employed in risk management.

Therefore, it can be said that while it may not be able to completely eradicate cybercrime from the internet, it is still possible to keep an eye on banking transactions and activities on a regular basis. The only effective way to reduce crime is to raise people’s understanding of their rights and responsibilities and to continue tightening up the enforcement of the law.


Leave a comment


Subscribe to the updates!

[mc4wp_form id="461" element_id="style-11"]