Home Author
Author

Nandu Kulkarni

Nandu Kulkarni is an independent consultant in Banking and Payments Technology, with over 35 years of experience in managing IT product and services businesses. He has had stints working with Oracle Financial Services Ltd., Opus Software Solutions, Citicorp Overseas Software Ltd, and TCS. Nandu is a keen student of Hindustani Classical Music and runs a website called ragasphere.com, dedicated to Classical Music. He is one of the founders of a light music orchestra of IIT Bombay Alumni called “Y-Point Orchestra”, better known as YPO. Nandu has a B.Tech in Electrical Engineering from IIT Bombay in 1974, and a P.G.D.M. from IIM Calcutta in 1979.

2024Current IssueCybersecurityVol2_2024

Cybersecurity and Cyber Frauds in Banking and Payments

by Nandu Kulkarni
by Nandu Kulkarni

In this article we will look at the types of cyber frauds that scamsters perpetrate in banking and payments, and see how the variety, risks, numbers and sophistication of such frauds grew with the growth of computerisation of banking operations resulting in customer convenience. As the role of computerisation in banking grew and became more sophisticated, so did the variety and sophistication of cyber fraud. We will also see what banks do to minimise the risk of such frauds, and importantly, what we as customers of banks can do to avoid falling prey to such fraudsters. A caveat – this article talks only about cybersecurity in the context of banking as it relates to the handling and transfer of money. It does not deal with cyber fraud related to securities transactions and insurance – that will take another couple of articles.

Forgery 

In the 1970s, before computers came into banking operations, you had to go to a bank branch to do any kind of banking transaction, starting from opening a bank account, to depositing or withdrawing cash, or transferring money to another account. You could write a cheque and hand it over physically or by post to whoever you wanted to transfer money to. That person would have to go to his or her bank and deposit the cheque into their bank account by filling in a slip. The cheque would then travel to a local cheque clearing centre, from where it would go to the payer’s bank branch. If the cheque was from another city (an “outstation” cheque), then it would have to be sent by post to the bank branch where it was drawn. If there was sufficient balance in the account and the signature matched with the sample signature with the bank, then the cheque would be “cleared” and retained by the payer’s bank branch. Banks had a specific number of days to reject the cheque if there was insufficient balance or a signature mismatch, and the cheque would travel back to the payee’s bank branch, and the payee would be informed about the cheque being “returned”. This process would often take several days, until which time the payee had no idea if his/her account had been credited. If one wanted a guaranteed document, then the payer had to make out a bank draft by going to the branch, filling up a form and the branch would issue a bank draft payable to the payee.

In those days, the only way somebody could steal money from your account was to steal your chequebook and forge your signature.

The reason for explaining the process in so much detail is for younger readers who have not seen what banking was like in India before computerisation to understand the breathtaking transformation that has happened in banking in the last forty to fifty years.

Frauds in Inter-branch Reconciliation

In the days of manual processes in banking, a cheque deposited in a branch that belonged to a different cheque clearing centre had to physically travel by post from that branch “for collection” to the branch on which the cheque was drawn. The branch where the cheque was deposited often provided early liquidity to the customer by “purchasing” the cheque and crediting the customer’s account. Fraudsters, with the help of insiders at the bank or post office, would intercept and steal the cheque before it reached the destination branch, so that the account on which the cheque was drawn never got debited. The manual process of inter-branch reconciliation would often take weeks before the fraud was discovered. So the first giant step in bank computerisation was in reconciliation of accounts of different branches, by matching of transactions that span across two branches. This threw up anomalies where the payee’s account got credited (because the bank “purchased” the cheque), but the account of the customer who wrote the cheque never got debited as it should have. I remember that in my earlier years at Tata Consultancy Services in the early 1980s, the banking group used to manage the massive job on inter-branch reconciliation for State Bank of India on a Burroughs mainframe computer. The data of all inter-branch transactions used to be punched on cards, transferred to tapes, and sent to the TCS computer centre for overnight processing. This was a “batch” process, with input data of cheques being fed through punched cards or magnetic tape, and the output reports being printed on reams of stationery. But it did alert the bank to mismatches in cheque transactions between branches.

Phishing

Jamtara is a backward district in Jharkhand. According to the last census in 2011, Jamtara had a population of around 800,000, a low literacy rate of 62.58% and a high unemployment rate of over 58%. There has not been a census since 2011, but my guess is that the numbers do not look much better now. Not many people outside Jharkhand would have heard of Jamtara, if it was not for the fact that it gained ignominy as the cybercrime capital of India. It was made (in)famous by a widely watched TV serial on Netflix simply called Jamtara.

Around 2015 or so, a few unemployed youths from a small, backward village from Jamtara district came up with a brilliant idea to scam people all over the country using a simple mobile phone.

Continue Reading
1 comment
2018Cult FundaesCurrent Issue

Ragas for the Rest of Us: Attaining an appreciation of Hindustani Classical music

by Nandu Kulkarni
by Nandu Kulkarni

Photograph by Clem Onojeghuo

“If I were not a physicist, I would probably be a musician. I often think in music. I live my daydreams in music. I see my life in terms of music.” ― Albert Einstein

Close your eyes for a minute and try to imagine a world without music. When I do that, life without music evokes in me visions of being forced to trudge through a dreary and endless desert under a scorching sun with no water and no food. Friedrich Nietzsche, the 19th-century German philosopher said “Without music, life would be a mistake”. Many centuries before him, Plato is quoted as saying “Music gives a soul to the universe, wings to the mind, flight to the imagination and life to everything.” And Khalil Gibran, the Lebanese-American poet and a contemporary of Nietzsche, wrote “Music is the language of the spirit. It opens the secret of life bringing peace, abolishing strife.”

Continue Reading
2 comments
2017Current IssueOffbeat Fundaes

Zodiacs, Icebergs, Gentoo and Humpbacks

by Nandu Kulkarni
by Nandu Kulkarni

For most of us, the land mass called Antarctica is a name we vaguely remember from school Geography, but if asked to name all the continents in the world, most of us would forget to name Antarctica among the continents. That was certainly true in my case, until a friend asked me if I would like to join him and a couple of others on this trip to Antarctica that they had planned.

Continue Reading
2 comments