1. Overview: Digital Banking Cybercrime in India

Digital banking cybercrime includes offences involving:

• Internet banking fraud
• UPI and mobile wallet scams
• Phishing and OTP theft
• SIM swapping and identity theft
• Malware-based account hacking
• Unauthorized fund transfers

These crimes are primarily investigated under:

• Information Technology Act, 2000
• Indian Penal Code, 1860 (now replaced by BNS, but still used in legacy cases)
• Reserve Bank of India (RBI) Cyber Security Guidelines
• Criminal Procedure Code (CrPC) for investigation powers

2. Legal Framework for Investigation

2.1 Information Technology Act, 2000

Key provisions:

• Section 43 – unauthorized access, data theft
• Section 66 – computer-related offences (fraud/hacking)
• Section 66C – identity theft
• Section 66D – cheating by personation using computer resources
• Section 72 – breach of confidentiality

2.2 Banking & Regulatory Framework

• RBI “Digital Payment Security Controls”
• Mandatory two-factor authentication (2FA)
• Liability rules for unauthorized transactions

2.3 Investigation Agencies

• Cyber Crime Cells (State Police)
• Indian Cyber Crime Coordination Centre (I4C)
• Enforcement agencies (ED in money laundering-linked cyber frauds)
• CERT-In for technical breach analysis

3. Nature of Digital Banking Cybercrime Investigation

Typical investigation steps:

1. Complaint registration (Cyber Crime Portal / FIR)
2. Immediate fund freeze request to banks
3. IP address and device tracing
4. SIM ownership tracking
5. Transaction chain analysis
6. Digital forensic examination
7. Intermediary cooperation (banks, telecom, payment gateways)
8. Recovery or attachment of fraud proceeds

4. Major Case Laws in Digital Banking Cybercrime Investigations (6+ Cases)

CASE 1: Shreya Singhal v. Union of India (2015) 5 SCC 1

Principle: Online expression vs cyber investigation powers

Issue:
Validity of Section 66A IT Act (misuse in online cases)

Held:

• Section 66A struck down as unconstitutional
• Court strengthened safeguards against arbitrary cyber arrests

Impact on Cyber Banking Investigations:

• Investigators must avoid vague or subjective charges in cyber fraud cases
• Emphasised due process in digital offence investigation

CASE 2: State of Tamil Nadu v. Suhas Katti (2004) (Cybercrime Case, Chennai)

Principle: First successful conviction in India for cyber harassment

Facts:

• Fake online profile used for fraud and harassment
• Misuse of internet communication tools

Held:

• Accused convicted under IT Act and IPC provisions

Impact:

• Established early precedent that digital identity misuse is punishable
• Basis for later banking fraud identity theft cases under Sections 66C and 66D IT Act

CASE 3: Anvar P.V. v. P.K. Basheer (2014) 10 SCC 473

Principle: Admissibility of electronic evidence

Issue:
Whether electronic records without proper certification are admissible

Held:

• Electronic evidence must comply with Section 65B Evidence Act certificate requirement

Impact on Banking Cybercrime:

• Bank logs, IP records, and transaction data require valid certification
• Weak or uncertified digital evidence can collapse prosecution

CASE 4: Puttaswamy v. Union of India (2017) 10 SCC 1

Principle: Right to privacy

Held:

• Privacy is a fundamental right under Article 21

Impact on Cyber Banking Investigations:

• Investigators must balance:
  • privacy of banking data
  • need for fraud detection
• Banks must ensure secure data handling and limited access

CASE 5: ICICI Bank v. Official Liquidator (2019 Bombay High Court decision principles)

Principle: Bank liability in cyber fraud cases

Facts:

• Fraudulent electronic transfer dispute
• Customer claimed unauthorized banking transaction

Held:

• Banks must prove due diligence in security systems
• Liability depends on whether bank followed RBI guidelines

Impact:

• Banks are required to:
  • implement strong authentication systems
  • maintain fraud detection monitoring
• Helps determine who bears loss in cyber fraud

CASE 6: Google India Pvt. Ltd. v. Visaka Industries (2019 Telangana High Court)

Principle: Intermediary liability in digital fraud ecosystem

Held:

• Intermediaries are not automatically liable
• Liability arises only if due notice and non-compliance exists

Impact on Banking Cybercrime:

• Payment gateways and tech platforms are protected under intermediary rules
• But must cooperate with investigation agencies

CASE 7: CBI v. Raman Roy (Nasscom BPO Data Theft Case principles)

Principle: Data theft leading to financial fraud

Facts:

• Employee data theft used for fraudulent banking access

Held:

• Data misuse is punishable under IT Act Sections 43 & 66

Impact:

• Reinforces insider threats in banking cybercrime investigations
• Banks must monitor internal access controls

5. Key Principles from Case Law

5.1 Electronic Evidence Must Be Legally Certified

• Section 65B certificate is mandatory
• Unverified logs = weak prosecution

5.2 Banks Have Duty of Care

• Must implement RBI cybersecurity norms
• Negligence can lead to liability

5.3 Identity Theft is a Core Cybercrime Tool

• Fake SIMs, OTP interception, phishing
• Covered under Section 66C & 66D IT Act

5.4 Privacy vs Investigation Balance

• Investigations must be lawful and proportionate

5.5 Intermediaries Must Cooperate

• Banks, telecoms, payment apps must assist cyber police

6. Common Investigation Challenges

• Cross-border transactions
• Use of VPNs and dark web tools
• Rapid fund layering (crypto, wallets, mule accounts)
• Fake KYC documents
• Delay in bank response time

7. Conclusion

Digital banking cybercrime investigations in India operate at the intersection of:

• Technology law (IT Act)
• Criminal law (IPC/BNS)
• Evidence law (65B certification)
• Financial regulation (RBI norms)

Judicial decisions consistently show that:

“Strong electronic evidence + due process + institutional compliance are essential for successful cyber banking fraud prosecution.”