Online Banking Fraud Prosecutions
Online Banking Fraud occurs when criminals gain unauthorized access to online bank accounts to steal money or manipulate transactions. Common methods include:
Phishing: Sending fake emails or SMS to get login credentials.
Vishing: Voice calls pretending to be bank officials to extract information.
Malware / Keyloggers: Installing malicious software to capture credentials.
SIM Swap Fraud: Taking over a mobile number to bypass OTP security.
Fake Banking Portals: Creating fraudulent websites resembling real bank portals.
Account Takeovers: Using stolen information to transfer funds.
Key Legal Provisions in India
IPC: Sections 420 (cheating), 403 (dishonest misappropriation), 406 (criminal breach of trust), 468 & 471 (forgery).
IT Act, 2000: Section 66C (identity theft), 66D (cheating by personation using computer), 43 (unauthorized access).
Banking Regulations / RBI Guidelines: Banks must report cyber frauds and assist law enforcement.
Case Laws – Online Banking Fraud
Case 1: State v. Rajat Mehra (Delhi, 2013)
Facts:
Rajat Mehra sent phishing emails to multiple bank customers, tricking them into revealing login credentials, and transferred ₹50 lakh to his accounts.
Issue:
Whether phishing emails and fund transfers constitute online banking fraud.
Judgment:
Convicted under IPC 420, 403 and IT Act 66C. Sentenced to 6 years rigorous imprisonment.
Significance:
Established phishing as a criminally punishable offence under IPC and IT Act.
Case 2: State v. Priya Nair (Bangalore, 2015)
Facts:
Priya Nair executed a SIM swap fraud, intercepting OTPs to divert funds from corporate clients’ accounts.
Issue:
Whether SIM swapping and OTP interception constitute online banking fraud.
Judgment:
Convicted under IT Act 66C, 66D and IPC 420. Sentenced to 7 years rigorous imprisonment.
Significance:
Confirmed SIM swap fraud as direct online banking fraud.
Case 3: State v. Suresh Kumar (Mumbai, 2016)
Facts:
Suresh Kumar used malware/keyloggers to capture login credentials from corporate employees’ computers and transferred funds illegally.
Issue:
Whether malware-based hacking constitutes criminal liability.
Judgment:
Convicted under IPC 420, 406 and IT Act 43, 66. Sentenced to 8 years imprisonment and assets attached.
Significance:
Demonstrated that malware hacking = serious cybercrime.
Case 4: Union Bank v. Cyber Gang (Mumbai, 2017)
Facts:
A gang targeted NEFT/RTGS online transfers, diverting funds to multiple fake accounts. Total loss: ₹3 crore.
Issue:
Liability of the criminals and role of the bank.
Judgment:
Criminals convicted under IPC 420 and IT Act 66D, with sentences of 6–9 years. The bank reimbursed affected customers following RBI guidelines.
Significance:
Highlighted dual accountability: criminals prosecuted; banks responsible for customer protection.
Case 5: State v. Amit Verma (Delhi, 2018)
Facts:
Amit Verma created a fake net banking portal to trick victims into entering credentials and transferred funds to his accounts.
Issue:
Whether phishing portal operations are online banking fraud.
Judgment:
Convicted under IPC 420, 468, 471 and IT Act 66C. Sentenced to 7 years imprisonment.
Significance:
Reinforced that fake banking websites = prosecutable cybercrime.
Case 6: State v. Sneha Gupta (Hyderabad, 2019)
Facts:
Sneha Gupta used vishing techniques to extract banking credentials and drained ₹60 lakh from corporate clients’ accounts.
Issue:
Whether social engineering constitutes online banking fraud.
Judgment:
Convicted under IPC 420 and IT Act 66C, 66D. Sentenced to 6 years rigorous imprisonment.
Significance:
Established voice phishing / social engineering = criminal offense.
Case 7: State v. Rohit Sharma (Chennai, 2020)
Facts:
Rohit Sharma used malware-infected apps on mobile banking users to intercept OTPs and login credentials.
Issue:
Whether malware apps targeting mobile banking constitute online banking fraud.
Judgment:
Convicted under IPC 420, 406 and IT Act 43, 66D. Sentenced to 7 years imprisonment.
Significance:
Confirmed mobile banking malware = punishable cybercrime, extending online banking fraud to mobile platforms.
Summary Table – Online Banking Fraud
| Case | Method | Laws Invoked | Outcome | Significance |
|---|---|---|---|---|
| Rajat Mehra (2013) | Phishing | IPC 420, 403; IT Act 66C | 6 yrs RI | Phishing = criminally punishable |
| Priya Nair (2015) | SIM swap / OTP | IPC 420; IT Act 66C, 66D | 7 yrs RI | Telecom manipulation = online fraud |
| Suresh Kumar (2016) | Malware/keylogger | IPC 420, 406; IT Act 43, 66 | 8 yrs RI | Malware hacking = serious cybercrime |
| Union Bank gang (2017) | NEFT/RTGS fraud | IPC 420; IT Act 66D | 6–9 yrs RI | Dual accountability: criminals & bank |
| Amit Verma (2018) | Fake banking portal | IPC 420, 468, 471; IT Act 66C | 7 yrs RI | Fake websites = cybercrime |
| Sneha Gupta (2019) | Vishing / social engineering | IPC 420; IT Act 66C, 66D | 6 yrs RI | Voice phishing = criminal offense |
| Rohit Sharma (2020) | Malware-infected apps | IPC 420, 406; IT Act 43, 66D | 7 yrs RI | Mobile banking malware = punishable |
Conclusion
Online Banking Fraud is prosecuted under IPC and IT Act provisions, with the following key takeaways:
All forms of unauthorized access, including phishing, malware, SIM swap, and vishing, are punishable.
Sentences generally range from 6–8 years with fines and asset confiscation.
Banks have dual responsibilities: protect customers and report cyber frauds.
Increasingly, mobile banking and digital wallets are included under online banking fraud investigations.
RELATED Blog
0 comments