Case Studies Various

Sources of Frauds in
ADCs
Case I: Delhi Police Arrest 22-Year-Old ATM Fraud
NEW DELHI: With the arrest of a 22-year-old youth, Delhi Police today claimed
to have solved five cases of cheating ATM users by blocking the cash dispensing
machine.
The accused, identified as Pintu Kumar, hailing from Jahanabad, Bihar, was
arrested by the staff of Badarpur Police Station yesterday. Five cases of cheating of
different areas in southeast with similar modus operandi have been solved, police
said. On May 6, one Madan Kumar had reported to police that Rs 25,000 have
been withdrawn from his account through ATM in three installments
(10,000+10,000+5,000) at the same time and date.
A case was registered by police in this connection and investigation was taken up.
Police observed that in the recent past, there was a spurt in the incidents of
cheating at ATMs with users failing to withdraw money, but cash being debited
from their accounts. During investigation, the police team verified the records of
all those criminals had a similar modus operandi.
"Finally, we zeroed in on one Pintu Kumar who had earlier been arrested in a
similar case. Yesterday, tip off was received that he would come in the area of
Badarpur for committing the crime. A trap was laid and at about 12:40 PM, Pintu
Kumar came there on a motorcycle with broken number plate and was caught,"
said DCP (southeast) Mandeep Randhawa. During interrogation, he admitted his
involvement in several cases of cheating committed at ATM centers by blocking
some buttons of the machine. He disclosed that he had learnt this modus operndi
through internet on "ATM hacker video.com".

To cheat the ATM users, he along with his accomplice fixed (*), (#) and (cancel)
buttons of the ATM machine with the help of pieces of blades and Fevikwik. After
that, one of them remained inside the booth. When anyone used the machine, he
noticed the Password of the ATM user. Since some buttons were already blocked,
the machine remained hanged, he said. When the user left the ATM, Pintu released
the button with the help of a pin and withdrew the money using the password of
the customer.
They used to target ATMs situated in rural areas where mostly clients do not know
how to operate the machine. They even asked their password and changed their
ATM card very cleverly and as the client left the place, they withdrew the amount
with the actual ATM card, police said.
Crux of the case
The case which was filled took place in badarpur, New Delhi.
It was an incident of atm fraud as police claimed there were many more past solved
cases same as mentinoned.
The offence was dispensing of cash from ATM in a fraud manner.
The fraud illegaly dispenced cash from the victims account after the consecutive
failed transaction attempts by the victim.
The source says that the fraudester by blocking some buttons of the ATM machine
commited the fraud.
The fraudester while interrogation accepted his involvement and said that they
learnt this from a site.
These types of cases are majorly reported in the rural areas where the people are
not awared about these kind of crimes and are no trained well to operate ATMs
provided to them.
Such fraud could have happened in various ways by gaining the trust of the user
and then taking out the confidential information.
By using tricks and or manipulating the atm machine in an unauthorized manner.

How such frauds could have been prevented?

The victim could have avoided the fraud from happening if they were awared
about the do's and dont's while using ATM
As it was mentioned that the buttons were jammed by using adhesive material, the
victim could have waited till the time out screen shows up (which generally takes
3-4 mins at maximum)after the failure of transaction the fraud could have been
avoided.
The victim after the failure of transaction could have tapped the cancel button and
by waiting till the cancel transaction notification pops out . The fraud could have
been easily avoided.
In some cases due to lack of attention while using ATM and simultaneously doing
some other work like use of cell phone results in frauds. These can be easily
avoided by paying proper attention while transactions
Finally the best prevention towards such types of cases is to aware customers
about the various do's and dont's regarding ATM services and the consequences if
the steps are not followed.

Case II: Online bank fraud again, woman duped of Rs 35,000

Another case of cyber crime in March has come to light and the victim is again a
woman, like the previous case that reportedly took place the same month.
According to the woman who has filed a complaint with police, online transfer of
money was carried out without her knowledge. Police have booked a suspect, who
is believed to have called up the woman to get her to divulge information
pertaining to the bank account to later transfer money without her consent. The
victim of the latest cyber crime is 33-year-old Sayara Pathan of Pimple Nilakh who
has registered a complaint with Sangvi police. Police, acting on her complaint has
booked Amankumar Gupta (a fictitious name suspected to have been used by the
fraudster to evade detection.) The cops have invoked section 420 (cheating) of the
Indian Penal Code and sections of the Information Technology (IT) Act in the case.
Assistant police inspector S V Gade is investigating the case.

Police said Sayara got a call from the man on her cell phone last month. He
claimed to be a bank officer and asked details of ATM cards she had for her
accounts with the State Bank of India and the Bank of Maharashtra. She shared the
information with him and he allegedly misused it to withdraw Rs 34,890 from her
bank account without her consent through illegal online transactions. Police said
the crime took place on March 16-17. Police suspect Amankumar Gupta is not the
real name of the fraudster. Earlier, in a similar case, another woman, Kalpana
Mahajan (53), of Akurdi was cheated of Rs 1.1 lakh by unidentified online
fraudsters. She lodged a complaint at Nigdi police station. Police said a man
claiming to be a bank officer called Mahajan on her cell phone on March 8, 2015.
He asked Mahajan to part with personal information and details of her bank
account. Using these details he allegedly transferred Rs 1.10 lakh from Mahajans
account without her consent through illegal online transaction. Police said people
should be aware of such fraudulent phone calls and avoid sharing personal details
with anybody. Police said anybody getting such calls should cross-check with bank
officials whether the calls are authentic, before sharing personal information.

Police said Sayara got a call from the man on her cell phone last month. He
claimed to be a bank officer and asked details of ATM cards she had for her
accounts with the State Bank of India and the Bank of Maharashtra.

CRUX OF THE CASE NO-2

The case is of internet fraud in which a lady is the victim and suffers lose of
34000/-.
The woman lodged a complain with the police and a suspect is been taken into
custody.
It was mentioned that some anonymous call was attended by the woman and the
caller called as a bank officer and asked the details regarding her ATM cards.
After sometime money was tranfered using her internet banking without her
consent for which she filed the case.
HOW THE FRAUD COULD HAVE BEEN PREVENTED?
At the very beginning the fraud could have been prevented if the victim would
have known that banks do not call or communicate in any manner and ask for a
customers personal details like card number, cvv no. etc.
The fraudster must have planned this in a fool proof manner. The customer should
always take care of there passwords, and registered phone numbers.
As internet transfer is not possible without the otp send to the customers registered
phone number, one should not disclose any sensitive information which may led to
the duplicacy.
Case IV: Single mum duped out of savings
Ms W was called by someone who said they worked at Visa. She was told that her
account had been compromised and that she must phone her bank immediately
using the number on the back of her card. Fearing for the safety of her savings
which were many thousands of pounds Ms W went on to make an online bank
transfer to a safe account under the instruction of the fraudster. By the time she

realised that she had been scammed there was no money left in the recipient
account. Ms W, a single mum, had been saving for essential repairs to her home.
Not only were these repairs impossible following the fraud, she was also left in
financial difficulty. The bank offered Ms W 100 for the distress it had caused by
suggesting, at an early stage, that she might get her money back. But it was
explained to Ms W that because she had made the online transfer herself, the bank
could not have known the transaction was fraudulent and therefore the bank was
not to be blamed.
The distressing impact of these no hang-up frauds isnt only down to the size of the
sums of money involved. It is often made worse because, due to the way the fraud
is carried out, it may be extremely difficult (or impossible) for consumers to get the
money back.
Vishing (voice phishing) is the criminal practice of using the phone to defraud,
dupe or mislead someone. A particular form of vishing thats caused concern is the
no hang-up scam. Here, fraudsters usually posing as the police or a bank
persuade consumers that their account is at immediate risk. Fraudsters tell
consumers that they need to move or withdraw their money urgently to keep it
safe, using a technical trick on the phone line to add to the plausibility of the scam
and to gain access to consumers private personal and financial information.
Ques. Do you think the fraud could have been prevented?

Case V: Identity theft

Identity theft is when an individual's personal or confidential information is
obtained by another person without their knowledge. Identity fraud occurs when

fraudsters use this information to obtain credit, goods or other services in that
person's name.
Identity Fraud case study
Marc, a 22 year old assistant manager, never gave much thought to Identity Fraud
until he received an email from a bank telling him that his application for a credit
card was being processed.
Marc hadnt applied for a credit card so he contacted the bank immediately and
cancelled the application.
Unfortunately the fraudster who had got hold of Marcs date of birth, email and
postal addresses among other bits of key information, had applied for other loans
and credit cards and Marc continued to receive emails alerting him to new
applications under his name.
Marc contacted the police. He was extremely worried about the extent of the
fraudster's activity and the effect this would have on his credit score. It was time
consuming to cancel each application and get them removed from the lenders
records.
Marc joined a credit reference agency to check his credit report. He then found
further applications in his name that were fraudulent. The agency stepped in to
help Marc, and a note was attached to his credit report explaining that he had been
the victim of attempted ID Fraud.
Marc said Before this happened I never thought twice about ID Fraud and
certainly didnt think Id end up becoming a victim of it. Im now extremely
vigilant about getting rid of my confidential information to make sure that its not
out there for fraudsters to exploit.

Ques. Do you think the fraud could have been prevented?

Case VI: consumer unaware of purpose of passcode text message

Mr R was called by someone who said they worked for a centralised bank fraud
team. He was told that suspect activity had been detected on his accounts and he
was advised to call his bank. Mr R did this immediately using the number on the
back of his bank card not realising it was an elaborate scam. He gave security
information to the fraudsters believing they worked for the banks fraud
department. Mr R then received a genuine text message from his bank. The
fraudster asked for the code and said this would cancel a fraudulent transaction.
But Mr R hadnt used online banking or passcodes before and didnt realise that
he was in fact authorising a transaction for many thousands of pounds from his
account to the account of the fraudster. The consumer is giving away information
all the time during the fraudulent call. It may be hard for them to decipher or
remember what they told the criminal. Michael Ingram, senior ombudsman 25
When it came to light that Mr R had been defrauded, his bank refused to refund the
money, saying Mr R had shared his personal banking details and validated the
transfer. But the ombudsman disagreed because although Mr R had given the
passcode to the fraudster, it was the fraudster who typed it in and confirmed the
transaction. Mr R had no previous experience of passcodes, and so believed what
the fraudster told him about the purpose of the text message. We upheld Mr Rs
complaint and he received a refund from the bank.

Case VII: consumer held liable for disputed debit card transactions
Acting as executor of his late wife's estate, Mr M contacted the bank about a
number of disputed cash machine withdrawals that had been made from his late
wife's savings account.
The withdrawals, totalling over 6,000, had been made with the card that had been
issued on the account. And the transactions had all taken place during the twomonth period when Mrs M had been seriously ill in hospital, following a stroke.
Mr and Mrs M's grandson, Mr J, had subsequently been convicted for the theft of
the money. Mr J no longer had the money, so it was not possible to recover it from
him. And the bank refused to refund Mrs M's account as it considered she must
have been "grossly negligent in her care of the card and PIN".
Complaint upheld
Mr M did not dispute that his grandson had made the withdrawals. The
circumstances in which Mr J had obtained the card and PIN were distressing and
unusual. He had arrived at his grandparents' home shortly after Mrs M had a
stroke. He had then stolen the card and PIN notification while Mr M was
preoccupied with attending to his wife and waiting for the ambulance to take her to
hospital.
The bank said that, under the terms and conditions of the account, Mrs M was
liable for the withdrawals if she had failed to act with reasonable care. In its view,
by keeping her card together with the PIN notification she had failed to act with
reasonable care.
However, under the Banking Code a customer's liability is limited unless they
acted fraudulently or with gross negligence. Clearly, there was no suggestion that
Mrs M had acted fraudulently. So the issue we had to decide was whether, in
keeping a note of her PIN with the card, Mrs M had been grossly negligent.
Except when Mrs M took her card out of the house in order to withdraw cash, she
had always kept it, together with the PIN notification, in a small box. This was
hidden in a small cabinet in an upstairs room of the house. The card and PIN would
not, therefore, have been accessible to any casual visitor.

It was reasonable to conclude that Mr J had only discovered the whereabouts of the
card and PIN because, over time, he had been able to search through the house
while visiting his grandparents.
In all the circumstances, we did not consider Mrs M could fairly be said to have
acted with gross negligence. We upheld the complaint and said that Mrs M's estate
should be compensated by the bank re-working her account (including interest) as
though the disputed withdrawals had never been made.

CRUX OF THE CASE

The case was filed by the husband of the customer who died recently because of a
stroke. The complaint was filed regarding the withdrawal from her late wife which
was done while she was seriously ill. The accused were the grandsons of the
customer. While investigation it was found that while visiting their grand parents
home the accused had gained access of the atm card along wid the pin as both were
kept by the customer together in a cabinet. The bank denied to compensate for the
loss as the said that it was the case of negligency from the customers end as it is
always suggested to keep the card and pin separately or to destroy the pin physical
evidence after memorizing it. However the customer never took the pin and card
together outside the house. Ultimately bank had to compensate for the disputed
withdrawal including interest as it was ordered that the customer could not be
fairly to be said to have acted with gross negligence.

HOW THE FRAUD COULD HAVE BEEN PREVENTED?

The fraud could have been prevented just by following these measures
If the ATM card and pin was not kept together as always advised by the bank
If the letter containing the pin had been destroyed after memorizing.
If the pin had been changed as it is always advisable by the bank to do so.

Case VIII: Bank alters its record of customer's details to show a

false name and occupation
Mr K, who had a current account and a credit card account with his bank, was very
surprised to receive a credit card statement with the wrong name on it. The
statement was clearly his, as the account number and all the transaction details
were correct. However, the name on the statement appeared to have been made up
and not a genuine name at all.
After making a number of phone calls to the bank, Mr K was eventually told that
the name change had come about because of a "systems error". The bank sent him
a cheque for 25 for his out-of-pocket expenses in having to pursue the matter.
Although the name on the cheque was closer to his own name than the name on the
statement had been - it was still not right.
Given this further error, Mr K remained most concerned about what was happening
on his account. When he pursued the matter further, he discovered that the bank's
record of his occupation stated that he was a "professional shoplifter". Mr K then
brought his complaint to us.
Complaint upheld
It soon became clear that the alterations to Mr K's details on his credit card account
had not come about as a result of a systems error, as the bank had told him. The
changes had been made deliberately, by a member of the bank's staff.
The bank had compounded the problem by failing to get Mr K's name right when it
sent him a cheque. It had also taken several months to amend his name on his
credit reference history. The overall effect of all this was that Mr K was caused a
significant degree of distress and inconvenience. We said the bank should pay him
500 compensation for this.

HOW THE FRAUD COULD HAVE BEEN PREVENTED?

The victim could have avoided the fraud from happening if they were awared
about the do's and dont's while using ATM

As it was mentioned that the buttons were jammed by using adhesive material, the
victim could have waited till the time out screen shows up (which generally takes
3-4 mins at maximum)after the failure of transaction the fraud could have been
avoided.
The victim after the failure of transaction could have tapped the cancel button and
by waiting till the cancel transaction notification pops out . The fraud could have
been easily avoided.

Case IX: Disputed ATM Withdrawals

Mr Lal and Ms vandana disputed a large number of ATM withdrawals, totalling

$27,000, made from their line-of-credit account over a three-year period with their
debit cards. They acknowledged receiving monthly statements, but said they were
only concerned with the closing balance. They only made a detailed check when
they noticed that their home loan was not reducing as quickly as they had expected.
They provided a detailed list of disputed transactions to the bank, but conceded
that some of the withdrawals would have been their own. They claimed that access
to their account could have been gained internally by the bank, or via a hacker on
the internet.

The bank declined to make any refund. It said it was not clear why some
transactions were disputed and others were not. It also noted that Mr Lal and Ms
Vandana had not disputed any transactions on their credit card account, yet on
some days, valid credit card purchases occurred in the same suburb as disputed
debitcardwithdrawals.
FACTS:
Facts that came up during the investigation included that:

-Both debit cards were used, but most of the disputed withdrawals were made with
Mr Ls card; both cards had bank-generated PINs; on two occasions it seemed
that disputed ATM withdrawals had been used to make payments to the credit card
account; on one occasion a disputed withdrawal was followed by a valid
withdrawal only one minute later; and on at least one occasion there was a disputed
cash withdrawal using a debit card on the same day that one of the disputants used
a credit card to purchase goods in the shopping centres.The case manager found
that there was nothing to support the contention that account access was gained
internally by the bank or via a hacker on the internet. There was also no
information to support a possibility that an unauthorized third party had gained
access to the cards and PINs. On the weight of information, the case manager
concluded that the most probable explanation for the disputed transactions was that
they had been made by the applicants themselves. The bank was not asked to
compensate the applicants
HOW THE FRAUD COULD HAVE BEEN PREVENTED?
The fraud could have been prevented just by following these measures
If the ATM card and pin was not kept together as always advised by the bank
If the letter containing the pin had been destroyed after memorizing.
If the pin had been changed as it is always advisable by the bank to do so.

Case X: Unauthorized Credit Card Transaction

Ms K applied for a credit card but says the application was declined and she never
received the card. Sometime later, Ms K was contacted to make payments on a
debt of $1,000 owing on the credit card account. Although Ms K did not believe
she was responsible for the debt, she became nervous when the bank threatened to
list the default with a credit reporting agency. She reluctantly agreed to repay $50
per month towards the debt. MS K then received a letter from a collection agency
demanding repayment of the full amount of the debt. Ms K contacted the bank to
ask how the account could have been opened in her name when her application
was declined. She requested copies of the identification that had been shown when
the account was opened, but she was advised that she would have to pay a fee for
the debt. A default listing was subsequently entered against Ms Ks name and when
this was discovered, Ms K wrote to the Financial Ombudsman Service requesting
assistance. The. dispute was referred to the bank for its consideration. The bank
conducted an investigation into the matter and advised that its records showed that
the credit card application had, in fact, been approved but that it was not able to
confirm that Ms K had received the card. The bank accepted that the card may
have been used fraudulently by a third party, and the dispute was promptly
resolved with the bank agreeing to extinguish Ms Ks liability for the debt and
removing the default listing.

Ques. Do you think the fraud could have been prevented?