Pune Citibank Mphasis Call Center Fraud

Facts:

It is a case wherein 2005, US $3,50,000 was transferred from the Citibank accounts of four customers residing in the US. This amount was dishonestly transferred through the internet to the bogus accounts in the US. Some employees of a Call Center gained the confidence of the customers from the US. By gaining the confidence of those customers they obtained their PIN under disguising as a helping hand to those customers to come out of difficult situations. Later these numbers were used in committing the fraud. The accused in the present case are Ivan Thomas, Siddhartha Mehta, and Stephen Daniel and other individuals who were not the employees of MphasiS.

Rule of Law

1. Section 43(a) of Information Technology Act, 2000: Penalty and compensation for damage to computer, computer system, etc. If any person without permission of the owner or any other person; who is in charge of a computer, computer system or computer network,-
   • (a) accesses or secures access to such computer, computer system or computer network 46 [or computer resource];
2. Section 66 of the Information Technology Act, 2000: Computer related offenses. If any person, dishonestly or fraudulently, does any act referred to in section 43. He shall be punishable with imprisonment for a term which may extend to three years. Or with fine which may extend to five lakh rupees or with both. Explanation. -For this section,-
   • (a) the word “dishonestly” shall have the meaning assigned to it; in section 24 of the Indian Penal Code (45 of 1860);
   • (b) the word “fraudulently” shall have the meaning assigned to it; in section 25 of the Indian Penal Code (45 of 1860).

Issues Raised

• Whether the present case falls within the domain of “Cyber Crimes”.
• Whether Sections 43(a) and 66 of Information Technology Act, 2000  are applicable in the present case.

Analysis

The accused in the present case are the ex-employees of MphasiS BFL’s Call Center in Pune. When they joined the Call center they were taught to have a friendly conversation with the global customers of Citiban; who calls for the problems related to their credit cards and bank accounts.  Call centers in India uses the highest security. The employees there are checked whenever they go in and out; to prevent the employees to copy down the account numbers. Therefore in the present case, the employees must have memorized the number and went to the cyber café; immediately after leaving the office and accessed the accounts of the Citibank customers.

The accounts were then opened in Pune and the money got transferred into those accounts. Later the customers complained about their money being transferred to the accounts in Pune and then the criminals got traced. The service they used to transfer the funds was SWIFT i.e., Society for Worldwide Interbank Financial Telecommunication. When the bank accounts were made in Pune, fake email accounts were also made. The original account holders never received the confirmations which they would have received during the transferring of funds. In March 2005, the money was being moved to a dozen bank accounts which were made with the help of two ICICI home loan agents whose role was to facilitate those illegal accounts. They were the non-BPO employees and also among the people who were arrested. Citibank had no idea of the transactions being made until one account holder of Citibank complained.

Citigroup Investigation Services in Mumbai were alerted and were headed by Rajendra Bhagwat. The team contacted the recipient banks and confirmed the fraud. Later when the main accused came to check the transfer in Rupee Co-operative Bank in Pune, the police immediately detained the suspects and made a total of 16 arrests. The arrests were made under the leadership of Sanjay Jadhav who is the Assistant Commissioner of Police.

This fraud raised many kinds of concern which includes the role of “Data Protection”. This crime was committed using the unauthorized access to the electronic account space of the customers. Therefore it can be concluded that this case falls within the domain of “Cyber Crimes”. Information Technology Act, 2000 is broad enough to accommodate these aspects of crimes which is not codified under the Act but is available in other statutes. Any offense under the Indian Penal Code, 1860 with the use of any electronic documents can be put at the same level as the crimes which are committed with written documents.

Therefore it can be observed that cheating, breach of trust, and conspiracy are applicable in the present case under the sections of the Information Technology Act, 2000. In the Act, the offense is recognized under Section 43(a) and Section 66. The liability for the damage to be paid to the victims also arises from which the adjudication process can be invoked.

Judgment

The Court held that Section 43(a) of IT Act, 2000 is applicable in the present case because of the presence of the nature of unauthorized access that is involved to commit transactions.  The accused are also charged under Section 66 of the same Act and Sections 420 i.e., cheating, 465, 467, and 471 i.e., forgery.

Conclusion

Cases like this happen all over the world but when it happens in India it is a matter of concern and such serious matter cannot be ignored. After analyzing this case, it can be concluded that there are many areas under cyber law which is still needed to be discovered and secured. The strict background check needs to be made compulsory for the companies while appointing call center executives. Though the background check cannot eliminate the possibility of the bad elements from entering and breaching the security still ensuring the checks should not be ignored while hiring the employees. National ID and National database which includes the name of the criminals with their criminal history. Also, the customers should be educated to not fall under such traps. Banks also need to strict their security systems. It is their responsibility to keep the money of the customers safe.

This fraud case made it obvious that the re-examination of corporate cultures and ethics is necessary. The type of corporate culture is required which places greater emphasis on the benefit of the job which is well done and also the worth of the individuals that are within the organizations rather than short term greed.