MUMBAI: Axis Bank has reported a cyberfraud of over Rs 2 crore. It was perpetrated by fraudsters who hacked a platform that the lender provided small cooperative banks to facilitate the electronic transfer of funds.
The fraud was reported by the bank’s Dhule branch to the district police station in respect of an account pertaining to Dhule Vikas Sahakari Bank. In the complaint filed with the police, the bank official said that it offered cooperative banks an online portal PayPro, through which they can offer fund transfer under real-time gross settlement (RTGS) and national electronic fund transfer (NEFT) to their customers.
On June 8, Dhule Sahkari Bank officials contacted Axis Bank and reported unauthorised transactions and sought freezing of the account. The police have filed an FIR under section 420 of the IPC, and section 43 and Section 66F of the IT Act. According to Axis Bank, the system requires authorisation by two persons — a maker and a checker — and both of them will receive a separate one-time password. Dhule bank had said that funds have been transferred without OTP.
According to Advocate Prashant Mali, a cyber expert, “If a bank is compromised so much that even OTP is not received by maker and checkers, then bank’s database itself may have been compromised.” He added that this could mean other cooperatives are also at risk.
According to Mali, Section 66F is wrongly applied in the case. “Section 66F is for Cyber Terrorism. Here the section should be Section 43(a) read with Section 66 for hacking into a computer system,” he said.
“We are looking into this matter and basis early investigations, we can confirm that there has been no compromise of Axis Bank systems. We understand that similar attempts have been made in the past at cooperative banks and counterparties, and we are investigating the incident thoroughly from all angles,” said an Axis Bank spokesperson in a statement.
The statement added that the bank invests heavily on all security aspects against cyber threats and has taken necessary action as required by internal control requirements and regulatory guidelines. In the police statement, Axis Bank official has said that prima facie it appears that someone has hacked into the system and stolen the bank’s data. On June 8, Rs 2.03 crore went out through 27 transactions, with money going into over a dozen private and public sector banks across the country.