12. A bank employee nserts a program, into a bank’s server, that deducts small amount of money, to say Rs. 2/- a month, from the account of every customer. NO account holder probably notice this unauthorized debit but The bank employee will make a sizable amount of money every month. Discuss how the Inform Technology Act handles such financial crimes

Posted on by Sunny Shettipalli

1. Facts of the Case

A bank employee, leveraging his access to the bank’s internal systems, clandestinely inserts a program into the bank’s central server. The program is designed to automatically deduct a small amount—say Rs. 2 per month—from every customer’s bank account. Given the negligible value, most customers are unlikely to notice the unauthorized debits.

With thousands or even millions of accounts under the bank’s domain, the employee accumulates a significant illegal profit every month. These small amounts are redirected or stored in a separate account under his control, masked by the system’s complexity.

This act constitutes a calculated and premeditated financial cybercrime, exploiting trust, access, and technological knowledge.

2. Issues in the Case

1. Is the insertion of a hidden program into the bank’s server a punishable act under Indian law?

This raises the question of whether unauthorized programming actions constitute a criminal offense under Indian cyber and financial laws.

2. Does the deduction of Rs. 2 per customer qualify as financial fraud, even if customers are unaware or don’t report it?

The quantum of money may be small per person, but the aggregate impact is significant. The question is whether intent and system manipulation suffice to make it a crime.

3. Can the act of siphoning money via computer programs be prosecuted under the Information Technology Act, 2000?

The heart of this case lies in whether such cyber-manipulation for financial gain is covered under the IT Act and related provisions.

4. What role does employee trust and data access play in defining liability?

Does internal access to systems absolve or aggravate the offense committed?

3. Legal Principles Covered Under the IT Act, 2000 and Related Laws

The Information Technology Act, 2000 deals with unauthorized access, data manipulation, and financial frauds done using computers or digital systems. The bank employee’s actions fall under multiple sections.

Section 43 – Damage to Computer, Computer System, or Network

This section penalizes anyone who:

  • Accesses a computer without permission
  • Introduces any computer contaminant or virus
  • Damages or disrupts data, system, or programs

The employee inserted a program without authorization, causing financial loss—meeting the criteria for punishment under this section.

Section 66 – Computer-Related Offenses

If the act under Section 43 is done dishonestly or fraudulently, Section 66 applies. The bank employee clearly acted with fraudulent intent, making this section a strong basis for prosecution.

Penalty: Imprisonment up to 3 years or fine up to Rs. 5 lakhs or both.

Section 66C – Identity Theft

If the employee misused account credentials or masked identities while transferring the money, Section 66C becomes relevant. Using or manipulating digital signatures, passwords, or unique IDs to commit fraud falls under this provision.

Section 66D – Cheating by Personation Using Computer Resources

If the employee impersonates systems or users to redirect money to himself, this section may apply. It deals with cheating and fraud using computer systems.

Penalty: Imprisonment up to 3 years and fine up to Rs. 1 lakh.

Indian Penal Code (IPC) Support

  • Section 420 – Cheating and dishonestly inducing delivery of property
  • Section 409 – Criminal breach of trust by public servant or banker
  • Section 379 – Theft

IPC provisions supplement the IT Act in cases involving financial fraud and misuse of official position.

4. Possible Judgement

If the Accused is Found Guilty

The court is likely to:

  • Convict the employee under Sections 43 and 66 of the IT Act for unauthorized access and fraudulent activity.
  • Add charges under Section 66D for cheating through computer resources.
  • Apply IPC Sections 409 and 420 for criminal breach of trust and cheating.
  • Impose imprisonment of up to 3–7 years, monetary fines, and confiscation of assets gained from the fraud.
  • Direct the bank to refund customers if losses were incurred and tighten cybersecurity policies.

If There Is Insufficient Evidence

In rare cases, if the prosecution fails to prove:

  • The employee’s intent
  • Direct link to the program
  • Money trail to personal benefit

The court may acquit but may still issue strong directions to the bank to strengthen IT controls and internal audits.

Wider Implications and Judicial Recommendations

The court may recommend:

  • Regular source code and system audits
  • Use of fraud detection AI tools
  • Zero-trust policy for employee access to critical infrastructure

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *