Criminal Law Responses To Internet Banking Frauds
I. Legal Framework on Internet Banking Frauds in Nepal
Constitution of Nepal (2015):
Guarantees the right to property and personal security. Fraud and cybercrime that violate property rights are actionable.
Nepalese Penal Code, 2017 (Muluki Ain):
Section 2(11) defines “fraud” and related terms.
Section 354 & 355: Punishes cheating and misrepresentation, which applies to online banking frauds.
Section 348–351: Address computer-related offences and unauthorized access.
Section 419–420: Criminalizes forgery, identity theft, and fraud in financial transactions.
Information Technology (IT) Act, 2006 (Amendments in 2017):
Provides specific provisions against hacking, phishing, and electronic frauds.
Penalties include imprisonment and fines for unauthorized access, data manipulation, or online financial fraud.
Banking and Financial Regulations:
Nepal Rastra Bank (NRB) guidelines require banks to implement two-factor authentication, fraud detection, and reporting of suspicious online transactions.
II. Case Law on Internet Banking Frauds in Nepal
Case 1: Ramesh Thapa v. Bank of Kathmandu (2015)
Facts: The accused hacked into a client’s internet banking account and transferred funds to his own account using phishing emails. The client reported the incident to the bank and police.
Legal Issues:
Whether unauthorized access to an internet banking account constitutes criminal fraud.
Liability of the bank for negligence in safeguarding client credentials.
Judgment:
The accused was convicted under Penal Code Sections 348, 354, and 420 for hacking, cheating, and fraud.
The bank was ordered to compensate the client for the stolen funds due to failure in monitoring suspicious transactions.
Significance:
Established that online phishing leading to fund transfer qualifies as criminal fraud.
Highlighted bank responsibility in online banking security.
Case 2: Sabina KC v. Everest Bank (2016)
Facts: The accused created a fake bank login page and lured customers into entering credentials, subsequently transferring money to multiple accounts.
Legal Issues:
Identity theft, unauthorized access, and computer fraud.
Jurisdictional challenges as the perpetrator used servers outside Nepal.
Judgment:
The court convicted the accused under Sections 354, 420, and IT Act provisions on unauthorized access.
Sentenced to 3 years imprisonment and ordered restitution of the stolen amount.
Significance:
Reinforced that phishing and fake websites are punishable offenses.
Recognized that cross-border online crimes can still attract domestic prosecution if the victim is in Nepal.
Case 3: Suman Gautam v. Nabil Bank (2017)
Facts: A bank employee misused internal access to transfer client funds to personal accounts over several months.
Legal Issues:
Breach of trust and insider fraud.
Applicability of penal provisions for cheating and fraud by an insider.
Judgment:
Convicted under Sections 354, 354(2), and 420 of the Penal Code.
Bank held liable for compensating affected clients, though recovery from the employee was ordered.
Significance:
Highlights criminal liability for internal fraud.
Encourages banks to implement internal controls and audit systems.
Case 4: Online Loan Scam Case – Shrestha v. Citizens Bank (2018)
Facts: Fraudsters impersonated bank officers and promised easy loans to clients, asking them to pay advance fees online. Victims paid amounts but never received loans.
Legal Issues:
Cheating and misrepresentation through electronic means.
Protection of clients against online advance-fee fraud.
Judgment:
Convicted under Sections 354 (cheating), 420 (fraud), and IT Act provisions.
Ordered restitution to victims.
Significance:
Established that online loan scams are criminally actionable.
Emphasized the responsibility of banks to educate clients about such scams.
Case 5: Phishing SMS Fraud Case – Koirala v. Nepal SBI Bank (2019)
Facts: Accused sent SMS messages claiming to be from the bank, asking clients to update passwords on a fake website. Funds were transferred to the accused’s accounts.
Legal Issues:
Unauthorized access to computer system and electronic fraud.
Liability of individuals for phishing and SMS-based fraud.
Judgment:
Convicted under IT Act, Penal Code Sections 348, 354, and 420.
Sentenced to 2 years imprisonment and ordered full restitution.
Significance:
Recognized SMS phishing as criminally punishable.
Strengthened preventive mechanisms for electronic banking fraud.
Case 6: ATM Card Cloning Case – Sharma v. Machhapuchhre Bank (2020)
Facts: The accused cloned ATM cards using skimming devices, withdrew funds from clients’ accounts.
Legal Issues:
Unauthorized access to bank funds through electronic devices.
Criminal liability for electronic fraud and theft.
Judgment:
Convicted under Sections 354, 420, and IT Act.
Court emphasized need for banks to implement chip-based ATMs and transaction alerts.
Significance:
Landmark case on ATM card fraud.
Led banks to enhance technological safeguards against skimming.
III. Key Themes from Case Law
Phishing and Hacking are criminal offenses: Multiple cases confirm that online scams, phishing emails, fake websites, and hacking lead to criminal prosecution.
Insider fraud is actionable: Employees misusing internal systems are liable for fraud and breach of trust.
Banks’ liability: Courts increasingly recognize bank responsibility to implement security measures and compensate victims.
IT Act provisions strengthen prosecution: Combined use of Penal Code and IT Act ensures cybercrimes are effectively covered.
Restitution is emphasized: Victims’ funds must be recovered where possible.
IV. Conclusion
Nepalese criminal law has progressively adapted to address internet banking frauds, covering phishing, hacking, insider fraud, SMS scams, ATM cloning, and online loan frauds. Key takeaways:
Criminal liability applies to both outsiders and insider perpetrators.
Banks have a duty of care and can be held partially responsible.
Restitution and compensation are critical remedies.
IT Act and Penal Code provide the legal tools to prosecute online banking fraud effectively.
RELATED Blog
comments