E-Commerce transactions and cyber crime

PREFACE:

In the recent years there has been tremendous increase in the penetration and use of Information and Communication Technologies (ICT) in all spheres activities including commerce. New cellular technologies, web-based networks, community ICT access points in the remote parts of the world have ushered in an era when even the most remote parts of the world will be connected through affordable high bandwidth Internet connections.

In order to harness these new ICT applications for e-commerce, it is important to understand the need for an underlying legal framework that is needed to support such ‘online’ commerce activities in a non-physical ‘virtual’ environment.

INTRODUCTION:

E-commerce basically refers to the electronic transactions on the Internet or any other open networks. Such transactions can be divided into two categories:

1. Those that involve the sale of physical goods and services;
2. Those that involve the direct, on-line transfer of information and digital goods and services (e.g. software, music-on-demand, video-on-demand).

In the first category, the Internet or any other open network is used as the medium for order placement, acceptance and even payment, but the delivery of goods and services to the consumer is via the traditional physical mode.

In the second category, the Internet or any other open network is used as the medium of communication as well as the medium of exchange. Because e-commerce takes place on the Internet or any other open network in a ‘face-less’ manner (i.e. the buyer and seller do not see each other face-to-face), it is necessary to have e-commerce laws to protect both the merchant and the customer.

E-COMMERCE VERSUS CYBER CRIMES:

Success in the field of E-Commerce does not depend on the access and connectivity alone as a strong legal back up is required to support all types of ‘virtual’ contracting and as well as transactions between parties. E-commerce could be particularly important for the development of small- and medium-size enterprises if they are safeguarded from the threat of ‘unknown’ bandits of the Internet.

For such purpose, India has made some progress in legalizing the electronic contracts format and electronic transactions through authentication of the electronic documents and records. On the other hand, to prevent misuse of the Internet in e-Commerce there are some Indian laws are already in place to tackle cyber crime into its cyber law with stipulated punishment in the form of imprisonment and fines.

In the light of fact, Crime is an act of commission or omission which is prohibited by the law of the land and the Cyber-Crime is the latest category of the crimes by wire added to such a list of crimes. Though many time dangerous and affect millions of people in a matter of  seconds, the fast changing nature of technologies associated with it makes it the most difficult area of human behaviour to be controlled by law. Though cyber-crimes travels trans-border to hit its victims, the most striking drawback of the cyber law scenario is the absence of a set of all encompassing set of Cyber Laws.

India enacted the first Information Technology Act, 2000 based on the UNCIRAL model recommended by the general assembly of the United Nations by a resolution dated 30th January,1997. The Preamble to this Act gives a very clean picture in this regard.

 Chapter IX of the Information Technology Act, 2000, under

Section 43 restricts the damage to Computer, computer system, etc.

It states that if any person without the permission of the owner or the person in charge of a computer, computer system or computer network- accesses or secures access to such computer, computer system or computer network downloads, copies or extracts any data, computer database information from such computer, computer system or computer network including information or data held or stored in any removable storage medium.

Introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;

Damages or causes to be damaged and computer, computer system or computer network, data, computer database or any other programmes residing in such computer, computer system or computer network;

Disrupts or causes disruption of any computer, computer system or computer network;

Denies or causes the denial of access to any person authorized to access any computer, computer system or computer network by any means;

Provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made there under;

Charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system or compute network he shall be liable to pay damages by way of compensation not exceeding One Crore Rupees to the person so affected.

Further, Chapter XI of this Act deals with offences/crimes along with certain other provisions scattered in this Acts. The various offences which are provided under this chapter are -Tampering with Computer source documents

Section 66- Hacking with Computer systems

(1) Whoever with the intent of cause or knowing that is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking.

(2) Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend up to Two Lakh Rupees, or with both.

Section 71-Misrepresentation

Whoever makes any misrepresentation, to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any license or Digital Signature Certificate, as the case may be, shall be punished with imprisonment for a terms which may extend to two years, or with fine which may extend to One Lakh Rupees, or with both.

Section 72-Breach of Confidentiality and Privacy

Save as otherwise provided in this Act or any other law for the time being in force, if any person who, in pursuance of any of the powers conferred under this Act, rules or regulations made thereunder, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to One Lakh Rupees, or with both.

Section 74- Publication for Fraudulent purpose

Whoever knowingly creates, publishes or otherwise makes available a Digital Signature Certificate for any fraudulent or unlawful purpose shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

TRANSACTIONAL CYBER CRIMES:

All frauds related to banking online loom large on the E-Commerce horizon starting a debate on the liabilities of Bankers for the losses suffered by their clients due to such frauds. In India, the liability is considered in the context of "Due Diligence" exercised by the banks and as such password access security system used by the banks is open to losses arising out of password theft etc. The Cyber Crime Complaints and Resolution Assistance Centre, received a complaint from an NRI stating that more than Rs 6 lakhs has been fraudulently withdrawn from his account after the recent phishing attack on the customers of ICICI Bank. In this case the withdrawn amount has been transferred to another account in the Bank at Mumbai before being withdrawn.

CONCLUSION:

E-Commerce especially E-Payment in the light of prevailing trend in the cyber-crimes poses a challenge for all. In remote areas like Northeast India, the added challenge is lack of cyber law manpower, inadequate surveillance infrastructure because of the ‘internal digital divide’ which exists in India. The major problems related to infrastructure include frequent connectivity failure; low bandwidth for Internet, high costs of Internet, unavailability of dedicated data service networks and closed financial networks including frequent power interruption. Lack of proper legal and regulatory framework in many specific areas of E-Commerce is a clear indication of the main challenges of E-Commerce today.