(The case described below is an actual case. However, name/s of the bank and persons involved have been omitted / changed to protect their identity. Further, few descriptions have been added / modified by the author to give the case a flow.)
It was January 2000, when an e-mail was received by Shri Hiren Shah a top executive of a new private sector bank in India. Appearing to originate from a consulting private limited company, bearing sender’s name as Shri Linus Diav. Shri Diav stated in his e-mail that he had noticed a flaw in their computer system wherein amounts ranging from Rs.10,000 to Rs.15,000 could be withdrawn by anybody without the bank knowing about it. Shri Diav further demanded a payment of Rs.30 lakh for approaching the bank and explaining how such a thing was possible. He had given a mobile number and wanted the executive to call him back on the same day before 8:00 p.m. failing which he threatened to tell the story to anyone of his choice.
At the appointed time, Shri Shah called Shri Linus Diav on the mobile. Shri Diav repeated whatever he had already mentioned in his e-mail and stated that he was willing to come to the bank and meet Shri Shah only if Shri Shah could confirm that a cheque for Rs.30 lakh was kept. Shri Shah asked for time till 12:00 noon next day to give an answer, as he may have to consult some of his colleagues in the matter.
Next day Shri Daiv, called Shri Shah at 12:10 and Shri Shah told him that he will call back Shri Daiv. Shri Shah called back at 12:30 on the mobile number and engaged him in the conversation. Shri Daiv kept repeating his demand for Rs.30 lakh and gave a veiled threat to make the story public if Shri Shah did not agree. There was some disturbance on the phone and Shri Shah repeated that he may have to talk to CEO of the bank in the matter. Incidentally, Shri Shah had a phone with Caller-ID display and could tape the conversation.
The extortionist then sent an e-mail in which he repeated the threat to the CEO, who forwarded the same to Shri Shah. It was observed that the name of the sender was, however, mentioned as “Sunil Vaid”. The difference in the name aroused suspicion and the bank checked whether Shri Sunil Vaid had an account with the bank. The account was located with one of the metropolitan branch of the bank. It was observed that the account had a debit balance of Rs.13,906/-. The branch confirmed that their efforts to recover the money from Shri Sunil Vaid had proved futile. Details regarding residential and office address of the customer, his telephone and mobile numbers were also obtained. It was observed that telephone and mobile numbers of the customer were different from those of the extortionist.
Further, enquiries revealed that the phone number (land line) from which, the extortionist had called, belonged to a firm, whose premises were close to the apartment of the customer. Extortionist had given the ‘same name and address’, as that of the customer, to the mobile company while hiring pre-paid connection, mentioned by him in his first e-mail to Shri Shah.
Two days later, Shri Shah received another e-mail from the extortionist mentioning that as Shri Shah had not agreed to his demand, he was going to demonstrate on next day or the following day, the flaw in the bank’s systems in the presence of the journalists, editors of newspapers and news channels to discredit the bank. It was observed that this time too the name of the sender was mentioned as “Sunil Vaid” and not “Linus Diav” as in the first e-mail.
The matter was immediately referred to the police by lodging an FIR with complete details including copies of e-mails, transcription tapes of telephonic talk and copy of the account opening form. The culprit namely Shri Sunil Vaid alias Linus Diav, was finally caught by the police. It was also observed that there indeed was a flaw in the system, which allowed such overdrafts. The same was removed by suitable modifications in the application system.
1. Do you think even after rigorous testing by all concerned such flaws may still persist? If so, what action should be taken by the bank, when such flaws come to light?
2. What in your view enabled the bank not to succumb to the pressures of the extortionist as well in nabbing him
Extortion Case – Response , By: Supriyo Bhattacharje...