Thursday, December 22, 2011

Is ICICI Online Banking System Cyber Secure?

Online banking transactions in India and electronic banking in India are in a real mess. Thanks to the defunct cyber law of India, inadequate cyber security mechanisms like encryption usages for banks, ignoring the cyber security due diligence requirements prescribed by Reserve Bank of India (RBI) and many more such issues.

Naturally, online banking risks in India have increased tremendously. We have no dedicated Internet or e-banking laws in India. Further, online banking systems in India are not cyber secure. Even mobile banking in India is risky.

This position is obvious if we analyse the present trends occurring in India. For example Citigroup had recently confirmed cyber attack upon bank’s network. It is also well known that a timely and appropriate cyber due diligence could have prevented such attacks and various cyber frauds that are growing in the banking sector of India.

Now it has been reported that a proof-of-concept virus has been developed by a security professional to attack the ICICI Online banking using the Man-in-Middle / Man-in-Browser attack method. It shows what an attack can do to an online banking customer who uses ICICI online banking facility and how it can result in financial loss.

Naturally, cyber security of banks in India is not in order at all. Cyber Security Policy for Banks in India is an issue that is very important for Banks of India, says Praveen Dalal, managing partner of New Delhi base ICT law firm Perry4Law and leading cyber law expert of India. With the growing use of Internet Banking, ATM machines, Credit and Debit Cards, Online Banking, etc, Banks of India must also upgrade their Cyber Security Infrastructure and establish a Cyber Security Policy, suggests Dalal.

An integrated modern banking law for India is in pipeline and it would be a good idea to make it techno legal in nature so that it can address cyber crimes and cyber security in a more effective manner. Corporate and banking laws in India are in the process of being streamlined. RBI has even issues a notification prescribing enhanced due diligence measures for high risks customers in India. RBI is planning to boost ATM security in India. On similar lines, RBI must curb online banking crimes and frauds in India.

Banks in India need to adopt techno legal measures to prevent ATM and other similar financial frauds and cyber crimes. Further, cyber due diligence trainings for bank employees can also be beneficial in this regard. Banks must also appoint steering committees and CIOs as soon as possible.