Friday, January 21, 2011

RBI Mandated Cyber Due Diligence For Banks In India

The Reserve Bank of India (RBI) has recently released a report of its working group on information security, electronic banking, technology risk management, and cyber frauds.

The report covers various areas such as IT Governance, information security (including electronic banking channels like internet banking, ATMs, cards), IT operations, IT services outsourcing, Information System Audit, Cyber frauds, business continuity planning, customer education and legal issues.

The report has also issued many guidelines that Indian banks would be required to follow in order to provide safe and secure technology driven banking. Practically, this means that banks in India would be required to adopt techno driven and cyber law related due diligence requirements.

Indian information technology act, 2000 (IT Act 2000) carries many provisions that may result in liabilities on the part of various banks. With growing cases of cyber crimes and cyber frauds, banks must take both IT Act, 2000 and these guidelines very seriously.

Banks must take a special care of ATM frauds, credit card frauds, online banking and Internet banking frauds, etc. Besides, phishing scams must also be taken care of by banks.

With the present guidelines, banks can no more ignore due diligence requirements that they have been ignoring for long. The earlier banks are prepared for cyber related issues the better it would be for them.

RBI Must Curb Online Banking Frauds In India

The recent decision of Reserve Bank of India (RBI) to prevent ATM frauds in India is a welcome step in the right direction. The next step that RBI must take is to strengthen the entire IT infrastructure for banking industry in India.

ATM is just one of the aspects of banking industry. Online banking and Internet banking is still to be made temper proof from cyber criminals. Another challenge is the weak and cyber criminal friendly cyber law of India.

The sole cyber law of India is incorporated in the information technology act, 2000 (IT Act 2000). The Act has made almost all the cyber crimes bailable. For instance, if a person cracks your e-mail account or online banking account, the courts have to release him on bail as a matter of right. He cannot be put in jail and he would go free even after committing the offence of cracking (read hacking) in India.

RBI would have great troubles in meeting this challenge because no matter howsoever effective steps it takes, cyber criminals have great incentives to commit cyber crimes against banking institutions in India, says Praveen Dalal, a Supreme Court Lawyer and leading techno legal expert of India. The banks must use “Techno Legal Solutions” on the one hand and spread “Public Awareness” on the other, suggests Dalal.

It is clear that RBI has to meet great challenges before Indian banking industry can be considered reasonably safe from cyber criminals.

Cracking And Website Defacement Increasing In India

Password cracking and e-mail account cracking has increased significantly in India. Similarly, websites defacement, both governmental as well as private, has become a norm in India. This is happening because the cyber law of India, i.e. information technology act, 2000 (IT Act 2000) almost gives a clean chit to such cyber criminals.

After the information technology amendment act, 2008 (IT Act 2000), almost all cyber crimes, including website defacement and cracking, have become bailable. Even if a cyber criminal is apprehended he must be released on bail as a matter of right.

A pertinent question arises why such a stupid legislation has been enacted by India? The answer is not difficult to find. Industrial lobbying and desire for complete e-surveillance capabilities have made Indian cyber law a cyber criminal friendly legislation. Consequently, India has also become a safe heaven for cyber criminals.

Anybody can commit almost any cyber crime in India and move free. Consider few examples in this regard. The website of India's premier investigation agency the Central Bureau of Investigation (CBI) was defaced and it remained down for more than a month. Till now no person has been arrested and even if a person would be arrested, he would be released on bail.

A group of crackers, claiming to be from Kashmir, recently cracked a website’s password dedicated to the Bollywood superstar, Amitabh Bacchan and defaced it. Similarly, India Blooms site was also compromised by crackers. The website of Cochin Port Trust (CPT) came under attack on Thursday by a group identified as 'Xtremist and DonZ company' that gained access to site and defaced it. The latest to add to this list is cracking the official e-mail address of the education office of Hoshiarpur from which pornographic material was sent to many schools in this district.

There is an urgent need on the part of prime minister’s office (PMO) India to consider this matter urgently and repeal the troubled cyber law of India. Instead of the present cyber criminal friendly legislation, PMO must come up with an effective and strong cyber law of India. The present cyber law of India is flawed in many aspects that is going against the interests of India at large.

Judicial E-Infrastructure In India Needs Rejuvenation

Technology can help traditional legal and judicial systems of India in many forms. These include online dispute resolution (ODR), e-courts, digitilisation of court’s files and proceedings, online bail applications, etc.

India has been working in this direction but without proper policies and expertise. Although some parts of traditional courts have been computerised yet by and large technology has remained an alien concept for Indian courts.

There is a complete failure on the fronts of ODR, e-courts, digitilisation initiatives, online proceedings, etc. India is confusing computerisation with e-courts and digital judicial services. The truth is that we are still waiting for the establishment of first e-court in India.

We keep on hearing that first e-court has been established in Gujarat or Delhi or some other state. But we do not have a single e-court till now. So much so that even there is no e-court committee or any other similar committee that is presently working for the establishment of e-courts in India.

I think law minister Mr. Veerappa Moily must take some pro active and constructive steps in this regard. Our legal and judicial system badly needs physical and electronic infrastructure. Presently, judicial e-infrastructure in India is in really bad shape.

India must understand the difference between computerisation of courts and e-courts and immediately start working in the direction of establishment of effective judicial e-infrastructure.