Thursday, December 22, 2011

Cyber Security Of Internet Banking In India

Internet banking in India or e-banking in India is a process that involves use of information and communication technology (ICT) for doing various banking related transactions. While use of ICT for banking purposes in India has many advantages yet there are certain cyber law, cyber security and due diligence tasks as well that Indian banks must perform to escape civil and criminal liabilities.

Banks in India are required to not only ensure cyber due diligence in India but also cyber security due diligence in India. Reserve Bank of India (RBI) has very categorically told Indian banks to ensure effective cyber security in their day to day affairs and banking transactions. However, banks in India are not complying with RBI’s cyber security due diligence requirements.

Internet banking risks in India are increasing rapidly. Even the RBI acknowledged Internet banking risks in India. Although electronic banking in India has many advantages and convenient to handle yet online banking risks in India cannot be ignored by either the banks or its customers.

Unfortunately, Indian banks are poor at cyber security. This is resulting in an increase in banking related cyber crimes and financial frauds. For instance, Citigroup Inc recently confirmed that computer hackers breached the bank's network and accessed data on hundreds of thousands of bank card holders. Similarly, a security researcher has recently proved that Internet banking system of ICICI is not cyber secure.

Obviously, Internet banking in India is not cyber secure and RBI must urgently step in to remedy this situation. RBI’s ombudsman office is already flooded with complaints of ATM frauds. Similarly, phishing complaints are also on rise where customers’ money is misappropriated. Banks in India must voluntarily build cyber security mechanism and also implement the recommendations of RBI in this regard. Even better would be to enact a dedicated Internet banking law in India.

Internet Banking Risks In India

Technology has brought many benefits for banking consumers in India. However, technology has also given birth to many unforeseen challenges. Cyber security challenges of Internet banking in India have grown tremendously in the past. In fact, Internet banking in India is not cyber secure despite the recommendations of Reserve Bank of India (RBI). Banks in India are ignoring the cyber security due diligence requirements prescribed by Reserve Bank of India (RBI).

Internet banking is a very important aspect of Indian banking industry. Internet banking not only provides instant banking facilities but it also confers mobility to the account holders. However, cyber security of internet banking infrastructure of India is the need of the hour. Instances of theft of money through hacking of accounts of the accounts holders are fast becoming a trend in India.

This is partly due to the ignorance of the accounts holders and partly due to the weak cyber laws of India. The account holders are increasingly targeted for phishing attacks that result in loosing of sensitive banking information.

According to Praveen Dalal, Managing Partner of Perry4Law and the leading Techno-Legal Expert of India, the Information Technology Act 2008 has made most of the cyber crimes and cyber offences “bailable”. India has made its cyberspace a “free zone” and “safe heaven” for cyber criminals and cyber offenders. He says that now even after committing hacking in India a person would be entitled to “bail” as a matter of right. There is nothing that prevents such cyber criminals from committing cyber crimes in India in the absence of a deterrent law.

This has resulted in an increased spate of cyber crimes including hacking of the e-mail IDs of the Internet banking users and stealing of their money.

Further, India has also become one of the most endemic surveillance societies of the World. Confidential information is already vulnerable and with the proposed Indian plans of installing key loggers at cyber cafes, the same would exclude the use of cyber cafes for these purposes. Although cyber cafés are not a good place to transact confidential matters yet with a poor Internet penetration in India this may still happen, says Dalal.

With a weak cyber law, lack of cyber security awareness and increasing e-surveillance initiatives in India, Internet banking disputes are bound to increase in India. The government is least bothered about these issues and ultimately the account holders would have to bear the financial losses.

Is ICICI Online Banking System Cyber Secure?

Online banking transactions in India and electronic banking in India are in a real mess. Thanks to the defunct cyber law of India, inadequate cyber security mechanisms like encryption usages for banks, ignoring the cyber security due diligence requirements prescribed by Reserve Bank of India (RBI) and many more such issues.

Naturally, online banking risks in India have increased tremendously. We have no dedicated Internet or e-banking laws in India. Further, online banking systems in India are not cyber secure. Even mobile banking in India is risky.

This position is obvious if we analyse the present trends occurring in India. For example Citigroup had recently confirmed cyber attack upon bank’s network. It is also well known that a timely and appropriate cyber due diligence could have prevented such attacks and various cyber frauds that are growing in the banking sector of India.

Now it has been reported that a proof-of-concept virus has been developed by a security professional to attack the ICICI Online banking using the Man-in-Middle / Man-in-Browser attack method. It shows what an attack can do to an online banking customer who uses ICICI online banking facility and how it can result in financial loss.

Naturally, cyber security of banks in India is not in order at all. Cyber Security Policy for Banks in India is an issue that is very important for Banks of India, says Praveen Dalal, managing partner of New Delhi base ICT law firm Perry4Law and leading cyber law expert of India. With the growing use of Internet Banking, ATM machines, Credit and Debit Cards, Online Banking, etc, Banks of India must also upgrade their Cyber Security Infrastructure and establish a Cyber Security Policy, suggests Dalal.

An integrated modern banking law for India is in pipeline and it would be a good idea to make it techno legal in nature so that it can address cyber crimes and cyber security in a more effective manner. Corporate and banking laws in India are in the process of being streamlined. RBI has even issues a notification prescribing enhanced due diligence measures for high risks customers in India. RBI is planning to boost ATM security in India. On similar lines, RBI must curb online banking crimes and frauds in India.

Banks in India need to adopt techno legal measures to prevent ATM and other similar financial frauds and cyber crimes. Further, cyber due diligence trainings for bank employees can also be beneficial in this regard. Banks must also appoint steering committees and CIOs as soon as possible.