Workshop on Impact of ITA
2008 on Bankers, by Naavi
I have been
an Ex-Banker having started my Banking career from IOB,
Mysore in the year 1973. Having built my career on the
foundation of Banking, I moved into private sector in 1987
and landed in the Cyber Law area some time in 1998. Ever
since, I have been working in this domain.
Those were
the days when Bankers used to display the quotation of
Mahatma Gandhi made in South Africa in around 1860 stating
"A customer is the most important visitor on our premises.
He is not dependent on us. We are dependent on him. He is
not an interruption in our work. He is the purpose of it. He
is not an outsider in our business. He is part of it. We are
not doing him a favor by serving him. He is doing us a favor
by giving us an opportunity to do so…”
Those were
the days when persons like Late Mr M R Pai worked selflessly
for the betterment of Bank Customers.
Banking has
come a long way since then. Technology has transformed
Banking. We have come past Computerization, ATM Banking and
Internet Banking and are now exploring Mobile Banking.
But,
In pursuit
of technology, I often get a doubt if we still remember what
Mahatma Gandhi said about Bank customers being the focus of
business. We often feel today that a bank Customer is only
an object around whom a derivative service called Banking
has been developed and traded with the sole objective of
making profits.
As we have
and are increasingly are embracing new technology, the
fundamental aspect of Banking being a “Safe Avenue” for
investments is being given a go by. This is manifesting
itself in the form of increasing litigation in banking where
the disputes revolve around the use of technology.
Techno
Banking laws such as Information Technology Act have
therefore become a focus of attention for today’s Banking
practitioners. After ITA 2008 version became effective in 27th
October 2009 the need to understand and comply has become
critical for all Bankers. The prescriptions of ITA 2008 on
Information Security, the liabilities it imposes have become
an essential knowledge for Bankers in the technology era.
In order to
create better awareness of the implications of ITA 2008 on
Bankers, Cyber Law College organized a workshop at Bangalore
on “Implication of ITA 2008 for Bankers”.
Introducing
the workshop, Naavi indicated that he was extremely happy
that this program was happening in the month of October when
we celebrate the two special days connected with Digital
Society in India viz, October 17 which is the “Digital
Society Day”, the day digital documents first gained legal
recognition in India exactly 10 years ago and October 27th
which is the first anniversary of ITA 2008.
Honourable
Justice Sri Rajesh Tandon, the Chair Person Cyber Appellate
Tribunal inaugurated the workshop and Dr N Vijayaditya, the
Controller of Certifying Authorities delivered the key note
address. Delivering the inaugural speech, Sri Tandon drew
the attention of the participants to the authentication
requirements as indicated in the Act. Dr Vijayaditya
highlighted how the Digital Signature system under the Act
provided non repudiable authentication.
The
technical sessions were kicked off by Naavi and Rakesh Goyal
providing an overview of ITA 2008 and its relevance to
Bankers. While Rakesh provided a quick overview of the Act
including its penal sections and the liability for data
protection under the Act, Naavi emphasized how ITA 2008 has
made Cyber Security a mandatory prescription for any IT
user. Referring to authentication, Naavi also highlighted
that RBI has recognized through their circular way back in
2001 that Banks must use digital signature for
authentication or otherwise assume legal risk and get
insurance.
Naavi also
presented his Three dimensional Information Security
approach based on Technical, Legal and Behavioural Science
approaches and the Information Security Framework, IISF-309.
Mr Kumar,
AGM of Corporation Bank presented the recent security
measures initiated by the Bank in compliance of ITA 2008
including the introduction of digital signature based access
system. MR N.Vidyashankar, an eminent techno legal
professional shared his own experience as a victim of
Phishing and how he was able to get the issue resolved
through the Banking Ombudsman process.
Mr Vicky
Shah, a techno legal consultant shared the recent Consumer
Court decision in Mumbai on a Phishing Case and indicated
that the Bank involved faced the liability due to lack of
due diligence. Mr Dube, another IS audit practitioner
shared his methodology of ITA 2008 compliance audit.
Following
this a battery of technologists presented various security
concerns and solutions. Mr Venkat of E Mudhra (Certifying
Authority) presented a mobile security solution which Banks
may require to secure mobile banking. Mr Chandrashekar
(Bellur Infortech) presented an E-Audit Tool, Mr Vinod
Senthil spoke of how zero day attacks made Bank security
measures vulnerable to many attacks. Mr Jayachandran
discussed issues in data center security.
Delivering
the concluding remarks address, Mr Sanjeev Kumar, COO of 3i
Infotech Consumer Services stressed that cost effective
digital signature solutions are now available and there is
no reason why Banks need not undertake measures to meet the
requirements of ITA 2008.
The Program
was organized by Cyber Law College, attended by senior
Banking professionals and was sponsored by 3iInfotech
Consumer Services and Department of IT and BT, Government of
Karnataka and supported by Mandamus Info Consultants.
(Copy of
Naavi's Presentation)
.
