Phishing Victims.. Act Now.. Or you may regret later
This is a reminder to all Bank customers in India who have suffered on
account of alleged phishing frauds. Banks in India have been providing
Internet Banking services without adhering to the law of the land
regarding use of authentication methods in Electronic Banking and
ignoring the instructions of RBI.
Some Banks have been lobbying with the RBI for change of their
guidelines to enable them continue their insecure Banking practices.
In its Internet Banking guidelines of June 14, 2001, RBI had instructed
Banks to use Digital Signatures for Internet Banking failing which they
should take the legal liability. Banks were asked to obtain insurance to
cover themselves against such risks.
Banks however are reluctant to upgrade their systems to use digital
signatures and are carrying out their Banking transactions on the basis
of passwords. Most of the frauds in the Bank are occurring because of
the use of passwords instead of digital signatures as means of
authentication and hence as per the law and RBI mandate make Bank liable
for legal risk.
Banks are however bullying their customers to accept the liabilities and
in many cases customers have found it difficult to pursue legal remedies
in view of the need to invest in the litigation efforts.
Though ITA 2000/8 has introduced an easy legal remedy in the form of
Adjudication, public are unaware of the facility and not using the
facility to the required extent.
ICICI Bank which recently lost the adjudication case against S
Umashankar is leaving no stones unturned to ensure that RBI makes
changes to the Internet Banking guidelines which favours the Banks and
makes customers liable for the illegal and insecure banking practices in
The RBI had formed a "Working Group on Electronic Banking" under the
chairmanship of Mr G Gopalakrishna to review the information security
practices and legal issues involved in electronic banking similar to the
S R Mittal Group which preceded the issue of Internet Banking guidelines
in 2001. This working group has submitted its recommendations which
essentially continue the current policies of the RBI in respect of use
of digital signatures etc. However, there is an indication that some of
the working group members have tried to mislead the committee in respect
of some facts and tried to ensure that there is some dilution in the
current guidelines based on the S R Mittal Group recommendations.
Naavi.org had expressed a view that the working group had the
representations from Banks but did not give any representation to Bank
Customers who are stake holders in the Electronic Banking business. We
therefore welcome the move of RBI now to seek comments from "Stake
holders" on the G Gopalakrishna working group. We are however not happy
that RBI has provided hardly 14 days for the public to study the report
and lodge their views. Also RBI has just placed a press release on their
website and not released a news paper advertisement which should have
been done to reach out to the customers of Banks and all other stake
Naavi.org urges all Phishing victims whether they have lost only a few
thousand rupees or several lakhs to take this opportunity and submit
their views to the RBI since they are the real stake holders. When
mobile banking become more popular there will be more frauds and Banking
will be rendered unsafe because of the "Electronic Banking".
Those who want to submit their views can contact email@example.com for
guidance if required.
Naavi.org will make its comments separately since otherwise Banks may
group together and sacrifice the interests of the Customers in pursuit
of more profits.
I also urge the Certifying Authorities such as Safescrypt, E Mudhra,
TCS, and n-code also to send an appropriate response. I also urge the
Controller of Certifying Authorities to send their recommendations that
no directions should be issued by RBI which is ultra-vires the law of
I also urge NGOs interested in safe banking to also send their comments
The comments are to be sent to Chief General Manager-in-Charge,
Department of Banking Supervision, Central Office, 3rd Floor, World
Trade Centre, Cuffe Parade, Mumbai-400005. Comments can also be sent by
e-mail to firstname.lastname@example.org
For details of the report please refer to www.naavi.org where a copy of
the report s available for download along with some comments. The report
is also available on the RBI website.
Naavi.org will post on its website a general format which phishing
victims may use to submit their comments.
This is a question of survival of Indian Banking since vested interests
are out to destroy the safety in banking. RBI has already closed
alternate investment opportunities available to depositors in Companies,
reduced the interest rates on banks and if the safety of funds is also
allowed to be compromised, public will not have any avenues of safe
investment left to them. Soon Banks will increase the cost of Banking
without the use of Internet and ATM and it will be inevitable that
customers use Internet banking or suffer heavy costs. In the process
they may be forced to assume risks of insecure banking systems. Hence
customers should not neglect the risks and be complacent. Banks
introduced electronic form of banking ostensibly to reduce costs to
consumers but they are all set to hike the service costs and reduce
security at the same time.
I therefore urge Bank customers to raise their voice against any adverse
change in the security of banking transactions.
Sample Letter copy to be sent
January 22, 2011
of Full Report:
Copy of Executive Summary
Interests at Work to manipulate RBI ?
under G Gopalakrishna Working Group Report
Role of Adjudicators in Phishing Cases Reiterated
Comments are Welcome at