Naavi.org has constituted an
"Expert Group on E Banking Security" consisting of
representatives from different walks of life to which a
security professional in Bangalore made a demo of
vulnerabilities in the Indian E Banking Systems. The
group is now contemplating further action to draw the
attention of the RBI and the Government of India to find
answers to some of the concerns raised during the demo.
Naavi as the convener of the group shares some of his
thoughts on the current status of E Banking
I was not surprised yesterday when I received information that
one customer of Punjab National Bank had lost Rs 80 lakhs in a
Phishing fraud. I was not also surprised that part of the
proceeds were transferred to the account of some customer of PNB
in Kashmir indicating a straight link to terrorist funding.
It is a known fact that terrorists are tapping Indian banks as
and when they require funds for their operation. Along with
printing of Indian Currency notes in Pakistan terrorists now
have a complete control on the Indian Banking system.
I have brought this to public notice first when the ICICI Bank
phishing fraud occurred in the case of Umashankar, a customer of
Tirunelveli and subsequently three frauds occurred in Punjab
National Bank one of which involved Rs 1.65 crores. Subsequently
more frauds came out of the ICICI Bank stable and then SBI and
Further one of the publications in Mumbai came out with
statistics of how more than 10000 frauds have been reported in
India from a single Bank in 2011 and how the recovery rate of
banking frauds were as low as 3-4 %.
When such information comes to public knowledge we expect that
regulators like RBI and industry associations like IBA should
feel worried and initiate remedial action.
But so far there appears to be no action from the end of IBA. As
regards RBI, it is placing its faith on the implementation of G
Goplakrishna Working group (GGWG) report which has urged the
banks to substantially improve the E Banking security in India.
After the report was released, there has been two quarterly
meetings that must have happened between the RBI and the
Bankers to review the progress of GGWG implementation in the
It may of course require an RTI application to find out what has
happened in these meetings. But Mr Gopalakrishna in a recent
speech delivered at Chennai gave enough indication that the
progress of the implementation has been slow.
Further the M Damodaran Committee report is still pending with
RBI for its views. This report on Customer service contained
many recommendations which were of public interest and it is
unfortunate that the report is remaining unattended. This is a
case for another RTI to find out what is holding up the
implementation of the report.
I request my friends in Mumbai to file appropriate RTI
applications to find out the developments with RBI.
In the meantime we can reasonably presume that the banker's
lobbies have prevented RBI from taking any action in respect of
Damodaran Committee recommendations or on E banking security.
At this point of time a security professional in Bangalore has
brought it to public notice that there are serious
vulnerabilities in the E Banking systems in India and they
cannot be brushed under the carpet.
In order to verify the credentials of the claim made by the
expert, Naavi.org constituted a small group of experts in
Bangalore to review the claims and requested the security expert
to give alive demo to the group.
Last week the security professional has given such a demo which
left the group in a state of shock as to the potentially adverse fall out on
the Indian economy if the vulnerabilities are exploited by
Once a vulnerability of the type mentioned is available, it will
be only a matter of time that it will be exploited by criminals
and the Bomb is ticking for destroying the Indian Banking
Different members of this group are in the process of taking up
the issue with RBI, the Government of India and other authorities
who have a responsibility to take remedial action.
I am of the opinion that banks are unlikely to take any
corrective action since they are confident of pushing the
liability to the customers by manipulating the legal systems.
First such attempt has already succeeded in Bangalore and
victims of Bank frauds will face several hurdles in getting
justice from the system. It will require another Subramanya
Swamy- 2G scam type of fight to get justice.
If RBI and Government of India refuse to intervene and take
steps to make changes to the E Banking systems to protect the
interest of Bank customers, it would be necessary to start a
media campaign to bring to the knowledge of the public the
dangers of E Banking and why they should seriously consider
withdrawing their Internet Banking facilities.
The "Expert Group on E Banking Security" is inviting any member
of the public or any official of the RBI or Banks to contact
them for further information. They can also contact us if they
have any solution for such vulnerabilities. The requests may be
sent to the undersigned as convener of the group through e-mail
February 7, 2012
Mumbai Leads :
ICICI Bank Leads