In yet another disturbing news,
Mid Day reported that three more phishing complaints have
been registered yesterday in Pune in which a total of Rs 17.50
lakhs have been lost by three customers of the banks.
Irrespective of the cause, it is to be recognized that this news
reflects yet another nail being driven down the coffin
signifying the death of Security in E banking.
The undersigned has time and again warned RBI that these losses
are arising due to the lack of security in the E Banking systems
and the continued rogue behaviour of the banks when problems are
reported.
Banks today have even disabled the Cyber Crime judicial system
partially to ensure that customers donot get any justice against
the negligence of the banks. RBI seems to be lacking in
enforcement control. Major Banks and Indian Banks Association
have vested interests in continuing the current state of
insecure Banking and RBI appears to be helpless.
Every successful phishing fraud is an "Unauthorized Access to
the Bank's information system" and hence a Cyber Crime. Every
such fraud arises because of "Forgery" of the customer's
credentials. Every such fraud arises because Banks have
abandoned the RBI mandate of using "Digital Signatures" for
accessing of Bank accounts. Every such fraud occurs because of
lack of "Risk Management Software" by Banks.
Each Phishing fraud involves multiple failures of KYC since the
phishing frauds are realized out of many accounts of the
fraudsters. They also involve many cases where money has been
withdrawn from ATMs where there are no CCTV cameras.
Thus if hundreds of phishing frauds are being reported in India,
there are thousands of acts of criminal negligence by Banks.
Unfortunately Banks are not being punished for these crimes but
the hapless customer is saddled with the losses.
If even after all these have been brought to the notice of the
public, RBI has failed to cancel some Internet Banking licenses,
pull up some of the Chair persons of Banks, instituted a CBI
enquiry against the systemic failure of the system, then it is
clear that there is a Governance failure at the highest level in
RBI. Only the Governor of RBI can be held accountable for such
monumental failure.
Most of the phishing proceeds are going towards financing crimes
and terrorism and the Union Home Ministry, MInistry of Finance
and the IT Ministry have been negligent in taking remedial
action.
This is therefore a collective failure of multiple departments
of the Government of India and Ministers such as Mr Pranab Kumar
Mukherjee, Kapil Sibal and P Chidambaram.
It is unfortunate that none of the 500 plus Parliamentarians
including IT experts like Rajeev Chandrashekar have found time
to raise relevant questions in the Parliament about this
collective failure indicating that the representatives of people
from across different parties have failed to keep track of the
erosion of public faith in the Indian Banking system.
The undersigned has already pointed out the increased threats
arising from the man in the browser attacks which render the
entire system of E Banking vulnerable for wholesale destruction.
Can the Finance Ministry respond how it will handle a situation
if 10000 bank accounts are hacked on a single day and money
transferred to terrorist accounts across the country? If one
major Bank fails due to such attack how will RBI control the
slide of other Banks?
Presently the officials seem to think that by feigning ignorance
they can get rid of the evil. Some of the officials who are
nearing retirement may be thinking that they will escape
scrutiny if nothing happens until they retire.
This is a completely irresponsible attitude towards the alarming
situation that is developing. Even SEBI seems to be unaware of
the impending stock market debacle that will surely bring in a
prolonged recession in the markets if the threats materialize
even partially.
RBI should immediately ask MR G Gopalakrishna who recently
headed the E banking security committee to convene a meeting of
experts and review the situation and share the developments with
the public.
I suggest that RBI should institute the following corrective
measures immediately.
1. As a first measure the daily Internet
Banking transaction limits must be reduced to Rs 50,000/-
per day.
2. Transactions on the off Banking hours should be limited
to not more than Rs 25,000/- per day.
3. All Mobile Banking transactions should be suspended.
4. All fraudulent beneficiary accounts associated with the
phishing frauds must be considered as failure of KYC and
erring Banks should be fined at not less than Rs 5 lakh per
failure to create a fund (E Banking Insurance Fund)
from which the victims of phishing should be compensated for
their losses like the Deposit Insurance Scheme.
Until such time I advise all customers who
have Internet banking facilities to reduce their balances to
less than Rs 50,000/- or whatever they can afford to lose and
shift balances to accounts where there are no internet
transactions. They should completely avoid linking of their
accounts to overdraft accounts with a security backing.
I request the Governor of RBI to respond to
this appeal.
Naavi
February 8, 2012
Related Article:
Bomb is ticking to destroy the Indian Banking System
