Let's Build a Responsible Cyber Society




Phishing Victims.. Act Now.. Or you may regret later

This is a reminder to all Bank customers in India who have suffered on account of alleged phishing frauds. Banks in India have been providing Internet Banking services without adhering to the law of the land regarding use of authentication methods in Electronic Banking and ignoring the instructions of RBI.

Some Banks have been lobbying with the RBI for change of their guidelines to enable them continue their insecure Banking practices.

In its Internet Banking guidelines of June 14, 2001, RBI had instructed Banks to use Digital Signatures for Internet Banking failing which they should take the legal liability. Banks were asked to obtain insurance to cover themselves against such risks.

Banks however are reluctant to upgrade their systems to use digital signatures and are carrying out their Banking transactions on the basis of passwords. Most of the frauds in the Bank are occurring because of the use of passwords instead of digital signatures as means of authentication and hence as per the law and RBI mandate make Bank liable for legal risk.

Banks are however bullying their customers to accept the liabilities and in many cases customers have found it difficult to pursue legal remedies in view of the need to invest in the litigation efforts.

Though ITA 2000/8 has introduced an easy legal remedy in the form of Adjudication, public are unaware of the facility and not using the facility to the required extent.

ICICI Bank which recently lost the adjudication case against S Umashankar is leaving no stones unturned to ensure that RBI makes changes to the Internet Banking guidelines which favours the Banks and makes customers liable for the illegal and insecure banking practices in electronic banking.

The RBI had formed a "Working Group on Electronic Banking" under the chairmanship of Mr G Gopalakrishna to review the information security practices and legal issues involved in electronic banking similar to the S R Mittal Group which preceded the issue of Internet Banking guidelines in 2001. This working group has submitted its recommendations which essentially continue the current policies of the RBI in respect of use of digital signatures etc. However, there is an indication that some of the working group members have tried to mislead the committee in respect of some facts and tried to ensure that there is some dilution in the current guidelines based on the S R Mittal Group recommendations.

Naavi.org had expressed a view that the working group had the representations from Banks but did not give any representation to Bank Customers who are stake holders in the Electronic Banking business. We therefore welcome the move of RBI now to seek comments from "Stake holders" on the G Gopalakrishna working group. We are however not happy that RBI has provided hardly 14 days for the public to study the report and lodge their views. Also RBI has just placed a press release on their website and not released a news paper advertisement which should have been done to reach out to the customers of Banks and all other stake holders.

Naavi.org urges all Phishing victims whether they have lost only a few thousand rupees or several lakhs to take this opportunity and submit their views to the RBI since they are the real stake holders. When mobile banking become more popular there will be more frauds and Banking will be rendered unsafe because of the "Electronic Banking".

Those who want to submit their views can contact naavi@vsnl.com for guidance if required.

Naavi.org will make its comments separately since otherwise Banks may group together and sacrifice the interests of the Customers in pursuit of more profits.

I also urge the Certifying Authorities such as Safescrypt, E Mudhra, TCS, and n-code also to send an appropriate response. I also urge the Controller of Certifying Authorities to send their recommendations that no directions should be issued by RBI which is ultra-vires the law of the land.

I also urge NGOs interested in safe banking to also send their comments to RBI.

The comments are to be sent to Chief General Manager-in-Charge, Department of Banking Supervision, Central Office, 3rd Floor, World Trade Centre, Cuffe Parade, Mumbai-400005. Comments can also be sent by e-mail to cgmicdbsco@rbi.org.in

For details of the report please refer to www.naavi.org where a copy of the report s available for download along with some comments. The report is also available on the RBI website.

Naavi.org will post on its website a general format which phishing victims may use to submit their comments.

This is a question of survival of Indian Banking since vested interests are out to destroy the safety in banking. RBI has already closed alternate investment opportunities available to depositors in Companies, reduced the interest rates on banks and if the safety of funds is also allowed to be compromised, public will not have any avenues of safe investment left to them. Soon Banks will increase the cost of Banking without the use of Internet and ATM and it will be inevitable that customers use Internet banking or suffer heavy costs. In the process they may be forced to assume risks of insecure banking systems. Hence customers should not neglect the risks and be complacent. Banks introduced electronic form of banking ostensibly to reduce costs to consumers but they are all set to hike the service costs and reduce security at the same time.

I therefore urge Bank customers to raise their voice against any adverse change in the security of banking transactions.

Sample Letter copy to be sent



January 22, 2011

Copy of Full Report:

Copy of Executive Summary

Related Articles:

Are Vested Interests at Work to manipulate RBI ?

Phishing Risks under G Gopalakrishna Working Group Report

Role of Adjudicators in Phishing Cases Reiterated

 Comments are Welcome at naavi@vsnl.com