Let's Build a Responsible Cyber Society



Bomb is ticking to destroy the Indian Banking System

Naavi.org has constituted an "Expert Group on  E Banking Security" consisting of representatives from different walks of life to which a security professional in Bangalore made a demo of vulnerabilities in the Indian E Banking Systems. The group is now contemplating further action to draw the attention of the RBI and the Government of India to find answers to some of the concerns raised during the demo. Naavi as the convener of the group shares some of his thoughts on the current status of E Banking vulnerability.

I was not surprised yesterday when I received information that one customer of Punjab National Bank had lost Rs 80 lakhs in a Phishing fraud. I was not also surprised that part of the proceeds were transferred to the account of some customer of PNB in Kashmir indicating a straight link to terrorist funding.

It is a known fact that terrorists are tapping Indian banks as and when they require funds for their operation. Along with printing of Indian Currency notes in Pakistan terrorists now have a complete control on the Indian Banking system.

I have brought this to public notice first when the ICICI Bank phishing fraud occurred in the case of Umashankar, a customer of Tirunelveli and subsequently three frauds occurred in Punjab National Bank one of which involved Rs 1.65 crores. Subsequently more frauds came out of the ICICI Bank stable and then SBI and Axis Bank.

Further one of the publications in Mumbai came out with statistics of how more than 10000 frauds have been reported in India from a single Bank in 2011 and how the recovery rate of banking frauds were as low as 3-4 %.

When such information comes to public knowledge we expect that regulators like RBI and industry associations like IBA should feel worried and initiate remedial action.

But so far there appears to be no action from the end of IBA. As regards RBI, it is placing its faith on the implementation of G Goplakrishna Working group (GGWG) report which has urged the banks to substantially improve the E Banking security in India.

After the report was released, there has been two quarterly meetings that must have happened between the RBI and the Bankers to review the progress of GGWG implementation in the Banks.

It may of course require an RTI application to find out what has happened in these meetings. But Mr Gopalakrishna in a recent speech delivered at Chennai gave enough indication that the progress of the implementation has been slow.

Further the M Damodaran Committee report is still pending with RBI for its views. This report on Customer service contained many recommendations which were of public interest and it is unfortunate that the report is remaining unattended. This is a case for another RTI to find out what is holding up the implementation of the report.

I request my friends in Mumbai to file appropriate RTI applications to find out the developments with RBI.

In the meantime we can reasonably presume that the banker's lobbies have prevented RBI from taking any action in respect of Damodaran Committee recommendations or on E banking security.

At this point of time a security professional in Bangalore has brought it to public notice that there are serious vulnerabilities in the E Banking systems in India and they cannot be brushed under the carpet.

In order to verify the credentials of the claim made by the expert, Naavi.org constituted a small group of experts in Bangalore to review the claims and requested the security expert to give alive demo to the group.

Last week the security professional has given such a demo which left the group in a state of shock as to the potentially adverse fall out on the Indian economy if the vulnerabilities are exploited by malicious persons.

Once a vulnerability of the type mentioned is available, it will be only a matter of time that it will be exploited by criminals and the Bomb is ticking for destroying the Indian Banking system.

Different members of this group are in the process of taking up the issue with RBI, the Government of India and other authorities who have a responsibility to take remedial action.

I am of the opinion that banks are unlikely to take any corrective action since they are confident of pushing the liability to the customers by manipulating the legal systems. First such attempt has already succeeded in Bangalore and victims of Bank frauds will face several hurdles in getting justice from the system. It will require another Subramanya Swamy- 2G scam type of fight to get justice.

If RBI and Government of India refuse to intervene and take steps to make changes to the E Banking systems to protect the interest of Bank customers, it would be necessary to start a media campaign to bring to the knowledge of the public the dangers of E Banking and why they should seriously consider withdrawing their Internet Banking facilities.

The "Expert Group on E Banking Security" is inviting any member of the public or any official of the RBI or Banks to contact them for further information. They can also contact us if they have any solution for such vulnerabilities. The requests may be sent to the undersigned as convener of the group through e-mail naavi@vsnl .com



February 7, 2012

Related Article: Mumbai Leads : ICICI Bank Leads


 Comments are Welcome at naavi@vsnl.com