Let's Build a Responsible Cyber Society



Indian Banking System in danger of collapse..What are the solutions?

In yet another disturbing news, Mid Day reported that three more phishing complaints have been registered yesterday in Pune in which a total of Rs 17.50 lakhs have been lost by three customers of the banks.

Irrespective of the cause, it is to be recognized that this news reflects yet another nail being driven down the coffin signifying the death of Security in E banking.

The undersigned has time and again warned RBI that these losses are arising due to the lack of security in the E Banking systems and the continued rogue behaviour of the banks when problems are reported.

Banks today have even disabled the Cyber Crime judicial system partially to ensure that customers donot get any justice against the negligence of the banks. RBI seems to be lacking in enforcement control. Major Banks and Indian Banks Association have vested interests in continuing the current state of insecure Banking and RBI appears to be helpless.

Every successful phishing fraud is an "Unauthorized Access to the Bank's information system" and hence a Cyber Crime. Every such fraud arises because of "Forgery" of the customer's credentials. Every such fraud arises because Banks have abandoned the RBI mandate of using "Digital Signatures" for accessing of Bank accounts. Every such fraud occurs because of lack of "Risk Management Software" by Banks.

Each Phishing fraud involves multiple failures of KYC since the phishing frauds are realized out of many accounts of the fraudsters. They also involve many cases where money has been withdrawn from ATMs where there are no CCTV cameras.

Thus if hundreds of phishing frauds are being reported in India, there are thousands of acts of criminal negligence by Banks.

Unfortunately Banks are not being punished for these crimes but the hapless customer is saddled with the losses.

If even after all these have been brought to the notice of the public, RBI has failed to cancel some Internet Banking licenses, pull up some of the Chair persons of Banks, instituted a CBI enquiry against the systemic failure of the system, then it is clear that there is a Governance failure at the highest level in RBI. Only the Governor of RBI can be held accountable for such monumental failure.

Most of the phishing proceeds are going towards financing crimes and terrorism and the Union Home Ministry, MInistry of Finance and the IT Ministry have been negligent in taking remedial action.

This is therefore a collective failure of multiple departments of the Government of India and Ministers such as Mr Pranab Kumar Mukherjee, Kapil Sibal and P Chidambaram.

It is unfortunate that none of the 500 plus Parliamentarians including IT experts like Rajeev Chandrashekar have found time to raise relevant questions in the Parliament about this collective failure indicating that the representatives of people from across different parties have failed to keep track of the erosion of public faith in the Indian Banking system.

The undersigned has already pointed out the increased threats arising from the man in the browser attacks which render the entire system of E Banking vulnerable for wholesale destruction.

Can the Finance Ministry respond how it will handle a situation if 10000 bank accounts are hacked on a single day and money transferred to terrorist accounts across the country? If one major Bank fails due to such attack how will RBI control the slide of other Banks?

Presently the officials seem to think that by feigning ignorance they can get rid of the evil. Some of the officials who are nearing retirement may be thinking that they will escape scrutiny if nothing happens until they retire.

This is a completely irresponsible attitude towards the alarming situation that is developing. Even SEBI seems to be unaware of the impending stock market debacle that will surely bring in a prolonged recession in the markets if the threats materialize even partially.

RBI should immediately ask MR G Gopalakrishna who recently headed the E banking security committee to convene a meeting of experts and review the situation and share the developments with the public.

I suggest that RBI should institute the following corrective measures immediately.

1. As a first measure the daily Internet Banking transaction limits must be reduced to Rs 50,000/- per day.

2. Transactions on the off Banking hours should be limited to not more than Rs 25,000/- per day.

3. All Mobile Banking transactions should be suspended.

4. All fraudulent beneficiary accounts associated with the phishing frauds must be considered as failure of KYC and erring Banks should be fined at not less than Rs 5 lakh per failure to create a fund (E Banking Insurance Fund) from which the victims of phishing should be compensated for their losses like the Deposit Insurance Scheme.

Until such time I advise all customers who have Internet banking facilities to reduce their balances to less than Rs 50,000/- or whatever they can afford to lose and shift balances to accounts where there are no internet transactions. They should completely avoid linking of their accounts to overdraft accounts with a security backing.

I request the Governor of RBI to respond to this appeal.


February 8, 2012

Related Article: Bomb is ticking to destroy the Indian Banking System


 Comments are Welcome at naavi@vsnl.com