Challenge to Mr Urjit Patel.. Don’t let down Indian Banking system

When a catastrophe is about to hit us, we look upon leaders to respond with alacrity and with decisiveness. The difference between a Man Mohan Singh and Modi lies in that character of decisive action. Now such a challenge is before Mr Urjit Patel, the new Governor of RBI in the wake of new threat on the Indian ATM network system.

It is reported today that SBI has recalled 6 lakh debit cards and will be replacing them because there has been a “Malware” related security breach in one of the non-SBI ATM network. SBI tries to pose as if the breach is outside its system but tries to hide the fact that the “Vulnerability” is in its cards and hence there is a need to replace them.

We will not know the details of the threat but it could be because many ATMs may still be using the Windows XP based operating systems, operating without physical guards so that fraudsters can plant all sorts of attachments like skimmers to steal data or even at the network data transmission level where unencrypted data could have been moving.

While the security professionals focus on unraveling the mystery over this card recall, I would like to point out that the risk of fraudulent withdrawals will fall on the Bank customers and we need to ensure that the negligence of Bankers in maintaining their systems properly does not end up with frauds in which customer’s accounts are debited. Already mass ATM frauds have been reported in Kerala and Karnataka in which  a number of customers lost money and I am not sure they have got their money back.

We all know that when confronted by a victim of a card, Banks will always say that they have fool proof security and the fault always lies with the customer. In the ATM transactions Banks simply tell the customer that his card could have been used by any of their relatives and he should own the responsibility. The Banking Ombudsmen have been notoriously biased on the side of Banks and have failed to protect consumer interests. Adjudicators under ITA 2000 are also either uninterested or in collusion with the Banks to protect their interests. The CyAT as we know is non existent and Courts take ages to even take up preliminary hearing of such cases.

In this context the August 11, 2016 draft circular of RBI on “Limited Liability on Customers for Bank Frauds” appeared like a great relief.  But that circular was a draft for public comment and ought to have been re issued as an operating circular after August 31. The draft circular was issued during Raghuram Rajan’s fag end of tenure and the baton passed on to Mr Urjit Patel to confirm it.

Unfortunately, so far there is no news about the circular from RBI.

In the past also when committees like Damodaran Committee on Customer Service presented recommendations favouring customers, RBI did nothing and ignored the report. It was clear that Banks had exercised their unholy influence on the RBI to stall such reforms. SBI was in the forefront of such stalling technique along with ICICI Bank.

Now that we are faced with a prospect of huge customer loss in SBI, RBI and Mr Urjit Patel will have to be considered as culpable for the negligence of SBI.

I suppose Mr Urjit Patel will realize the gravity of the situation and immediately take steps to confirm the August 11 circular that states that

a) Banks must send alerts of every debit without fail

b) Customer shall not be liable if a misuse is reported within 3 days

c) Customer’s liability will be limited to Rs 5000/- if a wrong payment is reported within 7 days or such other limited amount if it is reported thereafter

d) Onus of providing proof of any customer’s culpability is with the Bank… etc

Now there has been an unreasonably long delay in confirming the circular and either it should be presumed as “Confirmed” or Mr Urjit Patel will be personally responsible for holding it up when there is a judicial scrutiny.

My reminders to RBI have so far not evoked response. But I will be forwarding this note to them and this will also be available on the public web and hence should be considered as a good notice to RBI about what they have failed to do.

Any customer who faces any Bank fraud may quote this public information and argue that RBI has been compliant by negligence by not operationalizing the circular…

I hope Mr Urjit Patel will call  an emergency meeting of his subordinate officers and issue a clarification immediately. If so, my advance congratulations for his quick response.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.