Outsourcing security of Banking transactions

The recent ATM frauds in Mumbai and elsewhere has re-opened the discussion on the risks arising out of “Outsourcing” in the Indian Banking scenario.

The commercial Banks in India have grown so greedy that they are looking at every opportunity to outsource their activities to increase their margins. I was amused to read this report in Economic Times which appeared last year (July 5 2012) titled “PSBs Strike Outsourcing Deal”.

The report highlighted how Banks have reduced their ATM maintenance costs by inking a large outsourcing contract for over 63000 ATMs. The report stated that the country was divided into different zones and the right to maintain the ATMs was auctioned.

There is no doubt that it makes sense for commercial Banks to consider outsourcing of Non Critical” operations to reduce operational costs.  However, in all such outsourcing arrangements, there is a need to ensure security measures since the liability for frauds ultimately rests with the Bank though it may be indemnified by the service operator to some extent. Since the financial backing of the service operator is unlikely to be better than that of the Bank, it is unclear how good these indemnities would be when large-scale ATM heist take place.

In most of the recent ATM frauds there have been suspected installation of skimmers, cameras and key loggers in the ATM premises. There have also been the involvement of ATM servicing personnel in some of the frauds. This tendency is likely to continue unless very strong measures are initiated by the RBI to protect ATM transactions.

The undersigned has made some low cost suggestions in this regard to secure the ATM environment using two cameras and a face recognition based identification of the customer along with the presence of a guard lock to the ATMs to reduce the risks substantially. If any Bank is interested, implementation of such plans can be considered on a pilot basis and tried.

Naavi

Print Friendly, PDF & Email

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Bank, Cyber Law, ITA 2008. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.