RBI limits Customer’s Loss on Phishing

Posted on June 25, 2014 by Vijayashankar Na

In an excellent but long awaited move, RBI has directed Banks that the liability of customers on “Phishing” loss should be limited to Rs 10000/-

See Report

The new Banking Service code of ( Banking Codes and Standard Board of India -BCSBI)  says that for any unauthorised internet banking transactions, the customer’s liability is limited to Rs 10000, irrespective of the funds moved out of the account. An unauthorised transaction is one that doesn’t have the express and implied approval of the account holder.

According to the code, “If a third party manages to get hold of the user ID or password in an unauthorised manner and any debit takes place and which he notifies the bank, the maximum loss will be Rs 10,000.”  Also, the code says that customers will not be liable for any losss due to unauthorised fund transfers taking before they receive the password for internet banking transactions.

Further, the onus will be on the banks to establish that customers have compromised the secrecy of their password.

In some instances, the liability could be lower than Rs 10,000. The new code says that in the event of any unauthorised transactions, this would be the lower of the following options: the actual loss at the time of notifying the bank; the limit set for such transactions; the balance available for withdrawal; a maximum of Rs 10,000.

For instance, if a customer has a balance of Rs 5,000 but the fraudster transfers Rs 25,000 by taking a temporary overdraft, the loss would be limited to the minimum balance of Rs 5,000 in the account.

It may be recalled that many such cases of frauds have been reported earlier at Naavi.org. The undersigned has been relentlessly following legal action against many Banks in this regard. Damodaran Committee report had also spoken about such cases.

The current guidelines come as a great relief to the Bank’s customers.

Naavi.org congratulates RBI for taking these steps.

Naavi

Posted in Bank | Leave a comment

Nokia gives in to Black Mail

Posted on June 23, 2014 by Vijayashankar Na

It has been reported that Nokia had given into a hacker’s black mail and paid a huge sum of ransom to a hacker who threatened disclosure of an encryption key for the Symbian OS.

Report:

The incident reportedly took place back in 2007, when Nokia was still one of the world’s biggest handset manufacturers with a market share of around 50%, and Symbian was the main operating system for its devices. It’s not known how the blackmailer got hold of the key, but if it was made public, Nokia risked a huge security headache with the potential there for hackers to write malware for the OS.

The ransom paid is reported to be of the order of several million Euros.

The incident highlights the cost of security weaknesses in big corporates. Many times the mistakes would have been committed by one of the employees and the nature of the mistake could be very silly. however the consequences could be disastrous. A Good corporate management should therefore consider investment in security as a non negotiable aspect.

Those companies including major Banks in India who state in their security policy that “We shall follow such security practices as are commercially feasible” will have to understand that they are taking risks that may one day kill their organizations.

Naavi

Posted in Cyber Law | Leave a comment

US Supreme Court disallows Business Method Patents

Posted on June 20, 2014 by Vijayashankar Na

In a major and welcome move, the Supreme Court of US has disallowed “Business Method Patents”.

Refer Here

The decision which holds the subject patent “a method for reducing the risk that the parties to a transaction will not pay what they owe” invalid for patent, opens up a debate on several other vague patents which have been granted in the past.

Though the decision states that it should not affect software patents, many software patents may also get challenged in the process.

The development is interesting and could be beneficial to the community in the long run.

Naavi.org has in the past discussed how IPR is often misused both under Copyright and Patent laws and argued for a more saner implementation. Perhaps the subject decision will help in rationalizing the IPR concept in the coming days.

Naavi

Posted in Cyber Law | Leave a comment

New Security Risk..data stolen through mobiles just with electromagnetic waves

Posted on June 15, 2014 by Vijayashankar Na

A new Cyber Threat that is far ahead of the Stuxnet threat has been reported by security researchers.

Ref: here

This threat works through a mobile phone which is near a computer. The electro magnetic waves emanated by the phone and the computer during their regular operations establish a contact with which a malware is first introduced into the computer and then the computer transmits the data through FM frequency to the mobile and later sent through the mobile network to the hacker.

This means that no mobile phones can be allowed near a sensitive computer if this threat need to be eliminated.

 

Naavi

Posted in Information Assurance | Leave a comment

Loans Through SMS-Fraud Site Confirmed?

Posted on June 11, 2014 by Vijayashankar Na

Naavi.org had brought to the notice of the public a website http://www.cgtmse-govt.in/ through its article https://www.naavi.org/wp/?p=1728.

We had remarked as follows:

There is an interesting website on the cyber space which promises all kinds of loans for which application can be made through SMS.

The site sports photographs of all Congress leaders including Mrs Sonia Gandhi, Dr Man Mohan Singh, Mr Pranab Mukherjee etc and claims to be a site of the Government of India.

Applications are sought through SMS at 09748643575

An investigation is required to find out if this is a fraudulent website and if so who is behind this fraud. The site is registered by a person in Siliguri and freely uses all Government symbols for promotion. It is possible that this could be another scam in which some of the politicians are involved.”

Subsequently several people have submitted comments. The most recent one is reproduced below since it is of interest to all.

vinod at wrote:

Hi, I am shocked,when I had call to CGTMSE Govt Head Office at Bandra.They told me our Govt site is http://www.cgtmse.in and we dont know about this site or schemes.We are inviting application through Bank only. I want to aware to all of you who are applied online to this site.Dont waste time and money. Its a fake site.I dont know intenstion of scammer.I search each and ever address which is mentioned in site there are no any office. The Officers contact nos are not receive call ever.So be aware and alert. Thanks”

I hope that all readers take note of this. I thank Mr Vinod for his efforts.

In the meantime I request the Government of India to take appropriate action to ensure that the scam if any is unearthed and perpetrators are brought to book.

Naavi

Posted in ITA 2008 | 2 Comments

A Test for the Modi Government

Posted on June 1, 2014 by Vijayashankar Na

Followers of this site are aware of the mission like pursuance of the undersigned regarding the activation of Cyber Judiciary system in the country which was paralyzed during the previous regime of Mr Kapil Sibal.

During the last three years of deliberate in-action by the Ministry of Communications and Information Technology (MCIT) many cyber crime victims have lost faith in the system. Even I have been unable to enthuse them despite several attempts with the Human Rights Commission and High Court.

Now Mr Modi has indicated his preference of E Governance as well as better Governance and hence we expect things to turn around for the Cyber Crime victims of India.

After posting an open letter through this site earlier, I have today sent an email to the Minister in charge of the MCIT. Whether this mail will be responded by the Minister (at the e-mail pace) or not will be a test of E Governance to the new administration.

The officials of the department remain the same as were under the administration of the previous regime and hence we need to keep our fingers crossed if there would be any positive change in the administration even after Mr Modi is the Prime Minister and the Ministers have been given freedom to operate. However, unless Ministers are able to exercise their individual acumen and control, changes will not be effective.

Let’s wait and watch if there is any change in the MCIT.

In the past, MCIT officials were deployed more to watch critical comments made by Netizens on Twitter, Facebook and Blogs and I suspect that this site was also under  watch.  We understand that the new dispensation may not be  “Fascist” as the previous regime and hence may fail to watch this site for criticism. But I hope they do watch for constructive suggestions. The request for quick attention on CAT is one such suggestion and I am watching the speed of response if any.

Naavi

Posted in ITA 2008 | Leave a comment