Future of ATM banking in India

Posted on November 20, 2013 by Vijayashankar Na

Yesterday’s physical attack on an ATM customer at Bangalore should be an eye opener for all security professionals who are interested in security as well as Bank professionals who are promoting for increased use of ATM as a customer service channel. It was unfortunate that the victim of the physical attack within the premises of Corporation Bank ATM was a manager of the Bank itself. It was therefore an attack within the Bank’s premises of a Bank staff for which the Bank should take all the responsibility.

More Details

The fact that the lady remained bleeding inside the ATM for over 3 hours since the blood flowing out of the closed doors caught the attention of some school children speaks very poorly of the security situation.

It is time now for Banks to immediately close all un-guarded ATMs failing which the Police should close down such ATMs.

In the meantime a comprehensive security system has to be built for the continued use of ATMs irrespective of the costs that may be involved in the process. Such security system should include

a) Real time electronic surveillance

b) Automatic Alert generation on feed failure

c)Accountability for surveillance with a designated Bank official

d) Stronger authentication system both for entry into the premises as well as ATM usage.

I look forward to Mr Raghuram Rajan, the new Governor of RBI to start focusing on his  Bank Supervision responsibilities along with inflationary control.

I also warn some of the new Banking licensees such as the Shriram Group who have charted their plans on the increased use of technology to take note of the risks associated with unmanned banking and build in necessary security measures as part of their plans.

Naavi

Posted in Bank, Cyber Crime, RBI | Leave a comment

Cryptolocker Extortion.. How to protect?

Posted on November 19, 2013 by Vijayashankar Na

Of the many viruses that haunt us, the virus that encrypts our own files so that we have to pay a ransom to recover them is one of the most annoying. While this could be considered as a malware like any other and enter our system through the normal channels such as an infected attachment or an infected download etc., it is necessary to ensure that the usual anti virus software is supplemented with specialized tools if any protect ourselves.

Some information on such anti cryptolocker tools are available here.

More about cryptolocker

Sophos Cryptolocker removal tool

Naavi

Posted in Cyber Law | Leave a comment

Time to question safety of ATMs?

Posted on November 19, 2013 by Vijayashankar Na

So far we have been debating the cyber crime risks associated with ATMs and the need for Banks to assume responsibility. However today an incident in Bangalore has changed the perspective completely and throwing up basic questions on whether at all use of ATMs is safe for public?

For those who may not know, today morning around 7.30 am a lady who entered a Corporation Bank ATM in Bangalore to draw cash was followed by a person who closed the shutters, and attacked the lady with a sharp weapon and a pistol injuring her. He then non nonchalantly walked away. The lady is said to be out of danger but the incident has shaken up the ATM users and made ATM use completely unsafe.

Now it is necessary for customers to go to ATMs with their own arm guards since Banks cannot afford to appoint their own guards.

I demand the Governor of RBI to explain how he views this incident and what remedies he suggests. The responsibility for safeguarding Bank customers lies at the RBI Governor’s doors since RBI has been encouraging the policy of ATM use and discouraging customers from visiting Banks for cash withdrawals by charging the customers extra fees if they wish to visit the Banks.

Customers should stop using ATMs except within Branch premises to avoid such incidents.

I also suggest Bangalore police to take steps to close down any ATM which is not provided with a 24 hour guard by the Bank.

Naavi

Posted in Bank, RBI | Leave a comment

Naavi adresses at Mahajana, Mysore

Posted on November 18, 2013 by Vijayashankar Na

Naavi who is an alumni of Mahajana High School, Mysore addressed a group of Mahajana Alumni members and members of public on Saturday, the 16th November 2013 on Cyber Crimes and what public needs to do to protect themselves from Cyber Crimes.

A report in Deccan Herald, Mysore edition is available here.

Photo 1:

Photo 2:

 

Naavi

Posted in Cyber Crime | Leave a comment

Quick Action By Police Recovers Bank fraud proceeds

Posted on November 14, 2013 by Vijayashankar Na

Quick action by Police in Ahmedabad helped a Bank customer recover Rs 18 lakhs lost out of a phishing attack.

Refer Article in TOI

The incident highlights how quick action by Police and the Bank can reduce/eliminate the losses in such frauds.

Naavi

Posted in Cyber Law | Leave a comment

From CAPTCHA to GOTCHA?

Posted on November 10, 2013 by Vijayashankar Na

Internet  users are familiar with the CAPTCHA system of identifying website users where the users will be presented with a picture which is humanly readable but difficult for a machine to read. When CAPTCHA is used in this manner the website presents a CAPTCHA picture and asks the user to enter the word or number shown in the  CAPTCHA in another box. Since CAPTCHA cannot be read or identified by a machine it is believed that only humans will be able to pass through this CAPTCHA test.  In many cases CAPTCHA is used independent of a password just to prevent automatic robotic access.

CAPTCHA test can also be used after the password entry if the objective is to prevent a computerized log in after a password has been stolen by fraudsters. In such a case it becomes a second line of defense with the limited objective of preventing mass break ins.

In India,  some Banks use a picture as a second factor of identification at the time of log in. In this case after the user enters the password,  some picture is displayed which the user has to confirm as his preferred choice. However this system is being implemented very poorly (eg: Corporation Bank website) and does not seem to offer any additional security. It is also reported now that the system of CAPTCHA has now been completely broken and it is possible to run an algorithm which breaks the CAPTCHA with 90 to 97% success.

In order to replace the CAPTCHA system now a new system of GOTCHA ink blot test has been developed by a team in Carnegie Mellon university which is referred to as the “Ink blot test” which is being hailed as a significant improvement over CAPTCHA and is being recommended as a second factor authentication to fortify the password system. It is a a randomized puzzle generation protocol, which involves interaction between a computer and a human. In such a system, after the password entry is successful (or simultaneous to the password entry), the user is presented with a set of ink blot pictures along with some phrases associated with the ink blots. The user is required to match the pictures with the phrases. The ink blot pictures are randomly developed by the system when the password is created. The phrases are created by the user himself when he first selects the password and ink blot pictures are presented to him and associated with the pictures at his choice.

Though the system appears a bit complicated and could be considered as an irritant (as all security measures are) it would be welcome if it can improve the security of the system to some extent. Though the system in theory appears to be innovative, it is necessary to see how it would be adopted by an average Internet user. If he finds ti too cumbersome and face too many rejections the system may ultimately become unpopular unless the users device their own innovative methods to remember the patterns and the associated phrases.

Naavi

Related Article

Posted in Cyber Law | Leave a comment