Phishing Frauds and Customer Liability

Posted on February 11, 2013 by Vijayashankar Na

Here is an interesting paper about how in US and EU, losses arising out of password thefts such as Phishing are not borne by the customers. RBI needs to take special note of this.

In particular I would like to draw attention to the following part of the paper.

QUOTE:

“In the US, Regulation E of the Federal Reserve limits consumer liability, in the event of fraud, to $50 (this is separate from the $50 limit for credit-card fraud, Regulation CC) and covers any electronic transfer that is initiated through an electronic terminal, telephone, computer or magnetic tape.”

In the US banks, brokerages, and credit unions are governed by this regulation and most go beyond it and o ffer a zero liability policy to consumers. Bank of America,for example,guarantees zero liability for any unauthorized activity originating from Online Banking or Bill Pay.” Wells Fargo says “We guarantee that you will be covered for 100 percent of funds removed from your Wells Fargo accounts in the unlikely event that someone you haven’t authorized removes those funds through our Online Services.” Fidelity “will reimburse your Fidelityaccount for any losses due to unauthorized activity” and “under HSBC’s $0 Liability, Online Guarantee, you’re covered 100% and liable for $0.”

Even non-traditional financial institutions off er this guarantee. For example in its Dec. 2009 10-K fi ling eBay states: “PayPal currently voluntarily reimburses consumers for all financial losses from transactions not authorized by the consumer, not just losses above $50.”

Thus, in the US, individual consumers are largely insulated from the direct fi nancial consequences of credential theft” .

UNQUOTE

It is time RBI takes note of these and introduces similar policies in India also.

Naavi

Posted in Bank, Cyber Crime, Cyber Law, Information Assurance | Leave a comment

Internet Censorship-Case In Kerala posted for hearing

Posted on February 11, 2013 by Vijayashankar Na

The public interest litigation on Internet censorship filed in Kerala High court by an advocate Shojan Jacob is expected to be heard in the Keral High Court shortly. The petition which has highlighted the Section 79 rules under which arbitrary take down notices were being issued by private citizens and honoured by intermediaries also attracted the attention of the music industry which has impleded itself into the suit. details

Naavi

Posted in Cyber Law, ITA 2008, Uncategorized | Leave a comment

Usage of Cheques are being disincentivised

Posted on February 11, 2013 by Vijayashankar Na

Reserve Bank of India has released a discussion paper on a plan to disincentivise usage of cheques. Public have been asked to send their comments before February 28, 2012.

Disincentivisation of cheques automatically means greater push to the electronic banking along with the attendant risks.

It is our observation that the risks in Electronic Banking in India have not so far been adequately addressed by Banks and even the efforts of RBI in this regard have failed to yield results.

The Damodaran Committee report has not been notified and the GGWG report is yet to be fully implemented by the Banks.

We therefore feel that the time is not ripe to push Indian Bank customers towards a forced adoption of E Banking. This may lead to higher risks in Banking and the responsibility for further endangering the Indian Banking system will be on RBI.

Public comments for the discussion paper are to be submitted before February 28, 2013.

Naavi.org will be submitting its own response separately.

We urge public to also submit their response on whether the use of cheques need to be disincentivised by positive action or be left to market forces.

Copy of the discussion paper is available here

Comments may be emailed here: chequeusage@rbi.org.in

Related Article  

Naavi

Posted in Bank, Cyber Crime | Leave a comment

Facebook Risks

Posted on February 9, 2013 by Vijayashankar Na

Here is a list of Facebook related malware and risks and guidelines for security.

Refer article in infosecinstitute

Posted in Uncategorized | Leave a comment

Privacy Protected Zones Required

Posted on February 9, 2013 by Vijayashankar Na

While discussing any legislation affecting Cyber Space, we discuss “Privacy” and “Data Protection” as important aspects for consideration. In India we are presently banking on ITA 2000/8 for “Data Protection”  and “Constitutional Rights” for “Privacy Protection”. ITA 2000/8 can indirectly provide some relief for privacy breach from electronic space under sections such as 43A ,72 and 72A.

However the “Data Privacy Bill” is yet to be passed and hence statutory protection is still not available to the citizens of India for privacy protection beyond the principles established by earlier Supreme Court decisions as part of the constitutional rights.

Further some of the recent developments on Section 66A and the actions taken by police indicate that provisions of ITA 2000/8 are likely to be misapplied from time to time by uninformed police who may also be motivated by other considerations such as political influence.

These twin aspects of “Lack of Privacy Law” and “Mis use of law” when applied to the corporate scenario present “Risks” which cannot be properly assessed,mitigated, absorbed or transferred. They remain as uncovered risks of business and could badly hurt any business.

While Indian companies have to live with such bad implementation of law, in the context of attracting international investments into IT in India, these risks are considered huge barriers that may put off most of the international operators intending to invest in India.

In the global scenario, “Cloud Computing” is on a growth path and either as part of such “Cloud Computing” initiatives or as an increased attention to the DRP requirements the need for “Secured Data Centers” in India have been growing. This also offers an opportunity for international players to invest in huge data center facilities in India at least in some states where “quality power” is not an issue. This is also an opportunity for Indian companies to operate Data Centers as a part of “Service Exports”.

However the lack of “Privacy Protection” coupled with the enormous administrative powers that ITA 2000/8 bestows on lower echelons of bureaucracy  and law enforcement make it difficult for reputed international players to seriously consider India as an offshore destination for their data center projects.

In this context we would like to place a suggestion before the community if it is time to set up designated “Privacy Protection Zones” where units will be provided privacy protection on par with the best global practices such as EU. In these zones special IT laws will be applicable which can be drafted specifically as “Special Cyber Space Laws”. Alternatively a “Privacy Protection Law” exclusively applicable to such zones can be drafted to work in conjunction with but overriding ITA 2000/8.

This being a high level policy decision, needs to be part of large consultative process. Naavi.org invites public comments on the proposal.

Naavi

Posted in Cyber Law, Privacy | Leave a comment

Letter sent to Chief Minister of Karnataka on Cyber initiatives

Posted on February 9, 2013 by Vijayashankar Na

Following up on the earlier initiatives, an email letter has been sent to  Chief Minister of Karnataka reiterating the needs of the Netizens of Karnataka,under copies to the Minister of Law and Parliamentary affairs and the Secretaries of IT and law departments as well as the Chief secretary of the state.

All India Forum of Netizens (AIFON) will continue to follow up on this matter in the interest of the citizens and Netizens of Karnataka.

One of the objectives of AIFON is to mobilize a consolidated response of the Netizen community during elections so that our voices will be heard.

At present AIFON is in the initial days of formation and hope to make a difference to the society in due course.

Details of the letter sent are available here:

Naavi

Posted in Uncategorized | Leave a comment