RBI’s conspiracy by silence

Posted on February 16, 2013 by Vijayashankar Na

Often we find in political circles that there is a wide spread corruption indulged by some while a few remain honest by themselves but fail to check the corrupt due to various compulsions. Many senior officials of RBI are typically in this state. They know that Banks are practicing insecure E Banking practices. They know that Banks are following security practices neither supported in law or in practice. They infact know that if properly challenged, every transaction of E Banking done in India through the use of Passwords and or Passwords with OTP or Passwords with RSA key token etc are not supported by the present Indian laws and donot constitute Banking.

RBI is also aware that in Banking the relationship between the Banker and Customer is that of “Debtor” and “Creditor” and hence whenever a customer’s money is robbed it is in fact the Bank’s money which is being robbed and except in the event of a collusion of the customer with the fraudster, the customer cannot be held liable. Yet Banks continue to claim that customers should shoulder the cyber fraud liability and vigorously defend their stand in courts.

RBI has so far remained a silent spectator in this whole game of bullying the hapless customer.

Some influential Banks including ICICI Bank and SBI have been associated with every recommendation of RBI on E Banking since 2000. They have tried time and again to get a policy statement from RBI that “Customer is responsible for Cyber Frauds”. They first tried this during the S R Mittal Group when the ICICI representative who was a member of the committee submitted a dissenting note. This was rejected by the committee which went on to confirm to the effect that “E Banking is only an extension of traditional banking in a new channel”. “All rights of a Bank customer in traditional banking will be retained during the E Banking”, “Banks should use Digital signature for authentication which is the only legal method of authentication”,”If Banks use any other system of authentication, they have to take the liability for cyber frauds”.”Banks have to obtain insurance against cyber frauds” etc. The present set of executives who drafted the discussion paper on “Disincentivisation of Cheques” seem to have cleverly feigned ignorance of the presence of the S R Mittal Group report which was followed by the RBI notification circular on June 14, 2001 called the “Internet Banking Guidelines”.
For example the discussion paper states in one place as follows:

“Customer Liability: another factor of equal importance which is very crucial in ensuring greater adoption of electronic payments relates to the matter about the responsibilities and obligations of customers as well as banks and service providers. For instance, in case of an unauthorised transaction taking place using a customer’s credentials, the customer needs to know to what extent he/she would be protected, what is the extent of liability to be borne by him/her and what is his/her obligation towards the bank/service provider. In the absence of such clarity, there would always be an apprehension that in case of any unauthorised transaction, the customer would have to ‘shoulder the loss’ while the bank/service provider may go away free.”

The ED in his speech at Trivandrum passed the following remark

Under cheques, consumer protection is provided by the nature of the banker-customer contract, which is not imposed by either of the parties but has been historically defined by ‘practice’ as a series of common law cases (which is true in most countries). However, with the introduction of electronic funds transfer systems and also the entry of non-bank entities, many contractual terms and conditions began to be imposed on consumers who often ended up bearing all the losses for unauthorised transactions.” (Ed: Is he implying that  the contractual terms can override the banking practice?)

I challenge the author of the discussion paper to come clean on what was his intention of making such a statement so as to plant a doubt in the minds of the customers that they “would have to shoulder the loss”. RBI is aware of the S. Umashankar Vs ICICI Bank verdict of the TN Adjudicator as well as the several decisions of the US Courts in this regard. It appears that there was a malicious intention in introducing this sentence in the report which also got reflected in the speech of the Executive Director Mr G Padmanabhan in the Banker’s Club Trivandrum recently.

Again when in 2011 the G.Gopoalakrishna Committee on E Banking security report gave its recommendations, the participating bankers namely ICICI Bank and SBI tried to get some statements included in the report to get the two factor authentication declared as sufficient security. it was only a sustained attack of Naavi.org which ensured that such illegal recommendations deservedly got removed in the final notification.

The authors of the discussion paper as well as the current ED ought to be aware of these developments and hence their statements appear to have been made with a deliberate intention to mislead the public.

We need to recognize these as unacceptable and condemn them. Whether these were deliberate in which case they become “Fraudulent” actions or they were the result of ignorance can only be proved by an internal enquiry at RBI. I trust some RTI activists will probe the process of evolution of this discussion paper to reveal if such a “Conspiracy” existed in the release of this discussion paper. It is for this reason that we need to know what was the consultation process adopted by RBI for release of this discussion paper and who were the stake holders contacted. Did they restrict their consultation process to only the beneficiary Banks such as ICICI Bank or SBI or HDFC bank or AXis Bank etc and a couple of friendly experts? or did they meet any Netizen activists. A prompt disclosure is required.

Related Articles:
Rs 10000 crores being robbed
Impact on SMEs
E D’s speech
Naavi’s response to the discussion paper
UK withdrawal of similar move
Discussion Paper

Naavi

Posted in Bank, Information Assurance, ITA 2008, RBI | Leave a comment

RBI set to rob Rs 10000 crores from Bank customers!

Posted on February 15, 2013 by Vijayashankar Na

The discussion paper on Disincentivisation of cheques  issued by RBI envisages charging bank customer for every cheque book issued by the Bank, every cheque issued by the customer and every cheque deposited by the customer for clearing. This means that each cheque will be charged at least 3 times. The number of cheque leaves issued will be charged around Rs 5 per cheque. The charges for issue of cheques could be around Rs 25 per cheque. Charges for collection could be at least another Rs 25/- per cheque or it could be higher.

This means that each cheque could earn a revenue of around Rs 50 to Rs 60 to the banking system.

Today it is estimated that around 3 crore cheques are presented in clearing each month in different clearing houses. Suppose we consider this as the volume of cheques in the system, this means that around Rs 165 crores will be collected as additional revenue each month by the Banking system on account of the proposed regulation. The annual robbing would therefore be around Rs 1980/-crores or nearly Rs 2000 crores !

To this we need to add the free float interest that Banks enjoy on the balances of the customers on which they donot pay interest and the usurious charges they levy on various services and it will be clear how RBI is letting the Bankers loot the Indian public.

If RBI says that this Rs 2000 crores can be avoided if all customers switch to E Banking then we need to also factor in Rs 8000 crores which is being annually robbed out of Indian bank customers by Cyber Criminals which is also set to raise at least by 100%. Additionally customers have to pay to the banks charges for lost debit cards, resetting of passwords etc which will be direct additional revenue for the Banks.

Thus the current move of RBI is set to rob Indian Bank customers about Rs 10000 crores to Rs 16000 crores per annum because of the direct charges on cheques and the indirect loss due to cyber crimes arising out of insecure E Banking systems supported by RBI.

I therefore urge the wise men in RBI at the top to completely reject the suggestions of the Payment and Settlement Department for disincentivisation of cheques and bring relief to the Bank customers.

Naavi

Posted in Bank, Cyber Crime, ITA 2008, Netizen's Forum, RBI | Leave a comment

A Note for the attention of SMEs- on Cheque Disincentivisation

Posted on February 15, 2013 by Vijayashankar Na

RBI Move on Cheques to hit SMEs hard

Reserve Bank of India (RBI) has issued a “Discussion Paper” on “Disincentivisation of issuance and usage of Cheques” on January 31, 2013 and invited public comments by February 28, 2013. Since the proposed changes have a significant impact on the business of SMEs there is a need for them to study the discussion paper and respond in time to prevent the adverse developments which cannot be reversed later. However the discussion paper is available only on the Internet and hence might have escaped the attention of the SMEs. This note tries to highlight some of the key aspects of the proposed changes so that SMEs can discuss the impact of the discussion paper on their business and take suitable action.

It is not a Discussion.. It is a Policy Change Notice

Though the said paper is called a “Discussion Paper”, it makes a “Policy statement” which will hurt SMEs and the Senior Citizens the most. Also though the paper talks of “Disincentivisation”, it is the first step towards abolition of the use of cheques and cash and a forced adoption of Internet Banking. If the policy comes through cheques are likely to be nearly abolished in a couple of years.

The Biggest Danger

There is an impression with some that it is stylish to use NEFT/RTGS for fund transfer and ATM cards for drawing cash. Credit cards are also a status symbol during shopping or dining. There is no denying the fact that E Banking has a great amount of convenience for the user particularly since most Bank transactions can also be conducted using the mobile. RBI is therefore using this fashion statement as a bait to withdraw Cash and Cheque transactions from the system. The discussion paper issued on January 31 is actually presented as a measure towards higher technology usage in Banking. It therefore speaks of incentivising E Banking transactions and simultaneously disincentivising cheque and cash transactions. However, those who move to E Banking will have to face the risks of cyber frauds about which they may not be familiar. This is the biggest danger in the proposed move of RBI to force the transformation of the industry from the current practices to the proposed E Banking practices.

What Disincentivisation means in practice

By “Dis incentivisation” RBI intends to levy penalties for usage of cheques. For example the discussion paper makes the following specific suggestions for current account holders.

1. As a first step, access to cheque books should be made costlier.. There should be no free cheque books given. The charges levied for cheque books issued to such customers may also be increased substantially so that it acts as a deterrent in comparison to alternate electronic payments
Comment: Note the language used. This is RBI talking as if it is an enemy of the current account holders.
2. Customers need to stop issuing cheques and make their payments through electronic means. Therefore, we may consider levying charges for cheques issued by current account holders and these charges may be higher than the corresponding charges if the payment were to be made electronically.
Comment: This would indicate that the charges per cheque leaf could be in the region of around Rs 5 per cheque leaf. If a customer takes a 100 leaf cheque book he may be charged Rs 500/-. This does not mean that there would not be other charges including the leger charges which are being levied even now.
3. In order to discourage them from accepting cheques from their customers, we may consider levying charges on them when they deposit cheques in their current accounts for collection. .
Comment: This means that even for local clearing cheques there may be collection charges levied by the Banks.
4. Cash deposits in current accounts need to be discouraged actively. Hence, it is proposed that steep charges should be levied on cash deposits / withdrawals by current account holders into/from their accounts.
Comment: SMEs cannot avoid cash receipts and payments since many of their transactions are for small amounts. Hence even small units will be having multiple cash deposits and withdrawals each day that cannot be avoided. Hence the cost of Banking will significantly increase.

Diversion of Management attention

In addition to substantial cost increase, the forced switch over from current cash and cheque based business transactions to internet based transactions will involve a major change of business process that would affect invoicing, purchase systems besides the cash management system.

Cheques have been also used by businessmen as instruments to deposit part payments or advances with a flexibility of replacement on a later day before encashment. Such flexibilities in payment management will no longer be available to the entrepreneurs in the new regime.

The Management (which often is the entrepreneur himself) has to therefore devote a substantial part of his time on addressing the business process reengineering and divert his attention from core business requirements.

General Problems

It must be noted that the entreprenerus will also be affected as Individuals along with their clients who will also be charged multiple times for the usage of cheques. For example, individuals will be charged three times for the cheques namely once when cheques leaves are issued and again when cheques are released to the beneficiaries and cheques are collected by the beneficiaries. If users think of shifting to cash, then Cash withdrawals and deposits will also be charged heavily.

When RBI itself uses the words such as “Heavy Charges may be levied”, “Steep Charges to be made” etc. we can expect Banks to freely charge a substantial packet from their customers. At the same time there is no guarantee that in the long run the charges on Internet Banking will not raise.

The logic of RBI is however that account holders need to move towards Internet Banking and ATMs. However ATM withdrawals are not for SMEs and they cannot avoid withdrawal of cash from time to time and also deposit of cash from time to time. Now each of such transactions would be charged based on the number and value of the transactions.

SME’s can forget the convenience of depositing the money after the cheque is presented in the Bank. This means that the working capital requirement of the firms will go up steeply. For example, if payments are to be made to outstation parties today there would be a working capital in the form of cheques issued but not presented. Now this working capital has to be brought in cash.

Many users used to issue Post dated cheques to their suppliers. They need to be replaced with value dated instructions for transfer. The flexibility which was available now for payment will vanish.

Cyber Fraud Liabilities

The biggest problem however is that Internet Banking is a night mare of risks. Cyber Frauds are much more common than cheque frauds. Laws addressing Cheque frauds are well developed and strong. Laws related to frauds in Internet Banking are not well developed and provide plenty of opportunities for Banks to shift liabilities to the customer.

Many Banks are using this opportunity to get RBI declare that Cyber fraud liabilities have to be shifted to Customers. In other words, apart from using the unsafe banking presented by Banks, customers have to also take on the liability. When Internet Banking was first introduced, in 2001, RBI had indicated that Cyber fraud liabilities should be borne by Banks and this was endorsed even in 2011 first by a committee on E Banking security and then by a committee on customer service. However, this discussion paper tries to introduce an element of doubt in the minds of the customers as if they may be held liable for such frauds.

If cheques are removed from the system, Banking law and practice which for generations protected account holders against forgery may be weakened. In course of time Bankers will completely shift the liabilities of cyber frauds on the customers.

As an information security practitioner, I am aware and so are the Banks that the current Internet Banking systems are easily susceptible to frauds and instances of upto 1 and 1.5 crores having been withdrawn in minutes from the bank accounts by hackers is common.

Normally such frauds occur through theft of passwords. But there are many other ways by which fraudsters break into bank accounts and unless the users are themselves Information security specialists, the risk is beyond their capacity to handle.

If additionally any entrepreneur shares his password with an employee, he will be signing his own death warrant. There will be cases of Bank employees colluding with employees of the customers and swindling bank funds once the liability issue is settled in favour of the Banks.

In view of the above, the proposed move of RBI to disincentivise cheques presents a grave risk to SMEs in particular and other persons who are not IT savvy.
UK has withdrawn similar suggestions

In UK, a similar proposal was made earlier but after a public outcry, it was withdrawn. Also the Government gave a public assurance that cheques will continue as long as people want it. We in India have to also strongly protest this move now. If we donot strongly oppose the move, Cheques will vanish into oblivion in a couple of years landing all the traditional current account customers in deep turmoil.
It may be noted that the discussion paper was released on the Internet and responses have been invited on e-mail. If any of us are capable of locating the discussion paper in the RBI website, read it, understand it and then send the email reply, probably we are already Internet Banking capable persons. But a large number of us who may be the real victims of this push to E Banking may neither know that the discussion paper exists nor that a response needs to be sent now before a dead line. (28th February 2013). Since this provision affects non Internet users, RBI should have issued news paper announcements of their intentions and held interactions with the industry, chambers of commerce and public. It appears that like “Fixing a Market Survey”, RBI is trying to restrict the access to the paper only to those who statistically are less likely to oppose the move. This by itself indicates the hidden agenda of those responsible for the issue of the discussion paper.

Need of the hour

In the interest of general bank users it is therefore necessary to create an awareness of the RBI move to all the stake holders so that they may debate the pros and cons of the suggestion and lodge their comments before a final decision is taken by RBI.

There is also a need to alert the traditional media such as news papers and TV so that common men are made aware of what is coming up. It is also necessary to elicit the support of informed MPs to take up the matter with the Finance Ministry so that the move towards “Disincetivisation of cheques” is dropped completely.

I have already submitted my comments to RBI and now invite more members from the public as well as the industry associations to lodge their opposition to the move. A copy of the comments submitted by me as well as a more detailed analysis of the discussion paper is available at www.naavi.org.

Further clarification if required can be provided on request.

Regards

Yours sincerely

Na.Vijayashankar

Posted in Bank, Cyber Crime, RBI | Leave a comment

Executive Director RBI calls for Round Table for discussion on Cyber Fraud liability

Posted on February 14, 2013 by Vijayashankar Na

On January 2, 2013,  Mr G.Padmanabhan, (GP) Executive Director of RBI gave a keynote address in Banker’s club Trivandrum where he has echoed some of the arguments used in the discussion paper on disincentivisation of cheques which was later released on January 31, 2013.

Mr GP has spoken about the “efficiency” of the electronic payment systems as compared to cheques but has failed to recognize that the definition of “Banking” is integrated with the use of cheques. If Cheques are being discouraged through a policy of RBI, it is against the charter of RBI. It is better if Mr GP considers the impact of the policy in the light of what Section 5(b) of the Banking Regulation Act states.

Mr GP has also failed to recognize the higher risks of E Banking, the emergence of global cyber crime syndicates, huge credit card cloning industry, Exclusive malwares that target POS systems and browser systems which make the system “Unsafe”.

Mr GP also talks of the UK Payment Council but is silent of the withdrawal of a similar move promoted by the Payment Council in UK. I would like to draw his attention to the words of Mr Mark Hoban, the Financial Secretary to the Treasury who said “cheques would not be scrapped until a suitable alternative is found” …“This is a victory for those who continue to rely on this trusted form of payment – including charities, the elderly and small businesses.It would have been irresponsible for banks to abolish the cheque before a credible and coherent alternative had been developed…..”“Banks must now stop discouraging customers from using cheques. I remain concerned that the Payments Council, an industry-dominated body with no proper accountability, holds the future of cheques in its hands.”

It appears that Mr GP was indulging in selective misinformation during this speech. This is not a one off mistake from Mr Padmanabhan as we can observe further.

He says “Even globally, it can be said that the need for and the discussion about consumer protection in electronic payments is a relatively new phenomenon as compared to cheques.” forgetting that the S.R. Mittal Group way back in June 2001 clearly stated that the rights of the consumer as it exists before the introduction of Internet Banking will continue. This was also endorsed by the G Gopalkrishna Working group on E Banking Security in 2011.

While speaking on the ATMs, Mr Padmanabhan has remained silent of Mr Damodaran Committee on Customer Service and its recommendations.

Mr GP has also made some uncharacteristic and irresponsible comments on the customer liability in electronic transactions. He has referred to the US Regulation E without mentioning unequivocally that the regulation places a ceiling on E Banking fraud liability on customers. He has however called for further discussions in a Round Table on this subject. If ever such a discussion takes place, we need to see if it would be a fair discussion or would be a manipulated discussion with select supporters of the RBI’s idea being drummed up.

After all we cannot miss the point that the Discussion paper on Disincentivising cheques was released only in the Internet so that only those who really have not much of a technical barrier in using E Banking will read and respond. This is like a “fixed” market survey. We are also aware that there is a strong lobbying force in RBI where committee compositions are determined by known loyalties and targeted outcomes. Some prominent Bankers are experts in getting into RBI committees and push their personal agenda in RBI’s policies. A similar attempt may be made even in the round table suggestion.

I therefore suggest that  RBI should release the discussion paper to all Consumer organizations in India and invite at least 3 or 4 consumer organizations to the round table.  The discussions should be held in multiple locations so that local consumer organizations could participate. Information Security experts who can point out the security holes in the current E Banking systems and  exposing the flaws in  the argument of “E-Banking being more efficient”. Media also should be invited for such a round table.  Then we may have a reasonable discussion.

Naavi.org invites RBI to hold such a round table in Bangalore and invite some of the members of the Information Security team that Naavi.org can put together.

In conclusion one can say that Mr Padmanabhan’s speech is very disappointing as it indicates an anti consumer streak in the Executive Director. The current push to move the customers forcefully from paper and cash based Banking to Electronic transactions completely ignores the needs of the large section of population which is illiterate. It only seems to be agenda beneficial to the profiteering desire of Commercial Banks and the commercial interests of plastic card suppliers.

It is necessary for Mr Padmanabhan to clarify his position in the light of comments made on this site and in the note sent to RBI by the undersigned. I also note that his speech was prepared with the assistance of the following officers of RBI namely Smt C S Kar, Saswat Mahapatra, Shri G Mahalingam, S Ganeshkumar, A Madhavan and Smt Radha Somakumar who may also be the persons responsible for projecting Mr Padmanabhan as an anti customer executive.

Copy of the speech : Copy of Discussion paper:  Copy of Naavi’s Response to discussion paper : Other comments on naavi.org

Naavi

Posted in Bank, Cyber Crime, Cyber Law, Netizen's Forum, RBI | Leave a comment

Naavi.org Response to RBI Discussion Paper on Disincentivisation of Cheques

Posted on February 14, 2013 by Vijayashankar Na

Naavi.org has finalized its first response to the RBI discussion paper on Disincentivisation of cheques released by RBI on 31st January 2013.

A Copy of the response is available here :  

http://www.naavi.org/cl_editorial_13/rbi_discussion_cheques_ds.pdf

Public comments can be sent upto 28th February 2013 through email here: chequeusage@rbi.org.in

Copy of the discussion paper is available here

Earlier posts at Naavi.org so far are available here:

1.  2  3  4  5.  6  7  8  9  10

I urge public to go through the notes and send their own comments to RBI.

It is to be noted that the discussion is aimed at withdrawing some banking facilities to people who are presently not on the Internet banking system. Such people may not even see the discussion note. So far only a few business news papers have carried the news about this proposal. Language news papers and TV media are yet to bring this to the notice of the public.

People who view this note should remember that I and you may not be very much adversely affected by the notification. But there are senior citizens, pensioners, villagers and many many small enterprises, traders, professionals etc who need to know what RBI is up to and how their current right to Bank with cash and cheque are being affected by the proposals.

I therefore request all of you to pass on this information to others who are not likely to have noticed this discussion papers.

Please inform consumer organizations, your friends in the press and ask them to highlight the issue.

If you know any parliamentarians, please draw their attention.

Remember that a similar attempt in UK was withdrawn after the public raised their objection. The Government of UK has given a public assurance that Cheques will be continued as long as customers want.

The issue here is not to discourage electronic banking. But today E-Banking has too many risks. Cyber Frauds are on the increase. US has provided statutory limitation of customer liability for cyber frauds at US$50. In India RBI has asked Banks to obtain insurance and bear the liability themselves. However in this discussion paper there is an attempt to put words in the mouth of RBI as if cyber fraud losses are to be borne by the customers. This is the mischief some of the Banks who have high incidence of Cyber frauds are playing on the general public.

There is a lot RBI needs to do to shore up E Banking security. Even the measures already suggested by them have been ignored by most Banks. There is a crisis of regulatory control for RBI against the Banks. The Damodaran Committee report on Customer Service which was customer friendly has not been notified. In its place this highly anti consumer proposal is being put up.

Advocates who are public spirited need to take up the issue through PIL in Supreme Court since the tenor of the discussion paper is against the basic character of Banking in law and is beyond the powers of RBI to tamper with.

Naavi will continue to post further clarifications and opinions on this matter on the website but what matters is action on the physical space. Please contribute your might to the same. This is a challenge of how an assault on physical space mounted from cyber space will be countered bu the community.

Naavi

Posted in Bank, Cyber Crime, Cyber Law, Information Assurance, Netizen's Forum, Privacy, RBI, Uncategorized | 3 Comments

Message sent to RBI through the website of RBI

Posted on February 14, 2013 by Vijayashankar Na

I refer to the discussion paper on “Disincentivisation of the issue and usage of cheques” by RBI through the Payment and Settlement Department on January 31, 2013 for which public are expected to send their response.

The matter is of serious concern to banking customers who are not aware of Internet Banking and who donot use Internet. It is therefore unthinkable that they will be able to read the discussion paper and respond. If you get any response it will only be from people who are otherwise net savvy and donot have practical issues in accessing E Banking whose promotion is the sole objective of the discussion paper.
This is an attempt to manipulate the public opinion and any decision arrived at against the interest of cheque users in Bans based on this discussion paper will be unfair, unethical and fraudulent.

While I maintain that the whole exercise needs to be withdrawn, in the interest of fair process, it is necessary for RBI to first release the notification in news papers in different languages, display it in branches, issue free copies through branches to all cheque book users and colelct responses through mail and through branches before any decision can be arrived at.

I request RBI to immediately make arrangements for the same and also extend the last date for submission of comments by public.

I expect a reply to this objection to my email ID.

Naavi of Naavi.org

P.S: The above complaint sent through RBI website appears to have bounced. So much for the technology usage at RBI end. The website does not provide proper response mechanism and does not provide a “Grievance Officer”‘s email address for easy communication. An attempt will be made again to send the message later.

Posted in Uncategorized | Leave a comment