Rs 1 Crore lost by executive in Mumbai Bank fraud

Posted on February 2, 2013 by Vijayashankar Na

In one of the larger Bank frauds of recent times, an executive in Mumbai has lost Rs 1 crore through a series of fraudulent transactions in his Bank account. The transactions occurred through 12 RTGS debits within a space of 45 minutes indicating a total failure of the Bank’s security warning system.

The Bank involved is Yes Bank.

As it always happens the victim is now running around the Police where as it is the Bank which should run around the Police. The victim is entitled to be fully reimbursed of his losses by the Bank immediately and it is the Bank which has to file a police complaint and pursue its recovery.

Details  in TOI

It must be pointed out that the Damodaran Committee on Customer Services set up by RBI had recommended that Customers should be provided complete control on fixing daily limits on such transactions as well as a freedom to switch on and off the Internet banking facility. It had also clearly defined the bank’s liabilities in such cases and the need to immediately reimburse the losses to the customers.

Unfortunately, powerful Bankers such as SBI and ICICI Bank have used their influence in the Indian Banking Association and prevented RBI from implementing the recommendations of the Damodaran Committee.

RBI has not shown the courage to ignore the objections of IBA and go ahead with the Damodaran Committee recommendations.

If therefore this case is taken to a  Court, I would advise IBA to be made a party to the suit along with RBI.

Naavi

Naavi

Posted in Bank, Cyber Crime, Information Assurance | Leave a comment

Mumbai Consumer Court awards compensation in ATM fraud case

Posted on February 2, 2013 by Vijayashankar Na

Maharashtra State Consumer Disputes Redressal Commission ordered Citibank to pay Rs 9.44 lakh to a man, after Rs 6 lakh wasfraudulently withdrawn from his account with an ATM card which he did not even possess.

In December 2006,Ratilal Israni a SB Account holder in Citi Bank noticed that between November 22, 2006 and December 5, 2006, Rs 6 lakh was shown as withdrawn using an ATM card. Israni contended that he never had an ATM card relating to his saving bank account. Israni alleged that it was a fraudulent act on the part of the bank officials to debit the account for the amount claimed to be withdrawn by using an ATM card.

Details in TOI

Posted in Bank, Cyber Crime, Uncategorized | Leave a comment

PCI Guidelines for E Commerce websites

Posted on February 1, 2013 by Vijayashankar Na

On Jan. 31, the Payment Card Industry Security Standards Council issued its PCI DSS E-commerce Guidelines Information Supplement, a set of guidelines for e-commerce security. The guidelines relate to online infrastructures and how merchants work with third-party providers.

The guidance offers a checklist of security recommendations and reminders. The guidance reviews how merchants can work with third parties to address those risks and provides a checklist for easy-to-fix vulnerabilities.

It is observed that Merchants may develop their own e-commerce payment softwar or use a third-party developed solution,
or use a combination of both. Merchants may also use a variety of technologies to implement e-commerce functionality, including
payment-processing applications, application-programming interfaces (APIs), inline frames (iFrames), or hosted payment pages. Merchants may also choose to maintain different levels of control and responsibility for managing the supporting information technology infrastructure like for example, choosing to manage all networks and servers in house or outsource the management of all systems and infrastructure to hosting providers and/or e-commerce payment processors, or use a combination.

The guidelines provide that

1. No option completely removes a merchant’s PCI DSS responsibilities. Regardless of the extent of outsourcing to third parties, the merchant retains responsibility for ensuring that payment card data is protected.

2. Connections and redirections between the merchant and the third party can be compromised, and the merchant should monitor its systems to ensure that no unexpected changes have occurred and that the integrity of the connection/redirection is maintained.

3. E-commerce payment applications such as shopping carts should be validated according to PA-DSS,and confirmed to be included on PCI SSC’s list of Validated Payment Applications. For in-house developed e-commerce applications, PA-DSS should be used as a best practice during development.

4. Third-party relationships and the PCI DSS responsibilities of the merchant and each third party should be clearly documented in a contract or service-level agreement to ensure that each party understands and implements the appropriate PCI DSS controls.

A high level check list has also been provided to assist the Merchants regarding compliance requirements.

A Copy of the guidelines are available here.

Naavi

Posted in Information Assurance, Uncategorized | Leave a comment

Vishwaroopam Episode and Free Speech Rights in India

Posted on February 1, 2013 by Vijayashankar Na

During the last few days, discussions about Vishwaroopam, the movie has occupied the Indian media and have opened up debates on Free Speech as well as the Responsibility of the Police and State Governments as well as the power of Muslim fringe groups to dictate political will.

To record the facts, a well known artist in India by name Kamala Hasan produced a big budget movie called “Vishwaroopam” in Tamil, Telugu, Hindi and English languages. The subject of the story is “Terrorism” and appears to cover the Alquaida type of terrorism. The film has been already released in Los Angeles and was set to be released in India in multiple centers when it hit a controversy as to the contents being objectionable to the Muslim community. Presently it is running in some places but is yet to be released in Tamil Nadu the home state of Mr Kamala Hasan.

The film was set to create history by being the first film to have a premier release in the DTH as Mr Kamala Hasan had planned to release it through DTH channels a day before it was to hit the theaters. This was first objected to by the theater owners and hence did not materialize. In the meantime Mr Hasan invited a group of Muslim organization representatives and showed the film to them which Mr Hasan now claims was with a desire to use their references for the promotion of the film. The move backfired or appears to have backfired as it developed into an action by the Tamil Nadu Government which blocked the release of the film all over the State. The matter went to the High Court and after the Judge made a strange suggestion that Kamala Hasan should negotiate with the Government for a settlement, it was followed by the judgement ordering that the movie can be released as it had already been cleared by the statutory Censor Board. Th Government immediately went on appeal and a full bench of the High Court stayed the judgement of the single judge and ensured that the movie is still in cold storage in Tamil Nadu.

Pained by the developments, Mr Kamala Hasan announced in a press conference that he was considering shifting out of Tamil Nadu which was not a “Secular State” and if he cannot find any other State in India where an artist could live peacefully, he would shift out of India. This statement branded Tamil Nadu as a State which was not secular and did not support artistic freedom.

Some also alleged that the stand of the Government was dictated by the refusal of Mr Kamal to provide rights of the film for a TV channel which is believed to be controlled by the Chief Minister.

Stung by the implications, the Chief Minister of Tamil Nadu, Ms J Jayalalitha held her own press conference stating inter alia that Mr Kamal wanted to release the film in 500 theaters and according to the intelligence reports, there was a possibility of Muslim groups opposing the release and the State did not have enough police personnel to be deployed in all the locations to curb possible violence and hence they had taken a stand to stop the release. She also denied that there was any consideration as alleged about TV rights in the decision. She also passed wry remarks on Mr Kamala Hasan allegedly having spoken in support of a “Wasti-clad Prime Minister” (A reference implying his preference of Mr P.Chidambaram- who is a political rival of the Chief Minister, to be considered for Prime Minister ship). She also passed some uncharecteristic remarks that Mr Kamal was unwise in taking up a large budget film at the age of 60.

Mr Kamal who initially contemplated going to Supreme Court challenging the High Court decision has now announced that he would wait and negotiate with the Muslim groups. He refrained from taking a stand against the Chief Minsiter and appeared to be diplomatically submissive. In between these controversies, pirated copies of the film appeared on the Internet and were quickly blocked.

The episode is a sad reflection of the state of Indian democracy and the status of “Freedom of Expression”. The fact is that our democracy is critically dependent on “Appeasement of the Minorities” and even persons like Ms Jayalalitha who was hitherto suspected to belong to the BJP camp and strong in administration has now shown that the policies of the Indian government authorities in both the State and the Center are guided only by the electoral considerations. If they see a group that consitutes a potential vote bank, they will do whatever is necessary to attract them whether it is unethical or illegal. The TN State Government expressing its inability to maintain law and order against a threat perception is also a development which raises a question of what is the responsibility of a Government in administration. In the current episode, after the initial singe judge verdict there was no justification for the TN Government to go on appeal abdicating its Governance responsibilities.

TN Government has by its action given a new undesirable guideline to other State Governments to take similar stand in future. I would not be surprised if Karnataka Government puts up the same argument namely- “We anticipate public unrest. We donot have adequate police machinery to handle the situation” when TN raises the Cauvery issue in future.

The incident has also exposed the weak belly of the Indian political system and if a strong leader like Jayalaitha can succumb to the temptation of Vote Bank politics, the possibility of other leaders standing up for principles is remote. There is also a possibility that Ms Jayalaitha would have sensed the opportunity to play politics, first imagined and then ignited a religious opposition where there was none to get political milege. This sort of intelligent manipulation of an event for a political advantage is the hallmark of current day politicians in India.

If a reputed person like Mr Kamal considers surrendering to the whims and fancies of fundamental muslim elements and or scheming politicians, then others stand no chance. By opting not to go to Supreme Court, Mr Kamal has prevented the only opportunity that was there to salvage the reputation of the system to come in support of Free Speech. Free Speech in India is therefore dead and gone. If the matter had been referred to the Supreme Court and it had dismissed the opposition with a guideline on the State’s responsibilities in similar situations, we could have seen a positive outcome of an ugly incident. But this has not happenned.

If this is the situation in the physical space in India, we can expect the Cyber Space to be no better.Today it is about speech that hurts the Muslim sentiments. Tomorrow it could be other reasons. Ultimately we can only speak in cyber space or physical space in “Diplomatic language” and nothing else.

If therefore Netizens need to survive in the Cyber Space of India with self respect, they need to organize themselves in Cyber Space without getting divided by language, caste and community and form a cohesive group which represents a significant voting strength in any future elections. An opportunity to forge such an organization is being debated separately in www.aifon.org.in and I invite interested persons to participate in the discussion.

Naavi

Related Article

Related Article2:

Posted in Netizen's Forum, Uncategorized | Leave a comment

Internet Censorship drives business out of India

Posted on January 29, 2013 by Vijayashankar Na

The Twitter Transparency Report is reported to have indicated that during the last 6 months of 2012, Twitter received two requests covering 16 accounts demanding for removal of content. One of the requests was from a Court and the other from the Government. Twitter also received 10 requests (from officials) for user information during the period. Twitter has refused all requests since they were deficient in information.

According to the Twitter report, the website received 42 requests to remove content or accounts worldwide in the last two quarters compared to just 6 in the first half of 2012. The number of requests seeking information about users was also up. In last six months Twitter received 1009 such requests compared to 849 in the first half of 2012. The number of copyright notices was, however, down from 3378 to 3268.

The website received highest number of censor requests from France that targeted 40 accounts. United Kingdom was second as it targeted 25 accounts while Brazil, which targeted 22 accounts, was third. India was fourth. In terms of number of requests, Brazil topped the list with 16 requests.

It appears that the failure to get the content removed had prompted the Indian Government to consider blocking of the Twitter accounts through the ISPs. Obviously this report does not refer to the action taken by the Police in arresting Twitter users for objectionable content.

The report provides a clear indication that worldwide the Governments are moving towards Internet Censorship. It is for the Netizens to recognize the trend and organize themselves to meet this assault on their freedom.

The Twitter’s refusal to provide information easily to Government will be seen as a strength by the Internet freedom lovers and is bound to enhance its popularity.  While many entrepreneurs in India are trying to set up business competing with Twitter or Facebook, their success will depend on their attitude to “Privacy”.

In the absence of a “Privacy Act’, at present Indian entrepreneurs need to follow the prescriptions under ITA 2008. When a proper notice is received under ITA 2008, the website which is considered an “Intermediary” has to take action to either release the account holder’s information or remove the content. Otherwise they face the prospect of being held criminally liable.

We may also recall that in the recent Headlines Today interview, Mr Kapil Sibal made a mild threat that he may introduce a law to make user identity disclosure compulsory for Twitter type accounts. Given the propensity of the Indian Police to misuse law, User’s may therefore feel unsafe to use Indian micro blogging websites or Indian social networking websites. This attitude is likely to shift Social Networking and Micro Blogging website business out of India to countries where “Privacy Standards” are strong. This is an adverse impact of the current Government policy.

In this context the call for an All India Forum of Netizens (www.aifon.org.in) becomes even more relevant.

Naavi

Posted in Cyber Law, Netizen's Forum | Leave a comment

HIPAA-HITECH Act Data Breach Audit

Posted on January 29, 2013 by Vijayashankar Na

The Final Rule on HIPAA-HITECH Act released by HHS after a prolonged public discussion makes some changes in the way the Data Breach notification needs to be handled by Covered Entities and Business Associates.

The key points of the Final Rule are as follows:

1. Breach notification is not required under the final rule if a covered entity or business associate, as applicable, demonstrates through a risk assessment that there is a low probability that the protected health information has been compromised, rather than demonstrate that there is no significant harm to the individual as was provided under the interim final rule.

2. The onus of proving that an “Impermissible use or disclosure” of PHI is not a “breach” lies with the covered entity. In other words, all impermissible uses are “breaches” unless the entity “Demonstrates” that there is a low probability that the PHI has been compromised.

This essentially means that whenever an “Impermissible” use or disclosure is observed, the entity should initiate a “Data Breach Audit” process and document if the impermissible use is in fact a “Breach”. Such a “Data Breach Audit” will determine if there has been a breach and whether the probability of compromise is significant.

Naavi

Posted in HIPAA, Privacy | Leave a comment