RBI is impotent.

The hard hitting articles on this website on E Banking insecurity and therefore an assertive opposition to the current RBI move to hard push customers from cheque disincentivsation measures towards E Banking may annoy some of the technology followers both within RBI and outside. They may think that we are only trying to object what should be a normal technology development.

But it must be remembered that in advanced countries such as US technology is being encouraged along with security initiatives on the part of the Banks. It is only in India that this is not happenning in the right measures. Naavi.org has time and again acknowledged that GGWG recommendations as well as the Damodaran Committee recommendations are good and show case the intentions of RBI to protect customer’s interests. But what is lacking with RBI is the ability to implement its own recommendations against the objections from the commercial world.

For this impotence, RBI needs to be criticised.

I am enclosing a white paper on E Banking security which documents some of the threats that Bank customers face today in the Internet Banking scenario. There are more threats in the ATM transactions that this white paper does not cover. The FFIEC has also issued its own authentication guidelines for Banks to follow. The regulation E also limits customer’s liability for Cyber Frauds to US $50/-

In India we have the ITA 2008 which recommends Digital Signatures. We have the law as well as RBI guideline that Bank alone is liable for Cyber frauds. But yet there are backdoor attempts to give a misleading picture to the public that cyber fraud liability is that of the customer. RBI places reliance on ISO 27001 audit certificates as if it is a panacea for all E Banking security issues. This shows gross ignorance of the Cyber Security scenario and needs to be corrected quickly.

We need RBI to ensure that its own guidelines of the past are promptly implemented and if not it should take strict disciplinary action against the Chair persons of the concerned banks including their removal from the responsibility.

Will they respond ?

White paper on E Banking security

 FFIEC authentication guidelines

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law, ITA 2008, RBI. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.