Often we find in political circles that there is a wide spread corruption indulged by some while a few remain honest by themselves but fail to check the corrupt due to various compulsions. Many senior officials of RBI are typically in this state. They know that Banks are practicing insecure E Banking practices. They know that Banks are following security practices neither supported in law or in practice. They infact know that if properly challenged, every transaction of E Banking done in India through the use of Passwords and or Passwords with OTP or Passwords with RSA key token etc are not supported by the present Indian laws and donot constitute Banking.
RBI is also aware that in Banking the relationship between the Banker and Customer is that of “Debtor” and “Creditor” and hence whenever a customer’s money is robbed it is in fact the Bank’s money which is being robbed and except in the event of a collusion of the customer with the fraudster, the customer cannot be held liable. Yet Banks continue to claim that customers should shoulder the cyber fraud liability and vigorously defend their stand in courts.
RBI has so far remained a silent spectator in this whole game of bullying the hapless customer.
Some influential Banks including ICICI Bank and SBI have been associated with every recommendation of RBI on E Banking since 2000. They have tried time and again to get a policy statement from RBI that “Customer is responsible for Cyber Frauds”. They first tried this during the S R Mittal Group when the ICICI representative who was a member of the committee submitted a dissenting note. This was rejected by the committee which went on to confirm to the effect that “E Banking is only an extension of traditional banking in a new channel”. “All rights of a Bank customer in traditional banking will be retained during the E Banking”, “Banks should use Digital signature for authentication which is the only legal method of authentication”,”If Banks use any other system of authentication, they have to take the liability for cyber frauds”.”Banks have to obtain insurance against cyber frauds” etc. The present set of executives who drafted the discussion paper on “Disincentivisation of Cheques” seem to have cleverly feigned ignorance of the presence of the S R Mittal Group report which was followed by the RBI notification circular on June 14, 2001 called the “Internet Banking Guidelines”.
For example the discussion paper states in one place as follows:
“Customer Liability: another factor of equal importance which is very crucial in ensuring greater adoption of electronic payments relates to the matter about the responsibilities and obligations of customers as well as banks and service providers. For instance, in case of an unauthorised transaction taking place using a customer’s credentials, the customer needs to know to what extent he/she would be protected, what is the extent of liability to be borne by him/her and what is his/her obligation towards the bank/service provider. In the absence of such clarity, there would always be an apprehension that in case of any unauthorised transaction, the customer would have to ‘shoulder the loss’ while the bank/service provider may go away free.”
The ED in his speech at Trivandrum passed the following remark
“Under cheques, consumer protection is provided by the nature of the banker-customer contract, which is not imposed by either of the parties but has been historically defined by ‘practice’ as a series of common law cases (which is true in most countries). However, with the introduction of electronic funds transfer systems and also the entry of non-bank entities, many contractual terms and conditions began to be imposed on consumers who often ended up bearing all the losses for unauthorised transactions.” (Ed: Is he implying that the contractual terms can override the banking practice?)
I challenge the author of the discussion paper to come clean on what was his intention of making such a statement so as to plant a doubt in the minds of the customers that they “would have to shoulder the loss”. RBI is aware of the S. Umashankar Vs ICICI Bank verdict of the TN Adjudicator as well as the several decisions of the US Courts in this regard. It appears that there was a malicious intention in introducing this sentence in the report which also got reflected in the speech of the Executive Director Mr G Padmanabhan in the Banker’s Club Trivandrum recently.
Again when in 2011 the G.Gopoalakrishna Committee on E Banking security report gave its recommendations, the participating bankers namely ICICI Bank and SBI tried to get some statements included in the report to get the two factor authentication declared as sufficient security. it was only a sustained attack of Naavi.org which ensured that such illegal recommendations deservedly got removed in the final notification.
The authors of the discussion paper as well as the current ED ought to be aware of these developments and hence their statements appear to have been made with a deliberate intention to mislead the public.
We need to recognize these as unacceptable and condemn them. Whether these were deliberate in which case they become “Fraudulent” actions or they were the result of ignorance can only be proved by an internal enquiry at RBI. I trust some RTI activists will probe the process of evolution of this discussion paper to reveal if such a “Conspiracy” existed in the release of this discussion paper. It is for this reason that we need to know what was the consultation process adopted by RBI for release of this discussion paper and who were the stake holders contacted. Did they restrict their consultation process to only the beneficiary Banks such as ICICI Bank or SBI or HDFC bank or AXis Bank etc and a couple of friendly experts? or did they meet any Netizen activists. A prompt disclosure is required.