Securing customers’ personal information during online transactions is one of the top priorities of banks. However, the fast-paced digitalisation happening in India has raised some serious concerns due to the existing gaps in online security infrastructure, laws and low level of digital literacy, writes Akash Tomer of Elets News Network (ENN).
With demonetisation advancing the advent of digital age in India by several months, if not years, it is pertinent to revisit our preparedness to handle the online security challenges that are entailed. Besides the inadequate online security infrastructure currently in place, issues like poor digital literacy and the impending online security challenges arising from the introduction of new tax regime in the form of Goods and Services Tax (GST) are among key concerns that needing attention to be addressed at the earliest. It will ensure robustness of the Indian BFSI sector.
“We are walking into a digital age and it is important to change our infrastructure to embrace the digital theme. All applications will have to be integrated with security,” said Murtaza Bhatia, Practice Head–Security and Data centre Services, Dimension Data.
2016 Data Breach and Its Fallout
In September 2016, quite a few banks replaced or asked their customers to change the PIN (Personal Identification Number) of their debit cards, fearing the card data may have been stolen. As many as 3.25 million debit card PINs were changed in one of the India’s largestever cyber security drives.
Card network providers like Visa, MasterCard and home-grown RuPay swung into action after receiving complaints from some banks that their clients’ cards had been fraudulently used, mainly in China and the United States, even though they were in India.
Of the total number of affected debit cards, around 2.65 million were on Visa and MasterCard platforms, while 600,000 were on RuPay. According to a government official, around 90 ATMs were involved in the breach.
We are helping the banking sector in taking a leap in terms of digitising their network. As data centre providers, our role has increased manifold.
While the breach impacted a large number of debit card holders, the actual number of cards affected accounted for just 0.5 per cent of the nearly 700 million debit cards issued by banks in India.
“2016 has been certainly one for the history books, a lot of things happened in the year as far as notable security happenings are concerned. The attackers were very organised, scientific and creative. The cold hard truth is that the security is only as good as the weakest link. So gaining complete visibility of all kinds of IT resources is now becoming more critical than ever,” said Taylor Chan, Senior Sales Engineer, SolarWinds.
Challenges in Securing the Banking Space
One of the major challenges for online banking in India remains the security infrastructure required for ensuring safe transactions. Integration of security applications with the online transaction process requires supporting tools and good infrastructure.
Another problem while installing security measuresfor online transactions is that they must be customised as per the requirement, number of transactions and as per the customer base. “All of us want to go for digital transaction but we have fear of security. We need to have a customised security framework and offering made available to the customers,” said S Ganesh Kumar, Chief General Manager, Reserve Bank of India during an Elets conference in December 2016.
According to M Nagarajan, Chief Executive Officer, Surat Smart City, when we are talking about digital upgradation, it is mandatory to think about the challenges. “There are certain inhibiting factors that are responsible for adaptability. We are not able get complete benefits of digitisation because of low digital literacy,” he said.
TIPS FOR CUSTOMERS
Change your password regularly
For the very first time a customer login to his/her internet banking account, he/she will be required to use a password provided by the bank. Customers should change their internet banking password regularly for account’s safety. Additionally, users must use unique pattern for choosing a password that includes special characters, numerals and alphabets. More importantly, password must be kept confidential at all times.
Do not use public computers to login
Public computers like ones at internet cafe or customers need to avoid logging in from private internet cafes or similar places used generally by anyone and everyone. In case a person has to login from such places, he/ she must ensure of clearing the cache and browsing history, and delete all the temporary files from the computer. Also, the users should never allow the browser to remember their ID and password.
Never share your details with anyone
Banks never ask for customers’ confidential information like ATM pin, Internet banking ID or password etc via phone or email. In case a customer gets a phone call or an email from the bank requesting details, he/she should inform the bank immediately in this regard.
Regularly check your savings account:
Check your account after making any online transaction. Verify whether the right amount has been deducted from your account. If you see any discrepancies in the amount, inform the bank immediately.
Always use licensed anti-virus software
To protect your computer from new viruses, ensure that licensed anti-virus software is installed on your computer. Pirated versions of anti-virus software, though available for free, but they may fail to protect your computer from new viruses prevalent in the online world.
Disconnect the internet connection when not in use
Most broadband users do not disconnect the internet connection on their computer when they are not using it. Malicious hackers can access your computer via an internet connection and steal your confidential banking information. To keep your data protected, ensure that you disconnect from the internet when you do not require it.
Public and private sector financial institutions are taking lot of initiatives to provide secure and hassle-free online services.
For managing the cyber Security threats to the BFSI sector, Mannan Godil, Chief Information Security Officer, Edelweiss Financial Services, advises, “Prevention would just be better than cure. How much you prepare yourself is not going to be enough. It is good to be prepared and call ourselves prevention-ready. You will have to have a response team in place so that you would be able to respond. We will have to strategise so that we are not just looking at prevention but also incident response.”
A strong legal framework for data protection and privacy will also be a welcome move, as India currently lacks one to put checks and balances in place. However, any such law in India should keep in view the fact that a vast majority of the citizens are not tech-savvy and it must have the provision of increasing digital literacy across the country.
A proctive approach to ensuring security would also be of immense help. “Banks have the tendency of totally depending on the regulations subscribed by the regulatory authorities. But if we take prior action and inform the Reserve Bank of India regarding the threats in the initial phase, better detections and solutions can be initiated,” said Zulkernain Kanjariwala, Head IT, Doha Bank.
Amidst plethora of challenges lies a great opportunity, i.e., to set up a very modern data protection infrastructure for our banks that is far superior to any such initiative in other parts of the world.
“We are helping the banking sector in taking a leap in terms of digitising their network. As data centre providers, our role has increased manifold. Along with the growth, we have also seen the growth of the security,” said Ripu Bajwa, Country Manager – Data Protection Solutions, Dell EMC.
According to Saurav Sinha, Presales Manager, BMC Software India, his company has emerged as the 10th largest software organisation in the world, underscoring the potential for security providers to grow. “We have more than 10,000 customers worldwide with a significant presence in India as well. We basically focus on secure transactions and other financial services for banks and their customers.”
A strong legal framework for data protection and privacy will also be a welcome move, as India currently lacks one to put checks and balances in place.
“In our environment, one large innovation we are adopting is the Blockchain in terms of trust-based transactions which is universal now. Another solution which we adopted for security is machine learning,” said MV Sheshadri, Chief Information Security Officer, National Stock Exchange during an Elets conference in December 2016.
Lalit Popli, Head-IT, ICICI Prudential Asset Management, believes that lot of innovations are happening at the break-neck speed. “Blockchain with Bitcoin are being adopted by a lot of financial institutions,” he said.