Get App
Last Updated : Mar 07, 2017 06:36 PM IST | Source:

Why banks are still underprepared to tackle cyber fraud

Cyber security has become a hot-button topic particularly after demonetisation gave a huge filip to digital payments. However, banks have still not put in adequate security measures to prevent cyber fraud.

  • bselive
  • nselive
Todays L/H

Cyber security has become a hot-button topic particularly after demonetisation gave a huge filip to digital payments. However, banks have still not put in adequate security measures to prevent cyber fraud.

According to people aware of developments, mobile applications aren't free from smaller security breaches. Banks who are ill-prepared could end up losing crores of money even though the value of such transactions which are subject to fraud would be at a smaller scale right now.

“The new apps are evolving, there are incidents happening and they may be low value transactions but if there is a flaw then the losses could run into crores. So the security definitely needs to be beefed up,” said a cyber-security firm official working with banks.


Cyber security is the body of technologies, processes and practices designed to protect networks, computers, programmes and data from attack, damage or unauthorised access.

In the last few months, banks, wallet and fintech (financial technology) players and the National Payments Corporation of India (NPCI) have developed multiple apps to facilitate easier and quicker cashless transactions.

Kartik Shinde, Partner, advisory services, EY, said: “Banks are conducting a lot of audits with new applications including the UPI, BHIM and their own apps. There are still some gaps and banks still have a long way to go. Many smaller banks outsource a lot of security operations to third-party entities. We are also helping many banks in doing the audits and getting the compliance in place.”

United Payments Interface (UPI), Bharat Interface for Money (BHIM) and BharatQR are some of the government-initiated applications to push digital transactions in the country.

As per February data, the value of transactions carried out through the government-backed Unified Payments Interface (UPI) channel took over the transactions done through mobile wallets, as per RBI data. UPI clocked 2.9 million transactions aggregating Rs 1,310 crore between February 1 and 19 while prepaid payment instruments, better known as wallets, recorded 53.9 million transactions worth Rs 1,270 crore in the same period.

In January, ICICI Bank had temporarily blocked transactions originating from ecommerce player Flipkart’s payments app PhonePe, pending the resolution of its concerns related to restrictive practices followed by the app.

During that time, State Bank of India (SBI), government-owned and largest Indian bank, also blocked its customers from transferring cash into e-wallets through net-banking.

SBI Chairman Arundhati Bhattacharya had reasoned that the service was blocked because of recent breaches and security reasons. The bank has a committee that is looking into high risk and security breaches.

While SBI has secured over 2.75 lakh of its technology infrastructure endpoints in a tie-up with global cyber security services provider Trend Micro Incorporated, other banks are also stepping up their compliance and security measures.

A Bank of Baroda official said, “We are following the RBI and government rules. Since digital transactions are increasing, new apps are being developed so often, newer threats come up and hence security will be an ongoing process. We have tied up with many firms including PwC, EY and Paladion for effective controls and compliance.”

Under the Indian IT Act and the rules there under, there is no obligation to notify the regulator of a breach. However, under the relevant banking regulations, our central bank, the Reserve Bank of India, has prescribed that banks must notify it, the Computer Emergency Response Team or the Institute for Development and Research in Banking Technology of all security breaches.

In February, the Reserve Bank of India set up an inter-disciplinary standing committee on cyber security, under Executive Director Meena Hemchandra, to, inter alia, review the threats inherent in the existing/emerging technology; study adoption of various security standards/protocols; interface with stakeholders; and suggest appropriate policy interventions to strengthen cyber security and resilience.

Last year in October, RBI Deputy Governor, SS Mundra at a public address said, “It is important to pay sufficient attention while procuring/implementing any new devices/ solutions… The banks which are big on mobile banking as a service delivery tool must also look to guard against this emerging risk. There is a need to evolve a blueprint of co-ordination between financial institutions and public authorities in such an eventuality.”

Sameer Ratolikar, Chief Information Security Officer, HDFC Bank, in a Global Information Security Survey 2016-17 report by EY said, “With the steep rise that India has seen in the number of attacks coupled with complexity and focused cyberattacks on business applications that directly results in monetary loss, it’s critical that banks focus on increasing their incident response capabilities to minimise or thwart the extent of damage. The only safe thing to assume today is how better equipped are we to withstand a cyberattack.

Mails sent to top banks including HDFC Bank and ICICI Bank on their security measures were unanswered.

Subscribe to Moneycontrol Pro and gain access to curated markets data, exclusive trading recommendations, independent equity analysis, actionable investment ideas, nuanced takes on macro, corporate and policy actions, practical insights from market gurus and much more.
First Published on Mar 7, 2017 01:31 pm
Follow us on
Available On
PCI DSS Compliant