Advertisment

Time to Re-visit Online Banking Security

author-image
PCQ Bureau
New Update

The online bank account of a close associate of mine was hacked recently and money to the tune of Rs 40-50k transferred from her account. Since this user didn't access her online account very frequently, she came to know of the fraud many days later.

Advertisment

It may not be important to know who's at fault here, because loss is on both sides--customer's money and bank's trust and credibility. Even more worrying is the fact that such cases are steadily increasing in India. This calls for a review of existing technologies, policies, and measures being used by Indian banks to keep their users safe from online fraud.

For one, security technology and practices must be common for all banks, and not something that banks use as a feature to differentiate their services from competition.

Advertisment

Let's look at policy for instance. If the objective of banks is to encourage online banking, then policies have to devised such that they encourage customers to go online. In this particular bank's case however, the Internet banking policy does exactly the opposite of this. It states upfront that the bank is not liable for any computer/cyber-crimes such as hacking nor is it liable for any unauthorized transactions and/or any transactions carried out by using illegal and fraudulent methods. The bank further states that the customer is fully responsible for any accidental/negligent and/or unauthorized disclosure of his/her user id and password. While this safeguards the bank against legal action, it doesn't instill any confidence in its customers to use online banking.

Secondly, banks must revisit their security infrastructure and identify the "must have" vs "good to have" technologies.

Having two separate passwords for login and transaction for instance, are no longer as secure as they were earlier because customers can login from anywhere--their home or office PC, laptop, or even a smartphone. This opens up more doors for hackers to put traps for capturing these credentials. Virtual keyboards address this problem to some extent, but not all banks have deployed the same.

SMS based intimation of transactions, is another really good feature because it catches fraudulent transactions instantly, but not all banks have implemented it. Of those who've implemented it, some offer it as a free service, while others charge for it. Considering its value in catching online fraud, the moment it happens, it goes in favor of banks to deploy it uniformly-without additional charges.

Anil Chopra, Editor

anilc@cybermedia.co.in

Advertisment