However, technology can also cause problems for us. Incidences of ATM frauds, credit card frauds, phishing, RTGS frauds, Internet banking frauds, etc have increased significantly in India. Malware targeting mobiles specifically have also raised the threat level further. On top of it we have poor adoption cyber security practices and policies by banks of India. In short, the online banking system of India is not cyber secure.
Reserve Bank of India (RBI) has taken some very significant policy steps to boost cyber security of Indian banks. However, banks of India have failed to comply with various regulations and guidelines of RBI in this regard.
The banking infrastructure of India is wide open to be exploited by cyber crooks and we are not at all ready to deal with the same. As a result litigations between bank customers and banks have increased significantly. The RBI Ombudsmen is already flooded with complaints pertaining to ATM frauds, credit card frauds, excessive charging, etc.
Similarly, bank consumers have approached the adjudication officers of various States of India under the Information Technology Act, 2000 to get their grievance redressed. In many case, the adjudication officers have held the banks liable for various financial frauds for which the consumers have suffered the losses.
As per the media reports, RBI is exploring use of encrypted SMS based fund transfers in India for expanding the reach of banking to remotest corners of India. This is another significant suggestion by RBI that would have both positive and negative consequences.
Pushing such a service without proper mobile payments cyber security infrastructure in India would be a bad policy decision on the part of RBI. The RBI must first ask the banks of India to strengthen their cyber security infrastructure and then only expect some development in this regard. For instance, Malware Dump Memory Grabber has been targeting POS systems and ATMs of major US banks. The same can also happen for Indian banks.
Similarly, the cyber security awareness in India is also missing. Bank consumers must be made well aware of the dangers of malware, viruses and social engineering tactics. The hardware providers in India have already been asked to make available cyber security brochures along with their sold hardware equipments to raise cyber security levels among masses.
Till banks are made liable and accountable for non adoption of cyber security practices, all technology driven initiative of RBI are meaningless. This would only create more problems than solutions.