Economic
Highlights
New Delhi, 2 November 2016
Cyber Frauds
BANKS INSECURE, ROBBED
By Shivaji Sarkar
The bankers’ recent move to put a
check on 3.2 crore credit and debit cards has sent alarm bells ringing across
the country. The decision was taken to curb cyber frauds on the banking system.
At the same time, the move exposes
how insecure the online banking system is. Credit/debit card frauds are rising
across the globe and cyber experts say India is one of the most vulnerable
countries. The system does not have the exact numbers of victims but it
definitely would run into millions. This would include the elite class,
journalists, lawyers, senior officials, students and who not.
In fact, mobile banking is stated to
be more vulnerable. Another easy and novel method to defraud is to call up
people largely in the name of a private bank, ICICI, and say that they want to
transfer some amount to their cards. In the name of verifying card numbers they
seek all the vital data and people have later found out that money has been
swindled away from their accounts. Interestingly, the phone numbers are never
accessible after the fraud has been committed. Many such numbers are stated to
be based in Maharashtra, though the police say
these are linked to an international network and “difficult to trace”.
Unfortunately, India is stated
to be least prepared to meet it. The police are reluctant to register FIRs
saying the card holders themselves are responsible as they share card details.
The banks have shown their laxity in giving large loans that have added up to
over Rs 10 lakh crore NPAs and now lack of steps to check cyber frauds may
shatter trust in the system. Banks are fully liable to any loss to the customer
and these must compensate them.
While banks like ICICI and others
have failed to realise the bad loans, they have now started penalising the card
holders for extreme trivialities such as delay in payment by a day or two. But
when they keep excess amount for over 40 days, they do not pay the card holders
a penny. In many cases the banks are acting irresponsibly—their customer care
numbers are difficult to access; they don’t give emails for making complaints;
their CEOs don’t respond and branches say they don’t have a mechanism to
receive complaints!
Indeed, it’s very strange that the
banking system did not listen to the wake-up call that emanated from the heist
of a Bangladeshi bank in February 2016. Cyber thieves attempted to transfer
$951 million and successfully transferred $81 million to a bank in the Philippines,
never to be traced again. It sent shock waves across the global banking
community, both for the
amount of money that was swindled and how the heist leveraged the Society for
Worldwide Interbank Financial Telecommunication (SWIFT) system, the backbone of
international finance.
The recent data breach is being
probed by National Payment Corporation of India (NPCI), a wing of the RBI. But
NPCI seemingly does not have the numbers that has affected the people at large.
It says the complaints of fraudulent withdrawals are limited to cards of 19
banks and 641 customers as their ATM linked to the service providers’ switch
were compromised.
But there are reports that over 85,000 sites in India have
faced external attacks in the past four years or so, related to core government,
academic, banking or even science institutions. Importantly, the success of
Prime Minister Modi’s Digital India depends on cyber security.
The continued adoption of alternate channels such as ATMs,
kiosks, internet, mobile, cloud, and social media technologies have increased
opportunities for attackers, as also the rising trend towards outsourcing,
offshoring, and third-party contracting, which may have further diluted
institutional control over IT systems and access points.
Cyber criminals have demonstrated
their ability to exploit online financial and market systems that interface
with the internet automated clearing house (ACH) systems, card payments and
market trades. They put a skimmer in an ATM to collect card and personal
identification numbers (PIN). Similarly, point of sales terminals (POS) and
mobile phone systems are targeted for stealing personally identifiable
information (PII). This has compromised millions of cards across the globe.
In reality, the bottomline is that
as of now digital transactions are neither secure nor secret. Even reports
suggest that the Aadhar numbers are compromised and misused.
The Chinese National Security Council, with its 1.25 lakh
cyber security experts, is stated to be a potential challenge to India’s cyber
security, says Cheri McGuire, Vice President, Global Government Affairs and
Cyber Security Policy, Symantec Corporation. In contrast, India has a
mere 556 cyber security experts.
What must be of utmost concern is that if hackers manage to
destroy India’s
bank data, there would be financial chaos. As per the RBI, India’s banking
system is worth $190 billion, ranking it the third largest among the BRICS
countries and 15th in the world. A financial disruption wouldn’t allow people
to get their money, know whether they had it or if they had made payments.
At stake is India’s
US$2.1 trillion GDP, power grids, telecommunication lines, air traffic control,
the banking system and all computer-dependent enterprises. Cheri says, the year
2014 saw 317 million malware variants globally or nearly 1 million new malware
daily. In India,
“We saw targeted attacks in businesses dealing with critical infrastructure
particularly in financial sector, communication, transportation – thus
underpinning the national security and economy. Among these attacks, 60 per
cent were on large enterprises”.
Some Indian experts say that cyber system within the country
is secure but SWIFT and other international gateways have problems. Money in
the modern world is just an entry on a computer rather than gold and hard
currency. According to a rough estimate, every year India is subjected to $4 billion loss due to
cyber attacks, a majority of which is stated to originate from China.
Cyber security is less debated, sporadically written about,
and rumoured at best in India.
Because of this apathy and despite India’s
grand stature in the cyber world, India is vulnerable to the cyber
snarls.
The Government needs to restrict individual account/card
holders, the most vulnerable, from dealing in cyber transactions for 90 days.
Large houses should be asked to transact through banks. During this time a
foolproof system should be created. Prevention is better than cure despite some
jerks in the system.—INFA
(Copyright,
India News and Feature Alliance)
|