'Safe E Banking in India'
Naavi | 13 Sep 2011

E Banking in India has become more a norm than an option. But increasing vulnerabilities have made the system unsafe for ordinary Bank customers. Banks are reluctant to improve security..we need a public organization to improve E Bankign safety.

WE ARE now remembering the tenth anniversary of the terrorist attack on the World Trade Center in New York, which marked the beginning of a crusade against terrorism led by USA. India should be considered as a prominent member of this crusade though we are more a victim than a fighter in the cause.
A similar situation now exists in the fight against Unsafe E Banking services prevalent in India to, which Naavi has been drawn through circumstances.
Despite increasing threats and vulnerabilities, Indian Banking industry is going ahead with large scale use of Internet technology for customer interaction to the extent that 'Internet/Electronic device based interaction' is today considered the more natural interaction with the customers and many Banks impose a financial cost for customers who want physical interaction.
There are Banks who say that you cannot use cheques for more than a few times to draw cash or to be issued to a payee who wants to draw cash from a branch other than the parent branch etc. Passbooks are discouraged and e-mail statements are preferred. Across the desk complaints are discouraged and online complaints are encouraged. Intercity cheque collection is discouraged and NEFT is encouraged. In effect E-banking is becoming more the norm than an option.
While for a technology enthusiast like me this migration from Physical Banking to E-banking is exciting, the bug is the increased risk of loss of money which the customers are exposed to.
Insecure Technology is Undesirable:
In view of the increasing threats and costs which customers are forced to bear, I often wonder if technological development which affects the basic security of Banking is in deed desirable? The introduction of M-Banking makes me even more worried.
It appears that Commercial Banks are  driven by the greed of profit and would not mind sacrificing the safety of Banking if they can make more money. A customer today is a "Profit Opportunity Centre" and after luring a customer into opening an account, various kinds of service charges are hoisted on him some with his permission and some without.
Simultaneously whenever the technology deficiencies result in a financial loss to the customer in the form of phishing etc., the customer is told that he should bear the liability and not the bank.
Since E-bankers in India have become untrustworthy, it is time for RBI to review the technology thrust in Banking that it started in all earnestness in the 80s.

RBI Needs to Strengthen Deterrence Mechanism

Reserve Bank of India has tried in vain to impose security obligations on the Bank. It has told in no uncertain terms in the Internet Banking Guidelines of June 14, 2001 that the laws of Banking in the physical space continue in Cyber space and all consumer protection laws applicable to physical banking also apply to Internet banking. They also stated that if Banks introduce technology which is not recommended in law (eg: authentication by password instead of digital signatures) then they should bear the legal risk and cover themselves with an insurance.
Despite these instructions being reiterated by the G Gopalakrishna working group (GGWG) report and further by the Damaodaran Committee report, Banks continue to ignore the RBI as well as the law. This has made it necessary for customers to fight legal battles when there need not be any.
It is  becoming increasingly clear that Banks are trying to come together in an unholy alliance to continue their insecure methods of E Banking at the expense of the customers and trying to manipulate the legal processes as well as the administrative processes. It has become common for the banks to make blatantly false pleadings before judicial forums that they are following RBI guidelines and are not at fault in a fraud scenario. Now in some cases I have observed that such false pleadings are also made in official letters sent to RBI.
There are indications to conclude that Banks are also trying to manipulate the Government decisions for their advantage through various means.
Though RBI has been forthright in its circulars and notifications, it appears to be failing in imposing discipline through appropriate deterrence mechanism. The GGWG notification is however an attempt to fix accountability of Bank Chairmen through disclosures in annual reports and hopefully this should work better than in the past. However it is not clear if even this measure will be trivialized by Banks by making it a formality which they can bluff through.
Time has come for RBI to therefore consider quick measures such as exemplary fines and notifications in the service records of officials and imposing token personal fines on the officials for the lapses as in the RTI Act.