The Long Road Ahead
In the last quarter of 2015, RBI Governor Raghuram Rajan announced that the revenue arm of the government plans to set up an Information Technology (IT) subsidiary for monitoring and regulating internet-based services offered by banks in India. As we are moving towards a paperless banking system driven by dependence on IT, the subsidiary will help banks address issues on cyber security and evaluate the technological capabilities of banks. The steps to stay ahead of cyber criminals is a prime concern for the Indian banking sector and customers who are becoming more and more dependent on simplified digital banking experiences.
India has the second largest number of smartphone users in the world. And, internet acts as a catalyst in driving the growth of smartphone users in India. This has prompted sectors like banking and financial services to conduct rapid migration of their services to the internet and mobile platforms without fully comprehending the threats associated with them. Thus, they end up rendering themselves vulnerable to an array of cyber security threats.
Banking customers are frequent victims of internet based frauds, phishing, vishing and other malware attacks. Irrespective of these threats, there is a continued interest and love for technology-backed innovations in the banking and financial services such as online banking and mobile banking, amongst others.The establishment of an IT subsidiary by RBI is a welcome step not only for the BFSI sector but also for IT security solutions providers like Quick Heal, as it will ensure better compliance with regulations to prevent data theft and to check financial fraud. Top cyber crime advocates in India can file a complaint with a cyber cell on your behalf.
The setting up of an IT subsidiary is not the first attempt RBI has taken to address vulnerability issues that come with the digitization of the banking sector. In 2010, the RBI had set up a working group in order to ensure a minimum standard of cyber safety norms for the BFSI sector. In 2011, the RBI released the Information Technology Vision Document 2011-2017, focusing on the growing menace of cyber security attacks and reiterated its commitments to mitigating IT fraud in the banking sector. In spite of the best possible intentions of the RBI to combat cyber-attacks and to ensure transparency at all levels of banking operations, Indian banks have been finding it hard to handle the magnitude of cyber-attacks.
The Centre offers the following security and protective tools
- “USB Pratirodh”, was also launched by the government which, Union IT and Electronics Minister Ravi Shankar Prasad states is aimed at controlling the unauthorised usage of removable USB storage media devices like pen drives, external hard drives and USB supported mass storage devices.
- An app called “Samvid” was also introduced. It is a desktop based Application Whitelisting solution for Windows operating system. It allows only preapproved set of executable files for execution and protects desktops from suspicious applications from running.
- M-Kavach, a device for the security of Android mobile devices has also been developed. It provides protection against issues related to malware that steal personal data & credentials, misuse Wi-Fi and Bluetooth resources, lost or stolen mobile device, spam SMSs, premium-rate SMS and unwanted / unsolicited incoming calls.
Experts also suggest that the most effective ways to move forward with digitisation in order to ensure banks remain completely secure include the embracing of crypto-currencies and blockchain technology. Further, the Information Technology Act, 2000 is also ripe for a complete overhaul to counter the increased security risks in a cashless economy. These measures, of course, must also be accompanied by attempts to ensure widespread consumer education and awareness.
International Cooperation Initiatives
Information sharing and cooperation is an explicit strategy under the 2013 Policy. Consequently, as an answer to the increasing international nature of cyber crime, the Indian government has entered into cyber security collaborations with countries such as the USA, European Union and Malaysia. The U.K. has agreed to assist in developing the proposed National Cyber Crime Coordination Centre in India. The shared principles of the U.S.-India Cyber Relationship Framework provide for the recognition of the leading role for governments in cyber security matters relating to national security; a recognition of the importance of and a shared commitment to cooperate in capacity building in cyber security and cyber security research and development, and A desire to cooperate in strengthening the security and resilience of critical information infrastructure.
IT Act with regard to the Indian Banking Sector
Section 43A of the IT Act provides for compensation in the event that a company fails to use reasonable security practices and procedures in order to protect sensitive personal data and such negligence results in a wrongful gain or loss. However, the statute provides for compensation only when a wrongful gain or loss results from the failure to observe reasonable security practices and procedures. It can be argued that this is nothing more than a codification of the law of negligence.
This means that no negative consequence arises from the failure to observe reasonable security practices and procedures. Further, the IT Act defines ‘reasonable security practices and procedures’ as procedures stated by a law in force or as agreed by the parties and, in the absence of both, the rules framed by the government.
Penalty for Offences
Section 72 of the IT Act provides for a criminal penalty where a government official discloses records and information accessed in the course of his or her duties without the consent of the concerned person, unless permitted by other laws. The penalty prescribed is imprisonment of up to two years, a fine of up to Rs 100,000 or both.
Section 72A of the IT Act provides for a criminal penalty where in the course of performing a contract, a service provider discloses personal information without the data subject’s consent or in breach of a lawful contract and with the knowledge that he or she will cause or is likely to cause wrongful loss or gain. The punishment prescribed is imprisonment of up to three years, a fine of up to Rs 500,000 or both. A good cyber crime lawyer in India can help you deal with a banking fraud in India.
To conclude we can say that the areas of corporation provide inter alia that both countries agree to share and implement cybersecurity best practices, share cyber threat information on a real-time basis, develop joint mechanisms to mitigate cyberthreats, promote cooperation between law enforcement agencies and improve their capacity through joint training programs, encourage collaboration in the field of cybersecurity research, and Strengthening critical Internet infrastructure in India.
In November 2014, Rs. 800 crore out of 1,000 crores allotted to improve Indian cyber security would be utilised for NCCC purposes. However, establishing an NCCC like body would require compliance and adherence to international privacy law standards. It is hoped that the Government’s initiatives can keep pace with the rapidly changing nature of cyber attacks.