The Reserve Bank of India (RBI) has instructed banks to furnish data on frauds, thefts and burglaries on a quarterly basis to the regional offices of the Urban Banks Department. | |
| Cases of online fraud and identity theft (also known broadly as phishing) come under the purview of this notification. The premier bank's recent directive is a follow-up to its master circular on "Frauds - Classification and Reporting" for Primary (Urban) Co-operative Banks, issued in 2003. |
| |
| There are more than seven million phishing attempts every day, according to security company Symantec, of which 84 per cent are targeted at banks and financial institutions. |
| |
| In recent years, HDFC Bank, ICICI, SBI and more recently UTI Bank have been the target of phishing attacks. Phishing is a form of online identity theft where consumers' personal identity data and financial account credentials are stolen by third parties. |
| |
| Phishing involves sending "spoofed" e-mails that direct consumers to websites designed to trick them into entering sensitive information such as usernames and passwords. |
| |
| According to cyber law expert Pavan Duggal, many of these cases are not reported as financial institutions fear loss of credibility among customers. |
| |
| The low rate of cyber crime convictions in India has been a further deterrent to reporting of cases. According to Duggal, there have been only two convictions in India so far "" one of identity theft (credit card details) by a BPO employee and the other pertaining to an obscenity case in Tamil Nadu. |
| |
| Following the RBI notification, banks are now scrambling to beef up existing security measures. Sources at HDFC Bank confirmed that several measures were being taken to tighten security and adopt internationally accepted best practices. |
| |
| Regional sales head of RSA, the security division of EMC, Sasikiran Raghavan said, "Several banks have approached us to design anti-fraud mechanisms and provide forensic data relating to attacks on a regular basis." |
| |
| The government has also woken up to the need for stringent measures. The Indian Computer Emergency Response Team (CERT-In), the nodal agency for information security, has forged alliances with vendors such as Microsoft, Cisco, and TrendMicro, as well as international Internet Service Providers (ISPs) and their counterparts in other countries to identify and shut down illegal servers. |
| |
| A senior CERT-In official told Business Standard that the proposed amendments to the Information Technology (IT) Act 2000 ensure that the provisions of the Act apply to offences outside India as well, as most often the attacks originate in foreign countries. |
| |
| Section 43 of the amended Act also seeks payment of damages "by way of compensation" of up to Rs 5 crore if an institution "possessing, dealing or handling any sensitive information" is found negligent in maintaining reasonable security procedures. "The amendments include new offences such as video voyeurism and phishing," he said. |
| |
| As per a Symantec report, the United States is the home base for most of the world's phishing attacks, hosting nearly half (46 per cent) of phishing servers in the world and nearly three-fourths (72 per cent) of spoofed brands. |
| |
|
| |
