Cyber frauds: Experts blame banks; banks find faults with clients

Banks put the cyber crime under the carpet and I haven't seen a single bank complaining to the police proactively: Cyber expert

With Harsh Goenka-promoted RPG Group becoming latest victim to fall prey to fraudsters who hacked its current account and siphoned off Rs 2.34 crore using Real Time Gross Settlement (RTGS), cyber security experts blame the banks and Reserve Bank of India (RBI) for not being proactive enough to stop the menace.

Vijay Mukhi, independent cyber expert said, “Banks put the cyber crime under the carpet and I haven’t seen a single bank complaining to the police proactively.” 

RBI as a regulator also has the responsibility to check what is happening. Mukhi further said that bank accounts are being created using fake documents and there are no effective know your customer (KYC)  measures to check this.

According to Norton security report released in September 2012, 42 million Indians were the victim of cyber crime losing $8 billion dollars (Rs 44,000 crore) in the preceding 12 months.

Rakshit Tondon, consultant, Internet & Mobile Association of India said that both customers and banks are to be blamed for such frauds. “Banks should properly adhere to KYC norms which they aren’t doing currently as we see money is being siphoned off using bogus bank accounts.” 

A large-scale customer sanitisation is also needed he said the view which was echoed by bankers. Banks should have a system in place which can track and block unusual transaction instantaneously, he said.    

Bankers, however, say the internet world is ever-evolving and fraudsters continuously use newer ways to commit frauds. “Earlier when internet banking was started, we thought that user name and password is the enough security but then additional security measures were developed,” a banker said, adding, “Even that is now proving futile."

Most banks are moving towards digital signature feature which is the enhanced security feature. In digital signature, customer has to digitally sign a transaction and authenticate it.  IDBI Bank has already started using digital signatures for internet banking transactions. Corporation Bank has also started using the digital signatures for its corporate net banking customers.   

Asked when if RBI should evolve a common security features across the board considering varying security features across the banks, a banker disagreed. He said RBI as a regulator can give the minimum guideline but it can’t prescribe what measures to adopt as it would otherwise reflect bias on its part towards a particular feature.  

Bankers say the hacking can’t happen unless the security features are compromised from the customer end knowingly or unknowingly. They say there is a need of widespread customer awareness sanitising them about risks and threats of giving out confidential login information of internet banking.  

This is second big instance of money being siphoned off using RTGS in recent past. Earlier in the month of March also similar incident was reported. The incidents of cards being schemed and used abroad while customer is present in the country, have also been reported. Tondon said that instances involving smaller amounts are happening on a daily basis.

Recently after such fraud came to light, RBI asked banks to block international usage of cards unless the customer specifically asks for it. It had also advised banks to move towards real-time fraud monitoring system at the earliest.