Banks leave no stone unturned to stay ahead of fraudsters: Bank CEOs

The chiefs of leading banks attend a panel discussion on 'Banking on Technology' at the Business Standard BFSI Insight Summit 2024

Cybersecurity is a serious concern for banks, which are stepping up efforts and investments to stay ahead of fraudsters and to safeguard investor interests, chiefs of leading banks said at the Business Standard BFSI Insight Summit 2024. The panel discussion on ‘Banking on Technology’ featured Baldev Prakash, managing director (MD) & chief executive officer (CEO) of J&K Bank; N Kamakodi, MD & CEO of City Union Bank; Pralay Mondal, MD & CEO of CSB Bank; and Tushar Vikram, Country Head and CEO, Mashreq Bank India. Edited Excerpts:

 

How are you dealing with cyber security challenges?

 

Prakash: Cybersecurity was initially seen as a mere compliance checkbox in the late 1990s and early 2000s. However, with the rise of digitalisation and the expansion of digital services, cybersecurity has become increasingly critical. Banks, having learned valuable lessons the hard way, have faced numerous cyberattacks, resulting in not only financial losses but also significant reputational damage.

 

Today, cybersecurity is an existential challenge for banks. As a result, investments in cybersecurity are now treated separately from general IT expenditures. While it's hard to say if these investments are fully adequate, the situation is improving month by month.

 

Vikram: At Mashreq, we are a highly technology-driven bank and have earned numerous awards for being one of the most advanced banks in West Asia.

 

With technological advancements, cyberattacks are only going up. It is estimated that banks in India experience over 1.2 million cyberattacks per week. This is the scale of the threat we are dealing with. We invest significant time and resources to not only design secure systems but also to continually test and refine them to prevent any breaches.

 

Kamakodi: Despite all the advancements, it's impossible to predict with 100 per cent certainty that we’ve addressed every cyber risk. It's much like the ongoing battle between thieves and law enforcement — the thieves will always be one step ahead… As long as people aren’t fully aware of the risks and are still prone to sharing sensitive information, it will be hard to eliminate these threats. Beyond systems and protocols, there’s also an element of luck—perhaps even divine intervention. The key is not just investment, but the continuous, rigorous evaluation of your systems to identify the weakest links.

 

Mondal: India is a major player in digitalisation today with UPI transactions and other innovations drawing global attention. It is now a prime target for cyber-attacks. The investments and the collaboration across banks on cybersecurity are crucial.

 

Cybersecurity challenges will become exponentially more complicated with the rise of AI and machine learning. Fraudsters only need one success, but banks have to fend off hundreds of attacks every day. This means that CEOs and top executives in banks now spend 30-40 per cent of their time not on business operations but on compliance and security. 

 

Is customer awareness and education also important?

 

Mondal: Absolutely. At the end of the day, it's no longer just uneducated customers who fall victim to fraud. Even the accounts of high-level professionals are increasingly being compromised… A lot of work is being done in this space. The government and regulators are also playing a key role in addressing these challenges, and they continue to push for better safeguards.

 

Prakash: Customer education and awareness need to be ongoing efforts. Initiatives like the ‘RBI Kehta Hai’ campaign have had a great impact on improving customer awareness. Regulators, the government, and banks must continue these efforts on a large scale. If a customer falls victim to an attack and loses money, instead of assigning blame, we should support them. 

 

Kamakodi: When we look at the number of cyber frauds and complaints, the vast majority — 99.999 per cent or even more — are cases where the customer has shared their credentials, whether it's an OTP or a password. The instances where cyber attackers have breached a bank's server and carried out an attack are rarer. It's always a balance between ease of use and security. Mobile banking apps today offer a range of security features, such as transaction locks, limits on daily transaction amounts, and the ability to limit the number of transactions. These features provide significant protection, but fraud still happens when customers bypass or ignore these security measures because they find them inconvenient.

 

Mashreq Bank changed its gears to focus on India five years ago. How do you see the India opportunity in front of Mashreq Bank?

 

Vikram: India is our largest overseas market. Our focus in India is primarily on catering to the corporate sector, as we see Indian companies becoming increasingly global. A bank like ours plays a crucial role in facilitating international trade and supporting Indian firms as they expand globally and acquire new businesses.

 

As a bank, we help facilitate investments by connecting West Asian companies with opportunities in India. We also have a robust financial institutions business, providing dollar liquidity to various banks in India.

 

RBI has raised the issue of the IT budgets of Indian banks. Do you think your IT budget is adequate?

 

Mondal: Years ago, we believed that investing more in IT would eventually lead to increased productivity and reduced overall costs. However, this has not been the case for any bank. The reason is that while IT does boost productivity, it also creates ongoing opportunities for reinvestment in the future. In today's banking environment, especially in retail and transaction banking, technology is essential. As a result, investment in technology is a continuous process. Typically, technology costs for banks account for 7 to 10 per cent of their operating expenses.

 

We have seen exponential growth in UPI. Do you see a significant increase in your IT expenses going ahead?

 

Prakash: The increase in transactions is largely driven by e-commerce, UPI, mobile banking, and payment transa­c­tions. If these types of transactions can be moved from the core system to the Cloud, the core can be relieved from handling routine transactions.