To

The Chairman

Indian Banks Association

World Trade Centre, 6th Floor
Centre 1 Building,
World Trade Centre Complex,
Cuff Parade,
Mumbai – 400 005

Regarding: Phishing Risk on Bank Customers

Dear Sir

We draw your attention to the order of 12th April 2010 by the Adjudicator of Tamil Nadu (Copy available here) in the case of  Umashankar Vs ICICI Bank and others in which a compensation of Rs 12.85 lakhs was ordered to be paid by ICICI Bank to the victim of a Phishing Fraud.

The complainant in this case had been cheated of Rs 6.46 lakhs by another customer of the same Bank allegedly with the connivance and/or gross negligence of the Bank. The Complainant had invoked the provisions of Information Technology Act 2000 under Sections 43 read with Section 85 and filed an adjudication application with the Adjudicator. An FIR has also been registered by Chennai Police in the same case under some of the sections of ITA 2000.

The judgement released on 12th April 2010 has held that the offence was made out under ITA 2000, and  Bank was negligent under several counts and therefore was liable to pay compensation under Section 85 of ITA 2000.

The decision which came after a prolonged battle of over 2 years has ultimately resulted in a much desired victory in the cause of the Indian Banking Customer.

While we respect the rights of ICICI Bank to contest the decision in any legal manner as they may decide, I would like to draw the attention of IBA to certain industry related issues raised in the judgement.

We do concede that IBA is essentially a body of the industry and unlike Reserve Bank of India may not consider “Customers of Banks” as their constituency and therefore be reluctant to take up the cause of the Bank customers.

However we appeal to your good senses to appreciate that “Customer is the backbone of the industry” and protecting his interests protects the long term interests of the industry. We therefore request you to kindly take note of the observations made in the judgement and initiate a process of correction in the industry to protect the Bank customers from “Phishing Risks”.

We do understand that ICICI Bank as well as IBA would be worried and concerned with the judgement since there are perhaps hundreds of similar incidents in which the Banks have convinced the Phishing Victim that the loss was caused due to his negligence and the Bank cannot be held liable on this count.

These arguments have been completely invalidated through this judgement which is in line with international practices in Germany and Denmark as well as a recent decision of a Banking Ombudsman. It is possible that if all these victims raise their voice the industry has to bear a large liability.

While these potential claims are naturally a matter of concern for your organization,  we trust that IBA would not be taking the short term view of protecting the Banks from such liability and instead advise the Banks to immediately initiate the following steps

a) Pay all Phishing victims of the amounts they have lost

b) Upgrade their security systems and introduce Digital Signature based authentication for Internet Banking and communication with customers with immediate effect. (as is the law of the land and RBI mandate which are being ignored by the industry)

We reiterate that the costs involved are well within reasonable limits of expenses which the Banks must be more than willing to spend to present a “Safe Banking Environment” to the customers.

In this connection we would like to hold a public debate in Bangalore (preferably) if you would personally attend the same. We shall invite Bankers including ICICI Bank, Netizen Rights Activists and organizations, security specialists as well as some Phishing Victims and discuss the role of technology in Banking and the need to secure the interests of Banks.

We look forward to your confirmation of participation so that we can go ahead with the organization of the event.

Regards

Na.Vijayashankar

Director: Cyber Crime Complaints and Resolution assistance center, (A division of www.naavi.org)

37, 20th Main, B S K Stage I, Bangalore 560050

E-Mail: naavi@vsnl.com

Be Sociable, Share!