Several veteran Bankers participating in the CII conference on Cyber Security -”Emerging Cyber Threats and Challenges” (being held in Chennai on 24th April 2010) spoke confidently about the security systems used in Banks for Interent Banking.
There were frequent references to “Phishing” and its impact and lots of advices for the Bank customers.Bankers also emphasised that Banks are using SSL protected websites and two factor authentication and felt that the system is very secure.
However it appears that Bankers have failed to notice the impact of the recent Judgement agaisnt ICICI Bank by the TN adjudicator who held the Bank liable for Phishing.
The judgement clearly brings out the need of Bankers to introduce Digital Signatures in Internet based banking transactions.
It should be noted that RBI itself has right back in 2001 has stated that Banks not using digital signature for authentication must bear the legal risk. Now to talk about second factor authentication as well as SMS based banking is directly contradicting RBI’s own instructions in the past.
It is for this reason that I have asked IBA or RBI to issue fresh instructions that nothing but Digital Signature will do.Some Bankers however indicated that they have started adopting digital signatures for handling corporate accounts. if so it must be considered as a good development and perhaps the days of “Digital Singature only Internet Banking” is in the offing.
Mr C.V.G Prasad, CIO of ING Vysya Bank made a very interesting observation that Software companies have failed to upgrade their own skills in developing secure software. Attention of readers are drawn to my earlier article http://www.bloggernews.net/124319Â where I had highlighted this aspect.Hopefully, the conference has focussed the attention of the industry and better security measures in Banking may be expected in future.
Detailed information on the conference is available at: Naavi.org