Recently, a security specialist in Bangalore released a video in which he demonstrated how the Internet Banking System of ICICI Bank was vulnerable to a virus attack.
The Bank immediately moved to send an email notice to the security consultant requesting removal of the content failing which a legal action was threatened.
The action of the Bank opens up an important question of what is the role of security specialists when they observe a vulnerability which could damage the interests of hundreds of Bank customers.
Is it not the duty of every citizen to point out the possibility of a “Cyber Crime” and demand that a Bank should take better security measures?
By withdrawing the article, the threat will not go away. It will enable Banks to continue misleading the Customers about the security environment.
The revelation of the security vulnerability in the system of ICICI Bank is also to be considered as a notice to not only to ICICI Bank but also all other Banks which may have similar problems. As a part of the due diligence, all Banks now need to conduct an internal assessment to examine the vulnerability discussed by the consultant and examine whether their systems are also equally vulnerable. If they find a similar hole in their security, they need to share the information with their customers as a necessary disclosure.
It is also necessary for Reserve Bank of India to ask all Banks to send a report whether the respective bank is havingÂ similarÂ vulneabilities.
If other Banks also exhibit similar vulnerabilities, the IS auditors who might have audited the respective Banks and given them a certificate of satisfactory security status need to also take the responsibility.
I suggest RBI to call for copies of the reports submitted by Security auditors to Banks and check if they have made any observations or Â suggestions to the Banks on “Man in the Middle Attack” and how to secure themselves against such risks.