This report which appeared in The Statesman today should open the eyes of the public as well as the regulators to the risks we are facing in the Indian Banking system. Banks are pursuing technology for delivering their services “Any Time”, “Any Where”. This is a natural development and welcome. However, pursuing technology without properly securing the transactions is a crime on the society.
 The report mentions two frauds that has occurred in Punjab National Bank, Raja Street Branch, T.Nagar, Chennai in September 2009 amounting to about Rs 9 lakhs. What is notable is that the money has been transferred to more than 15 different branches of PNB and credited to 30 different accounts in these branches. It also states that the same accounts were also used regularly for such frauds.
What it means that this single report brings to light the existence of more than 30 fraudster accounts opened in PNB and it is presumed that the KYC has failed in all these cases.
Recently, RBI imposed a fine of Rs 5 lakh each on two Banks which had failed to follow KYC in respect of one customer each. At this rate, PNB should be fined 150 lakhs only for this violation.
Extrapolate the observation of the loss of Rs 9 lakhs within two weeks in one single branch of a Bank to more than 100000 branches functioning in India, the presumptive Value of the losses that Indian Banking customers are losing and continue to lose each day will perhaps outscore the 2G Spectrum scam.
For records, the report in Statesman states that RBI has received about 1436 complaints of unauthorised debits to bank accounts between January 2006 and September 2009 and the amount lost is Rs 15 crores. This is perhaps considered as an admitted level of the fraud losses in a period of 3 years.
Recently, RBI had refused to provide some information sought by me under RTI stating some technical difficulties though they seem to have reeled out some figures for the Statesman report. It is my presumption that there are several more cases which have not been reported to RBI. The reported figure is therefore considered a gross underestimation of the problem facing the industry.
As an observer of the developments of technology in Banking over the last two or three decades, I am of the firm view that technology vendors have been pushing unsafe technology and banks are neglecting security in chasing higher profits and the customer has become a victim of this exploitation. There is a huge public interest in ensuring that the truth behind the PNB frauds are unearthed and appropriate safeguards are initiated.
What is alarming is that the RBI and IBA , two institutions that should have taken some effective steps in this regard appear to have failed to fulfill their duty to the nation though they might have covered their tracks by sending out appropriate circulars to Banks without bothering to see if they are followed.
I cannot fail to see the similarity of this situation to what CAG has reported in the 2G spectrum scam where the PMO, the Law Ministry and Finance Ministry  sent out letters to the MCIT but did not think it necessary to follow up on their own observations when their suggestions were ignored.
It appears that  RBI similarly has become a toothless body which is content in sending out circulars and claim that they have done their duty.If RBI is not imposing its own guidelines such as the Internet Banking guidelines of June 2001 which mandates use of digital signatures for Banking transactions and Banks taking insurance on technology frauds it must be recognized as a dereliction of duty by RBI. The Governor of RBI needs to take up responsibility for this lack of effective Governance.
The undersigned has made enough noise about the problems through the media to the extent that neither RBI nor IBA nor the Finance Ministry can feign ignorance of the mess that Indian Banks have been in.
In one single sentence we can say that Indian Banking is no longer considered “Safe” and has become a giant backbone for Internet frauds. Money raised through such frauds is almost certainly reaching the hands of organized criminals and the AML legislation has failed to be effectively implemented.
In order to cover up the losses made in carrying on unsafe banking, Bankers are going after innocent customers who some time default on loans for reasons beyond their control using the draconian powers vested with them under the Securitization Act.
Banking has therefore changed its charecter from being a place for parking community savings to a purely commercial financial risk management business. It is better we start calling them “Money Brokers” rather than “Banks”.
The 2 G spectrum scam came to light because of the untiring efforts of Dr Subramanya Swamy. Perhaps the real situation within the banks also need to be brought to open through an industry wide investigation to be undertaken by a CAG type organization. May be this also requires Dr Subramanya Swamy to file a petition in Supreme Court to request for an all India investigation into the processes followed by Banks in conducting their Internet bankign operations and why there is rampant fraud in the industry.
The undersigned is organizing an “Anti Phishing Movement” on behalf of the victims of Bank frauds and request all victims to keep reporting on their losses however small they are. It is anticipated that the trend in Banking frauds in future will follow the “Salaami” principle where there may be large number of small amount frauds so that none of the victims would consider it worthy to take up a legal battle. Already we are seeing frauds of less than Rs 1000/- in some accounts and some of them may just be ignored by the victims. However, the Citizens together may end up making huge contributions to the criminals unless the trend is put down with a firm hand. There is no body of the Government which is today focussing on the problem. Hence this call to Dr Subramanya Swamy to add this to his agenda.
I however once again call upon RBI and IBA not to ignore the PNB cases reported in Statesman and initiate appropriate follow up action immediately.
Naavi of Naavi.org
4 users commented in " Dr Subramanya Swamy: We need you to set right the Indian Banking System "
Follow-up comment rss or Leave a TrackbackWith all due respect to the Indian Banking System, don’t waste your time reinventing the wheel. We’ve seen everything in the use of new IT delivery channels, including the perpetrators. Issues have been addressed for the past 15 years with progress made each year, even thought we’re not done yet, nor will it ever end. Follow the U.S. lead and you can shrink India’s evolution by at least a decade. Saying it in today’s parlance, “Been there, done that.”
Dear Mr Gillis
Can you let me know the extent of Phishing frauds that occur in US?
I understand that US Banks cover themselves with insurance and the moment the customer is cleared of not being a part of the fraud himself, Banks settle his claim without demur.
Our perception is that the information security in US is as good or as bad in India since the same IT companies operate at both places. However the customer education may be much more effective and Insurance is stronger. Please correct me if I am wrong.
Probably Banks in US donot hesitate to invest in security where as Indian Banks try to compromise on cost considerations.
We need to awaken the Indian Banking system to the fact that customer is the focus of Banking business and safety of his funds cannot be compromised at any cost.
Naavi
The corrections to your thinking that you requested are two:
1. The suppliers of IT in India are not the same as in the U.S. – In India the primary ones are Infosys, Oracle FSS (i-flex solutions), Nucleus, Polaris, 3i Infotech. In the U.S. there are three main companies – FIS, Fiserv and Jack Henry.
2. IT crime is like any other crime. Will it ever be wiped out? No. What is the volume of IT crime anywhere? How many angels can dance on the head of a pin. Phishing occurs every day, but victims don’t report it, so it can’t be counted. That’s why banks have insurance, just like people have life insurance because they know they are going to die some day.
Control, awareness and new techniques are the best protection against IT crime. The U.S. has not won the battle yet, nor has any other country.
Dear Gillis
Your point is well made and I am in agreement with you.
In India some banks are not invoking insurance and trying to force customers to bear the loss only on the ground that they have been negligent.
I am trying to make Banks realize that their responsibility is higher in reducing frauds and they need to cover themselves with insurance.
Part of the responsibility also falls on the IT companies which have forced inadequate systems on the Banks.
At present there is a huge gap in legal compliance and information security in Banks and unless this is bridged, it is unfair to make the customer pay for all the consequences of a third party crime.
Most Anti Phishing activities worldwide are geared towards identifying and bringing down Phishing sites. The Anti Phishing movement that I am trying to galvanize is victim oriented and to force Banks to initiate steps that reduces the risks from the customer perspective.
It includes making Banks invest in customer education, better security as well as absorption of fraud costs (except where the customer is part of the fraud) etc.
In the process it is necessary for regulatory agencies such as RBI to be pushed to take appropriate action.
Presently RBI has been content in issuing circulars but is lax in taking follow up action. This is exactly what happenned in the 2G spectrum scam which Dr Subramanya Swamy questioned in a Court of Law. The Court has now asked the Prime Minister of the Country to explain the cause of inaction at his end.
I feel that at some point of time in future, it a question would be raised of RBI whether it did what all it could have done to improve the security in Indian Banking system.
Otherwise erring Banks will rightfully shift the blame to RBI and say that the “silence of RBI amounts to concurrence”. This has happened in the 2 G Spectrum case where the erring Ministry has taken shelter under the fact that the Prime Minister was aware of the process involved and hence the responsibility for lack of propriety if any should be shared.
I have therefore highlighted the similarities so as to attract the attention of the public in India who are today engrossed in the discussion of the 2G spectrum scam.
I donot expect that the battle against Cyber Crimes would be won completely but I want Banks to fight it rather than the ill equipped Bank customer.
Leave A Reply