Cyber security has become a big challenge for Indian government. As the government itself has failed to implement the cyber security policy and initiatives declared from time to time, others have also taken Indian cyber security casually. The fact is that Indian cyber security is in a bad condition.
Banking industry of India is facing a variety of financial and banking frauds in India. For instance, Internet banking frauds, ATM frauds, RTGS frauds, etc are on rise in India. Even IT and cyber frauds in Indian companies are increasing. The cyber law and cyber security trends of 2013 provided by Perry4Law have also highlighted this fact.
The regulatory trends in India are leaning more on the side of penalising banks for their negligence and lack of cyber security practices. The banks must ensure the cyber security of their own infrastructures in their own interest.
Presently, the online banking cyber security is not upto the mark despite repeated reminder by the Reserve Bank of India (RBI). Even the regulations pertaining to security and risk mitigation measures for card present transactions in India have been brought into force by RBI.
However, despite various regulations and guidelines by RBI, the banks in India have not only failed to secure their online systems but they have also failed to secure the ATMs installed at their premises. As a result ATM frauds in India have significantly increased. Similarly, the mobile payment cyber security in India is also not in a proper state.
The Vskimmer Trojan capable of stealing credit card information from Windows systems is already in circulation. Similarly, the Malware Dump Memory Grabber is also targeting POS systems and ATMs of major U.S. banks. These malware are creating havoc in India and international levels.
Recently, the RAKBANK and Bank of Muscat Oman became victims of international ATM heist. The Computer Emergency Response Team (CERT) of India has even started investigation in this international ATM heist case as it has Indian connections as well.
The Financial Express has reported that a malware is active in the Indian online banking transactions space. The malware named “Dexter, black POS, memory dump and grabber” can acquire seven aliases when infecting a system and once it is successful in breaching the security protocols of a POS terminal, it steals confidential data like card holder’s name, account number, expiration date, CVV code and other discretionary information which could lead to financially compromising and phishing attacks on the card at a later stage.
This has been declared in a recent advisory issued to the public by the Computer Emergency Response Team (CERT-India). However, the advisory has been issued at a very late stage as the malware has been active in the cyberspace since March, 2013.
The banks in India are bound to follow cyber law due diligence to escape their liability under the information technology act, 2000. Further, the Code Of Bank’s Commitment to Customers by Banking Codes and Standards Board of India (BCSBI) (Pdf) that has been recently released by BCSBI has put additional legal obligations upon banks for fraudulent ATM and POS transactions.