• Investment World
• eWorld
• Catalyst
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest

Raja Simhan T.E.

Internet banking means you save on travel and time, but is your money safe in an online account, with hackers and fraudsters on the prowl? This is one worry stalling the growth of online banking in India.

For Sudarsan, a software engineer in New Jersey, US, sending money to his parents in Srirangam, a temple town in southern Tamil Nadu, is just a mouse click away. Through Internet banking, he transfers US dollars to a bank account in Srirangam, and his parents take the money home in rupees. This is done without any delay or hassles.

But if one went back in time, say just a couple of years ago, Sudarsan used to send money mostly through his friends visiting India, or courier the cheques. But with the second option, there was always the fear that the money would be lost in transit, or somebody would steal it.

Now you see what a big change online banking has brought in for Indians living abroad. Has it, however, made a difference to Indians in India? The answer is no, says an official of a leading public sector bank. And the key reason holding people back is the concern on the security aspect in Internet transactions.

For instance, says the officer, "We have provided customers with ATM (automated teller machine) cards and also Internet access to their account. For then, they would not have to come physically to the bank. And this will give the bank staff more time to attend to bank-related work than just update customers' accounts. But customers still tend to come to the bank in person rather than use the Internet." We have a long way to go for Internet banking to become a reality in the country, he adds.

But there is room for optimism, if one goes by what an official of a multinational bank had to say at a recent seminar. His take on the scene is that the future looks bright for the Indian financial services industry, and he feels the drive will come from the country's youth.

More than half of the country's population is below 25 years, and 45 per cent is below 19 years, he points out. Six out of 10 households have at least one "liberalisation child" who will join the workforce in the next 4-8 years. Further, more than half of Internet users are under 25, and two out of three are under 30. Around 70 per cent of Internet users live in urban areas — 40 per cent of users live in the top six cities of Mumbai, Delhi, Chennai, Bangalore, Hyderabad and Pune, he says. All these factors will contribute to the growth of the Internet, and promote its use in everyday activity, which will include Net banking.

Frauds and fears

Despite this, the "great worry of security" is likely to weigh on the minds of Indians, says an official of a nationalised bank. What happens if somebody hacks the systems, misuses an Internet account, or swindles away one's money? Let's take a look at how a customer can be cheated on the Web. As we all know, online banking can be done from anywhere in the world. It could be one's home, a cyber café or from office. The last two places are vulnerable to various types of frauds. For instance, take the case of storing the PIN (personal identification number), given by banks to their customers, on the PC. A fraudster can use the PIN, in a shared personal computer, to access bank accounts.

In a cyber cafe, there is the possibility of the surfer sitting at a system that you have just vacated accessing your personal banking information. This can be done, in some machines, by pressing the backspace key, or going to the history tool, which gives information of various Web sites visited during the day, the week, or even the month, says an official in the IT industry.

Another type of fraud is `phishing.' This involves fraudulent e-mails that seek to extract your PIN and password. These mails appear genuine for they seem to have been sent by your bank. But if you are careful, you can spot telltale signs. One can often recognise these fraud e-mails because they generally include attachments, request PIN and password, or both. They try to lure the person into providing private information on the spot or include links to a site that tries to get the customers to disclose PIN and password. The minute you spot such mails, delete them. This kind of fraud was recently used to cheat customers of large European and US banks, cautions information available on the Internet. N. Vijayashankar, Secretary, Cyber Society of India, and an expert on cyber laws, feels there is little effort to make the cyber banking practice comply with the laws of the country. There is a mistaken impression that "practice prevails over law" in banking. The Reserve Bank of India has come out with an "Internet banking guideline" which also did not fully recognise the prevalence of a law in India called the Information Technology Act 2000, he says.

Currently banks are carrying a more than reasonable share of risks and these risks are being sought to be transferred to the customers, he says. Internet banking in India is currently carried out in good faith but with a high level of ignorance. There is need for a Cyber Law Compliance Audit in all banks as well as proper guidance so that customers' interests are taken care of, he says.

According to an industry source, Indian banks are spending around 10 per cent of their annual budgets on IT infrastructure, and the amount is estimated to be thousands of crores. Besides hardware and software, security spending has been huge.

Says B. Suresh Kamath, Chairman and Managing Director, Laser Soft Infosytems, which provides IT solutions to banks, all the new-generation banks and many public sector banks, including State Bank of India, Corporation Bank, Punjab National Bank and Union Bank of India, have implemented core banking solutions (featuring an integrated platform for all banking requirements), and offer Internet banking services. Currently, all of them offer enquiries on accounts and statements, enquiries on status information and transactions such as transfer of funds and utility payment. The number of customers availing Internet banking services has not reached the levels predicted earlier. A very small segment of customers use Internet banking, and there are no exact figures available, he says.

There are several reasons whyInternet banking has not caught on, he says. These are: banks do not offer all the services on the Internet; all of a bank's operations are not integrated through core banking solutions; banks do not advertise Net banking services adequately; and lack of a good payment gateway.

According to Kamath, Indian banks need to beef up security for Internet banking infrastructure. Very few cases of fraud are being reported. This is because banks want to protect their name and image as tech-savvy organisations. Most frauds in Internet banking involve transfer of funds to the account of the person committing the fraud, or remitting money out of the bank, or making payments for utility services into accounts set up to defraud the customer, he adds.

Today, banks are using firewalls and many security features to create a DMZ (de-militarised zone) to protect their servers and data. The Internet banking software must build a very strong external/access layer to detect frauds and prevent them.

Banks deploy a variety of software to support electronic banking activities. For instance, there is a secure electronic transaction or a secure sockets layer protocol that assures message integrity. This allows for transfer of a digital signature for authentication procedures, and provides confidentiality for the data that flow between a Web server and a browser.

The second protection is firewalls and filtering routers, and the third is an internal operating system that provides protection for stored information. As an added measure of security, customers are assigned a PIN and a password for accessing their accounts.

In a case study available on the Web, Tata Consultancy Services (TCS) says that it has implemented end-to-end consulting services for UTI Bank — right from the network audit to policy design to implementation. With the implementation of the PKI (public key infrastructure) solution on the bank's network along with the configuration of intrusion detection systems and firewalls, all client transactions are secure, leaving no scope for data tampering.

UTI Bank was among the first new private sector banks in India after the Government allowed the operation of private banks in 1994. It has a network of over 200 branch offices and over 1,000 ATMs.

The PKI solution included implementation of digital certificates, digital signatures on transactions entered through the Internet banking application, and single-sign-on features for authorising access to various applications of the bank on the Internet.

UTI Bank's servers are now secured against unwarranted intrusions, says the study. This has boosted customer confidence in both its retail and corporate banking operations. The hardened servers and extra security provided by TCS have has made the system robust enough to withstand any hacking attempts and reinforced customer confidence. The bank is now ready to scale up its Internet banking operations and expand its customer base.

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
What's your Net worth?

Copyright © 2004, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line