The Reserve Bank of India has prepared a 10-point action plan for strengthening cyber security in financial transactions. This includes talks with tech companies Google and Apple to secure mobile devices and adoption of artificial intelligence (AI) and machine learning (ML) in cyber security design. Meanwhile, the National Payments Corporation of India (NPCI) says there has been a decline in the fraud-to-sales ratio and the number of Unified Payment Interface (UPI) users affected by fraud.

According to sources, officials from the Finance Ministry, Home Ministry and various institutions including RBI and NPCI recently outlined to the Committee on Finance ways to improve cyber security in the financial sector. RBI officials gave details about the plan of action for the coming year, a source said

Another source said that, as more and more financial transactions are taking place on portable devices including mobile handset, security in mobile devices should be enhanced. The Indian Cybercrime Coordination Centre (I4C) would also be involved to ensure seamless intimation of fraudulent transactions across banks (through a cyber-crime reporting portal), officials said. I4C was established by the Home Ministry to provide a framework and ecosystem for law enforcement agencies dealing with cybercrime.

Also read
REUTERS

Microsoft says early June disruptions to Outlook, cloud platform, were cyberattacks

MK Jain

Underserved, marginalised populations more vulnerable to cyber risks: RBI Deputy Governor

FILE PHOTO: The Reserve Bank of India (RBI) seal is pictured on a gate outside the RBI headquarters in Mumbai

RBI proposes cyber security framework for payment system operators, seeks feedback by June 30

Cybersecurity firm Rapid7 Inc and Mandiant Consulting - owned by Alphabet Inc’s Google - said they had found a number of cases in which the flaw had been exploited to steal data.

Hackers used flaw in file transfer tool to steal data, say researchers

John Roese, Global Chief Technology Officer, Dell Technologies

‘The path to Zero Trust is not just one step’

As AI and ML become prominent tools not just for legal activity but also crime, the cyber security plan of action includes their adoption. Other plans include direct engagement with IT service providers of regulated entities, review of fraud risk management solutions, and implementation of a security operations centre (SOC) across banks . The SOC is a command centre for information technology professionals with expertise in information security (infosec), who monitor, analyse and protect an organisation from cyber-attacks and other vulnerabilities. 

A key point in the action plan would be to expand the rollout of newer tools — phishing simulation and cyber reconnaissance exercises covering a larger set of supervised entities. Since cooperative banks gain more prominence, there would be efforts to augment cyber skills in urban co-operative banks.

Meanwhile, according to sources, NPCI officials have highlighted in their presentation that despite a rise in UPI transactions in value and volume terms, fraud has reduced. This is important considering the this powers multiple bank accounts into a single mobile application, merging several banking features, seamless fund routing, and merchant payments into one hood. Committee members were informed that UPI volume and value have increased significantly in the last five years, even as the fraud-to-sales ratio declined. Card transactions remained stagnant.