With growing dependence on online delivery of services, cyber security attacks in a few banks’ systems, including in ATM transaction processing systems, has become a serious concern, according to Reserve Bank of India Deputy Governor R Gandhi.
In his address at the Banaras Hindu University, Gandhi said: “Media reports have indicated cyber security attacks in few banks’ systems... this becomes a serious concern and an area that has to be strengthened immediately and continuously as it also has the greatest potential to diminish the trust in electronic payments.”
Fraudulent useHis observation comes in the context of complaints of fraudulent withdrawals aggregating ₹1.30 crore being received by 19 banks in India from 641 customers in September.
This has emerged as a serious case of card data compromise in recent times.
The genesis of the problem was receipt of complaints from a few banks that their customers’ cards were used fraudulently used, mainly in China and the US, while the customers were in India.
The National Payments Corporation of India, the umbrella organisation for all retail payments systems in India, in a statement said following the detection of card data compromise, banks have advised their customers to change their debit card PIN. In situations where customers could not be contacted, the cards have been blocked and fresh cards are being issued by banks.
Referring to frauds, the Deputy Governor noted that “while we have secured the safety of transactions through use of additional authentication factors, fraudsters have been exploiting other weaknesses in customers to defraud them.
“For instance, there have been an increasing number of social engineering and phishing frauds luring customers to part with their confidential bank account/card particulars.”
Combined with use of duplicate prepaid SIMs, the fraudsters have been able to build a conduit between cards/bank accounts and mobile wallets to dupe users.
The Deputy Governor said: “It is ironical that the efficiency of interlinked payments also enables the fraudsters to make their getaway faster!”
Customer awarenessGandhi observed that even as banks strengthen the systems and processes, perhaps the greatest tool to fight the menace of frauds is building customer awareness.
“In addition, an ‘aware’ customer is able to make the right choices in using different systems taking into account the time criticality of the payment, the cost aspects and the risk aspects of exposing the underlying payment instrument.
“This is particularly important to ensure that the digital divide in payments doesn’t further widen with faster adoption of technology and leapfrogging (for instance, leapfrog from plastic cards to contact-less payments through mobile phones; leapfrog from financial exclusion to use mobile banking, etc),” he explained.
Gandhi underscored that hand-in-hand with customer awareness goes the aspect of customer protection and efficiency in dealing with customer complaints/grievances.
“Earlier, generally end-to-end payment services used to be offered by banks.
Today’s electronic payments are, however, made more complex (though not necessarily at customer level) with participation of other non-bank entities whose services may be used by banks in the form of outsourcing arrangements or through entities that offer specialised services integral to payment completion,” he said.
He added that greater the number of players involved, more complex the process of addressing customer grievances within the shortest span of time.
As a result, either customer complaints take a long time to resolve or remain unresolved, both of which situations needs to be addressed in right earnest.