Money & Banking

SISA unveils action plan for banks to prevent cyber attacks

Shishir Sinha New Delhi | Updated on August 20, 2018 Published on August 20, 2018

Payment security specialist SISA has suggested an eight-point action plan for banks and financial institutions to prevent cyber attacks like the recent one at Cosmos Bank. It has also advised account holders to be more vigilant about transactions in their accounts.

SISA feels that it is not the software that failed in the case of Cosmos Bank, but there were no security measures, which resulted in the fraud.

“Technology is the enabler, but security also has to be given high importance. Banking institutions in the country need to start focussing on effective implementation of the data security standards such as PCI-DSS and PA-DSS,” Dharshan Shanthamurthy, CEO, SISA Worldwide, told BusinessLine.

Last week, Pune-based Cosmos Co-operative Bank reported fraudulent withdrawals amounting to ₹94 crore due to cyber attacks, including malware attack, on its debit card payment system and SWIFT transaction.

It said about ₹78 crore was withdrawn through various ATMs located across 28 countries, including 12,000 Visa card transactions. In the same way, the bank said about ₹2.50 crore was withdrawn through 2,800 debit card transactions in India at various locations, and ₹13.9 crore was transferred through SWIFT (Society for Worldwide Interbank Financial Telecommunication) transaction.


Now, to avoid such incidents, SISA has formulated an action plan that banks can implement proactively to secure the payment switch application and network environment.

The plan suggests enabling multi-factor authentication for users to log in to the Switch application server.

It also proposes that IP (internet protocol) table be enabled to provide access to only authorised systems to the switch server, and reset the password of all privileged users in the Switch application server.

It has advised the institution to reach out to their Payment Forensic Investigator (PFI), authorised by the payment brands and listed on the PCI Council website, within 24 hours of any suspicious activity.

The plan also talks about conducting a credential-based vulnerability assessment scan. A non-credential-based vulnerability assessment scan has limitations in identifying all the vulnerabilities present in the servers or network components.

When asked what account holders should do apart from changing the password at regular intervals, Shanthamurthy said: “They need to keep a constant check on their transactions and report to their bank in case of any transaction not made by them.” It is also advised that one should not use public computer or even hotel wi-fi to do bank transactions.

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on August 20, 2018
This article is closed for comments.
Please Email the Editor