Tuesday, December 27, 2011

Virus Attack On ICICI Bank Transactions: A Cyber Security Lapse

The online banking system of India is not cyber secure. Take the recent example of virus attack upon ICICI Internet banking transactions. It proved that Internet banking system and mechanism of ICICI bank is not cyber secure. It is not even clear whether ICICI bank has appointed a chief information officer (CIOs) to manage its Internet banking functions that has been made compulsory by the Reserve Bank of India.

Cyber security of banks in India is in bad shape despite mandatory guidelines by RBI in this regard that has asked Indian banks to ensure cyber secure due diligence for banks in India.

The cyber law due diligence in India requires Indian banks to ensure compliance with information technology act, 2000 (IT Act 2000) otherwise stringent penal and pecuniary penalties can be imposed.

Similarly, cyber due diligence for Indian companies is now a well known responsibility. A failure to observe cyber due diligence by banking companies in India is neither good for their business nor for their customers.

Surprisingly, till now ICICI bank has not officially come forward to repudiate this claim of the security professional Yash who has claimed to discover this vulnerability in the Internet banking system of ICICI.

Internet banking risks in India are increasing and cyber security of Internet banking in India must be strengthened by various banks. In fact, Internet banking cyber security in India needs to be strengthened so that customers’ confidence can improve.

Now the Indian banks may use two methods to solve this problem. They may use dubious and illegal methods of false complaints and pages/websites/blogs removal requests to various hosting companies like Google, Facebook, etc and thereby remove the negative reporting about their business. Or they may improve the cyber security of their systems and thereby gain more respect and trust of their customers.

Unfortunately, many prefer the former option that is seldom productive and is injurious to own interests in the long run. What is more surprising is that Internet intermediaries like Google, Facebook, etc are in fact acceding to these requests and are messing up with accounts of their users. Let us hope things would change very soon on all fronts.