Indian Banks Arming Themselves To Fight the Rise in Cyber Crime

It took one SMS for Avinash Bharadwaj (name changed), a Delhi-based advertising professional, to realise that he was duped of `11 lakh. A shocked Bharadwaj had neither withdrawn nor issued a post dated cheque of the said amount. The only choice before him—the bank’s 24-hour helpline—asked him to file a police complaint and froze his account to any further illegal transactions. Reflecting on the incident that took place in August last year, Bharadwaj rues “The bank has been largely co-operative, but I am yet to be compensated fully.”

There are three things that make this story scarier than it is—Bharadwaj is still being probed; the criminals are yet to be tracked; he is only one amongst thousands in such a situation. Last July, believe it or not, officials of Mumbai Police were hit by something similar. A total of 29 Axis bank accounts, including at least 13 salary accounts operated by Mumbai police officials, were hacked. They were victims of a crime that was perpetrated in far away Greece; a probe revealed that some unemployed youth had cloned debit cards to pull out `13 lakh from the 29 Axis bank accounts in Mumbai.

According to National Crime Records Bureau, (NCRB) cyber crime is increasing exponentially. As many as 2,876 cyber cases were registered under IT Act in 2012 as against 1,791 cases (2011) posting a 60.6 per cent increase year-on-year. NCRB says 61 per cent offenders were in the age group of 18-30 years. The Bureau is yet to update its statistics on cyber crime from 2013 onwards. Cyber security major Symantec, in their 2013 report, pointed out that Internet frauds have cost India a whopping $4 billion (`24,630 crore), up by 8 per cent from a corresponding year-ago period. According to the 2013 Norton Report, the average cost per cyber crime victim in India was up at $207 during August 2012 to July 2013 from $192 in the year-ago period. The report further revealed that India is among the world’s top five countries with the highest number of incidences of cyber crime like ransomware, identity theft and phishing.

In fact, the market situation is conducive enough for such crimes to germinate within. For sometime now, bankers and sector analysts have been pointing out that more and more people -- especially in urban India— can avail the perceived convenience of plastic money which allows the luxury of sitting in the comforts of their home or office and carrying out a fair selection of online transactions. This, as expected, increases the vulnerability of cards being hacked and leads sensitive data exposed that wide, unchartered territory we call the Internet. Credit card spends (in value terms) have more than doubled to `1.23 lakh crore despite a dip in the number of credit cards between 2007-08 and 2012-13. Debit card spends (in value) have risen six times to `74,400 crore in the same period exponentially increasing the risk of e-transactions being misused or hacked into.

 “There are many ways in which sensitive information is hacked as a result of cell phone usage. The most common is the installation of uncertified applications,” Jatinder Pal Singh, a Bangalore-based networking security consultant told Express. “There is no foolproof system to avoid hacking. But consumers can take caution in choice of sites they browse and the information they decide to share online. As long as they are connected to the Internet, the risk element will always be there,” Jatinder says.

The fact remains that Indian cyber law is still ineffective in terms of delivering appropriate cyber crime convictions. Vishal Salvi, Chief Information Security Officer (CISO) HDFC Bank and his team of experts are holding a two-day (Friday and Monday) on cyber crime response training programme for Delhi Police officers said, “The endeavour of this programme is to partner with law enforcement authorities and equip them with appropriate skill sets to tackle cyber crime economic offences with the help of real-life examples and case studies.” Salvi says banks are ‘over managing security’ to prevent banks or its systems falling prey to hacking or other illegal activities.

HDFC plans to conduct cyber crime managing workshops across police forces to educate, sensitise and empower police personnel about crimes that are technical in nature and the technology dynamic. “The police personnel need to know how to proceed when a cyber crime is reported, how to interrogate and also how to record and register evidence. We have to be a step ahead of those trying hack into the system,” Salvi added. Addressing the annual conference ‘ITS Enabling The Digital World’ in Pune recently, G Gopalakrishna, Executive Director, Reserve Bank of India (RBI) pointed out that banks are not doing enough to create awareness amongst customers. In an age of EMV pins and Aadhaar (biometric validation), a lot is at stake. He urged banks to form risk management committees on the board levels in order to identify and specialise in tackling possible frauds.

While occurrence of cyber crime cannot be ruled out, the banking industry says it is always better to be on the right side of caution.