Here’s How GUARD Can Help UCB Depositors Deal with Cyber Security Frauds

But with it, unfortunately, have come perils. Growth in digital banking services and online shopping is giving rise to online frauds. According to RBI data, cases of card and internet banking frauds increased by 43.5% in FY20 as compared to a year before. Against 1,866 frauds reported in FY19, the tally of frauds rose to 2,678 in FY20. What's more worrisome is, the amount involved in frauds went up to Rs 195 crore from Rs 71 crore-nearly a 175 per cent increase.

According to a report published by YouGov and NASDAQ-listed ACI Worldwide, 47% Indian consumers are concerned about being scammed while making digital payments. Unless this issue is addressed on time, it could put a damper on the government's dream to transform India into a digitally empowered society.

Banks and big shopping websites continuously attempt to make their digital transaction systems safer, yet there are a few weak links. In the case of co-operative banks, although they are improving their digital capabilities, they are far from being at par with big private banks.

Urban Co-operative Banks (UCBs): Far from digital excellence

A large number of people in urban as well as rural areas bank with co-operative banks. They are not just vulnerable to digital transaction frauds but to the more serious ones such as malware attacks as well.

Cyber-terrorists have managed to swindle money from gullible depositors' account by launching an attack on the main server of UCBs. In August 2018, for instance, Pune-headquartered Cosmos Bank's server was hacked by multinational cybercriminals (operating from 22 countries) who did 15,000 transactions in seven hours and siphoned off Rs 94 crore. There have been several other cyber-attacks and threats on other banks (and financial institutions).

Taking cognizance of such situations and to avoid the repetition of untoward instances in the future--especially when Digital India is about to take off--the RBI has issued a vision document on cyber security for UCBs.

RBI's Technology Vision for Cyber Security of UCBs

RBI has introduced a five-pillared approach to tackle the serious cyber security threats faced by UCBs and their customers.

The five areas collective termed as GUARD and extensively emphasized are as follows:

1. Governance Oversight

2. Utile Technology Investment

3. Appropriate Regulation and Supervision

4. Robust Collaboration and

5. Developing necessary IT infrastructure, cyber security skillset

The RBI has mentioned action points as well to ensure that this five-pillared approach creates a concrete cyber security framework.

1. Governance Oversight:

   • Focus on board oversight over cyber security - The RBI has stated that Board of Directors of UCBs will be ultimately held responsible for the data security. They are expected to ensure that Information Technology and Information Security work effectively. In due course, RBI will issue specific instructions along with specified indicators to be followed.

   • IT vision document - The central bank has asked every UCB to document its IT vision. The vision document shall provide guidelines that can be used by the banks to design, develop, and implement IT operations not only as an organisational capability but as a strategic asset too. Moreover, the vision document should compulsorily have timelines for achieving the desired results. Further, the UCB needs to put a mechanism in place to periodically review their IT vision document to reflect changes as may be mandated by the regulator from time to time.

2. Utile Technology Investment:

   • Creation of reserve fund - Considering the capital intensive nature of cyber security infrastructure, RBI has advised UCBs to create a reserve fund out of their profits in a phased manner. To begin with, National Federation of Urban Cooperative Banks and Credit Societies Ltd. (NAFCUB)-an apex promotional body of UCBs may release an approach paper in this regard.

   • Management of business IT assets - To ensure that all UCBs use state-of-art hardware and the up-to-date software, banks will plan and monitor the lifecycle of their IT assets. A process flow must be designed for the effective review and appraisal of IT assets (criticality, privilege access, password policy, etc.), which may be conducted by UCB at least yearly.

   • Banking services availability - Emergencies can interrupt the smooth functioning of UCBs and pose a serious threat to the continuity of their business operations. RBI expects UCBs to create a Business Continuity Plan (BCP) for all processes which will go beyond creating backup systems and a secure elastic digital workforce. The focus will be on prioritizing systems and processes in terms of their importance to maintain the business operating smoothly and safely.

3. Appropriate Regulation and Supervision:

   • Supervisory reporting framework - UCBs must report all unusual cyber activities to RBI, apart from other concerned authorities. Effective offsite supervision of UCBs shall be set up for compliance monitoring with respect to security guidelines as well as to have an overall and up-to-date understanding of cyber security machinery of the UCB sector.

   • Appropriate guidance in implementing secure practices - A uniform 'Cyber Security Hygiene' document for all the cooperative banks shall be issued.  This document will essentially cover best practices seen across the supervised entities and serve as the reference document for UCBs to implementing applicable controls. This document will be reviewed periodically to counter the ever-changing cyber threat landscape.

4. Robust collaboration:

   • Forum to share best practices and discuss practical issues and challenges - UCBs may collectively create a forum at the regional level consisting of key persons from various UCBs and also other relevant stakeholders to discuss cyber security issues in a coordinated manner. This platform can help UCBs benchmark their cyber security performance against the best practices in the industry and measure their strengths and weaknesses in combating cyber threats.

   • CISO forum for UCBs - Institute for Development and Research in Banking and Technology (IDRBT) would set up a forum for Chief Information Security Officers (CISOs) of UCBs to discuss pressing cyber security concerns. Such initiatives are expected to help UCBs keep track of technological changes and develop cyber security responses.

   • Adoption of cloud services - In a phased manner, UCBs are expected to implement cost-effective technologies such as 'cloud'. This should be done after taking into consideration risks they are exposed to and the regulatory compliance instructions in that regard. By 2022, all UCBs are required to prepare a blueprint for the adoption of cloud services. This will be phase 1. And in Phase2, the implementation of cloud will be discussed under the pillar Utile Technology Investment.

5. Developing necessary IT, cyber security skills set:

   • Implementing technical skills required to manage IT and cyber security - Considering the level of IT maturity at UCBs in managing IT systems is minimal at present, a targeted skill-oriented certification and training programmes will be created. This will help UCBs remain in sync with the new framework in a time-bound manner and manage the IT and security measures in the changing and challenging scenario.

   • Providing awareness training for all UCBs on cyber security - To ensure that key personnel at UCBs-Directors, senior management, and employees-are prepared to handle the challenging and dynamic cyber security environment, various awareness and certification programmes would be developed and customized to functions and roles of concerned stakeholders.

Will RBI's vision document for UCBs help depositors?

Robust technological adoptions and real-time monitoring of IT capabilities in various functional areas will be the key. As UCBs get groomed to become tech-savvy and improve their response to cyber security threats, depositors might feel confident to use their online and digital banking services.

That being said, depositors must ensure that the bank is financially sound and stable with a credible and honest management team running it. A robust technology framework (process & systems) alone cannot vouch for the security of your hard-earned money in the bank.

[Read: Are You Assuming Money in Bank Deposits as Safe? Watch Out!]

Care depositors need to take to prevent cyber frauds...

Unless you, as the depositor of a bank do not take responsibility for your actions while transacting online, any magnitude of measures taken by the bank -- be it a nationalised bank, private bank, or UCB -- in developing an IT infrastructure and cyber security would be of little worth.

Security breaches often happen at the user's end. Basically, the customer unwittingly divulges critical information related to the account to their friends, relatives, etc. Frequently, online customers tend to use weak and easy-to-crack passwords.

Here are 10 tips for the security of your online banking transactions:

1. Avoid using public Wi-Fi, shared computer and public places like cyber cafes, libraries, etc. to transact and perform banking activity online.

2. Transact only on secure and official websites with https//:

3. Ensure that your online banking password is strong and change it regularly.

4. Do not 'auto-save' your password on the browser of the computer or the mobile banking app on your smartphone.

5. Do not save PINs, account numbers, CVV (Card Verification Value) numbers on your computer/laptop/smartphone.

6. Once you perform transaction/s on a shared computer/laptop, make sure the browsing history, cache, and temp files are deleted.

7. Log off from the internet banking page and the computer/laptop completely after use.

8. Never share your login credentials including your passwords/NetSecure Codes with anyone.

9. Do not share your OTP (One Time Password) with anyone.

10. Register your mobile number and email id for updates and keep a check on your transaction history.

Along with improving cyber security preparedness of UCBs, creating adequate awareness amongst depositors is the key to the success of RBI's vision document.

Backed by technology and high-speed internet, while 'do it online' is the buzz phrase today, perform online transactions with care.

Transact smart, be safe!

Warm Regards,
Rounaq Neroy
Editor, Daily Wealth Letter

Join Now: PersonalFN is now on Telegram. Join FREE Today to get ‘Daily Wealth Letter’ and Exclusive Updates on Mutual Funds