The refusal of the Maharashtra State Banking Ombudsman to intervene in a case of net banking fraud that left a customer poorer by nearly ten lakh rupees is bound to add to the anxiety of consumers who are afraid of falling victim to cybercrime. Much as plastic money and online commerce are convenient, they bring with them the baggage of security concerns. The banking and payment card industries, and enforcement agencies must respond to such incidents with alacrity. Reserve Bank of India statistics record a downward trend in the number of cases of credit card fraud: from 20,806 cases in 2009 involving over Rs.61 crore, to 7,305 cases in 2011, with an exposure of Rs.21.7 crore. Yet, that is cold comfort for many because the theatre of crime is often a foreign country. That point is amply borne out by the many cases of Indians preyed upon by identity thieves and financial fraudsters who skim off information from cards used abroad. While the offices of the Banking Ombudsman may not have all the resources to address the problem, the onus of security should lie with the system, and not the consumer. At the moment, the procedure for redress — especially filing a complaint of cyber fraud — is difficult, and the level of liability for misuse of the card after reporting the crime does not favour the customer.
Some of India’s online gateways do incorporate additional security components such as codes and keys, but the consumer faces an unfriendly system when he falls victim to identity theft. Although the Information Technology Act was amended to incorporate a specific section, 66C, relating to punishment for identity theft, the police are often not receptive to complaints. As a confidence-building measure, banks and the payment card industry must come up with an advisory in plain language on good practice, rights of account holders, their liabilities including insurance against theft, and the system of seeking help. The law on limited consumer liability is clear in the United States, whereas insurance compensation for fraud is often capped in India. On the technological side, the banking system, the payment card operators and the retail sector must explore ways of incorporating new technologies that can make transactions highly personalised. Generating individual digital tokens for buyers’ pre-registered mobile phones for each sale — as some online retailers do to verify the customer — may be one way to confirm identity. With smartphones and m-commerce growing in popularity, the need to strengthen systems against online fraud is even higher. Weak consumer confidence and unhelpful enforcement agencies can only deter growth.
Keywords: internet banking fraud, Maharashtra State Banking Ombudsman, banking frauds, online phishing
We can have a system in which the presence of the number of layers of
security will depend on the amount of transaction .For Example ,If the
transaction involves a big amount we can have three or more layers of
confirmation like OTP,email etc. and if the amount is small then just
one layer of password confirmation would do,as no one will like to pass
so many layers of confirmation just for a small transaction.
Each and every online transaction should have two layers of security
settings. The first should ask for the transaction password which is
user defined and should be changed from time to time and second one
should ask for a security code which should get generated automatically
when a transaction is initiated and should get sent to the user's mobile
number. The automated system should generate a unique number every time
we make an online transaction. I am not sure about other banks, but Axis
Bank has already implemented this two-layered security settings.
idea of binding the consumer account to a machine through the idea of secure id could be helpful, but sending 2 identification token on mail and message will increase the reluctance towards use of such services due to decrease in the ease.
and the idea of insurance must be made an inherent part of such services .
Following are required to reduce the Internet Bank frauds
1. Two modes of confirmation - when an online transaction is done, OTP shd be generated in both mobile and in mail - Based on confirmation in both these modes only, transaction should proceeed. In many cases, sim card of the mobile are changed and hence the OTP is not seen by the rightful owner. So the additional layer in mail will help.
2. Secure id implementation - so that the internet account is tied to a given machine - This is implemented in Canara bank - this will help to reduce the frauds to a great extent.
3. When online fraud is reported, bank itself shd do investigation - If they check the logs of the database , online transactions and ATM transactions, they can very well ascertain if the complaint is genenuine or not. Based on this, Banks can accept the problems and return the money to the rightful owner , instead of making them run from pillar to post.
4. Police should have a SLA in solving the crimes.
Banks should respond to the problems of consumers also.it is not a
simple problem. It is a multi faceted problem related to economy
security and other segments also.the banks and security agencies should
come forward to deter that problem to an extent
Please Email the Editor