Bank mergers may pose cybersecurity risks, says G. Padmanabhan

Former executive director of Reserve Bank of India (RBI) G. Padmanabhan on Wednesday cautioned that public sector bank mergers were likely to pose security challenges as divergent security solutions and controls get amalgamated.

Technology integration is the toughest, the senior banker, who is non-executive chairman of the Bank of India, said, speaking on cybersecurity challenges in the financial sector, at the Institute for Development and Research in Banking Technology (IDRBT) here .

Though banks chosen for merger had the same Core Banking Solution (CBS), the versions they used were different.

“Customisation is varied. Security solutions and controls are divergent. To bring together all such systems over 2-3 years retaining and rebuilding adequate security solutions and processes is a tough task,” he said.

Pointing out the process of merger was complex, he said the banks ought to be conscious of the security challenges. “Banks have started discussions… but they should focus on security as much as on functionalities or user interfaces,” he said, adding skill set availability on security will be a greater challenge.

Mr. Padmanabhan, who was inaugurating the 15th international conference on Information Systems Security (ICISS) 2019 at IDRBT, also sought to flag linkages with third-party partners.

“There is a lot of dependency on service providers. There is a significant cybersecurity risk in that a lot of data is going back and forth and held by third parties,” he said, asking “will a merger of different versions of CBS enhance the challenge?”

Another challenge would be merging of SOC operations of the banks.

Different banks may have different set of controls and until these are fully merged the weakest link threat needs to carefully monitored and controlled, he said.

Customers responsible

Calling for closer cooperation among banks on handling cyberattacks, he said banks cannot be held responsible for losses arising due to customer’s negligence.

“While handling cheques and physical instruments, if the customer is found to be negligent… the onus is not on the bank. Similarly, if a customer is negligent, uses an insecure device, not updating, not downloading the app from the bank’s website, keys in all sensitive data in social media and unknown sites, why should banks be held responsible for the [resulting] financial loss?,” he asked, while highlighting the importance of customer education.

While Artificial Intelligence (AI) will prove to be boon to cybersecurity, it is also opening up whole new categories of attacks organisations would have to be equipped to deal with very soon, he said, adding the government can help tackle cyberattacks by enabling infrastructure for fraud detection, arrest of criminals and expediting punishment.

IDRBT director A.S. Ramasastri said the institute was setting up a fintech exchange and a 5G use case lab.

Related Topics
This article is closed for comments.
Please Email the Editor

Printable version | May 16, 2021 9:51:38 AM |

Next Story