Open Letter to Chairman IBA
To
The Chairman
Indian Banks Association
World Trade Centre, 6th Floor
Centre 1 Building,
World Trade Centre Complex,
Cuff Parade,
Mumbai - 400 005
Regarding: Phishing Risk on Bank Customers
Dear Sir
We draw your attention to the order of 12th April 2010 by
the Adjudicator of Tamil Nadu (Copy
available here) in the case of Umashankar Vs ICICI Bank and others in
which a compensation of Rs 12.85 lakhs was ordered to be paid by ICICI Bank to
the victim of a Phishing Fraud.
The complainant in this case had been cheated of Rs 6.46
lakhs by another customer of the same Bank allegedly with the connivance
and/or gross negligence of the Bank. The Complainant had invoked the
provisions of Information Technology Act 2000 under Sections 43 read with
Section 85 and filed an adjudication application with the Adjudicator. An FIR
has also been registered by Chennai Police in the same case under some of the
sections of ITA 2000.
The judgement released on 12th April 2010 has held that the
offence was made out under ITA 2000, and Bank was negligent under several
counts and therefore was liable to pay compensation under Section 85 of ITA
2000.
The decision which came after a prolonged battle of over 2
years has ultimately resulted in a much desired victory in the cause of the
Indian Banking Customer.
While we respect the rights of ICICI Bank to contest the
decision in any legal manner as they may decide, I would like to draw the
attention of IBA to certain industry related issues raised in the judgement.
We do concede that IBA is essentially a body of the
industry and unlike Reserve Bank of India may not consider "Customers of
Banks" as their constituency and therefore be reluctant to take up the cause
of the Bank customers.
However we appeal to your good senses to appreciate that
"Customer is the backbone of the industry" and protecting his interests
protects the long term interests of the industry. We therefore request you to
kindly take note of the observations made in the judgement and initiate a
process of correction in the industry to protect the Bank customers from "Phishing
Risks".
We do understand that ICICI Bank as well as IBA would be
worried and concerned with the judgement since there are perhaps hundreds of
similar incidents in which the Banks have convinced the Phishing Victim that
the loss was caused due to his negligence and the Bank cannot be held liable
on this count.
These arguments have been completely invalidated through
this judgement which is in line with international practices in Germany and
Denmark as well as a recent decision of a Banking Ombudsman. It is possible
that if all these victims raise their voice the industry has to bear a large
liability.
While these potential claims are naturally a matter of
concern for your organization, we trust that IBA would not be taking the
short term view of protecting the Banks from such liability and instead advise
the Banks to immediately initiate the following steps
a) Pay all Phishing victims of the amounts they have lost
b) Upgrade their security systems and introduce Digital
Signature based authentication for Internet Banking and communication with
customers with immediate effect. (as is the law of the land and RBI mandate
which are being ignored by the industry)
We reiterate that the costs involved are well within
reasonable limits of expenses which the Banks must be more than willing to
spend to present a "Safe Banking Environment" to the customers.
In this connection we would like to hold a public debate in
Bangalore (preferably) if you would personally attend the same. We shall
invite Bankers including ICICI Bank, Netizen Rights Activists and
organizations, security specialists as well as some Phishing Victims and
discuss the role of technology in Banking and the need to secure the interests
of Banks.
We look forward to your confirmation of participation so
that we can go ahead with the organization of the event.
Regards
Na.Vijayashankar
Director: Cyber Crime Complaints and Resolution assistance
center, (A division of
www.naavi.org)
37, 20th Main, B S K Stage I, Bangalore 560050
E-Mail:
naavi@vsnl.com
Naavi
April 14, 2010
COPY OF THE JUDGMENT
Previous Article:
Land Mark Judgment in Phishing Case
Articles in
Governancenow,
Techgoss,
Rediff.com,
ET ,
BL,
Comments are Welcome at
naavi@vsnl.com
