New RBI guidelines on E Banking security..contd

This is in continuation of the previous article on the new guidelines of RBI on E Banking security issued on February 28, 2013.

Apart from the card related security measures covered in the previous article, the RBI circular also touches on some of the aspects of RTGS,NEFT and IMPS.

The recommendations are

1.Customer induced options may be provided for fixing a cap on the value and mode of transactions/beneficiaries. Additional authorization may be insisted when the customer wants to exceed the cap.
2.Limiting the number of beneficiaries to be added per day to be considered.
3. System alert to be introduced for beneficiary addition.
4.Number of transactions per day/per beneficiary may be monitored for suspicious transactions
5. Introduction of additional factor of authentication (preferably dynamic) for unusual transactions to be authenticated on special request.
6.Banks may consider implementation of digital signature for large value payments for all customers, to start with for RTGS transactions.
7.IP address capture for transaction may be considered.
8. “Adaptive Authentication” (means of providing authentication for end users without them having to know it is as work)may be considered for fraud detection.

These suggestions are also on the lines suggested by the Damodaran Committee on Customer service.

Though the circular uses the word “may” while referring to these suggestions, it mentions at the end that all these suggestions are “Expected” to be put in place by banks by June 30, 2013.

Naavi.org is happy that our long fight for better security in E Banking is bearing fruit.

Now we need to watch if Banks actually implement these suggestions and whether RBI will enforce its dictum.

In the past, Banks have simply ignored RBI guidelines and faced adverse comments in inspections as a matter of routine. RBI is also aware of such tendencies in some Banks. Hopefully this time RBI will use its powers to enforce compliance. Public are with RBI if they take strong measures to protect E Banking.

Once again, I personally and Naavi.org as a representative of public congratulate RBI on its initiative in issuing this circular.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Bank, Cyber Crime, Cyber Law, RBI. Bookmark the permalink.

One Response to New RBI guidelines on E Banking security..contd

  1. Excellent pieces. Keep writing such kind of information on your blog.

    Im really impressed by it.
    Hello there, You’ve done an incredible job. I will certainly digg it and in my view suggest to my friends.
    I am confident they’ll be benefited from this web
    site.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.