Chandramouli Sarkar , Cluster Head-East , ESAF Small Finance Bank
Financial institutions have all along been fraught with various risks but the most recent and probably the gravest of all is the one involving technology. Among various financial institutions, banks are more exposed to the risk due to their broader customer base and diversity in products and services. If there is anything the last few years have taught us it is that the banking industry is in a perpetual state of red alert from information security threat. There have been massive data breaches across the world. In 2014, JP Morgan Chase, a major bank in USA, was subjected to a major cyber attack which might have affected more than 80 million accounts. In early 2016, there was an attempt on a Bangladeshi Bank to siphon off about USD 950 million but the cyber thieves were able to transfer USD 81 million, which could not be recovered. The criminals carried out this heist by manipulating the system Society for Worldwide Interbank Financial Telecommunication (SWIFT). SWIFT is a system used by banks worldwide for international financial transactions. This has posed a serious question as to whether the banking industry is prepared to handle cyber threats. During the last year in India, reportedly 3.2 million debit card details were hacked. The card details were likely to be cloned from ATMs and POS machines. Recently, Bank of Maharashtra has reported that Rs. 25 crore has been moved out from their account due to a bug in the Unified Payment Interface (UPI) application. However, a portion of the money has since been recovered. RBI reported 16,486 cyber crimes in the year 2015-16 against 13,083 in 2014-15 and 9500 in 2013-14. This trend of steady increase in financial cyber crime is alarming. These are only a few of the long list of cyber crimes perpetrated on banks to put forth the gravity of the threat. While all countries are striving to deliver more and more banking facilities through alternate channels, India is taking a giant leap in digital transformation, particularly after demonetization of high-denomination currency notes in November 2016. The success of Digital India drive rests to a large extent on cyber security. Differentiated banks, viz., payments banks and small finance banks have recently come into existence in India. These banks are expected to cater to the needs of the underprivileged population who are living in the un-banked or under-banked geographies. Success of these newly opened banks will help in addressing the critical issue of financial inclusion. However, the success of these banks, especially of the payments banks, would depend on the use of proper technology. On the contrary, any failure in cyber security is likely to affect the customers severely. The depositors of these banks with modest financial background may not be able to withstand any loss out of cyber frauds, which may devastate their confidence from the banking system altogether. Moreover, these simple and less educated people may be easier prey for the cyber thieves. It is heartening to note that many of the entities that received the license for payments bank are fin-tech companies and would be in a position to leverage their expertise in the area.
In view of the information security threats, it may appear that the future of technology-driven banking services in general, and the Internet offerings in particular, are unwelcome channels though in reality it is not so.
The positive developments include various initiatives undertaken by the banks under the auspices of Reserve Bank of India like mandatory appointment of a CISO by every bank who would be responsible for any breach, phasing out of debit/credit cards with magnetic strips and replacing them with EMV, allocation of higher IT budgets, and availability of more cyber security experts to mention a few.