Page 32 - Banking Finance April 2018
P. 32
ARTICLE
Guidelines for banks: through qualified or competent professionals. There is
awareness among stakeholders and employees.
Cyber security concern is increasing so RBI has come with
guidelines that Banks have to make cyber security policy as
Reserve bank of India has decided to collect cyber incident
per complexity of business and acceptable level of risk
report both summary level information as well as details on
approved by the board to combat cyber threats.
information security incidents. Any assessment gaps in
preparedness to be reported to RBI immediately.
Cyber risk vary from bank to bank depends upon the size,
complexity of technology, digital products so banks identify
Banks are dealing with data of customers, banks have to
the inherent risks and prepare the cyber security
maintain the customers information confidentiality at all
framework.
level.
Bank has to test the vulnerabilities at regular interval of
time and set up security operations centre for continuous Guidelines on customer protection in
surveillance. Unauthorized Electronic Banking
Transactions:
Bank should design the IT architecture to take care of the
security measure. Bank should record in writing the risk cost Customer grievances related to unauthorized transactions
or potential cost to enable appropriate supervisory now a days, increased in electronic banking transactions.
assessment. Bank should implement minimum cyber Electronic banking transactions can be divided in to two
security baseline and resilience. categories:
1) Remote/Online payment transactions like internet
Many times banks allow access of networks/database for banking, mobile banking, pre-paid payment instruments
business and operational requirement and not closed due and
to oversight make the network/database vulnerable. Hence 2) Face to Face payment transactions such as payment
Banks need to review network security.Unauthorized access through Card or mobile phone, ATM, POS etc.
is not allowed, process and responsibility is well defined.
Banks system and procedure designed in such a way that
As a custodian, bank should not compromise customer customers feel safe in carrying out electronic banking
information at any cost. They have to prepare well defined transactions. For this banks must have
Cyber Crisis Management plan. Y Systems and procedures to ensure safety and security
of electronic banking transactions of customers
Bank should comprehensively check risk/preparedness
Y Robust and dynamic fraud detection and prevention
mechanism
Y Mechanism to assess the risks from unauthorized
transactions and the liabilities arising from it
Y Appropriate measure to mitigate the risks and protect
themselves from the liabilities arising due to such frauds
Y System of continually and repeatedly advising
customers how to protect themselves from electronic
banking frauds
Banks advice their customers to mandatorily register for
SMS alerts and e-mail alerts for electronic banking
transactions.
32 | 2018 | APRIL | BANKING FINANCE
