Wednesday 30 March 2011

RBI And ATM Card Security In India

Reserve Bank of India (RBI) has been taking many banking sector reforms in India. One of it pertains to security of banking instruments and banking transaction mechanisms. RBI has also directed all banks to create a position of chief information officers (CIOs) as well as steering committees on information security at the board level at the earliest.

Similarly, RBI has also prescribed cyber due diligence for banks operating in India. The cyber due diligence requirement would now put a pressure upon the banks to deal with cyber crimes in general and phishing, credit card frauds, online banking frauds, etc in particular more seriously.

Cyber criminals are inventing new methods to defraud banking customers in India. The most recent one pertains to collective use the methods of phishing, cracking and manipulation with account details of a phone registered for banking purposes.

Reacting sharply, RBI has told all the banks to use a system that would provide online alerts for all ATM card transactions irrespective of amount. Till now banks were sending online alerts to the cardholders for only “card not present” (CNP) transactions. These transactions were performed for the value of Rs 5,000 and above.

RBI has directed that all banks must implement this direction by June 30. Earlier this year RBI sought to make “card not present” transactions more secure by insisting that banks ask for an additional password in addition to the credit card number and the CVV number printed on the back of the card. The additional security feature came into effect from last month.