Cyber Security Challenges and Emerging Reforms in the Indian Banking Sector

The Indian banking industry has evolved majorly in the past few years owing to technological innovations. Public and privatized banks are allotting bigger budgets towards acquiring and building IT infrastructure and have leveraged IT across all banking operations. Banks constantly face the business challenge of meeting customers’ expectations and improvising on their services and offerings. Operationally, sophistication in banking technology is thwarted by cyber security challenges that are becoming increasingly complex.

BFSI, Telecom, Education and Government organizations have been behind the major driving factors of the growth of the IT security market in India. Organizations today are increasingly aware of cyber security considerations in India, driven by factors like highly visible security incidents, and regulatory focus on security and privacy. Sectors like banking and financial services have a strong focus towards IT security and are preparing themselves for the third era of IT digitalization by investing in technology approaches that can enable them to grow their business securely while embracing digital business models.

The Long Road Ahead: RBI’s IT Reforms for BFSI

In the last quarter of 2015, RBI Governor Raghuram Rajan announced that the revenue arm of the government plans to set up an Information Technology (IT) subsidiary for monitoring and regulating internet-based services offered by banks in India. As we are moving towards a paperless banking system driven by dependence on IT, the subsidiary will help banks address issues on cyber security and evaluate the technological capabilities of banks. The steps to stay ahead of cyber criminals is a prime concern for the Indian banking sector and customers who are becoming more and more dependent on simplified digital banking experiences.

India has the second largest number of smartphone users in the world. And, internet acts as a catalyst in driving the growth of smartphone users in India. This has prompted sectors like banking and financial services to conduct rapid migration of their services to the internet and mobile platforms without fully comprehending the threats associated with them. Thus, they end up rendering themselves vulnerable to an array of cyber security threats.

Banking customers are frequent victims of internet based frauds, phishing, vishing and other malware attacks. Irrespective of these threats, there is a continued interest and love for technology-backed innovations in the banking and financial services such as online banking and mobile banking, amongst others.

The establishment of an IT subsidiary by RBI is a welcome step not only for the BFSI sector but also for IT security solutions providers like Quick Heal, as it will ensure better compliance with regulations to prevent data theft and to check financial fraud.

The setting up of an IT subsidiary is not the first attempt RBI has taken to address vulnerability issues that come with digitization of the banking sector. In 2010, the RBI had set up a working group in order to ensure a minimum standard of cyber safety norms for the BFSI sector. In 2011, the RBI released the Information Technology Vision Document 2011-2017, focusing on the growing menace of cyber security attacks and reiterated its commitments to mitigating IT fraud in the banking sector. In spite of the best possible intentions of the RBI to combat cyber-attacks and to ensure transparency at all levels of banking operations, Indian banks have been finding it hard to handle the magnitude of cyber-attacks.

Initially, many banks failed to comply with the guidelines of the RBI. Nonetheless, in a span of two to three years, banks have stepped up their digital security by introducing multi-level authentication and transaction verification and also by securing all levels of banking operations within and outside the organization by deploying high level of IT security. Over time, banks have to robustly develop their IT security infrastructure ensuring compliance not only with RBI guidelines for data protection and cyber security norms, but they must also develop real-time fraud prevention models and awareness programs to increase customer confidence.

Suhita Mazumdar