A Europe-like cyber security defence alliance is the need of the hour, say banking technology experts.
At a time when the banking sector is grappling with a possible systemic risk brought upon by the data breach of 3.2 million cards, banking technology experts at the Business Standard Banking Technology Round Table said banks should collaborate to tighten the security framework.
Even though India is still far from a defined cyber security defence alliance, it could be a pressing need. “We probably need to have a better interoperable system of security in the banking industry to stay one step ahead of fraudsters. In fact, we could have a cyber security defence alliance like the way it works in other nations,” said Madhivanan Balakrishnan, chief technology and digital officer, ICICI Bank.
According to Balakrishnan, along with collaborating on security, sector participants could get together and share data and information pertaining to cyber security.
In times of emergencies, the banking system as a whole should come together to reassure customers. The panellists unanimously agreed that the aftermath of the data security breach could have been handled better. Banks individually went on to assure their own customers that their networks were safe, but that did little to restore confidence on a customer who uses another bank’s ATM.
“All the banks have been reassuring their own customers but banks also need to go and assure the customers that entire network is safe. That degree of comfort would have been more reassuring than the one we have seen in this case. This is because the customer will perceive it as a network threat,” said Nitin Chugh, country head-digital banking, HDFC Bank.
In the recent event of data theft, all banks as well as Hitachi Payments System that operates YES Bank ATMs where the malware was allegedly found, sent out communications saying there was no security threat at their end. Some lenders had specifically advised their customers to operate only ATM networks of their bank.
This greater emphasis on cyber security also comes at a time when digital and cashless transactions are increasing in the country and some cases of data vulnerability could slip through. As the panellists pointed out, the data attacks have always been present in terms of phishing, vishing schemes etc. But now that these attacks are more co-ordinated, lenders also need to step up security and collaboration.
“Digital is an opportunity and also a threat, but it is still necessary to adopt it because of the convenience it brings. But we need better fraud management and security in place,” said Rajesh Mirjankar, MD & CEO, InfrasoftTech.
Ramas Venkatachalam, MDIndia and South Asia, FIS, said this was no longer a bank-specific problem but a sector-wide concern where all the players needed to come together. “Security and infrastructure concerns are related to all banks and not one. So if all come to the same table then it is easier to resolve it. Even the regulator could play a role here. In the pursuit of transactions and to reduce the cost of transactions there may be compromises being made, which the regulator needs to take a look at,” he added.
In the past few months, the Reserve Bank of India has also stepped up focus on the need for banks to strengthen their information technology networks.
However, in certain cases the regulator’s stringent approach and handholding may curtail growth. For instance, sectors like peer-to-peer lending, which will come under RBI’s purview, could have been given more leeway to evolve. “Some of the disruptions must happen. We believe that some leeway has to be given where it doesn’t post a systemic risk or a massive exposure to customers,” said Venkatachalam.
For instance, RBI recently relaxed some of the rules for the payments banks. These niche banking players that are allowed to only accept deposits and not lend had asked RBI for some relaxations in rules as the risk and their revenue earning capabilities are not the same as universal banks.
The genesis of payments banks was the idea that lenders are not able to scale up at a level that the economy requires for small value transactions because of certain business model and cost effectiveness reasons. “The structure that was formed is also inherently different from the conventional banking risk structure,” said Shinjini Kumar, CEO, Paytm Payments Bank. She added that the risk was reduced for payments bank because of lower ticket size and lending restrictions, and so they should be treated differently.