The ever increasing penetration of information technology coupled with rapid advances in analytics and processing of big-data makes information security across domains and financial systems in particular, ever more critical. With large volumes of data moving around at lightening speeds a small glitch anywhere on the way could be catastrophic.
Transactions are put through open counters, ATMs, mobiles and the Internet by IT savvy customers and also others having little knowledge of technology, banking or finance. The source, destination and channels that handle information need to be impregnable and incorruptible. The challenges involved in providing adequate protection are manifold, particularly in an environment where regulators are different for different markets and institutions and with the laws of the governing countries being equally diverse and nuanced, largely falling under the ISO/IEC 27001, 27002 standards, COBIT* and the Sarbanes-Oxley Act. Systems would crumble if information is not secure enough in terms of integrity, accuracy, speed and confidentiality.
Increasingly payments are being routed through IT networks. Systems such as RTGS*, NEFT* and IMPS* have emerged as channels for agnostic modes of funds transfer. Credit and debit card payments are being encouraged to avoid cash transactions. With smart phones, wireless communications and virtual wallets using NFC* technology cashless transactions are becoming popular. E-commerce has become the order of the day exposing everyone to all possible risks in payments and settlements.
Thanks to the initiative of the Reserve Bank Of India (RBI) with the active involvement of IDRBT and IBA the banking system in India, which includes non-banking financial companies has a reasonably secure information management system that meets ISO 27001 standards. It is to be continuously improved based on the PDCA* Deming cycle.
Several initiatives have been taken to ensure the security of transactions to minimize frauds and irregularities. The Payment and Settlement system under RBI’s regulation and supervision has earned credibility for its speed, accuracy, and integrity thanks to its diligent implementation using state of the art technology under the Payment and Settlement Act 2007.
Considering the changing threat milieu and the latest international standards, in April, 2010 RBI set up a Working Group on Information Security, Electronic Banking, Technology Risk Management and Tackling Cyber Fraud under the Chairmanship of the Executive Director Shri. G. Gopalakrishna. The Group delved into various issues arising out of the use of IT in banks and made its recommendations under nine broad heads; IT Governance, Information Security, IS Audit, IT Operations, IT Services Outsourcing, Cyber Fraud, Business Continuity Planning, Customer Awareness programmes and Legal issues.
A lot has since been done to secure the information flow involving top management, IS audit and continuous updating of technology and with the statutory backing of IT Act 2000, basically from the service provider’s angle. Yet, a lot remains to be done from the service takers angle where customers are institutions and individuals. While institutional customers are able to cope with newer technologies by upgrading their own technology and skills and by outsourcing such skills, the same cannot be said of
individual customers barring a few. However, there exist some serious gaps in security systems. Unless and until individual customers; many of them half literate, illiterate, handicapped and very senior citizens are given protection, information security measures will fall woefully short, creating potential chaos and disrupting the entire financial system.
individual customers barring a few. However, there exist some serious gaps in security systems. Unless and until individual customers; many of them half literate, illiterate, handicapped and very senior citizens are given protection, information security measures will fall woefully short, creating potential chaos and disrupting the entire financial system.
*COBIT: Control Objectives for Information & Related Technology; a framework for IT management & IT governance
*RTGS: Real Time Gross Settlement
*NEFT: National Electronic Fund Transfer
*IMPS: Interbank Mobile Payment Service
*PDCA: Plan-Do-Check-Act
*NFC: Near Field Communication
*IDRBT: Institute for Development and Research in Banking Technology
*IBA: Indian Banks Association
*SEBI: Securities and Exchange Board of India
*IRDA: Insurance Regulatory Development Authority
*PFRDA: Provident Fund Regulatory and Development Authority
*RTGS: Real Time Gross Settlement
*NEFT: National Electronic Fund Transfer
*IMPS: Interbank Mobile Payment Service
*PDCA: Plan-Do-Check-Act
*NFC: Near Field Communication
*IDRBT: Institute for Development and Research in Banking Technology
*IBA: Indian Banks Association
*SEBI: Securities and Exchange Board of India
*IRDA: Insurance Regulatory Development Authority
*PFRDA: Provident Fund Regulatory and Development Authority
No comments:
Post a Comment