E-SMART: It?s a convenient way of banking but fraught with hazards

If you are a script- writer, here?s a blockbuster of an idea you might consider toying with. One fine morning, the cyber-savvy Ramesh Banerjee, a corporate executive, logs into his bank?s website to check his account balance. Rs 2,59,951, reads the statement. An unsuspecting Banerjee, in his habitual rush to head for office, overlooks the absence of 38 paise worth of loose change that was there in his account when he last logged in two days ago. Service charge deduction, perhaps, he concludes, before dashing out to meet his deadlines.

In another corner of the country, Neo (not his real name!) pores over his PC, going about business as usual. His modus operandi is simple: hack into a bank website, tamper with the programme to sweep the loose change that lies unnoticed in millions of accounts, open a new account in the same bank, transfer the entire sum to his name (not real), to finally draw it and do a vanishing act that would put the Cheshire Cat to shame.

Reel-life make-believe? Not wholly. Which is why banks are pumping in a fortune to make sure that the security of their online portals are not breached. The latest firewalls have been installed; high-end encryption keys ? like the 128-bit encryption certified by Verisign, used by ICICI and the State Bank of India (SBI) ? have been adopted for transferring confidential information over the Internet; while customers are being constantly informed about the dos and don?ts of e-banking through bank websites.

But despite the preventive measures, is net-banking wholly confidential and secure? Is it premature to conclude that bank servers are tamper-proof? Which leads to the obvious question: what if the real-life hacker is more interested in big bucks than loose change?

?Online security is a constantly evolving process,? says S.K. Mitra, senior vice president of UTI Bank in Calcutta. ?Though the concept of hacking bank servers is still at a formative stage in India, it is only a matter of time before hackers catch up with us, and our systems need to be constantly upgraded with time to keep miscreants at bay.?

To prevent misuse of online services, banks also tend to keep the number of net-banking facilities to a minimum. Account balance inquiry, stop payment request, cheque book/demand draft request, cheque status inquiry and funds transfer to designated accounts are some of the basic services offered online, other than exclusive services offered by individual banks (HDFC, for example, lets customers apply for loans online and trade shares). Sushil Khanna, professor, IIM, Calcutta, vouches for them. ?As a customer with the SBI and HDFC, I am very satisfied with electronic facilities,? he says. ?I have been paying my electricity and telephone bills, obtaining expense statements and transferring money to my son online, without facing any problem yet.?

So far so good. But with ever-increasing demands, banks may eventually be compelled to think beyond their present offerings. ?This could compel us to broaden our range of online services in the future, like allowing transfer of money to non-designated accounts outside the bank?s network,? says Mitra. ?But safeguarding our clients? interests remains a priority, and we would not venture into any avenue which isn?t secure enough.?

However, if and when security breaches do become commonplace, it?s the law that needs urgent sprucing up. ?There are several instances of fraudulent activities related to online transactions that happen abroad,? says Anirban Mazumder, lecturer in law, National University of Juridical Sciences, Calcutta. ?But in India, such cases have still not found their way into legal journals.?

As a result, the Cyber Appellate Tribunal, as defined by the Information Technology Act, still comprises one person who could be the equivalent of a high court judge. Chances are that the person in authority would not have any prior knowledge or experience of tackling cyber crime, says Mazumder. ?If such offences increase in the future, the juridical system needs to take notice, prop up the tribunal and find a speedy way of dealing with cases in court.?

But the most effective way to deal with the problem is to promote a sense of awareness among users. ?Certain things, like carrying your ATM card and its Personal Identification Number (PIN) in the same wallet, are just not done,? says Mazumder. Similarly, customers need to ensure that they do not operate from public terminals, or disclose their net-banking PIN or credit card numbers over systems which could be prone to hacking. After all, Net-banking, with all its virtues, is still a faceless form of transaction. Who knows if Neo isn?t logging into your bank?s website with your online PIN right now?

the customer’s ready reckoner

Ignorance is, in most cases, the root cause of fraudulent activities related to electronic transactions. The following check-points could help reduce the chances of information being misused:

Shop with caution: While shopping online, credit card numbers should not be revealed to websites which do not have proper credibility. Reputed sites like Amazon or E-bay, keeping their customers? interests in mind, would give online security foremost priority, but the same can?t be said about lesser-known portals.

Mind the slip: Don?t dispose of documents like transaction slips in places that are accessible to others, such as ATM trash bins. There have been instances abroad where fake cards have been devised with even the little information available from such slips to withdraw money from bank accounts, says law lecturer Anirban Mazumder.

Don?t answer: Never respond to hyperlinks which ask you to submit personal information. Banks will never ask you to disclose information through hyperlinks.