it in banking

(1)

KANDIVALI EDUCATION SOCIETY’S B.K. SHROFF COLLEGE OF ARTS

AND

M.H. SHROFF COLLEGE OF COMMERCE Bhulabhai Desai Road, Kandivali (West), Mumbai – 400067

CERTIFICATE

This is to certify that ABHISHEK B.PATOLE of

TY.BMS has successfully completed a project on TO STUDY

“

it

in banking industry ” for the semester under the guidance of the PROF. UMADEVI KOKKU during the Academic year 2011-2012.

Project Guide

Co-ordinator Principal

Internal Examiner External Examiner

(2)

AND

M.H. SHROFF COLLEGE OF COMMERCE

Bhulabhai Desai Road, Kandivali (West), Mumbai – 400067

DECLARATION

I ABHISHEK B.PATOLE from KES Shroff College Of

Arts & Commerce and a student of T.Y. BMS here submit my

project on TO STUDY

“

it in banking industry ”

I also declare that the project which has been in the

partial fulfillment of the requirement of the Mumbai University is

(3)

AND

M.H. SHROFF COLLEGE OF COMMERCE

Bhulabhai Desai Road, Kandivali (West), Mumbai – 400067

PROJECT REPORT ON

“it in banking industry

” .

SUBMITTED BY

ABHISHEK B.PATOLE

TY.BMS

SEMESTER V

SUBMITTED TO

UNIVERSITY OF MUMBAI

PROJECT GUIDE

PROF. UMADEVI KOKKU

ACADEMIC YEAR

(4)

ACKNOWLEDGEMENT

The joy of ingenuity!!! This is doubtlessly what this project is about. Before getting to brass tacks of things. I would like to add a heartfelt word for the people who have helped me in bringing out the creativeness of this project.

To commence with things I would like to take this opportunity to gratefully and humbly thank to Prof.Umadevi kokku, who has giving me an opportunity to undertake this project in IT in Banking Industry.

My parent’s need special mentions here for their constant support and love in my life. I also thank my friends and well wishers, who have provided their whole hearted support to me in this exercise. I believe that this Endeavor has prepared me for taking up new challenging opportunities in future.

(5)

Sr no.

Index

Page

no.

Chap.1

Introduction

7-15

a.

Objectives of the study

b.

Limitations of the study

Chap.2

Review of literature

16-19

Chap.3

Research methodology

20-24

a.

Primary data

b.

Secondary data

Chap.4

Electronic cheques & evidentiary value

25-39

a.

Future of plastic money

b.

Leading issues in banking technology

Chap.5

Banking technology & frauds

40-73

a.

Credit card frauds on internet

b.

Information technology risk in

banking management &measurement

Chap.6

Data analysis

74-87

Chap.7

Conclusions

88-89

Chap.8

Suggestion

90-91

Chap.9

bibliography

92-93

(6)

Chapter- I

Introduction

Chapter -1. INTRODUCTION

The Indian Banking system has an old age legacy. Earlier there were indigenous bankers who consisted mainly of unorganized moneylenders, mahajans and sahukars. Later, when British came to India they brought with themselves the concept of organized banking. British while leaving India left behind large number of small and privately held banks. In 1964, the first major banking reform took place

(7)

when 14 banks were nationalized. It led to the rising of Indian Public Sector Banks. The second banking reform was witnessed in 1990s when Indian Banking Sector underwent complete change after the recommendations of the Narsimhan Committee. Private and MNC banks entered banks entered into the Indian Banking arena and challenged the monopoly of the PSU banks. The Private and MNC banks brought new technologies and technology intensive services with themselves. They rendered quality service, which PSU banks were not providing, to service starved Indian customers. There were a series of technological innovations and up-gradations, e.g., ATMs, Internet Banking, credit cards and online banking, etc. Private banks and MNC banks had to provide something extra and it was their service, which attracted a bulk of customer from the PSU banks. Indian customers were lacking the world-class service in baking; they were accustomed to the PSU (Sarkari) culture and the service of Private and MNC banks was a delight for them.

When private and MNC banks initiated the world class service to their customers and started snatching customers from Public Sector Banks, Public sectors banks were bound to follow the path of Private Banks. The PSU banks felt the heat and realized their mistake. They also followed the Private Banks in their technology initiatives and services.

The Indian Banking Sector with the progress in Technology is facing the biggest challenged of rapidly changing customer expectations against the backdrop of LPG (Localization, Privatization and Globalization). Retail banking clients today demand more care and extra facilities. They want more mobility of investments, interactive

(8)

accounts, and better segmentation of banking products to cater to different segmental needs, convenience and untimely hour services. Even the PSU culture could not adjust to the pace of the new technology and changes. At present also it is moulding and adapting itself to new needs and the dynamism of the environment.

Technology is helping the Indian Banks to cater to customer needs in a much more efficient manner continuous and error free services to customers. With the help of computerization and the use of modern software, which can be called the gift of technology, the banks have been able to provide single window system to their customers. In a single window system, all the needs of the customers are taken care at a single counter. It is like a multipurpose counter where one can deposit cheque, receive payments and deposit cash etc. This has been made possible only due to the use of technology. Earlier one had to move from one counter to the other counter for different sort of works. Thus this type of service not only helps in better customer service but also minimizes the customer service time as it avoids duplication of work and unnecessary hassles to the customers. With the use of technology, banks are trying to minimize there per customer service cost. According to industry estimates, assume teller cost Re.1 per transaction, ATM transactions cost Re.0.45, phone banking at Re.0.35, debit cards at Re.0.20 and Internet banking at Re.0.10 per transaction. So, now the emphasis is more on net banking then on real banking or brick and mortar banking. Indian Banking system is moving from real banking realm to virtual banking realm. Banks are establishing more and more ATMs at different convenient locations and interconnecting these ATMs not only with their networks but also with their partner banks. Network

(9)

with whom they have got mutual understanding for sharing ATMs. With the least cost of Internet banking, banks are paying higher emphasis on Internet banking.

As per IDC estimates, the total number of registered users for Internet banking in India is over two million. But this figure needs to be adjusted for dormant users and multiple accounts (a user having accounts with more than one bank). India has one million active Internet Users populations. Thus, this is just around 0.1% of the total population; to represents 15% of the India’s Internet user (most of the people in India use internet from cyber café). Thus, indicating that the concept of Internet banking is surely catching on. India is far behind in the use of Internet banking than the other Asian countries like Korea and Singapore where nearly 10% of their population is banking over the Internet but India is fast catching up. In India, the biggest drawback for Internet banking is the Internet penetration among the masses. We lack the infrastructure facility for providing Internet services but with the IT ministry keen on expanding the Internet penetration the day is not too far when greater part of our population would be using the Internet banking facilities. In India, ICICI bank was the pioneer to introduce Internet Banking. And later Citibank, HDFC Bank and other banks followed the suit. PSU banks have lagged far behind in adoption of the Internet banking facilities. But State Bank of India, which entered the arena of ATM banking quite late, was able to expand at a rapid pace and cover almost all the cities of India. Now ATM banking has become an integral part of traditional cheque or withdrawal based banking. These services have helped the PSU banks to maintain their customers. Now money is transferred more in electronic form than in physical form.

(10)

With the cost of PC fast declining and the government’s initiative in providing the infrastructural facilities for net banking and the faster developments in the telecommunication sector would be helping in the adoption of new technology and IT-based banking services. Some authors’ view that the Internet banking is just the extension of the traditional banking services because it is the same service with customer friendly technological interface. So, it is the value addition to the existing services. Banks are reaping following benefits with the use of technology:

 With low investment, banks would be able to satisfy large customer base. The technology has allowed the banks to move from brick and mortar building to virtual interface which cost less in comparison to the rising real estate prices which in turn leads to increase investment. Low investment in turn helps in satisfying large client base.

 With modern facilities more and more customers get attracted to the banks and they are viewed as technology savvy and modern or state-of-the –art banks. Brand image of the banks also get enhanced thus building their goodwill and brand equity. Even customers want to be associated with the brand personality of the banks.

 With the increase in quality and competition, the customers are having several choices among which to choose instead of Hobson’s choice in some case. Now banking services have become customer centric instead of service centric or bank centric approaches as in earlier cases. Now, it is the customers

(11)

market rather than a sellers (bankers) market. All the services are customer driven.

 Network sharing by different banks is enabling the banks to reduce their investment (sharing of ATMs of partner banks) and provide better services to the customers. This is also helping them in delivering quick services and it also reduces the risk of fraudulent practices as verification becomes quite easier and quick.

 These practices are leading to lower service cost per customer. Thus leading to enhance profitability for the banks, which in turn enhances the corporate image of the banks.

 With the use of technology banks are in a position to obtain the customer database with a press of key and this helps the bank to maintain high profile customers because it is an accepted marketing principle that 80% of the revenue are generated by 20% customers (20:80 principle). Thus, the modern technology helps in tracking the key customers and provides them better services or customized services.

 The alternative channels of service helps the bankers to add new products to their portfolio and it helps them to device new products according to customer needs. The banks can provide customized value added services or tailor-made service to each

(12)

customer based on his/her requirement, e.g., foreign money transfer service, electronic money etc.

 It helps the banks to manage their funds in a much better way as the technology provides round the clock interface to the outside world and thus it helps in hedging the risk of the banks at real time. Banks are able to minimize the risk and maximize returns by investing in different avenues and they have greater control over the fund investments.

 Technology helps in increasing the labor productivity because it increases the output per labor to multifold. Earlier works had to be performed manually and it used to take days to complete in minutes or in seconds. So, it helps in updating the customer status as well as increased labor productivity.

 The customer service cost decreases and the productivity of the staff increases and this adds to the profitability of the banks. This helps the banks to take care of even larger customer base and this will ultimately ass up too the bottom-line of the banks.

Public sector banks have been shy in implementing new technology brick mortar banking in comparison to the technology driven banking while the client base of Private and MNC banks are mostly young people who are technology-savvy and who like to interface more with the technology than man. Aged people are not

(13)

comfortable with the technological interface. They feel complexity and uncomfortable with technology intensive services.

With the present avenues being saturated and greater competition due to the entry of more players in the arena, the banks are diversifying into new areas where they can use their financial expertise in financial consultancy, insurance sectors, and fee-based earnings instead of fund-based earnings. The mushrooming of the multichannel, multifunction, self-service electronic delivery channels is fast replacing the brick and mortar branches (real to virtual). There is a need to redefine the business model of the Indian banking sector so that to optimize the resources and deliver world class service in the light of modern day technology. Today’s concept is to minimize the visit of the customer to the bank and let him use the technology or let technology handle him-this is the new survival mantra in the cutthroat scenario for banks.

OBJECTIVES OF THE STUDY

The objectives of the project “The Study Of Application of Information Technology In Banking Sector” includes the following:- To know the present condition of technology in Indian banking sector.

(14)

 To know about the hackers and frauds in online banking.

 To know about the risk management policies of Indian banking sector.

 To know about the electronic banking sector.

LIMITATIONS OF THE STUDY

The scope of the project “ The Study Of Application Of Information Study In Banking Sector” has been restricted to some extent i.e. the project does not include the following:

- Supervision of Electronic Banking by Reserve Bank Of India  Information Technology in Banks in International Scenario

(15)

 Software Application to Protect from Hackers & Frauds  Case Studies Related To Hackers & Frauds

Chapter –II

(16)

History of banking

The first banks were the merchants of the ancient world that made loans

to farmers and traders that carried goods between cities. The first records of such activity dates back to around 2000 BC in Assyria and

Babylonia. Later in ancient Greece and during the Roman Empire

lenders based in temples would make loans but also added two

important innovations: accepting deposits and changing money. During this period there is similar evidence of the independent development of lending of money in ancient China and separately in ancient India. Banking in the modern sense of the word can be traced to medieval and early RenaissanceItaly, to the rich cities in the north like Florence,

Venice and Genoa. The Bardi and Peruzzi families dominated banking in 14th century Florence, establishing branches in many other parts of

(17)

Europe. Perhaps the most famous Italian bank was the Medici bank, set up by Giovanni Medici in 1397.

The development of banking spread through Europe and a number of important innovations took place in Amsterdam during the Dutch Republic in the 16th century and in London in the 17th century. During the 20th century developments in telecommunications and computing resulting in major changes to the way banks operated and allowed them to dramatically increase in size and geographic spread. The Late-2000s financial crisis saw significant number of bank failures, including some of the world's largest banks, and much debate about bank regulation. Information Technology Auditing (IT auditing) began as

Electronic Data Process (EDP) Auditing and developed largely as a result of the rise in technology in accounting systems, the need for IT control, and the impact of computers on the ability to perform

attestation services. The last few years have been an exciting time in the world of IT auditing as a result of the accounting scandals and increased regulation. IT auditing has had a relatively short yet rich history when compared to auditing as a whole and remains an ever changing field. The introduction of computer technology into accounting systems changed the way data was stored, retrieved and controlled. It is believed that the first use of a computerized accounting system was at General Electric in 1954. During the time period of 1954 to the mid-1960s, the auditing profession was still auditing around the computer. At this time only mainframe computers were used and few people had the skills and abilities to program computers. This began to change in the mid-1960s

(18)

with the introduction of new, smaller and less expensive machines. This increased the use of computers in businesses and with it came the need for auditors to become familiar with EDP concepts in business. Along with the increase in computer use, came the rise of different types of accounting systems. The industry soon realized that they needed to develop their own software and the first of the generalized audit software (GAS) was developed. In 1968, the American Institute of Certified Public Accountants (AICPA) had the Big Eight (now the Big Four) accounting firms participate in the development of EDP auditing. The result of this was the release of Auditing & EDP. The book

included how to document EDP audits and examples of how to process internal control reviews.

Around this time EDP auditors formed the Electronic Data Processing Auditors Association (EDPAA). The goal of the association was to produce guidelines, procedures and standards for EDP audits. In 1977, the first edition of Control Objectives was published. This publication is now known as Control Objectives for Information and related

Technology (CobiT). CobiT is the set of generally accepted IT control objectives for IT auditors. In 1994, EDPAA changed its name to

Information Systems Audit and Control Association (ISACA). The period from the late 1960s through today has seen rapid changes in technology from the microcomputer and networking to the internet and with these changes came some major events that change IT auditing forever.

(19)

The formation and rise in popularity of the Internet and E-commerce

have had significant influences on the growth of IT audit. The Internet influences the lives of most of the world and is a place of increased business, entertainment and crime. IT auditing helps organizations and individuals on the Internet find security while helping commerce and communications to flourish.

Chapter- III

RESEARCH

METHODOLOGY

(20)

COLLECTION OF PRIMARY

DATA:-The primary data has been collected from various sources which are as follows:

 Questionnaire method.  Surveys in banks.

 Surveys in banks related offices such as agent’s office etc.

COLLECTION OF SECONDARY DATA:

The secondary data has been collected from various sources which are as follows:

 Various books related to information technology.  Brochures of various banks.

 Weekly journals.

(21)

SAMPLE FRAME:

The data has been analyzed using ten samples of employees of three different banks viz., Bank of Maharashtra, HDFC Bank and ICICI Bank.

E-BANKING: IN NASCENT STAGE IN INDIA

To keep pace with the changing environment worldwide, Indian banking industry is fast adopting technology. It has embraced many new features like Internet banking, ATMs, Phone banking etc. With the help of new technology, banks are now able to offer products and services, which were difficult or impossible with traditional banking. But the banks in India still have to go a long way before making themselves technology savvy.

With IT integration, a paradigm shift in the banking norms is on cards. Banking fundamentals are thus facing major overhauls/ reengineering/ restructuring.

(22)

Two major trends have emerged in the transition of traditional banking to high-tech banking:

 Advancements and restructuring through mergers, acquisition and alliances.

 Universal banking where one stop shop provides all related products and services to a customer.

At this point, it should be emphasized that mergers, acquisitions, alliances, and adoption of Universal Banking concept are just outcomes of IT-banking integration.

Banking and IT

Advancements and innovations in IT industry have created a revolution in the communication and distribution system of various products and services through Web networking. Networking, as we know has connected people around the globe, thus creating a revolution in modern business activities.

Integration of these technological advances and existing banking structures has changed and will change the definition and faces of global banking. Internet banking has made banking a commodity where quality is measured by efficient servicing and effective pricing and timeliness.

(23)

However, PC banking is not new. Bank of Scotland Started offering its Home Office Banking Services (HOBS), more than a decade ago, although it was only in 1996 that it was upgraded to make software work with the now dominant windows operating systems. HOBS later joined hands with TSB, which in 1996 launched banking services accessible through the CompuServe online network, nationwide.

Technology Solutions for Indian Banks

Two types of technology stock bank products are available in the market.

 Hardware products like ATMs and

 Software products like branch connectivity, cluster-banking software, and trade finance software.

(24)

(25)

ELECTRONIC

CHEQUES&EVIDEN

TIARY VALUE

3. ELECTRONIC CHEQUES

ANDEVIDENTIARY VALUE

The advancement in technology has led to the creation of electronic cheques, particularly in a business environment. Different countries have a choice of cheque systems, which are governed by the laws applicable to each country’s jurisdiction. The authentication of these electronic instruments is proposed to be endorsed by digital signature. In India, the enactment of the Information Technology Act, 2000 obligated amendments to The Negotiable Instruments Act, 1881 in

(26)

order to impart legal validity to such electronic instruments. The authors in this article elucidate the amended provisions and examine the evidentiary value of such electronic instruments.

The electronic cheque or simply the e-cheque is gradually replacing the longstanding paper cheque. The Negotiable Instruments (Amendments and Miscellaneous Provisions) Act, 2002 was amended to include the phrase “electronic cheque” in the definition of a cheques in Section 6 reads as “ A ‘cheque’ is a bill of exchange drawn on a specified banker and not expressed to be payable otherwise than on demand and it includes the electronic form. “Explanation I. – For the purpose of this section, the

expression-“A cheque in the electronic form” means a cheque which contains the exact mirror image of a paper cheque and is generate, written and signed in a secure system ensuring the minimum safety standards with the use of digital signature (with or without biometrics signature) and asymmetric cryptosystem.”

An electronic cheque simply means a cheque in the electronic form, which is an exact replica of a physical cheque. It contains all the information that is found on a physical cheque, but it is “signed digitally” or “endorsed”.

In an attempt to provide authentication, an apparatus commonly known as “signature” was evolved as a proof asserting intention. This involved appending a unique identifier to a message to identify the sender/recipient. Conventionally, handwritten signatures are affixed paper-based cheques. These signatures affixed using ink are used as an authentication tool to identify that the person signing the document has read and understood the contents. In the anonymous digital world,

(27)

where individuals may not actually communicate with each other, much emphasis is placed on the authentication of the electronic information. Therefore, it becomes necessary for evolving a secure authentication tool, which led to the promotion of digital signatures.

DIGITAL SIGNATURE – HOW IT OPERATES

It is a data string, which associates a message in the digital form with some originating entry. It is created and verified by means of cryptography, the branch of applied mathematics that concerns itself with transforming messages into apparently meaningless forms and back again. It uses a scheme or mechanism consisting of signature generation algorithm with a method for formatting data into message to produce a digital signature, and a related signature verification algorithm with the method to recover data from the message to authenticate a digital signature.

It is important to note that, the Information Technology Act, 2000, in Section 3(2) provides for a particular asymmetric cryptosystem and hash function as a means of authentication should be recognized as a source of legal risk.

The digital signature mechanism follows an “asymmetric cryptosystem”. In this method of creating and verifying a digital signature, there are two basic technical processes or functions: “Public key encryption”, where encryption is the process by which information is scrambled by the use of a code and “hash”.

The process of a creation and verification of digital signatures using hash algorithm involves the following steps:

(28)

 Create a data unit that is to be signed, e.g., precisely an encircled portion of data in digital form, which can be a text document, software or any other digital information.

 Generate hash value called “Message Digest” or “Fingerprint” of the message. A hash function is a process that creates a relatively small number (called message digest) that represents a much larger amount of electronic data.

 This hash value is computed from the data unit- a number using a hash algorithm, which creates the compressed digital signature. Digital signatures use a “one way hash function” and the important thing about such a hash value is that it is nearly impossible to derive the original data unit without knowing the data unit used to create the hash value. Therefore, if the data unit is changed or otherwise tampered with, the hash value will no longer correspond to this data unit and produces an error message.

 Encrypt hash value with the private key of the signatory. Encryption is a process of disguising a message in such a way so as to conceal its meaning and substance. It also consists of a procedure of converting plain text to a cipher text. Hence, the plain text refers to the original digital file, whereas the ciphertext refers to the disguised file.

 Final step in the verification process, which involves the regeneration of the hash value on the basis of the same data unit and the same algorithm. The determined hash value is again computed with rhea public policy key, which is then compared

(29)

with the signature attached to the data unit. If the product is matching, it will verify the signatory’s private key, which is used to sign and guarantee that the data unit has not been altered. In this context, digital signatures are created when the drawer of the cheque runs, the cheque through a one-way function creating a message digest. The private key used by the drawer of the cheque is known only to him. The drawer encrypts the resulting message digest by using an asymmetric cryptosystem will allow the paying banker to verify the signature by using it to decrypt the cheque.

EVIDENTIARY VALUE OF DIGITAL

SIGNATURE ON E-CHEQUES

Generally, authentication is achieved by what is known as security procedure, but from the legal perspective, the security procedure requires to be recognized by the law as a substitute for signature.

With the emergence of cyberspace it became necessary to amend certain provision of the Indian Evidence Act to make electronic evidence admissible in courts of law. Accordingly, the second schedule to the Information Technology Act has amended the Indian Evidence

(30)

Act, 1872 to remove any obstacle to the legal acceptance and validity of electronic evidence.

According to the amended Section 3 of the Evidence Act, electronic records stand on par with paper-based documents and will be deemed as documentary evidence in a court of law.

While Section 22(A) of the Information Technology Act amends Section 17 of the Indian Evidence Act, 1872 to provide that oral admission as to the contents of the electronic records are relevant, the written admission of the content of any document or electronic record can be proved under Section 65 of the Evidence Act.

Section 39 of the Indian Evidence Act provides, “when any statement of which evidence is given forms part of a longer statement, or is contained in a document which forms part of a book, or is contained in part of electronic record or of a connected series of letters or papers, evidence shall be given of so much and no more of the statement, conversation, document, electronic record, book or series of letters or papers as the court considers necessary in that particular case to the full understanding of the nature and effect of the statement, and of the circumstances under which it was made.” It can be inferred from this provision that where entry of an electronic cheque forms a part of an electronic record, only that part which is relevant may be taken as evidence before the court. Again what part is relevant depends on the discretion of the court. The court must exercise this discretion judicially to determine such relevance.

Accordingly, Section 5 of the Information Technology Act 2000 prescribes, “ Where any law provides that information or any other

(31)

matter shall be authenticated by affixing the signature or any other document shall be signed or bear the signature of any person then, not withstanding any document contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of digital signature affixed in such manner as may be prescribed by the Central Government.”

Explanation- For the purposes of this section, “signed”, with its grammatical variations and cognate expression, shall, with reference to a person, mean affixing of his handwritten signature or any mark on any document and the expression “signature” shall be constructed accordingly”.

This provision explicitly explains that a digital signature is legally recognized as the method of authentication. The authority to use digital signatures in the government and its agencies is accorded in Section 6 of the Information Technology Act, 2000, which reads as-“ 1) Where any law provides

for-a) This filing of any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate government in a particular manner.

b) The issue or grant of any license, permit, sanction or approval by whatever name called in a particular manner.

c) The receipt or payment of money in a particular manner, then, notwithstanding anything contained in any other law for the time beginning in force, such requirement shall be deemed to have

(32)

been satisfied if such filing, issue, grant, receipt or payment, as the case may be, is effected by means of such electronic form as may be prescribed by the appropriate government”.

The words in Section 6(1)(C) “ the receipt or payment of money in a particular manner … is affected by means of such electronics forms as may be prescribed by appropriate government” may be understood to include e-cheque.

A system of digital signature like handwritten signature is use to protect confidential information. Form the legal perspective, two presumptions that could be raised in respect of digital signature are:

 Signatory’s personal participation in the Act of signing or any person authorized by him.

 The intention of the signatory to endorse or approve authorship of a text and the fact that the signatory had been at a given place and time.

The presence of intention has an integral part of a signature is essential as lack of intention could be raised with regard to circumstances including fraud and unconscionable conduct.

To regulate the use of digital signature, the Central Government is empowered to lay down rules under Section 10 of the Information

(33)

Technology Act, 2000 that reads, “The central government may, for the purposes of this Act, by rules,

prescribe- The type of a digital signature;

 The manner and format in which the digital signature shall be affixed;

 The manner or procedure which facilitates identification of the person affixing the digital signature;

 Control processes and procedures to ensure adequate integrity, security and confidentiality or electronic records or payments; and

 Any other matter which is necessary to give legal effect to digital signature.”

In India, evidentiary value of the digital signature has been in question for long. A genre of evidence dominating the digital transaction world leads to be recognized by the Indian Evidence Act, 1872, by making the necessary amendments there in.

The IT Act 2000 provides for specific evidentiary value for secure records and secure digital signatures. Subsequently, sub-section (2) to Section 85B of the Indian Evidence Act has been inserted to be in consonant with the IT Act to provide that, “ In any proceedings,

(34)

involving secure digital signature, the court shall presume unless the contrary is proved

that- The secured digital is affixed by the subscriber with the intention of signing or approving the electronic records;

 Except in the case of a secure electronic record or a secured digital signature, nothing in this Section shall create any presumption relating to authenticity an integrity of the electronic record or any digital signature.”

The section limits its opinion to a secure digital signature by indicating that there shall be no presumption relating to authenticity and integrity of a digital signature except where it is a secure digital signature. If, by application of a security procedure agreed to by the parties concerned it can be verified that a digital that a digital signature, at the time it was affixed,

was- Unique to the subscriber affixing it  Capable of identifying such a subscriber

 Created in a manner or using means under the exclusive control of the subscriber and is linked to the electronic record to which it relates in such a manner that if the electronics record

(35)

was altered the digital signature would be invalidated then such a digital signature shall be deemed to be a secure digital signature.

As distinct from such a secure digital signature, Section 67A of the Indian Evidence Act provides for proof as to the digital signature, and Section 73A prescribes the method by which such a digital signature may be proved. According to Section 67A of the Indian Evidence Act, “ Except in case of a secure digital signature, if the digital signature of any subscriber is alleged to have been affixed to an electronic record the fact that such digital signature is the digital signature of the subscriber must be proved.”

The Information Technology Act by inserting a new Sub-Section A to Section 47 recognizes opinions of third parties not relevant as evidence unless specifically provided for Section 47A reads as, “ When the court has to form an opinion as to the digital signature of any person, the opinion of the certifying authority, which has issued the Digital Signature Certificate, is an relevant fact”. An opinion of third parties is in admissible and as evidence except in certain cases when the court requires an opinion of experts. With this insertion, opinion of third parties became relevant.

(36)

Use of plastic Money is growing at an unprecedented rate in India. Lesser number of installed Point-of sale (PoS) terminals is the major obstacle in the growth of debt cards; smart card has many innovative features, which may spurt the use of cards in India. Smart card is safer to use in electronic form than the present form of cards

“ Credit card business is a volume game and initially highly capital intensive.”

- A senior banker

Plastic money is growing by leaps and bounds in India. Today, many banks are offering cards. Though the foreign banks have a dominant share, aggressive entry of the Indian banks like SBI, ICICI and HDFC Bank may soon change the rules of the game. Today, SBI-GE is the third largest issuer of credit cards.

The credit card market in India is projected to grow at the rate of 20-25% per annum in the coming years. There are currently around 3.8 million credit card users compared to 3.0 million in 1990. Visa credit card grew by 46.4% in India while the growth in Asia Pacific was only 6% for Q3 of 2003. The competition among banks has been growing and they are offering so many add-on incentives like waiver of first year annual fee, discount on retail stores, personal loans etc., to woo the customers.

Debit card is another segment, which is catching up fast. There are only 80,000 to 90,000 merchants having point-of-sale (PoS) terminals installed and majority of them are located in metros, which is the major obstacle to the growth of debit cards. To increase the usage of

(37)

debit cards, banks should concentrate on increasing installation of PoS terminals in semi-urban and rural areas.

Smart Card: A Future Card

Smart cards are the wave of the future for consumer use, commercial use and terminal network security. Smart cards are in much wider use in Europe than in US.

A smart card is a plastic card with an imbedded computer chip that has been stored inside the card. It has the capacity to store up to 80 times more information than other magnetic stripe cards. This mini-computer using an intelligent chip, stores payment information similar to a magnetic stripe card, but it also includes additional information such as online authorization controls, credit limits, stored value (gift card), reward points (loyalty), Personal Identification Number (PIN), etc. Smart cards can be contact less, suggesting that the chip transfers data via a built-in antenna without physically touching the smart card reader.

There are over 3 billion smart cards in use currently. Today, smart cards are used worldwide and it is the most flexible payment option available in the world. Smart cards have been used in Europe for over 10 years and now they are the accepted mode of payment. In developing countries and continents such as Africa and Asia, the use of smart cards has been growing rapidly. In the US, major retailers, banks and processors are preparing to accept global cards and some are adding smart gift cards and promotional application to build loyalty for the growth of their business. American Express and Financial Institutions have issued over 21 million PIN-secured smart cards to their customers.

(38)

By the end of 2005, there will be over 100 million smart cards to their customers. By the end of 2005, there will be over 100 million smart cards in use in the United States.

In order to accept smart cards, the business must have an EMV ready smart card Point-of-Sale (PoS) terminal. Merchants can be standalone PoS smart card terminals or smart card readers that are integrated with cash registers. Currently, over 90% PoS terminals are not EMV smart card ready.

Smart Cards and Internet Payment

Issues of security and fraud are major drawbacks to using credit

and debit cards over the Internet. Unlike the hand-written receipts, there are no signed sales receipts associated with today’s e-commerce transactions. Without such evidence, it is difficult as much as 84% of all electronic commerce transactions.

At the same time, consumers are holding back on making Internet purchases due to lingering security concerns. According to Master Card, 90% of Internet non-buyers worry that their personal and financial information may fall into the hands of hackers. It is this reluctance that is the real barrier to building an online business. Using smart cards along with a strong Internet authentication will help overcome these issues.

American Express, Master Card and Visa smart cards currently support Internet authentication and payment using built-in digital certificates and digital signatures. For smart cards to be successful, the cardholders must connect an EMV approved smart card reader to their

(39)

PCs. Smart cards have the capacity to replace the thirty plus years old magnetic stripe cards.

Chapter –V

Banking

Technology

&

(40)

LEADING ISSUE IN BANKING

TECHNOLOGY

Many Indian banks are adopting the information technology not merely as a frill, but as a dire need. It is helping the banks in many core and diversified functions. Technology is key business enabler in six critical areas of banks. These are augmentation profit pool, operation efficiency, customer management, product innovation, distribution and reach, and efficient payment and settlement system. For the success of any IT program, integration of IT and business strategy is crucial factor.

Banking basics have undergone radical shifts, thanks to the advent of modern technology, increasing pace of globalization and the need for stronger fundamentals to operate in the fiercely competitive environment. The digital divide among Indian banks that was quite discernible before the millennium has considerably narrowed down with many banks taking to technology not merely as a frill, but as a dire necessity. Technology today catalyzes many core and diversified

(41)

functions in banks, including issues like transaction automation and multiple delivery channels, product innovation, data warehousing and effective MIS, secured storage mechanisms and a real-time based payment and settlement system.

Seen in the present context, technology is a key business enabler in six critical areas of banking.

Augmenting Profit Pool; Operational Efficiency; Customer Management; Product Innovation; Distribution and Reach; Efficient Payment and Settlement.

Augmenting Profit Pool

Sustained profits and profitability have been major yardsticks for

assessing the true health of banks in a fiercely competitive and compelling business environment. Technology has proved, at least in case of new generation banks and major public sector banks to be a major profit driver. With progressive decline in interest rates, banks’ spreads have come under pressure, which per se, affects their profitability. However, technology had a favorable effect in terms of reducing the operating cost and improving the burden to a considerable extent. Technology also enable commissioning of new products like Net banking, mobile banking and other forms of 24X7 banking like ATMs and Networked services across branches like anywhere banking, electronic funds transfer, customer relationship management, call centers across the banks. Hi-tech and hi-touch services, it goes without saying, have also enlarged the clientele base in banks and commanded considerable customer loyalty. Technology has created an enabling

(42)

environment for banks to diversify into various fee-based activities like bancassurance and funds transfer arrangements.

operational Efficiency

Operational efficiency, in terms of optimum utilization of resources, has been one of the most positive offshoots of technological application in banks. Thanks to greater technological application, banking system has seen a near consistent improvement in the intermediation efficiency and consequent decline in transaction cost. Yet, technology application has been by and large confined, especially in the state-owned banks, towards cost saving and improved service standards through product innovation. While savings in cost and improvement in service quality could turn out to be short-term in nature, it is essential that technology is leveraged as a long-term and efficient cross-functional application. It is also time that the focus of technology shifts from product innovation to process innovation commonly referred to as Business Process Reengineering (BRP), for banks to gain long-term operational efficiency.

Customer Management

Technology also spells significant benefits on the realm of customer research and management. In a predominantly buyers’ market and high propensity if customers to switch service providers, customer management need no longer be a front office function, but a bank-wide obsession. Many banks have duly realized the significance of such functions and introduced new models like the High Net Worth clients’ branch, imbued with state of the art technology, exquisite ambience and

(43)

quickest possible processing of transactions. Customer management is a very sensitive issue entity hears only from 4% of its dissatisfied customer, while 96% of its customers quietly go away of which 91% never come back. Technology, thus, already implemented the tech aided e-CRM application as strategic tool to retain as well as expand their customer base. The bottom line is that banking products are getting commodities and price wars are slowly leading to a zero-sum game. In such a scenario, technology backed customer orientation will hold the key to take service standards anywhere near to world-class.

Product Research

In the field of product research as well, technology plays a decisive role, in terms of swift product innovation, an active R&D set up effective pricing of products to protect banks’ margins and safeguard customers’ interests. Banking product life cycles are getting shorter day by day and more than delivery, product servicing defines competitive edge for banks. Marked to market product processes are equally important for sustained improvement in the value chain of services and command ‘top of the mind recall’ from the customers. Technology also aids product profitability research and review, which have not adequate attention in many of the banks.

Distribution Reach

The thumb rule for strategic management masters is that structure must follow strategy in any business reorganization. Technology, thus, calls for attendant restructuring endeavors that will be in tune with the level of technology application. For instance, many

(44)

banks need to put in a place a leaner structure and remove intermediate decision-making tiers. That is how one can see that many of the regional outfits of banks are slowly being dismantled while branch expansion is not being accorded the thrust it used to be given earlier. Rightsizing of human and physical overheads is a major strategy adopted by many banks wherein the role of the earlier brick and mortar banking is slowly getting dissipated. In turn, devices like Internet and mobile banking. Technology, thus, facilitates downsizing of overheads cost without compromising much on clientele reach. Public sector in the rural and semi-urban areas. Many of these branches are not performing to their potential mainly because of their typical business mix, cost diseconomies and lack of technology-based services offered in these branches. Technology can facilitate the branch rationalization exercise such as setting up mobile branches and satellite branches, especially in the rural areas, and bring many of those into the “Performing” category without affecting the extent of client reach.

Efficient Payment and Settlement

:-Innovation in technology and worldwide revolution in information and communication technology have emerged as dynamic sources of productivity growth. This is true about banking as well as its relationship with technology has become symbiotic fundamentally. Payment system is probably the most important mechanism in the banking sector where technology’s interactive dynamics is getting manifested in an increasing measure each day.

Banking system has adopted a holistic approach for designing a modern, robust, efficient and integrated payment system. The approach

(45)

to the modernization of the payment and settlement system has been basically three pronged – consolidation, development and integration. Consolidation of the payment system has revolved round strengthening computerized cheque clearing and expanding the reach of electronic clearing services through state-of-the-art technology. Critical elements under the developmental strategy related to the opening of new clearing houses, interconnectivity of clearing houses through INFINET and optimizing the development of resources the Negotiated Dealing System, Structured Financial Messaging System (SFMS) and the recently introduced Real-Time Gross Settlement (RTGS) system. Integration is the next stage that the banking system is currently going through which is premised on a high degree of standardization within a bank and seamless interfaces across banks, leading to Straight Through Processing (STP) of transaction on a regular basis. Further, cheque truncation system will also pave way to expedite settlement of payments process.

However, so far as integration is concerned, Indian banks still have a fair distance to traverse. In order to efficiency leverage an integrated payment and settlement systems, banks, especially those in the public sector, need to address certain core issues expeditiously. These include the following:

 Toning up of infrastructure in terms of standardization and build up security features like firewalls, Intrusion Detecting System (IDS) and implementing a security policy.

(46)

 Popularization of electronic funds transfer mechanism.

 Institute collaborative arrangements, including outsourcing of IT expertise.

In addition to the above, banking sector is also confronted with a classic dilemma. It relates to differentiating between and mapping the role of business vis-à-vis the role of information technology, a feature typifying an enterprise wide technology initiative. This is where the significance of integrating business and IT plans comes to the fore.

Integration of IT and Business Strategy

Many banks, especially those in the public sector, are embarking on a comprehensive set of IT initiatives encompassing total branch automation, core banking solution, networking of ATMs, Internet and mobile banking, data warehousing and a comprehensive MIS backed decision support system. Contrary to popular perception, such initiatives are not merely because of competitive pressure from the foreign and new generation private banks. The avowed goal of these initiatives was to improve overall efficiency in terms of lower intermediation cost, swifter decision-making process, grater customer convenience and effective internal control, including an objective risk management mechanism. It goes without saying that the fast pace of globalization and progressive move towards reaching global operational benchmarks also catalyzed the technology drive dividends to these banks although the need of the hour is to consolidate the gains so far and address the weak links.

(47)

One such weak link relates to lack of integration between the IT strategies which, it is felt, is applicable to many of our banks. Technology introduction can offer significant benefits only when they are in total alignment with business strategies. Especially, in public sector banks, a phased approach is desirable in view of the heterogeneous nature of their branch architecture and vast area specific differentials in their branch functioning. In the current context, business strategies may differ from bank to bank, yet a core set of business objectively will, for sure, be common to all the banks. Such commonalities call for at least an open technology plan, in board consonance with the business objectives, and the same can be fine-tuned on an ongoing basis to suit the business model.

Recently, a study was conducted by National Institute of Bank Management, at the behest of RBI, for suggesting a methodology to integrate IT and business plans in banks. The study has proposed an ‘Enterprise Maturity Model’, for attaining total convergence of technology and business strategies with focus on selected, generic business strategies. The model suggests solutions not merely for business and technology, but for issues related to human resources and customers who form an integral part of banks’ strategic road map.

The suggestions in the study promise to be useful benchmarks for banks in their complete switchover to the virtual mode. Application of the model can help banks to develop effective Executive Information System as effective decision support, integration of varied workflow processes, objective customer analysis and most importantly, devise simulative and real-time based tools to track business, profits and profitability. Effective and an objective technology application system

(48)

will also enable a business process reengineering mechanism that will considerably enhance the real technological capabilities of banks.

Core Banking Solution

In the light of ongoing emphasis on business process reengineering, one comes across many banks assiduously pursuing a centralized server-based system, better known as Core Banking Solution (CBS). CBS offers, among others, benefits like privilege of single window service to customer in order to facilitate a shift from “customer of the branch” to “customer of the bank” concept, online transfer of funds, longer business hours, lower transaction costs, slimmer staff structure at branches, effective monitoring of business, comprehensive MIS as a policy support and above al, improved visibility of the banks implementing CBS. A robust MIS also supports vital functions like ALM, risk management, product profitability and customer profitability analyses leading ultimately to efficient portfolio management in banks. CBS also leads to significant mileage in terms of staff and other overhead costs. Staff rendered surplus on account of CBs can also be put for marketing and recovery functions, which warrant dedicated staff in the present context.

One major issue in CBS relates to security aspects and a host of

operational risks that banks are confronted with. Be it system failure or planned hacking or any kind of human error, centralized system is perennially susceptible to failure which may prove to be endemic across the financial system and result in vital data erosion. Retrieval of the same may also cost dearly to the banks and their associates. Security

(49)

aspects like implementing a robust security policy, firewalls, IDS are, therefore, indispensable for preventing any systematic problem. There are even cases where multi-point security has not been able to check the fraudulent practices. Thus, security aspects need to be examined threadbare before putting core banking in place.

TECHNOLOGY AND FRAUDS

ATM CRIMES FRAUDS:

ATM crimes and frauds are rising throughout the world. ATM industry and money other organizations are fighting with them in many ways like, by issuing security tips, making ATMs more innovative etc. In India, where the use of ATMs is growing by exponential, banks have to take benefit from international experiences and safeguard their customers from frauds.

ATM crimes and frauds are mounting day by day. Even though they make up a small percentage of criminal activities they are not less important. Criminals are raiding millions every year.

Popular Ways to Card Frauds:

Some of the popular techniques used to carry out ATM crime are:

(50)

 Through Card Jamming ATM’s card reader is tampered with in order to trap a customer’s card. Later on the criminal removes the card.

 Card Skimming is the illegal way of stealing the card’s security information from the card’s magnetic stripe.

 Card Swapping, through this customer’s card is swapped for another card without the knowledge of cardholder.

 Website Spoofing, here a new fictitious site is made which looks authentic to the user and customers are asked to give their card number, PIN and other information, which are used to reproduce the card for removing the cash.

Global Measures to Fight the Frauds

To guard against these frauds ‘The Global ATM Security Alliance (GASA)’, which was formed in June 2003, has issued the customers guide and some tips to prevent against card-related frauds. The World’s Top 20 tips for ATM Use to Enhance the ATM customer Experience and Security

Article I. CHOOSING AN ATM

Tip 1: Where possible, use ATMs with which you are most familiar. Alternatively, choose well-lit, well-placed ATMs where you feel comfortable.

(51)

Tip 2: Scan the whole ATM area before you approach it. Avoid using the ATM altogether if there are any suspicious-looking individuals around or if it looks too isolated or unsafe.

Tip 3: Avoid opening your purse, bag or wallet while in the queue for the ATM. Have your card ready in your hand before you approach the ATM.

Tip 4: Notice if anything looks unusual or suspicious about the ATM indicating it might have been altered. If the ATM appears to have any attachments to the card slot or keypad, do not use it. Check for unusual instructions on the display screen and for suspicious blank screens. If you suspect that the ATM has been interfered with, proceed to another ATM and inform the bank.

Tip 5: Avoid ATMs which have messages or signs fixed to them indicating that the screen directions have been changed, especially if the message is posted over the card reader. Banks and other ATM owners will not put up messages directing you to specific ATMs, nor would they direct you to use an ATM, which has been altered.

Article II. USING AN ATM

Tip 6: Is especially cautious when strangers offer to help you at an ATM, even if your card is stuck or you are experiencing difficulty with the transaction. You should not allow anyone to distract you while you are at the ATM.

Tip 7: Check that other individuals in the queue keep an acceptable distance from you. Be on the lookout for individuals who might be watching you enter your PIN.

(52)

Tip 8: Stand close to the other ATM and shield the keypad with your when keying in your PIN (you may wish to use the knuckle of your middle finger to key in the PIN).

Tip 9: Follow the instructions on the display screen, e.g., do not key in your PIN until the ATM request you to do so.

Tip 10: If you feel the ATM is not working normally, press the cancel key and withdraw your card and then proceed to another ATM, reporting the matter to your financial institution.

Tip 11: Never force your card into the card slots.

Tip 12: Keep your printed transaction record so that you can compare your ATM receipts to your monthly statement.

Tip 13: IF your card gets jammed, retained or lost, or if you are interfered with at an ATM, report this immediately to the bank and/or police using the help line provided or nearest phone.

Tip 14: Do not be in a hurry during the transaction, and carefully secure your card and in your wallet, handbag or pocket before leaving the ATM.

Article III. MANAGING YOUR ATM USE

Tip 15: memorize your PIN (if you must write it down, do so in a distinguished manner and never carry it with your card).

Tip 16: NEVER disclose your PIN to anyone, whether to family member, bank staff or police.

Tip 17: Do not use obvious and guessable numbers for your date of birth.

Tip 18: Change your PIN periodically, and, if you think it may have been compromised, change it immediately.

(53)

Tip 19: Set your daily ATM withdrawal limit at your branch at levels you consider reasonable.

Tip 20: Regularly check your account balance and bank statements and report any discrepancies to your bank immediately.

While the ATM industry is aggressively addressing ATM-related frauds and crimes, few in the industry know about these extraordinary efforts. Some of the important works are given below:

 From time to time the Electronic Funds Transfer Association (EFTA) with the help of ATMIA is publishing tips on PIN security.

 To combat the cross-border crimes, GASA is working in association with Interpol, the Metropolitan Police Flying Squad for New Scotland Yard and leading card issuers.

 ATMIA is educating the people and ATM industry about most effective way of fighting ATM crimes and frauds and honoring with award that contributes significantly counter the fraud.

 Fair Isaac Card Alert – it is a service, which analyzes millions of daily transaction, identifies the suspicious transactions and sends the card number and related information of suspicious transaction to the concerned bank. This services has helped a lot in solving many card-related frauds including high-profile skimming cases.  Leading ATM manufacturers are producing innovative ATMs,

which are helping to counter the frauds. Biometric technology is one of the examples, which removes the need of Personal Identification Numbers (PINs).

(54)

Biometric systems identify or authenticate a person’s identity using different alternatives like face expressions, fingerprint, hand geometry, voice, retina, etc.

INTERNET BANKING AND FRAUDS

Fraudsters are using innovative ways like Web and Mail spoofing, attacking the bank’s server etc. to break the security walls and commit fraud. There is a need for arrangements, which help presence of integrity, confidentiality and authorization of information.

“Thieves are not born, but made out of opportunities”

This quote exactly reflects the present environment related to technology, where it is changing very fast. By the time regulators come up with preventive measures to protect customers from innovative frauds, either the environment itself changes or new technology emerges. This helps criminals to find new areas to commit the fraud.

Some common Internet banking frauds and their causes have

been discussed here.

 Attacking the Bank’s Server

In this case, the fraudster takes control of the server of the

bank and by visiting the bank’s website carries out transaction through impersonation.

These attacks are due to bad programming, which mostly prevail in general purpose software. Such attacks are called

(55)

buffer-over-flow attacks. Due to buffer-over-buffer-over-flow defects in the software, fraudster can use the commands on the server without providing essential information like password etc.

 Mail Spoofing

In the mail spoofing or e-mail forgery, the fraudster sends the information to bank customers in such a form that it seems that

information is from the authentic bank source. One such incident happened with ICICI Bank customers to disclose passwords and other information. The e-mail said:

“For security purpose your account has been randomly chosen for verification. To verify your account information we are asking you to provide us with all the data we are requesting. Otherwise, we will not be able to verify your identity and access to your account will be denied. Please click on the link below to get to the ICICI secure page and verify your account details. Thank you.”

Mail spoofing happens due to lack of criteria to verify the source address authenticity. Anyone can set up a mail server and can forge a mail posing as an authentic source.

 Web Spoofing

In Web Spoofing, customers of the bank are lured to log in at the

fraudster’s website, which is similar to the bank’s website. Once the customer provides sensitive information, they can be stolen easily by the fraudster, who uses the stolen sensitive information like password and username etc., to carry out the transaction on the bank as a real customer.

(56)

In the whole case, the only loser is the customer because he does not have any means to prove that it was not he who did those transactions, but the fraudster.

Ignorance of the customer to intercept Universal Resource Locator (URL) is the major cause of Web spoofing. Look at the following two URLs

 http://secure.bankname.com/carloanfind/carloans.asp  http://secure.bankname.com?

@569857125/carloanfind/carloans.asp

It is very difficult for a normal customer to understand the difference between these two URLs. He can be easily cheated because the first URL will drive him to the original site while the second one to the fraudster’s site.

(i) Denying Service from Bank’s Server

The fraudster’s intent here is not to commit any fraud but to

create inconvenience for the banks. The customer here literally cannot access the services of the bank.

Intervention of fraudster’s with Transmission Control Protocol/Internet Protocol (TCP/IP), the computer communication languages, Router Poisoning that help the customers to reach different parts of the network and Domain Name System (DNS) service, that helps the two computers to communicate through IP number are some reasons for such inconvenience.