Expressing concern over the rise in cyber crimes, the Reserve Bank of India (RBI) has asked banks to introduce a two-way authentication process to ensure customer safety. The central bank has also asked banks to inform customers about the types of risks involved in these kind of transactions.
“Internet banking applications of all banks should mandatorily create authentication environment for password-based two-factor authentication as well as PKI-based system for authentication and transaction verification in online banking transaction,” according to a report by RBI titled Enabling Public Key Infrastructure (PKI) in Payment System Applications.
Public Key Infrastructure is a cryptography technique that enables users to securely communicate on an insecure public network, and reliably verify the identity of a user via digital signatures. This verification may be done in the form of a second password/phrase/image/question that a user has to answer to complete a transaction. Another form of PKI may be asking the user to feed in a one-time verification code that the bank sends to her via SMS or email during a transaction.
PKI-enabled electronic payments systems introduced by the RBI include Real-Time Gross Settlement (RTGS), National Electronic Funds Transfer (NEFT), Forex Clearing, Government Securities Clearing, and Cheque Truncation System.
“We have taken several steps to ensure and uphold customer’s safety and security but a lot more has to be done,” a senior executive at a private sector bank told HT.
Complaints linked to unauthorised fund transfers, fraudulent withdrawals from ATMs, fake e-mails seeking personal information have registered a significant increase in recent times, an official source said.
These systems contributed 25.1% of the total payment transactions in volume terms in 2012-13 while non-PKI enabled payment systems contributed 75% in volume terms.