‘Outsourcing may make financial data vulnerable’
Experts and cyber officers believe that though banks have improved their security systems compared to three years ago, they evidently have a long way to go considering the rate at which cyber criminals have been coming up with newer modus operandi to dupe them. Mohamed Thaver reports.mumbai Updated: Jul 28, 2013 02:38 IST
Experts and cyber officers believe that though banks have improved their security systems compared to three years ago, making online cash transactions and use of plastic money more secure, they evidently have a long way to go considering the rate at which cyber criminals have been coming up with newer modus operandi to dupe them.
Commenting on the case of online banking facility being hacked with help from information technology departments and call centres associated with banks, cyber expert Vijay Mukhi said that as most banks outsource activities to call centers, it makes the process vulnerable.
“Banks transferring operations to a third party poses a big security threat — it could be a call centre handling accounts, or IT-related work of the bank outsourced to an outside programmer who charges less,” he said.
Apart from exceptions wherein some banks ensure strict protocol after outsourcing, most banks do not have much control over the security measures of third party agencies, as they do not monitor them all the time, Mukhi said.
Cyber security professional Vicky Shah said that the banks in question could be booked under section 43 (A) of the Information Technology Act that requires the banks to maintain security of sensitive personal identifying information. “If it is proved in court that there was negligence on part of the bank, a case can be registered against them,” Shah said.
When asked about the security measures they undertake, an official from a private bank said there is rigorous frisking of employees working in the department dealing with customers’ personal information to ensure mobile phones or other equipment is not taken inside.
“There are restrictions on the information that an employee has access to. Only limited details about a customer’s account, which are absolutely must for him or her to work, are made available to an employee,” the official said.
“Apart from banks, customers, too, have to be alert and not compromise data. The banks should also ensure that they carry out awareness campaigns regularly so that the customers are not duped,” said an officer from the cyber wing of the Mumbai police.