Data Security & Privacy Concerns for the Indian Banking Industry

Ratan Jyoti, Chief Manager (Information Security), Vijaya bank
Monday, December 14, 2015
Ratan Jyoti, Chief Manager (Information Security), Vijaya bank
The era of internet escalated banking has brought the banking channels to customer's hands. This is possible because of communications and exchange of a very large set of data. Many of these communications involve interchange of confidential data. As the data belongs to customers, their security is the prime concerns for the banks. Privacy preservation is also equally important as no party can be trusted enough over the public networks without checks and verification.

Information security and privacy are now considered major concerns in the Indian Banking environment. The web and mobile environment constructs an amazing infrastructure for the current day banking transactions. A genuine security issue revolves around electronic currency and digital cash which is built around critical customer information for which customer can be exposed to, and thus information security &d privacy become the most important matter in Indian digital economy.

India is supposed to be the new favourite destination for data theft and the banking sector is not untouched. For Banking sector, customer data can not only be used to perpetrate cyber frauds but can also be sold in the black market for other business gains.

In last year or two, there has been a sudden spurt in data theft in Indian banks. It is estimated that Indian Banks are directly losing a significant part of their income due to data theft. In terms of reported incidents, the figure of loss for public sector banks is lesser as compared to the private and foreign banks in India. However, it is a wakeup call for all the banks in India.

Some banks processing customer data fail to fully secure their systems, mainly because they feel that data security is related only to Information Technology. However manual and non-ITcontrols are a bigger security risk today. Some banks fail to identify the boundaries of their system and may not be in a position to mitigate all of the risks. In this instance, residual risk may prove to be very costly. The inadequate controlling of logical and physical access to systems containing customer data and insufficient logging & monitoring of security-related events on systems are other reasons for data theft. Service providers are responsible for validating their own compliance, but managing third party service providers' risk is oneof the biggest challenges for banks. Some banks have inadequate risk management systems and practices, as well as ambiguous information security policies, which also leave them open to data theft and related incidents.

Share on Twitter
Share on LinkedIn
Share on facebook