“Customer awareness can boost online security in banks”

by Sohini Bagchi    Mar 20, 2013

R. K. ChhattaniThe Indian banking sector is witnessing several instances of security frauds in recent times. In an exclusive interview with CXOtoday, R. K. Chhattani, Dy. General Manager – Information Technology at UCO Bank explains how customer awareness can improve online security in banks and also what banks should do to increase customer awareness efforts.

In the ever growing security threat landscape, how challenging it is for CIOs and IT leaders in the banking sector to ensure adequate security to their customers?

Ensuring maximum safety and protection to customers is becoming the foremost priority for banks today. This is because of the increased usage of mobile and online banking, and concurrently the rising incidences of security frauds. Today most banks in India, especially the PSBs have strong security mechanisms in place including a two-factor authentication, anti-virus, firewall, intrusion prevention and other security management systems. However, in the case of online and mobile banking, customers do their transactions from any location, posing even a greater security risk. Nevertheless with online and mobile considered to be the future of the banking industry,banks have no other choice but to implement a robust and scalable security system in place to tackle these issues.

Even after such robust security systems in place, we come across several incidents of security frauds. What are your views on this?

It is true that even though we have all the security mechanisms, we get to hear many cases of security frauds. On one hand though banks ought to be more careful, yet on the other, there has to be a much greater customer awareness on the emerging security threats, which is currently lacking. The bad guys are always there to steal your information and the CIOs in most banks are using adequate security measures to safeguard the customer’s interest. We have invested a great deal of time and effort into various online security programs, continuously conducting risk assessments and so that customers stay informed about evolving online banking risks.

What are the key security challenges associated with mobile banking in India?

Mobile banking is undoubtedly the most convenient way of transaction, although it comes with its unique security challenges. As a number of instances occur where customers online account have been compromised, we notice a greater number of customer’s password are stolen owing to phishing and other forms of online attacks. The other area of concern is mobile phone spyware. As mobile devices remain activated throughout it makes it even more difficult to track the fraud when compared to PC related frauds and we have seen such fraud incidents go unnoticed for several days. So again customer awareness plays a very important role here.

What should banks do in order to make their mobile transactions safer and increase customer awareness?

By and large, customers have limited knowledge and awareness of online and mobile security. In many cases although they are aware they do not know how to prevent those attacks. However, banks with the help of its vendors and partners are implementing technology and protective measures to safeguard their interest. They are also rigorously educating their customers on the various types of attacks to increase their level of awareness. Customer awareness program should be a part of a bank’s security strategy. According to RBI guidelines, banks should develop various innovative apps to make mobile transactions safe. Besides data encryption, authentication, intrusion prevention as well as a strong security policy enforcement can help a lot from preventing frauds.

Please tell us some of the security measures implemented by UCO Bank and how are you dealing with the ongoing security issues?

We are always been very bullish about our security implementations. Besides, the normal firewalls and antivirus in place, we have implemented an intrusion prevention system to take care of most of the security threats. We implemented a single password system where customers can access multiple accounts from a single card. We also regard risk management as a critical component of our security strategy. One thing about our bank is that the security team and the IT team sit next to each other that make it a lot easier for us to communicate on a day to day basis. Maintaining a high level of communication between both the team is very important for an enterprise to understand, detect and analysis as well as eradicate fraud and other security incidents. We have a creative team that has put up hoardings and banners as well as we have seminars and open houses across cities to increase customer engagement and help them become cautious about security frauds.

Do you believe that customers have been receptive to some of your security awareness efforts?

Customer awareness and participation is increasing drastically from the past. However, they are much more receptive only after they have a security issue. But they also know that banks are willing to help. We also provide them with adequate phone numbers of their bankers so that whenever an incident occurs, they can call up the concerned person for help, besides calling up customer care and support. Banking is built on trust and by building that bond with the customers, you can make them a lot happier. They know that we are there for help (smiles)!