IT IN BANKS & FRAUD RISK MANAGEMENT
Abstract
In today’s scenario, technological infrastructure has become an inevitable part of the reforms process in the banking system. With the advent of technology, many security concerns have also crept in. These loopholes in security lead to the occurrence of cyber crimes which not only gives financial setback to the bank or its customers but also pose a threat to the reputation of banking system in India. Every bank should have standards to deal with the risk of frauds occurring on account of technological advancements. This article gives a fair understanding of the role of technology in banks, various techniques of committing cyber frauds and suggestions for banks to prevent or manage the risk of frauds due to technology.
Introduction
Banks are the oldest, biggest and fastest growing financial sector in India. Banks meet the needs of farmers, businessman, entrepreneurs, Government and other segments of the society. In the last few decades, the banking sector has witnessed numerous important transformations. One such transformation is the use of technology in banking sector .Present day, the Indian banking system is regarded as a well-developed and well-regulated banking system throughout the world.
The use of technology in banking sector has led to Productivity enhancement, innovative products, speedy transaction and transfer of funds, real time information system and efficient risk management.
Presently, Indian banking industry is going through IT revolution. Information Technology is basically used in two different ways in banking, firstly in Communication and Connectivity and secondly in Business Process Re-engineering. Information technology enables sophisticated product development, better market infrastructure, implementation of reliable techniques for control of risks and helps the financial intermediaries to reach remote and diversified markets.
Recentrends in IT in banking sector
The Indian banking industry has transformed tremendously. The payment and settlement systems recorded a robust growth during 2018-19, with volume and value growing at 54.3% and 14.2%, respectively. The growth in both the parameters was higher compared to 2017-18, when payment and settlement volumes and value increased 44.6% and 11.9%, respectively. The share of electronic transactions in the total volume of retail payments increased to 95.4% in 2018-19, up from 92.6% in the previous year, the central bank observed. Some of the new trends witnessed by banking sector are as follows:
Electronic Payment Services: In present scenario, with the growing concepts like e-governance, e-mail, e-commerce etc. the Negotiable Instruments Act has already been amended to include; Truncated cheque and E-cheque instruments.
Real Time Gross Settlement (RTGS): The RTGS system is maintained and operated by the RBI. Through RTGS electronics instructions can be given by banks to transfer funds from their account to the account of another bank. Funds transfer between banks takes place on a “Real Time” basis. Under electronic payments, the Real Time Gross Settlement (RTGS) system handled 137 million transactions valued at Rs. 1,357 lakh crore in 2018-19, up from 124 million transactions valued at Rs. 1,167 lakh crore in the previous year. At the end of March 2019, the RTGS facility was available through over 1.43 lakh branches of 216 banks.
National Electronic Funds Transfer/ Electronic Funds Transfer (NEFT/EFT): Electronic Funds Transfer (EFT) is a system whereby anyone who wants to make payment to another person/company etc. can approach his bank and make cash payment or give instructions/authorization with Complete details such as the receiver’s name, bank account number, account type, bank name, city, branch name to transfer funds directly from his own account to the bank account of the receiver/beneficiary etc. NEFT system handled 2.3 billion transactions valued at around Rs 228 lakh crore in 2018-19, up from 1.9 billion transactions valued at Rs 172 lakh crore in the previous year, registering a growth of 19.1% in terms of volume and 32.3% in terms of value.
IMPS (Immediate Payment Services): IMPS stands for Immediate Payment Service and is an electronic system for transferring funds in India. Funds can be transferred 24*7. The settlement takes place instantly unlike NEFT.
Electronic Clearing Service (ECS): Electronic Clearing Service is used to make bulk payments/receipts of a similar nature especially where each individual payment/receipt is of a repetitive nature and of relatively smaller amount. This facility is meant for companies and government departments to make/receive large volumes of payments.
Automatic Teller Machine (ATM): ATM enables the customers to withdraw their money 24 hours a day 7 days a week. In addition to cash withdrawal, ATMs can be used for payment of utility bills, funds transfer between accounts, deposit of cheques and cash into accounts, balance enquiry etc.
Point of Sale Terminal: Point of Sale Terminal is a device that is linked online to the computerized customer information files in a bank and magnetically or EMV chip encoded plastic transaction card that identifies the customer to the computer. During a transaction, the customer’s account is debited and the retailer’s account is credited by the computer for the amount of purchase.
Mobile Banking: Along with technological advancement, customers can now carry out transaction on mobile banking apps. Most of the banks in India have launched apps for mobile banking. Examples are YONO by SBI, UMobile by Union Bank, M connect plus by Bank Of Baroda etc.
Tele Banking: Tele Banking allows the customer to do entire non-cash related banking on telephone. Under this IVR (interactive voice response) system is used for simpler queries and transactions. For complicated queries and transactions, manned phone terminals are used.
Lobby Banking: It implies, primarily machine based banking and all the transactions and enquiries are carried out by customers on self-managed machines in a lobby premises. The machines are ATM, CRM (Cash Recycler Machine), Self-passbook printing machine, CDM (Cheque Deposit Machine).
Electronic Data Interchange (EDI): Electronic Data Interchange is the electronic exchange of business documents like purchase order, invoices, shipping notices, receiving advices etc. in a standard, computer processed, universally accepted format between trading partners. EDI can also be used to transmit financial information and payments in electronic form.
Social Media: Most of the banks in India are now having an active presence on social media. Bank have their Facebook pages , LinkedIn profiles, YouTube channels, twitter and Instagram profile to be in touch with customers and respond to them 24*7 basis. Social media is also a very strong platform for marketing of new products and receive feedback from customers without direct interaction.
Challenges for Banks
With the technological reforms in banking sector, the expectations of customers are rising high which has led to the following challenges before banking sector.
Customer Satisfaction: Today in banking sector customers are more value oriented in their services because they have alternative choices in it. So that each and every bank have to take care about fulfilling the customers satisfaction.
Retail Lending: Recently banks have adopted customer segmentation which has helped in customizing their product folios well. Thus retail lending has become a focus area particularly in respect of financing of consumer durables, personal vehicles etc.
Lack of infrastructure & awareness: It is due to lack of awareness regarding technology that customers are not gaining momentum in its used form. There is lack of proper infrastructure for the installation of E-delivery channels. Educating customers and staff about technical changes is a big challenge for banking companies.
Security challenge: The main disadvantage of IT in banking is the security problems that surround it. It is a fact that making transactions online possess a much bigger risk in comparison to making transactions in a brick and mortar branch. Combating security problems like hacking, identity theft is also a big challenge.
Risk Management: Managing risk arising out of technological advancement in banking is a great challenge for banking sector. The attackers are very innovative and they fabricate various methods to commit cyber-crimes on customers to get access to their account numbers/passwords and they attack banks in order to get access to confidential information.
Opportunities
The doors of new opportunities opened by technology for the development of banking sector are mentioned below:
E banking coverage: It is clear that with the usage of technology, anytime anywhere banking is very common and banks have opportunity to upscale. Such up scaling could include banks launching separate E banking services apart from traditional banking services.
Retail Lending: Recently banks have adopted customer segmentation which has helped in customizing their product folios well. Thus retail lending has become a focus area .The introduction of retail loans (home loan, personal loan) in psbloansin59minutes.com has also enhanced the opportunities for banks to increase their retail lending portfolio.
Rural area customers: Even after the Pradhan Mantri Jandhan Yojna, there are many areas particularly rural which are unbanked. Banks can use the technology to extend banking services to those areas also by the services of bankmitra with POS device. The banks should tap the rural market in the years to come.
Offering various Channels: Banks can offer so many channels to access their banking and other services such as ATM, Local branches, phone banking, mobile banking, etc. to increase the banking business.
Other Opportunities: There are many other opportunities in future in the field of Indian banking sector e.g. to enter new business and new markets, to improve efficiency, to deliver high level of customer services and better risk management.
Future Prospects
Everyone today is convinced that the technology is going to hold the key to future of banking. The achievements in the banking today would not have make possible without IT revolution. The adoption of technology in banks continues at a rapid pace but the concentration is more in the metros and urban areas. More and more programs and software in regional languages could be introduced to cater to the needs of people from the rural segments also.
IT Security & Fraud Risk Management
The increasing use of technology in banks has also brought up “security” concerns. In order to avoid any mishap on this account, banks should have in place a well-documented security policy including information security, cyber security, network security and internal security. Most banks in India have migrated to core banking platforms and have moved transactions to payment cards (debit and credit cards) and to electronic channels like ATMs, Internet Banking and Mobile Banking. It leads to the creation of online frauds in the minds of the fraudsters. Fraudsters also follow customers into this space. There is also a lack of homogeneity and transparency amongst banks on the reporting of these instances as frauds.
The definition of banking frauds is as follows
“A deliberate act of omission or commission by any person, carried out in the course of a banking transaction or in the books of accounts maintained manually or under computer system in banks, resulting into wrongful gain to any person for a temporary period or otherwise, with or without any monetary loss to the bank”.
In simple language, Online Banking Fraud is a fraud or theft committed using online technology to illegally remove money from a bank account and/or transfer money to an account in a different bank. It is a form of identity theft and is usually made possible through techniques such as phishing, lottery fraud scam etc. Generally, the user identity is the customer identity number and password is provided to secure transactions.
But due to some ignorance, silly mistakes or greed for money customer can easily fall into the trap of internet scams or frauds done by the fraudsters. India’s central bank, the Reserve Bank of India (RBI), has revealed that it discovered around 50,000 cyber frauds in the country’s Scheduled Commercial Banks (SCB) in 2018-19 fiscal. In reply to an RTI (Right to Information) query, the RBI stated that cybercrimes are related to ATM, debit and credit cards, and internet banking. It notified that over 50,547 banking frauds occurred in the SCBs that resulted in a loss worth of Rs. 145.08 crore in the last fiscal. According to the RBI, the total number of banking frauds, including cyber, detected in all the SCBs are 59,826 and the loss incurred is around Rs. 67,432.26 crore. More than 4,269 frauds occurred due to insiders in the banks, involving Rs. 1,014.97 crore loss during the period, RBI added.
Techniques of online banking frauds
The following are some types of fraud are taking places in the recent time; these frauds mostly are performed by internet.
Phishing: A person’s personal details are obtained by fraudsters posing as bankers, who launch a site similar to that of the person’s bank. They are asked to provide all personal information about themselves and their account to the bank on account of database up gradation. The number and password are then used to carry out transactions on their behalf without their knowledge.
Spam: Spam is an electronic ‘junk mail’ or unwanted messages sent to your email account or mobile phone. They may try to persuade you to buy a product or service, or visit a website where you can make purchases; or they may attempt to trick you into divulging your bank account or credit card details by clicking on some links provided in the spam mail.
Spyware: Spyware such as Trojan horse is generally considered to be software that is installed on a computer without the knowledge of the user and may take personal information, business information, bandwidth; or processing capacity and secretly gives it to someone else.
Card skimming: Card skimming is the illegal copying and capture of credentials and PIN data on credit and debit cards. Skimming can occur at any bank ATM or via a compromised EFTPOS (Electronic Funds Transfer at Point of Sale) machine. Captured card and PIN details are encoded onto a counterfeit card and used to make fraudulent account withdrawals and transactions.
ATM Skimming: Fraudsters can attach false casings and PIN pad overlay devices onto genuine existing ATMs, or they can attach a camouflaged skimming device onto a card reader entry used in tandem with a concealed camera to capture and record PIN entry details.
EFTPOS Skimming: Electronic Fund Transfer at Point of Sale. A foreign device is implanted into an EFTPOS machine that is capable of copying and capturing card and PIN details processed through the machine. A compromised EFTPOS terminal can only be detected by a physical inspection.
Cracking: Cracking includes gaining illegal entry into a PC system. Nowadays, the Cracking of IP addresses is very universal as it permits the crackers to imagine a fake online character and carry out illegal dealings exclusive of using his factual individuality.
Identity theft: A large number of identity theft crimes occur over the internet. Criminals can get a hold of your personal information through your computer and then set up fake bank accounts or take put loans in your name.
Fraud Risk Management:
There is need for a proper and comprehensive fraud governance standard. The fraud risk management and fraud investigation must be owned by the banks itself.
The following are the some ways of fraud risk management.
v Every banking company must maintain strong “Transaction Monitoring Team”. The role of transaction monitoring team is to keep view on transaction taking place and to observe whether any suspicious transaction is going out or not as per the banking norms. If any such transaction is found, then necessary action should be taken against that account holder.
v Every banking institute must maintain a strong “Fraud Prevention team”. The role of Fraud Prevention team is to keep trace out the fraud activity and preventing that from fraud before it is actually performed.
v Banks need to have dedicated email IDs for customers to inform any fraudulent activity that they may notice. A dedicated team can be created to reply to customer queries and concerns through the above email IDs.
v Phone banking officers and branch staff should also be trained on response to customers’ queries and concerns on frauds.
v Banking organization should set up a fraud helpline for customers and employees to enable them to report suspected frauds and seek information on fraud prevention. By doing this, banks can have more than one avenue for early reporting and detection of frauds.
v Creation of fraud awareness among the customers and staff. Awareness on how to prevent and detect frauds is the basis of fraud management. Banks need to adopt various measures to create awareness amongst staff and customers.
v All banks should have a dedicated team to take care of the security of the physical infrastructure. This team should conduct regular security audits of various offices to check for deviations/ lapses. It is the responsibility of this team to ensure that physical assets and data copied on Magnetic/optical media do not go out of the offices of the bank without authorization.
v Creating and employee awareness and training about the various types of fraud and how to detect the frauds and their prevention ways. It is possible through proper mechanism and training program.
v A strong KYC (know your customer) process is the backbone of any fraud prevention activity.
v All banks must have separate Department to manage frauds, their role is monitoring, investigation, reporting and awareness creation.
Conclusion
The banking today is re-defined and re-engineered with the use of Information Technology and it is sure that the future of banking will offer more sophisticated services to the customers with the continuous product and process innovations. As electronic payment volumes grow, and more banking activity extends to the web and mobile devices, the ability to detect and prevent financial crime and reduce fraud risk exposure across the enterprise has become critical. Financial institution faces ever -increasing challenges around fraud. Due to the advancement of technology, the fraudsters also uses technology to execute fraud in new and innovative ways. The Banks institute must develop strong fraud risk management and fraud controlling mechanisms for the development of Banking services and customer trust.
References:
rbi.org.in
https://www.rbi.org.in/scripts/bs_viewbulletin.aspx?id=14351
https://www.cisomag.com/around-50000-cyber-frauds-reported-in-india-during-2018-19-rbi
About the author
Vineet Bhardwaj
CAIIB, Senior Manager (Faculty)
Union Bank of India
Staff College, Bengaluru.