Sunday, September 29, 2013

ICICI Pocket Application May Be Insecure And Violative Of Indian Laws

ICICI’s pocket application/service is an application that allows sending or receiving of money using a Facebook account. Money can be transferred to friends using the application and a redeemable coupon is issued in favour of the transferee friend.

However, doubts have been raised about the legality of such a service and its use in India especially keeping in mind the recent developments in the banking field. Techno legal experts have opined that ICICI’s Facebook application Pockets may be violating Indian cyber and banking laws.  

According to Praveen Dalal, managing partner of New Delhi based ICT law firm Perry4Law and leading techno legal expert of Asia, the Reserve Bank of India (RBI) has recently declared that Risk Management for Card Present Transactions would become operational from 1st October 2013.

Banks that are Negligent in implementing the provisions of the same and other related Notifications by the RBI would be punishable under the provisions of Payment and Settlement Systems Act, 2007 and would also be liable to bear the losses arising out of any Fraud or Illegal Monetary Transactions, informs Dalal.

Presently credit card frauds, ATM frauds and online banking frauds are on rise in India. However, banks are shifting their liability for these frauds and crimes to the victims of these frauds and crimes. Most of the victims are not aware that it is the primary liability of the banks to compensate the victims of such frauds as they have failed to adopt proper cyber security practices.

Before using applications/services like pockets, online users must ascertain the legality and security of the same. No matter howsoever fancy or attractive a service may appear, its consequences must be analysed in advance.

Monday, September 9, 2013

Is Mobile Banking Safe And Cyber Secure In India?

Mobile banking in India is moving towards an acceptance level. However, till now very few people and institutions are comfortable in using mobile banking in India. Mobile banking in India is still not popular according to RBI. There are certain shortcomings of mobile banking in India that are still left unaddressed.

For instance, mobile governance in India is still not well established. M-governance in India is essential before mobile banking can be successfully implemented in India. We have no regulatory framework for m-governance in India. Even the proposed electronic delivery of services bill 2011 of India has failed to provide a mandatory legal framework for electronic delivery of services in India, including for mobile banking. In short, India is still not ready for m-governance and cloud computing especially in the absence of dedicated e-commerce laws in India.

Mobile banking in India is risky due to absence of mobile cyber security in India. Further, online banking system of India is not secure. In the absence of adequate cyber security safeguards, e-banking in India is not safe. The cyber security trends in India 2011 have also proved that Internet banking cyber security in India is in poor shape and it needs to be strengthened. Even data security, privacy and cyber security in Indian banking industry is not satisfactory.

Online banking risks in India are increasing and this is also shaking the confidence of customers in the same. Even RBI has acknowledged risks of e-banking in India. ATM frauds in India are increasing. In fact, Reserve Bank of India (RBI) has recently released the report of its working group on securing card present transaction that covers ATM security and credit card security issues as well. Internet banking risks in India cannot be effectively tackled till we have dedicated Internet banking laws in India.

Although an integrated banking law of India has been proposed yet it may take some years before it is actually enacted. In an interesting development, the RBI removed limits from mobile banking transactions limits in India. This is good for the development of mobile banking in India but is bad for the interests of mobile banking customers who have almost no safeguards against cyber crimes and technology assisted financial frauds happening in the mobile banking field.

The cyber law in India has prescribed cyber law due diligence for various stakeholders. Cyber due diligence for banks in India is just a part of the same. Cyber due diligence for Indian companies including banks operating in India is very stringent. However, Indian banks are not following the guidelines of RBI prescribing mandatory cyber security requirements for banks of India. Further, banks are also liable

Even on the policy front, mobile banking has received a bad response form Indian government. For instance, absence of effective encryption laws in India and non use of robust encryption in India has made the mobile security very weak in India. Instead of making the encryption requirements redundant and weak, India must concentrate upon further strengthening the same for better and secure mobile communications. Governments of most developed countries allow the usage of strong encryption standards ranging from 128 bits to 256 bits or more to ensure the security of sensitive information exchanged via Internet and other networks. However, India is still clinging to 40 bits encryption standards for the simple reason that intelligence and security agencies of India are not capable enough to break strong encryptions.

A weak mobile banking infrastructure would also affect other projects and schemes as well. For instance, recently the Securities and Exchange Board of India (SEBI) has declared about its intentions to introduce electronic initial public offer (E-IPO) in India. This is a good step but E-IPO cannot succeed in the absence of strong mobile banking and Internet banking infrastructure. Online payments mechanisms in India must also be suitable strengthened to make such proposals workable.

India must give these considerations some serious thoughts if it wishes to encash the benefits of technology. Otherwise, concepts like Internet banking and mobile banking are more nuisance than luxury in India.

Sunday, September 1, 2013

E-Commerce In India Would Be Regulated By Comprehensive Guidelines

E-commerce in India is, by and large, unregulated in nature. This is resulting in open violation of the laws of India on the one hand and increasing number of e-commerce frauds on the other hand. Techno legal experts of India have been demanding a comprehensive e-commerce legal framework for India for long.

Finally, Indian government has decided to act upon the suggestions of various techno legal experts. As per media reports, India is mulling formulating a comprehensive guideline to deal with e-commerce.

In fact, the Consumer Affairs Ministry of India has already started working on this and has sought suggestions from other ministries. However, as on date no international level study has been conducted on the subject.

E-commerce dispute resolution in India is another grey are in this field. E-commerce related frauds and crimes have increased significantly and they need to be curbed urgently.

There is a surge of illegal e-commerce ventures in India that are not at all in conformity with Indian laws. As on date, the e-commerce websites dealing with online pharmacies, online gamming and gambling, online selling of adult merchandise, etc are openly and continuously violating the laws of India, especially the cyber law of India.

This move of Indian government is a timely move provided there is some actual work in this direction.