On November 17, 2010, e-business contsultant Na.Vijayashankar, who uses the name Naavi on the internet, reported on India News the dangers of new IT delivery channels and their impact on the Indian banking system. What struck me was an apparent dichotomy consisting on the one hand of a group of Indian IT companies that claim to have built sophisticated bank systems while the Indian banks are displaying a sense of naivete regarding crime threats.
What I know about U.S. bank IT companies is they not only know how to build IT systems, they also know how bankers should use their systems for maximum effectiveness. Thus my proposition of a trade -- Indian labor rates for U.S. expertise.
Following is some dialogue between Mr. Vijayashankar and me that I thought readers of my blogs might find interesting.
Art Gillis said,
in November 17th, 2010 at 12:46 pm
With all due respect to the Indian Banking System, don't waste your time reinventing the wheel. We've seen everything in the use of new IT delivery channels, including the perpetrators. Issues have been addressed for the past 15 years with progress made each year, even though we're not done yet, nor will it ever end. Follow the U.S. lead and you can shrink India's evolution in banking by at least a decade. Saying it in today's parlance, "Been there, done that."
in November 17th, 2010 at 10:20 pm
Dear Mr Gillis,
Can you let me know the extent of Phishing frauds that occur in US? I understand that US Banks cover themselves with insurance and the moment the customer is cleared of not being a part of the fraud himself, Banks settle his claim without demur.
Our perception is that the information security in US is as good or as bad in India since the same IT companies operate at both places. However the customer education may be much more effective and Insurance is stronger. Please correct me if I am wrong. Probably Banks in US do not hesitate to invest in security where as Indian Banks try to compromise on cost considerations. We need to awaken the Indian Banking system to the fact that customer is the focus of Banking business and safety of his funds cannot be compromised at any cost.
Art Gillis said,
in November 19th, 2010 at 12:37 am
The corrections to your thinking that you requested are two: 1. The suppliers of IT in India are not the same as in the U.S. -- In India the primary ones are Infosys, Oracle FSS (i-flex solutions), Nucleus, Polaris, 3i Infotech. In the U.S. there are three main companies -- FIS, Fiserv and Jack Henry. 2. IT crime is like any other crime. Will it ever be wiped out? No. What is the volume of IT crime anywhere? How many angels can dance on the head of a pin. Phishing occurs every day, but victims don't report it, so it can't be counted. That's why banks have insurance, just like people have life insurance because they know they are going to die some day. Control, awareness and new techniques are the best protection against IT crime. The U.S. has not won the battle yet, nor has any other country.
in November 19th, 2010 at 11:00 pm
Your point is well made and I am in agreement with you. In India some banks are not invoking insurance and trying to force customers to bear the loss only on the ground that they have been negligent.
I am trying to make Banks realize that their responsibility is higher in reducing frauds and they need to cover themselves with insurance.
Part of the responsibility also falls on the IT companies which have forced inadequate systems on the Banks.
At present there is a huge gap in legal compliance and information security in Banks and unless this is bridged, it is unfair to make the customer pay for all the consequences of a third party crime.
Most Anti Phishing activities worldwide are geared towards identifying and bringing down Phishing sites. The Anti Phishing movement that I am trying to galvanize is victim oriented and to force Banks to initiate steps that reduces the risks from the customer perspective.
It includes making Banks invest in customer education, better security as well as absorption of fraud costs (except where the customer is part of the fraud) etc.
In the process it is necessary for regulatory agencies such as RBI to be pushed to take appropriate action.
Presently RBI has been content in issuing circulars but is lax in taking follow up action. This is exactly what happened in the 2G spectrum scam which Dr Subramanya Swamy questioned in a Court of Law. The Court has now asked the Prime Minister of the Country to explain the cause of inaction at his end.
I feel that at some point of time in future, it a question would be raised of RBI whether it did what all it could have done to improve the security in Indian Banking system.
Otherwise erring Banks will rightfully shift the blame to RBI and say that the "silence of RBI amounts to concurrence." This has happened in the 2 G Spectrum case where the erring Ministry has taken shelter under the fact that the Prime Minister was aware of the process involved and hence the responsibility for lack of propriety if any should be shared.
I have therefore highlighted the similarities so as to attract the attention of the public in India who are today engrossed in the discussion of the 2G spectrum scam.
I do not expect that the battle against Cyber Crimes would be won completely but I want Banks to fight it rather than the ill equipped Bank customer.