Online security growing concern for Indian banks

INDIA--Some 30 percent of India's top banks have fallen victim to identity theft in the last one year, according to a new survey released Wednesday.

Conducted by Singapore-headquartered software product company ReadiMinds, the online survey also determined that online security was one of the top three security concerns for Indian banks this year. The study, titled State of online security in financial institutions in India 2008, was conducted in April 2008 and polled India's top 40 banks.

"Stronger online security is a business issue, and Indian banks are increasingly focusing on improving online security," Naren Nagpal, CEO of ReadiMinds told ZDNetAsia in an e-mail interview. "[However], online security at Indian banks is well below that of global banks."

Phishing is also a growing cause of concern for Indian banks, where 30 percent of those surveyed said they were victims of phishing attacks in the last one year.

According to the ReadiMinds survey, 10 percent of banks in the country have been victims of "man-in-the-middle (MITM) attack" during the same period. This is an emerging type of attack, in which a fraudster or malicious hacker intercepts the transaction between the user and Web-banking server. The hacker compromises and modifies the electronic communication link between the user and the bank's Web server in a bid to obtain financial gain.

Better security, better business
The survey also identified a strong link between the business performance of a financial institution and the online security measures it had implemented.

"Over 70 percent of banks that had implemented stronger security regularly delivered better business performance compared to their peer group," said ReadiMinds.

However, more than 57 percent of the banks still do not have a dedicated budget for online security, choosing instead to include online security as part of their overall IT budget, the survey found.

Similarly, only 57 percent of the Indian banks had a formal plan in place for creating customer awareness against online identity theft and financial frauds.

Yet, all the respondents were aware that integrating stronger user authentication, with fraud detection and risk-based transaction verification, was the strongest form of defense against online identity theft and financial frauds, the survey said.

Swati Prasad is a freelance IT writer based in India.