another example of the Credit Card industry's deceptive advertising targeting children
cartoon of the month

Wednesday, June 08, 2005

Credit Card Fraud and IT Act data protection laws

Needed: a facelift for cyber laws

The absence of legislation governing credit card fraud and data protection, as well as a lack of clarity in applying cyber laws are problems faced by Indian companies, says Sushma Naik

Industry sources estimate that the Indian e-commerce (B2C) segment is worth about Rs 150 crore. To encourage the smooth functioning of this segment, the IT Act 2000 plays a vital role. Unfortunately, somebody forgot to implement it.

Concerns not addressed

Credit card fraud is still not covered under the IT Act, so one has to approach the
crime branch Vishwas Patel Chief Executive Officer, Avenues

We are not aware about the procedures for dealing with cyber crime, though one is familiar with work done by cyber labs. K Vaitheeswaran, Chief Operating Officer, Fabmall

Data protection guidelines, protection from spam, and credit card fraud are absent in the Indian cyber law. Most Indian companies have compliance standards to meet. With the recent credit card fraud perpetrated by Msource employees, a lot of certification-oriented processes have come under scrutiny. Issues of privacy need to be addressed through data protection laws. Says Vishwas Patel, CEO, Avenues, a payment gateway provider for credit cards, “Credit card fraud is still not covered under the IT Act, so one has to approach the crime branch.” This defeats the purpose as the crime branch isn’t IT-savvy.

The law (or the lack of it) has crippled enforcement agencies. The Internet and Online Association interacts with the IT ministry to provide feedback vis-à-vis changes that are urgently needed in the IT Act. Even Nasscom is advocating the case for a stronger, enforceable IT Act.

Banks also are affected considering their thrust on Internet banking. According to RBI guidelines, Indian banks and the RBI have to gear up and meet Basel II norms by end-2006. The actual implementation is scheduled for April 2007. One of the key aspects in this implementation will be to provide greater risk assessment by banks’ internal systems as inputs to capital calculations. It also details a set of minimum requirements that should ensure the integrity of these internal risk assessments.

In making the risk assessment based on the probability of losses arising from cyber crimes, it will be necessary to look for appropriate insurance coverage. However, the insurance premium has to depend on the level of cyber law compliance that organisations undertake, as evidenced by documented evidence of a cyber law compliance audit. In case cyber crime risks are not properly covered and the existing fraud risk insurance fails to cover for the lack of due diligence, risk turns into ‘uncovered exposure’ under the Basel II norms, and therefore require higher capital provision. It is therefore time for banks working on Basel II compliance to simultaneously undertake cyber law compliance audits of their systems.
Pointers for change

* More safeguards and stringent measures for protecting software copyrights and patents
* Penalties for cyber crimes to be made more stringent
* The liability and accountability of ISPs has to be clearly defined
* The Indian cyber law should be brought on par with cyber laws in countries that have comprehensive legislation in this regard
* India should be a signatory to international bodies such as the Information Society of Geneva so that fraudsters can be caught
* There should be a national ethical committee (which they have in Norway) that has the power to engage in summary hearings. This will do away with long, drawn-out court cases especially in the case of smaller crimes
* Data protection laws must come under the ambit of cyber laws
* At present, credit card frauds come under the criminal code as fraud; these should be included in the IT Act
* The IT Ministry should be in a position to make minor alterations to the Act without requiring parliamentary approval
* The provisions of the Criminal Procedure Code should not be blindly applied to the Internet without taking into account its different nature and characteristics

Awareness needed

Says K Vaitheeswaran, Chief Operating Officer of Fabmall, “We are not aware about the procedures for dealing with cyber crime, though one is vaguely familiar with work done by the cyber labs.” Vaitheeswaran’s concern shows an urgent need for the police to step up their resolve to tackle cyber crimes, which affects e-businesses. E-commerce companies also feel that the cyber crime cell should be actively involved in promoting the Internet as a safe medium for trade.

One might argue that the Internet as a medium of trade in India has not yet evolved to the extent that it has in the US or Britain. However, with a few changes, the cyber law might just turn out to be the force behind Indian e-commerce.

sushma@expresscomputeronline.com

Standard Chartered Credit Card Fraud

StanChart Credit card dues harassment suit

New Delhi (PTI): Delhi High Court has issued notices to Standard Chartered Bank and Delhi police on a JNU teacher’s petition accusing the bank of harassing him for payment of credit card dues of his deceased brother.

Justice H.R. Malhotra directed StanChart and the police to respond to the petition filed by Yogesh Sharma, an associate professor at the Centre for Historical Research, JNU, within eight weeks.

The court also asked them to file a status report before July 25, the next date of hearing.

Sharma alleged that the bank deliberately blocked payment by his brother Rakesh, who had lost his mental balance. He went missing and was found dead in Mumbai on October 18, 2004.

The teacher also accused the police of not taking any swift action when Rakesh went missing.

In his petition filed through counsel N.K. Jha, Sharma pointed out that according to the bank’s statement, in September 2004 — when the cardholder was alive — the outstanding was only Rs 7,966. But immediately after Rakesh’s death, the bank inflated the bill to Rs 95,390, he alleged. Sharma claimed that StanChart illegally transferred the bank balance towards credit card outstanding after Rakesh’s death.

Accusing the bank of using criminals to intimidate him, he said even his elderly parents were not spared.

RBI acknowledges data security fraud

I warned the RBI in February 2004 that Bank's outsourcing of credit card information in India was unsafe and a data security hazard. The corrupt DBOD Department of Banking Operations and Development) department of RBI at Mumbai ignored my complaint. Then we had this Mphasis CitiBank information theft. Somebody should sue CitiBank and RBI in the USA for punitive damages. On my part I have merely sued RBI and Standard Charterd Bank (for a similar offence) and I am asking for all these corrupt officials to be jailed for Information technology frauds and Cyber Crimes especially hacking. This conclusively shows why India has different rules and laws for foreigners and Indians. MNCs OUT !!

RBI plans norms to curb banks’ outsourcing risks

TIMES NEWS NETWORK[ WEDNESDAY, JUNE 08, 2005 12:04:27 AM]

MUMBAI: The frauds by some call centre ex-employees seems to have drawn RBI’s attention. The Central bank is putting in place rules to minimise risks faced by banks and customers from outsourcing activities.

In April, ex-employees of MphasiS BFL group call centre defrauded four account-holders of Citibank — a subsidiary of Citigroup — of $3,00,000. The accused did so by collecting and misusing account information from customers they had dealt with at the call centre.

The RBI will come out with new guidelines on outsourcing to improve the regulatory supervision and risk management of outsourcing, RBI deputy governor KJ Udeshi said on Tuesday. These will cover aspects related to operational and prudential risks arising out of outsourcing of banking activities by banks.

“RBI has constituted an internal group on outsourcing and based on its recommendations, regulatory guidelines will soon be issued,” Ms Udeshi said at the ‘BFSI Conclave,’ co-sponsored by economictimes.com, along with Indian Banks’ Association and Cisco Systems.

The guidelines apply to banks operating in India. The move is not towards curbing BPO, but to put in place checks and balances to lower incidence of fraud. “A number of IT-related services were outsourced (by banks).

This is posing a challenge to operational risk management and data integrity. Caution needs to be exercised as the new Basel norms require banks to handle voluminous data,” said Ms Udeshi. “Outsourcing has its own challenges, specially in drafting of legal contracts,” she added.

The new guidelines will address regulatory concerns on operational risks and data integrity. RBI is also concerned that outsourcing could lead to transfer of banking risks, management and regulatory compliance to third parties, over whom RBI may not have any regulatory control.

Ms Udeshi spoke about extending the reach of banking to rural areas. She mooted the idea of banks setting up information kiosks in villages. “There are six lakh villages in the country and one bank branch per 18 villages.

Banks can set up an information kiosk for every two or three villages. At the click of the mouse, the farmer will know his account balance and interest due to him and have a host of value-added services at his disposal,” she said.

“The kiosk can double up as a vending machine, but the only constraint will be adequate power supply. Customers can use these kiosks. What better way can there be to free farmers from the shackles of moneylenders and middlemen,” she said.

Emphasising on the potential in rural credit, Ms Udeshi said while industry with a 22% share in the country’s GDP accounted for 45% of gross bank loans, agriculture with 20% of the GDP, received about 11% of advances. She said banks need to deal with data transmission in a safe and secure way on a priority basis.

sitemap

sitemap of this blog
last updated:21-May-2005

Cyber Crime India

http://sarbajit-roy.blogspot.com/2005/06/cibil-specific-consent-fraud-exposed.html
http://sarbajit-roy.blogspot.com/2005/06/indian-lawyers-become-bpo-slaves.html
http://sarbajit-roy.blogspot.com/2005/06/mnc-bpos-dumping-india-for-africa.html
http://sarbajit-roy.blogspot.com/2005/06/more-big-brother.html
http://sarbajit-roy.blogspot.com/2005/06/indian-bpos-lesbian-paradise.html
http://sarbajit-roy.blogspot.com/2005/06/credit-card-fraud-and-it-act-data.html
http://sarbajit-roy.blogspot.com/2005/06/standard-chartered-credit-card-fraud.html
http://sarbajit-roy.blogspot.com/2005/06/rbi-acknowledges-data-security-fraud.html
http://sarbajit-roy.blogspot.com/2005/06/crime-and-cyber-crimes-india.html
http://sarbajit-roy.blogspot.com/2005/06/credit-card-fraud-is-so-easy.html
http://sarbajit-roy.blogspot.com/2005/06/more-credit-card-chargebacks-faq.html
http://sarbajit-roy.blogspot.com/2005/05/indian-banks-dump-shares-in-cibil.html
http://sarbajit-roy.blogspot.com/2005/05/recovery-raj-and-rbi-indias-impotent.html
http://sarbajit-roy.blogspot.com/2005/05/cibil-plans-commercial-bureau.html
http://sarbajit-roy.blogspot.com/2005/05/more-data-security-tapes-hacked.html
http://sarbajit-roy.blogspot.com/2005/05/data-security-12-million-card-hacked.html
http://sarbajit-roy.blogspot.com/2005/05/phishing-attacks-threat-to-banking.html
http://sarbajit-roy.blogspot.com/2005/05/weak-information-technology-laws-help.html
http://sarbajit-roy.blogspot.com/2005/05/cast-out-money-changers.html
http://sarbajit-roy.blogspot.com/2005/05/hacking-complaint-dilutes-cibil-shares.html
http://sarbajit-roy.blogspot.com/2005/05/rbis-panic-circular-to-hacking.html
http://sarbajit-roy.blogspot.com/2005/05/rbi-credit-card-fraud-in-india.html
http://sarbajit-roy.blogspot.com/2005/05/cert-in-proposes-mandatory-it-security.html
http://sarbajit-roy.blogspot.com/2005/05/weak-cyber-laws-in-india-bs7799.html
http://sarbajit-roy.blogspot.com/2005/05/rbi-working-group-debunked.html
http://sarbajit-roy.blogspot.com/2005/05/data-security-and-bpo-in-india.html
http://sarbajit-roy.blogspot.com/2005/05/rbi-leaves-field-to-privateers.html
http://sarbajit-roy.blogspot.com/2005/05/rbi-of-forged-notes-fake-banks-police.html
http://sarbajit-roy.blogspot.com/2005/05/cyber-law-and-privacy-in-india.html
http://sarbajit-roy.blogspot.com/2005/05/it-infrastructure-bottleneck-for.html
http://sarbajit-roy.blogspot.com/2005/05/another-standard-chartered-sucker.html
http://sarbajit-roy.blogspot.com/2005/06/cibil-round-up-usual-suspects.html
http://sarbajit-roy.blogspot.com/2005/05/computer-definitions-under-information.html
http://sarbajit-roy.blogspot.com/2005/05/cibil-unmasked-important-post.html
http://sarbajit-roy.blogspot.com/2005/05/more-credit-card-fraud-in-india.html
http://sarbajit-roy.blogspot.com/2005/05/indias-strong-it-laws-but-weak-cyber.html
http://sarbajit-roy.blogspot.com/2005/05/cibil-too-good-to-be-true.html
http://sarbajit-roy.blogspot.com/2005/05/information-technology-act-2000-india.html
http://sarbajit-roy.blogspot.com/2005/05/mastercard-credit-skimming-fraud.html
http://sarbajit-roy.blogspot.com/2005/05/cyber-security-official-government.html
http://sarbajit-roy.blogspot.com/2005/05/indias-cyber-police.html
http://sarbajit-roy.blogspot.com/2005/05/foreign-bpos-national-security-threat.html
http://sarbajit-roy.blogspot.com/2005/05/indian-cyber-police-are-toothless.html
http://sarbajit-roy.blogspot.com/2005/05/another-illegal-visa-etf-scheme.html
http://sarbajit-roy.blogspot.com/2005/05/hackable-credit-cards.html
http://sarbajit-roy.blogspot.com/2005/05/cibil-credit-information-bureau-india.html
http://sarbajit-roy.blogspot.com/2005/05/cyber-security-expert-tips.html
http://sarbajit-roy.blogspot.com/2005/05/cbi-on-citigroup-mphasis-credit-card.html
http://sarbajit-roy.blogspot.com/2005/05/toothless-cyber-laws.html
http://sarbajit-roy.blogspot.com/2005/05/irctc-credit-card-fraud.html
http://sarbajit-roy.blogspot.com/2005/05/it-offence-is-state-subject.html
http://sarbajit-roy.blogspot.com/2005/05/adjudication-proceedings-information.html
http://sarbajit-roy.blogspot.com/2005/05/credit-card-fraud-spiralling.html
http://sarbajit-roy.blogspot.com/2005/05/call-centers-identity-theft.html
http://sarbajit-roy.blogspot.com/2005/05/stancharts-dubious-enforcement.html
http://sarbajit-roy.blogspot.com/2005/05/rbi-admits-credit-card-problems.html
http://sarbajit-roy.blogspot.com/2005/05/need-for-effective-privacy-policy.html
http://sarbajit-roy.blogspot.com/2005/05/inadequate-cyber-security-in-india.html
http://sarbajit-roy.blogspot.com/2005/05/more-fake-bpo-data-entry-scams.html
http://sarbajit-roy.blogspot.com/2005/05/expel-rude-bpo-clients-from-india.html
http://sarbajit-roy.blogspot.com/2005/05/fight-back-expel-it-bpo-off-shoring.html
http://sarbajit-roy.blogspot.com/2005/05/cyber-law-media-get-your-facts-right.html
http://sarbajit-roy.blogspot.com/2005/05/rbi-in-contempt-of-high-court-again.html
http://sarbajit-roy.blogspot.com/2005/05/civil-remedies-under-information.html
http://sarbajit-roy.blogspot.com/2005/05/criminal-offences-under-information.html
http://sarbajit-roy.blogspot.com/2005/05/computer-hacking-updated-rtf-files.html
http://sarbajit-roy.blogspot.com/2005/05/maharashtra-govts-contempt-of-it-act.html
http://sarbajit-roy.blogspot.com/2005/05/judicial-system-pummels-cyber-law.html
http://sarbajit-roy.blogspot.com/2005/05/asian-school-of-cyber-laws-pune-ascl.html
http://sarbajit-roy.blogspot.com/2005/05/information-technology-act-2000-myths.html
http://sarbajit-roy.blogspot.com/2005/05/cibil-and-data-sharing.html
http://sarbajit-roy.blogspot.com/2005/05/karnataka-leads-in-cyber-hacking.html
http://sarbajit-roy.blogspot.com/2005/05/bpos-temps-data-security-risks.html
http://sarbajit-roy.blogspot.com/2005/05/sebi-slaps-birla-wrist.html
http://sarbajit-roy.blogspot.com/2005/06/another-sucheta-dalal-story.html
http://sarbajit-roy.blogspot.com/2005/06/government-shirks-cyber-crime.html
http://sarbajit-roy.blogspot.com/2005/05/help-students-stop-bank-fraud-in-india.html
http://sarbajit-roy.blogspot.com/2005/05/it-ministers-digital-signature-hacked.html
http://sarbajit-roy.blogspot.com/2005/05/sarbajit-roys-complaint-enforces-smart.html
http://sarbajit-roy.blogspot.com/2005/06/tourist-victim-of-credit-card-fraud.html
http://sarbajit-roy.blogspot.com/2005/06/information-security-leaks-and.html
http://sarbajit-roy.blogspot.com/2005/06/credit-card-chargebacks-faq.html
http://sarbajit-roy.blogspot.com/2005/05/hacked-credit-card-numbers-on-line.html
http://sarbajit-roy.blogspot.com/2005/05/pms-laptop-is-bugged-says-cia.html
http://sarbajit-roy.blogspot.com/2005/05/amateurs-take-on-information.html
http://sarbajit-roy.blogspot.com/2005/05/cibil-and-privacy-laws.html
http://sarbajit-roy.blogspot.com/2005/05/hyderabad-hotbed-of-credit-card-fraud.html
http://sarbajit-roy.blogspot.com/2005/06/confidential-information-freely.html
http://sarbajit-roy.blogspot.com/2005/05/credit-cards-still-unregulated.html
http://sarbajit-roy.blogspot.com/2005/05/visa-admits-credit-cards-not-secure.html