INDIA--Some 30 percent of India's top banks have fallen victim to identity theft in the last one year, according to a new survey released Wednesday.
Conducted by Singapore-headquartered software product company ReadiMinds, the online survey also determined that online security was one of the top three security concerns for Indian banks this year. The study, titled State of online security in financial institutions in India 2008, was conducted in April 2008 and polled India's top 40 banks.
"Stronger online security is a business issue, and Indian banks are increasingly focusing on improving online security," Naren Nagpal, CEO of ReadiMinds told ZDNetAsia in an e-mail interview. "[However], online security at Indian banks is well below that of global banks."
Phishing is also a growing cause of concern for Indian banks, where 30 percent of those surveyed said they were victims of phishing attacks in the last one year.
According to the ReadiMinds survey, 10 percent of banks in the country have been victims of "man-in-the-middle (MITM) attack" during the same period. This is an emerging type of attack, in which a fraudster or malicious hacker intercepts the transaction between the user and Web-banking server. The hacker compromises and modifies the electronic communication link between the user and the bank's Web server in a bid to obtain financial gain.
Better security, better business
The survey also identified a strong link between the business performance of a financial institution and the online security measures it had implemented.
"Over 70 percent of banks that had implemented stronger security regularly delivered better business performance compared to their peer group," said ReadiMinds.
However, more than 57 percent of the banks still do not have a dedicated budget for online security, choosing instead to include online security as part of their overall IT budget, the survey found.
Similarly, only 57 percent of the Indian banks had a formal plan in place for creating customer awareness against online identity theft and financial frauds.
Yet, all the respondents were aware that integrating stronger user authentication, with fraud detection and risk-based transaction verification, was the strongest form of defense against online identity theft and financial frauds, the survey said.
Swati Prasad is a freelance IT writer based in India.
Play video
I hope it will help understand the banks how important the web-application security is
Even though I am not a customer to any Indian bank at the moment I receive phishing mails asking me to verify my identity by logging into their (fake) websites, These mails and websites looks so genuine that can confuse anyone with no knowledge of phishing.
I myself work in web-application security sphere and keep a watch on these trends, and even many cases we were the first one to detect the bug/ defacement of the websites and inform the bank about it.
Indian banks are really lacking behind when it comes to web-application security. Last year one of the well known Indian bank's website was compromised and it was find distributing malware to the visitors.
There are examples where some government banks have so weak security practices that their entire internal documents can be seen with little work.
Good luck with your work, and I hope it will help understand the banks how important the web-application security is.
Posted by Rahul on Monday, May 12 2008 03:15 PM