Credit Card means there is so many credit cards in this market like Visa, Visa Power, Maestro card, UTI card, HDFC card, Karur visya bank, Syndicate bank, SBI, SBH groups bank cards that is debt cum credit cards.
The next time you swipe your debit card at a petrol bunk, use a credit card to buy a movie ticket, shopping, paying your hotel bills or pay a bill online, do it at your own risk. When your are typing your pin be care full because there is a technology or technical or computerised thieves so be care full about you pin and your credit cards.
A new survey of security in Indian banks has revealed that many of them do not follow even basic measures to ensure card security or protect your personal information. The survey finds that banks in India lag in security of cards transactions.
Against the backdrop of well known global cases of card breaches, it is surprising to note that basic measures for ensuring card security have not been adopted by many of the banks, points out the survey done by the Data Security Council of India and KPMG, under the aegis of CERT-In Computer Emergency Response Team, the cyber security wing of the ministry of information technology.
In all 20 public sector private and foreign banks were surveyed and their chief information security officers interviewed for the study. The survey found that banks still follow highly risky practices such as storing and printing authorisation information like CVV numbers and expiry dates, and non- masking of card numbers. Merchants are allowed to create card records in plain text. All such practices followed by banks are non conformant to globally accepted practices for card security.
Most banks have put in place security provisions such as SMS alerts on your credit card swipe, a separate transaction password and a virtual keyboard for online banking, but this is not enough. According to the study, the banks have still not introduced features that will make card transactions secure such as one time password a dynamic token that is confidential, an identity grid and risk based authentication.
Such additional security features are necessary because in an electronic card payment system, data is directly accessed and processed by customers, service providers as well as other partner institutions. While an integrated environment like this has made the banking experience smooth for customers, it has introduced new risks.
Most banks enforce basic hygiene factors like enforcement of password policy, password change at first login, account lockout and session timeout, some of them do not enforce expiry of password after a stipulated time. Technology systems in surveyed banks require download of external applications or mobile code, which increases vulnerabilities.
Most CISO’s interviewed felt that managing security of online banking remained challenging task. When it comes to privacy of customer data, the scenario is worse. Though the information technology Amendment Act, 2008 has provisions for privacy of data, concrete systems for customers privacy protection are yet to be implemented by many banks. Almost 80 per cent of the banks surveyed did not have a separate privacy function. Three quarters of the banks surveyed had security teams comprising less than 10 people.
Survey results indicate that banks are constantly being exposed to sophisticated, organised and financially motivated threats and customers are being targeted through phishing, wishing and smashing attacks. Yet banks don't have mechanisms in place to track fraud and continue to largely depend on incidents being reported by customers and employees.
Information security has no or minimal role in fraud management. The silo in the security and fraud management role would lead to a significant gap in banks effort to curb financial frauds as security compromises are seen as a tool for committing financial frauds. Information security is still seen as an information technology centric function, in contrast to global trend of positioning security as an important corporate function. The only silver lining, according to the study, is that most banks have in place appropriate protocols to ensure security of payment gateways.
Banks also encrypt card numbers and other confidential data during storage and transit. The significance of data protection and privacy has been underscored in the information technology Act, but understanding of this issue in many banks is still lacking.
Banks also need to understand the key role chief information security officials should be made to play in their overall business strategies. Lack of adequate security and data protection measures can make customers vulnerable to attacks from fraudsters and could result in hacking or misuse of their bank and credit card accounts.
The survey reveals that banks do not feel constrained due to inadequate budgets or technical skills for information security. But we are seem to be neglecting security issues due to increasing omnipresence of banking services and endeavour to enhance customer experience, the report notes. Banks must align internal policies, procedures and deploy technology safeguards for protecting sensitive personal information.
Survey results reveal that understanding of data privacy in the banking sector is growing with over half of the respondents being aware of privacy principles and roles and entities for data protection. However, data privacy has not yet fully permeated into the banking sector. Implementation of specific measures like formulation of privacy policies, privacy impact assessments and embedding of data privacy in business processes have not gained significant traction, the report pointed out.
With the customer base of banks growing, it is the responsibility of banks to make consumers aware of security issues. Some banks have launched media campaigns, but more needs to be done.
So, be careful from thieves and care about your cards.
The next time you swipe your debit card at a petrol bunk, use a credit card to buy a movie ticket, shopping, paying your hotel bills or pay a bill online, do it at your own risk. When your are typing your pin be care full because there is a technology or technical or computerised thieves so be care full about you pin and your credit cards.
A new survey of security in Indian banks has revealed that many of them do not follow even basic measures to ensure card security or protect your personal information. The survey finds that banks in India lag in security of cards transactions.
Against the backdrop of well known global cases of card breaches, it is surprising to note that basic measures for ensuring card security have not been adopted by many of the banks, points out the survey done by the Data Security Council of India and KPMG, under the aegis of CERT-In Computer Emergency Response Team, the cyber security wing of the ministry of information technology.
In all 20 public sector private and foreign banks were surveyed and their chief information security officers interviewed for the study. The survey found that banks still follow highly risky practices such as storing and printing authorisation information like CVV numbers and expiry dates, and non- masking of card numbers. Merchants are allowed to create card records in plain text. All such practices followed by banks are non conformant to globally accepted practices for card security.
Most banks have put in place security provisions such as SMS alerts on your credit card swipe, a separate transaction password and a virtual keyboard for online banking, but this is not enough. According to the study, the banks have still not introduced features that will make card transactions secure such as one time password a dynamic token that is confidential, an identity grid and risk based authentication.
Such additional security features are necessary because in an electronic card payment system, data is directly accessed and processed by customers, service providers as well as other partner institutions. While an integrated environment like this has made the banking experience smooth for customers, it has introduced new risks.
Most banks enforce basic hygiene factors like enforcement of password policy, password change at first login, account lockout and session timeout, some of them do not enforce expiry of password after a stipulated time. Technology systems in surveyed banks require download of external applications or mobile code, which increases vulnerabilities.
Most CISO’s interviewed felt that managing security of online banking remained challenging task. When it comes to privacy of customer data, the scenario is worse. Though the information technology Amendment Act, 2008 has provisions for privacy of data, concrete systems for customers privacy protection are yet to be implemented by many banks. Almost 80 per cent of the banks surveyed did not have a separate privacy function. Three quarters of the banks surveyed had security teams comprising less than 10 people.
Survey results indicate that banks are constantly being exposed to sophisticated, organised and financially motivated threats and customers are being targeted through phishing, wishing and smashing attacks. Yet banks don't have mechanisms in place to track fraud and continue to largely depend on incidents being reported by customers and employees.
Information security has no or minimal role in fraud management. The silo in the security and fraud management role would lead to a significant gap in banks effort to curb financial frauds as security compromises are seen as a tool for committing financial frauds. Information security is still seen as an information technology centric function, in contrast to global trend of positioning security as an important corporate function. The only silver lining, according to the study, is that most banks have in place appropriate protocols to ensure security of payment gateways.
Banks also encrypt card numbers and other confidential data during storage and transit. The significance of data protection and privacy has been underscored in the information technology Act, but understanding of this issue in many banks is still lacking.
Banks also need to understand the key role chief information security officials should be made to play in their overall business strategies. Lack of adequate security and data protection measures can make customers vulnerable to attacks from fraudsters and could result in hacking or misuse of their bank and credit card accounts.
The survey reveals that banks do not feel constrained due to inadequate budgets or technical skills for information security. But we are seem to be neglecting security issues due to increasing omnipresence of banking services and endeavour to enhance customer experience, the report notes. Banks must align internal policies, procedures and deploy technology safeguards for protecting sensitive personal information.
Survey results reveal that understanding of data privacy in the banking sector is growing with over half of the respondents being aware of privacy principles and roles and entities for data protection. However, data privacy has not yet fully permeated into the banking sector. Implementation of specific measures like formulation of privacy policies, privacy impact assessments and embedding of data privacy in business processes have not gained significant traction, the report pointed out.
With the customer base of banks growing, it is the responsibility of banks to make consumers aware of security issues. Some banks have launched media campaigns, but more needs to be done.
So, be careful from thieves and care about your cards.
0 comments:
Post a Comment