‘Bank card fraud was waiting to happen’

A big attack was in making but we did not join the small pieces to see the big picture or we were not ready to believe it like we are not accepting what lies ahead. ASSOCHAM raises serious concerns over nation’s cyber security in its latest report

“The credit/debit/ATM card frauds as detected by some of the largest banks were waiting to happen.” This is the inference of an ASSOCHAM-Mahindra SSG joint study. The study explains that India has been on the radar of the global cyber criminals who aim to cripple the entire financial structure.
 
Credit and debit card fraud have been topping the chart of cyber crimes in India. There has been a six fold increase in such cases in past three years. According to the data provided in the study, nearly half (42%) of the complaints related to online banking are card frauds. This number is even higher than the Facebook (31%)-related complaints – that is collection of issues like morphed pictures, cyber stalking, cyber bullying etc.

 

"Internet frauds alone have cost India a whopping USD 4 billion (about Rs 24,630 crore) in 2013 as cyber criminals are using more sophisticated means like ransom ware and spear-phishing," the report said.

 

Most of the offenders came from the age group of 18-30 years. Phishing attacks of online banking accounts or cloning of ATM/debit cards are common occurrences. In addition, during these years, a total number of 13,301, 22,060, 71,780 and 95,189 security incidents, respectively, showing a sharp increasing trend. The total number of security incidents reported to CERT-In has been on the rise.
 

While these attacks have been observed to be originating from the cyberspace of a number of countries including the US, of Europe, Brazil, Turkey, China, Pakistan, Bangladesh, Algeria and the UAE, But India has come out to be the most favourate of attackers. The study revealed that India was the third biggest target for these hackers after the US and Japan.

 

Andhra Pradesh, Karnataka and Maharashtra have occupied the top three positions when it comes to cybercrimes registered under the new IT Act in India.
 

Despite the increasing number of attacks crying for better defense mechanism, a malware attack of this magnitude “forcing most of the big banks to recall their swiping cards not only results into huge financial losses but also raises a question over the country’s cyber security” states the study.

 

What needs to be done?

 

ASSOCHAM suggested following measures to fight back -
 

  • There is urgent need for having public-private-partnership (PPP) in cyber security for protecting the critical online data and creating awareness amongst the public, suggests ASSOCHAM.

 

  • The fifth domain warfare is real and expanding at a rate which is more concerning, ISIS use cyber space for expanding its base and support is glaring example of this.

 

  • ‘Safety first through security by design’ should be the motto. Security by design ensures reduction in overall cost to the business and increases the efficiency of the system by making it robust and secure.

 

  • The government and regulators should develop comprehensive cyber security policies and frameworks from the perspective of incentives, tax breaks and technological development. The policies should be such that they encourage private sector participation in public sector research and promote the commercialisation of research and development and intellectual property.

 

  • Effective mechanisms should be established to ensure coordination and cooperation between various countries. India should ensure active collaboration with the other countries and global cyber security agencies through international treaties, bilateral agreements and Memorandum of Understandings in order to understand the latest threats and take proactive security measures.

 

  • The government, and specifically the regulators, should look at developing sector-specific policies and frameworks tailored to meet the requirements of the particular sector in order to strengthen cyber security in that domain and ensure compliance with the defined security standards.

Add new comment