The great Indian bank robbery of 2016

As we create huge noise about fintech companies, technology game changing finance and what not, is a big reality check.

First people did not understand finance and stayed away from banks/finance products etc. Now they will stay further as they do not understand technology either.

Dhirendra Kumar of Value Research calls it the great Indian bank robbery of 2016:

‘Lakhs of debit cards have been hacked–should you be worried?’ said the headline. This has been a common theme of newspaper articles after the apparent leak of some 32 lakh debit cards. Instead, I would have thought the right thing to ask would be, ‘Shouldn’t you be angry?’

Consider what these banks and payment processors have been doing. For a period of six weeks, they have known that a breach took place. From what has come out so far, it seems that those weeks were spent in figuring out whether a breach took place, a process that was made difficult because the entities involved were focussed on denying–not just to others, but also to themselves–that any breach took place. Or that if it took place, it was not in their systems. Or if it really was in their systems then it was somebody else’s fault. Or if it wasn’t somebody else’s fault then this was like an Act of God and no one could have done anything and we should all forget about it and keep it a secret.

The shocking part of this whole affair (well, one of the many shocking parts) is that during those six weeks, no thinking seems to have been done on causing the minimum possible inconvenience to customers. Basically, the six weeks have been spent in deciding on a scapegoat and cooking up a cock and bull story which still doesn’t hang together. The internal contradictions in what customers have been told are ridiculous. For example, it’s pretty clear that blocking millions of cards would not be done on the strength of 600 odd complaints amounting to a little over a crore of rupees. Debit card and netbanking fraud is rampant in India. Most of us personally know of half a dozen cases where a few lakhs of rupees have been pilfered. A crore’s worth of fraud probably happens every day in India.

Another piece in Scroll by Saikat Datta shows how hopeless all this is given so many committees and expertise involved. To see no one really pointing these issues, shows the grand failure:

The biggest lesson emerging from the recent recall of 3.2 million debit cards by various Indian banks is that most of the systems that the government and the country’s financial sector put in place to deal with a major cyber attack failed to detect the data breach that necessitated this recall.

As banks scramble to put together a root cause analysis of the events that led to the malware (malicious software) attack that led to one of the biggest security breaches in banks in India in September and October, there is a realisation that institutions failed to share information with each other, leading to cascading failures that permitted the breach to continue undetected for a while.

A little over three years ago, the financial sector set up an Information Sharing and Analysis Centre hosted by the Hyderabad-based Institute for Development and Research in Banking Technology – a body under the Reserve Bank of India. This Centre was tasked with connecting with as many banks as possible to share information about threats to their systems and attacks in real time. However, people working in the banking sector, who are closely involved in dealing with the current crisis, pointed out that there was no alert from the Information Sharing and Analysis Centre about the massive debit card data breach.

There is a credible explanation for this. “Currently, ISAC [Information Sharing and Analysis Centre] is configured to deal with cyber attacks and threats,” an official at the Institute for Development and Research in Banking technology, who wished to remain anonymous, told“However, when a credit or debit card alarm is raised, it is ticketed as a fraud.”

This led to a situation where each bank started tracking individual complaints of debit cards being swiped in China, but no one figured out that this fraud was systematic, and was taking place across banks.

I don’t really know. One wants more speed and technology in finance, but how much? Where do we put an end to it? How much value is added if a transaction which takes place in 10 seconds is reduced to 5 seconds?

The comments in Dhirendra Kumar article show how banks are just looting and fooling consumers all the time..

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: