Bank card security breaches in AP and Telangana
New grid of security to include warriors'.
Hyderabad: Following the recent discovery of bank card security breaches, bankers have been directed to increase the role of chief information security officers and to depute cyber warriors. As per the RBI’s recent guidelines, banks need to form a grid of cyber security.
Cyber crime experts, however, say that it would be a big task for bankers to depute cyber warriors with outsourced employees.
During a meeting recently with officials of select banks, National Payment Corporation Of India and card network operators, the RBI directed bankers to review the extant cyber security arrangements. It emphasised on an early implementation of the Cyber Security Framework in banks issued on June 2.
Mr M.S. Kumar, secretary for AP and Telangana Bank Employees Federation, said all bank unions and associations had been asking the India Bank Association to reduce outsourced staff in cyber security and sensitive data wings in banks.
“When the Pune call centre scam came to light in the US, we began our protest against outsourced staff in major wings of banks. We demanded implementation of security measures on par with banks in developed countries where all employees are restricted from using pen drives or storage device and from using the Internet at workplace,” he said.
He said that since most banks did not have CISO, how could they increase its role in the first place.
The RBI had identified that on September 8, details of certain cards issued by a few banks had possibly been compromised at ATMs linked to the ATM switch of one of the service providers. Mr Kumar said that the issue was being investigated by an approved forensic auditor.
Cyber crime consultant for AP and Telangana police Sandeep Mudalkar said that cyber security firms dealing with banks should monitor vulnerabilities in the system.
“Bankers should change the passwords of the servers everyday including holidays. They should be able to fetch IP addresses of attackers and should maintain a report for blocking such IPs in the server,” he said.