HYDERABAD: Cybercrime police of the city identified 53 urban cooperative banks that are yet to update their cybersecurity software, increasing their susceptibility to a cyber attack and causing loss to thousands of customers.
The police action comes after they found lapses in the security system of AP Mahesh Urban Cooperative Bank, following a hacking event in which over Rs 12 crore was siphoned off from customers’ accounts. Following a report to the RBI that the bank did not meet the standards set by the RBI for cyber security, the top bank issued a further penalty of Rs 65 lakh.
Against this backdrop, the police said that while some of the 53 banks moved to update their software, 96 per cent are yet to do so.
The police said that these banks are linked with Local Area Network, as was the Mahesh Cooperative Bank, to which hackers gained access.
A cybercrime official said: “Even after the hacking, our commissioner C.V. Anand conducted several meetings with more than 50 cooperative bank managements, but only a few of them have enhanced an IT cell.”
The official said that many banks could not afford expensive cyber security systems, following which the police advised them to consult firewall experts and appoint IT technical staff to constantly monitor their main servers. However, they have failed to do so, the official said.
Rajesh Chapra, a technical expert, said: “Most cooperative banks are using a Mumbai-based cheap software that costs around Rs 12 lakh, whereas nationalised banks, including SBI, ICICI, HDFC, etc, have been using automated security banking software developed by companies like Infosys and TCS, which cost Rs 6.70 crore, but are foolproof.”
“A customer trusts a bank and deposits his or her hard-earned money. If anything goes wrong with customers’ funds, the bank holds responsibility. If the bank fails to repay the money of the customer, it can be prosecuted for breach of trust,” said G. Sudharshan, an advocate.
The police said that since Aadhaar and PAN cards were mandated to be linked in 2016, thousands of bogus accounts were opened with fake credentials for cybercrimes.
Hyderabad police commissioner C.V. Anand said: “Banks are under RBI and it’s up to them to adopt all the measures for cyber security, which RBI's guidelines and orders have ordained. We have no jurisdiction. But if banks request, we can send teams to study and suggest cyber safety measures to them.”
“Spending at least 10-15 per cent of their turnover on cybersecurity is worth it because they are doing business with public money and it’s their duty to ensure that public money is safe. Almost all urban and rural banks are very prone to hacking and cyber attacks as their cyber security measures are abysmal. RBI should take it seriously,” Anand told Deccan Chronicle.
