The Reserve Bank of India (RBI) has instructed banks to furnish data on frauds, thefts and burglaries on a quarterly basis to the regional offices of the Urban Banks Department.
Cases of online fraud and identity theft (also known broadly as phishing) come under the purview of this notification. The premier bank.s recent directive is a follow-up to its master circular on .Frauds – Classification and Reporting. for Primary (Urban) Co-operative Banks, issued in 2003.
There are more than seven million phishing attempts every day, according to security company Symantec, of which 84 per cent are targeted at banks and financial institutions.
In recent years, HDFC Bank, ICICI, SBI and more recently UTI Bank have been the target of phishing attacks. Phishing is a form of online identity theft where consumers. personal identity data and financial account credentials are stolen by third parties.
Phishing involves sending .spoofed. e-mails that direct consumers to websites designed to trick them into entering sensitive information such as usernames and passwords.
According to cyber law expert Pavan Duggal, many of these cases are not reported as financial institutions fear loss of credibility among customers.
The low rate of cyber crime convictions in India has been a further deterrent to reporting of cases. According to Duggal, there have been only two convictions in India so far . one of identity theft (credit card details) by a BPO employee and the other pertaining to an obscenity case in Tamil Nadu.
Following the RBI notification, banks are now scrambling to beef up existing security measures. Sources at HDFC Bank confirmed that several measures were being taken to tighten security and adopt internationally accepted best practices.