Banks gear up to make plastic money more secure for customers
SPS Pannu December 28, 2016
Leading banks such as ICICI Bank have decided to accelerate the process to upgrade their customers to chip-based debit cards in order to ensure a higher degree of security for cashless purchases which are on the increase post-demonetisation.
A senior ICICI Bank official told Mail Today that earlier chip-based cards were given mainly to high networth individuals as they were more likely to be targeted fraudsters because of their high credit limits.
"These secure cards were then being gradually introduced to other customers as well on request but now with the government chalking out a strategy to move towards a less-cash economy we have decided to cover all our customers with this chip-based debit card," he explained.
A senior bank official said that other banks are also likely to follow suit and speed up the provision of the chip-based cards as the RBI is keen to ensure a more secure environment. These high security cards have a small chip which stores the information of the account in an encrypted format and provides an additional level of security by asking for a personal identification number (PIN).
On the other hand, the more commonly owned magnetic strip cards use the black strip seen on the back and are signaturebased. Other banks such as HDFC Bank, State Bank of India and Citibank also offer these chip-based cards.
If you have to pay through a chip-based card, you will need to insert the card in the point-of-sale (PoS) machine, which reads the encrypted information. After that the PIN has to be fed in to authenticate account holder. The transaction is completed only after this second level of authentication. The feeding in of the PIN also generates an alert of the transaction when the card is used and the user is able to track the transaction.
Magnetic strip cards, on the other hand, have to be merely swiped at the PoS machine, which then connects to the bank interphase and the money is deducted. There is no need to Chip-based cards are also safer as even if the card is lost, it is not possible to use it unless the PIN is known. Besides since the data is encrypted it is difficult to duplicate.
The Government sees a huge opportunity to move towards a less-cash economy in the wake of the shortage of cash that has arisen following the demonetisation of 500 and 1,000 rupee notes on November 8. This will help to fight the menace of black money going ahead as most card transactions leave an audit trail which makes it easier to tax both buyers and sellers.
Increasing cashless transactions, however, at the same time require a more secure network to safeguard consumers from cyber fraud. The dangers of cyber attacks on bank cards also assumes importance as earlier this year as many as 36 lakh debit cards of banks such as SBI, ICICI Bank, HDFC Bank and Yes Bank were compromised in what was seen as the biggest security breach ever.
As the move towards a lesscash economy gathers momentum, experts are of the view that an adequate law should also be put in place needs to be put in place compensate consumers.
Cyber law expert Pavan Duggal told Mail Today that the country's existing cyber law is woefully inadequate to deal with the world of cashless digital transactions as it does not have enough remedies to compensate consumers in case they are cheated of their money threw a cyber attack on banks or through phishing attempts. The Information Technology law does not envision the present world of cashless transactions as it was enacted in 2000 when this technology was not there.
The IT Act was amended in 2008 but this was to take into account security concerns that were a fallout of the 26/11 Mumbai attack and had nothing to do with the digital transactions. The current IT Act is not capable of dealing with digital transactions which require a distinct and separate law on cyber security to deal with radical technological changes that have taken place in recent years.
Due to inadequacies in the existing law, banks are blaming their customers most of the time in case they lose money due to hacking of accounts.
Customers are blamed for not being careful with their passwords or misuse of the network for losing the money. There are very few cases in which compensation is given and even this is too low, Duggal explained.