Internet Banking in India - Quick Facts
Reserve Bank of India (RBI) had set up a working Group on Internet Banking to examine different direction of Internet Banking which focused on three major areas such as technology and security issues, regulatory and supervisory issues and legal issues. RBI, after having accepted the recommendations has issued following guidelines (on 14th June, 2001) for implementation by commercial banks.
All banks, who proposed to offer transnational services on the Internet should obtain prior approval from RBI. Only such banks which are licensed and supervised in India and have a physical presence in India will be permitted to offer Internet banking products to residents of India. Virtual banks and banks both are incorporated outside the country and having no physical outlook in India will not for the present be sanctioned to offer Internet Banking Services to Indian residents
Overseas branches of Indian banks will be authorized to offer Internet banking services to their overseas customers subject to their satisfying, the home supervisor and in additional to the host supervisor.
Technology and Security Standards:
- Banks should introduce logical access controls to data, systems, application software, utilities, telecommunication lines, libraries, system software, etc.
- Banks should designate a network and database administrator with clearly defined roles.
- The minimum banks should use the server type of firewall so that there is no direct connection between banks’ system and Internet.
- Banks should have a security policy duly approved by the Board of Directors with segregation for duty of Security Officer/ Group dealing exclusively with information systems security and Information Technology Division which actually implements the computer systems. Further, Information Systems Auditor should audit the information systems.
- Physical access controls should be strictly enforced. Corporal Security should cover all the information systems and sites where they are housed both against external and internal threats.
- For legal purposes all applications of banks should have exact record keeping facilities. It may be necessary to keep all received and sent massages both in encrypted and decrypted form.
- Banks should have proper infrastructure and schedules for banking up data. The supported data should be serially tested to ensure recovery without loss of transactions in a time frame as given out in the banks security policy.
- In Internet banking case there is very small opportunity for the banks to act on stop-payment instructions from the customers. Banks should clearly instruct to the customers the time period and the circumstances in which any stop- payment instructions could be accepted.
- Even through request for opening account can be accepted over Internet, a/c should be opened only after proper introduction and physical verification of the identity of the customer.
- Under the present regime there is an obligation on banks to maintain secrecy and confidentially of customers’ accounts and the risk of banks not meeting this obligation is high on an account of several factors.
- Form a legal perspective, security produce adopted by banks for authenticating users’ needs to be recognized by law as a substitute for signature.
Regulator and Supervisory Issues:
- Banks must make imperative disclosures of risks, responsibilities and liabilities of the customers in doing business through internet through a disclosure template. The banks should also put their latest expressed financial results over the net.
- The products should be restricted to account holders only and should not be offered in other jurisdiction.
- Banks will report to RBI every branch or failure of security systems and procedure. RBI at its discretion, may decide to commission special audit/ inspection of such banks. The services should only include local currency products.