RBI - Report on Securing Card Present Transaction - Public Comments

RBI - Report on Securing Card Present Transaction - Public Comments

Reserve Bank of India, DPSS has turned its attention to ‘secure transactions’, of ‘cards present’.

Here cards might be Credit Cards/Debit Cards/ATM Cards/ ATM cum Debit Cards

To increase the security levels for ‘card present transactions’, RBI had constituted a working group in March 2011, to look into all the related issues implementing the security of card transactions in India and suggesting a road map for migration.

The Working Group had members drawn from Banks and Card Companies and also NPCI representatives.

The Working Group in a short span of 8 weeks, submitted its report today i.e 02/06/2011

The Working Group members have to be praised for their perseverance to submit the report within a short period of 8 weeks.

RBI has invited comments to be emailed or forwarded to them, by 30^th June 2, 2011

The Working Group Report can be accessed @ http://www.rbi.org.in/scripts/PublicationReportDetails.aspx?UrlPage=&ID=634

As the electronic money market grows rapidly, it is important that the fraudulent transactions are kept to the minimum, to ensure that the participant’s profitability is not hurt.

It can be noted that the electronic money usage is not only spreading in the urban area, but also spreading in the rural area. The advantages of electronic money are plenty for the rural folks to be attracted towards them.

Over the next month, the report will be discussed thread-bare not only on the internet but also in the print media. 

The more it is discussed, the more comments RBI will receive. The more comments RBI receives, the more robust solution can be found.

By now, articles on the report should have appeared on the Internet.

Standardisation ( Consistency, Equality) and Enhancement (Enrichment) of Security Features in Cheque Forms

Standardisation ( Consistency, Equality) and Enhancement (Enrichment) of Security Features in Cheque Forms

CTS-2010 Standard

Reserve Bank of India, Department of Payments and Settlement Systems has today released a Notification regarding the minimum specifications for Cheques for CTS(Cheque Truncation System) to be a success. This new standards will not only make Cheque handling safe in CTS environment, but also safe in non-CTS environment.

The Circular No is RBI/2009-10/323 DPSS.CO.CHD.No. 1832/ 04.07.05 /2009-10, dt February 22, 2010 addressed to The Chairman and Managing Director / Chief Executive Officer
All Scheduled Commercial Banks including RRBs / Urban Co-operative Banks / State Co-operative Banks / District Central Co-operative Banks

The link is

http://www.rbi.org.in/scripts/NotificationUser.aspx?Id=5509&Mode=0

Please note that this circular is address to Scheduled Banks including RRB’s/UCB’s/SCB’s and DCCB’s.

In a single circular the whole spectrum of banking industry has been addressed.

As Post Office Banking does not fall under the purview of Reserve Bank of India, the Department of Posts will have to initiate steps to meet the new standards.

When will this new guidelines be effective from?

        A specific deadline has not been announced, but these guidelines will be effective before CTS is live in Chennai.

The nitty-gritty will be finalized by Reserve Bank of India, in consultation with Indian Banks Association and National Payments Corporation of India.

My guess is that as the project is named as CTS 2010 – Standard, the guidelines will go live this year only.

Benefits to customers:-

01)                      Date Boxes are introduced i.e Date DDMMYYYY, instead of the present blank line.

This ensures that the complete date will be filled up, and there will be minimal chances of a wrong date being filled in.

02)                     The Bank’s Name and Bank’s Branch Details are shifted from the present left hand bottom to the left hand top.

03)                     Reserve Bank of India, has advised that as far as possible, the Account numbers should be pre-printed. Pre-printed Account numbers are a must for current account holders and Corporate Customers.

I interpret corporate customers as Salary Accounts too, even if they are under the ambit of Saving Accounts. This is to curtail the frauds.

Once the account numbers are pre-printed it becomes easy for the account-holders names also to be printed on the Cheque books. At the most the first Cheque-book issued in the account might only have the pre-printed account number.

The benefits are more       to the Branch Officials than the customers.

Benefits to Bank Officials:-

·        As this Cheque standards will also be adopted for Non-CTS locations, immense benefits will accrue to Cheque handling officials.

·        The data boxes will minimize date errors.

·        The standardization of the fields will aid in swift processing of a large number of cheques.

To me the most important benefit is the Prohibiting alterations/corrections on the cheques. In rare cases, only date field can be altered/corrected.

In case of alterations/corrections in payee’s name, amount in words, amount in figures, the customers are advised to issue new cheques.

The key to success of the above point depends on customer education. Customers have to be properly educated about the dangers of alterations/corrections in payee’s name, amount in words, and amount in figures

Proper education will reduce the customer dis-satisfaction and increase the customer’s faith in the new standards.

Through the standardization, the processing of cheques can be automated to a great extent, reducing human errors and minimizing frauds.

The proposed standards not only aid in quick processing of large number of cheques, but also increase the comfort level of human resources at all levels of Cheque handling.

This in turn will lead to enhanced customer satisfaction.

Though the proposed standards have been framed for CTS processing, all the Bank cheques by default will have to adhere to this new Standards. Having two sets of standards for CTS cheques and non-CTS cheques will be cumbersome for the banks as well as CTS processing centers.

Payable at Par cheques have become quite common, and Speed Clearing is also picking up. This means literally a Cheque can be paid across any Clearing Location in India, as long as the respective Bank Branch is located in the catchment area of the local Clearing House.

Hence, Banks by default will gradually switch over to the new standards.

Challenges:

Dealing with the existing stock of cheque books:-

Once the deadline is decided, banks will automatically place order for the new Cheque Books. The existing un-issued Cheque books, will have to destroyed.

What about the Cheque leaves already issued to the customers? The customers might be requested to destroy unused cheque leaves held by them. The major challenge will be the handling of cheques leaves already written/signed by customers and handed over to the payee’s i.e Post-dated cheques for Loan repayments. Well, such cheques might be in the System for 3-4years, and which have to be handled as exception cases.

Banks have to switch over from decentralized issuance of cheques books to centralized issuance of cheques books

This will be a major challenge for Public Sector Banks, as they will have to draw up plans to dismantle the existing procedure and switch over to the centralized issuance of Cheque books.

 Customer Education:

Customer education is vital for smooth switch over to the new standards.

Customer’s education has to focus on the following points:

01) The dangers of alterations/corrections in payee’s name, amount in words, and amount in figures.

02)                     The need to order fresh cheques in advance, as otherwise issuance of Cheque books with pre-printed account numbers will be difficult.

03)                     The need to withdraw unused cheques with old standards held by them.

One ground-breaking feature of this Notification is the introduction of the Void Pantograph Security feature.

Void  Pantograph 

A pantograph screen that has the word "VOID" hidden in it, created by using special screens and background designs. When photocopied by a color copier, the word "VOID" appears on the copied document. A document with a void pantograph is more difficult to duplicate than one with a standard pantograph. 

Tit-Bit - Wipro Finds $4 Million Fraud by Employee-The spill over effect

Wipro Finds $4 Million Fraud by Employee-The spill over effect.

It is common knowledge by now that a $4 Million Fraud has been discovered by Wipro in their books.

Right now, there is very little public information about the modus-operandi or the number of employees involved or the time period.

Of course, it is understandable that Wipro would not like to disclose more about this incident. Otherwise, this might encourage a similar type of incidents in other Organisations too.

Like it or not, today’s world is driven by computers, with the LOGIN ID and PASSWORDS being omnipresent.

Hence, in any Organization, it is important that adequate care be taken with LOGIN ID and PASSWORDS.

It is important to note that the fraud was committed in a IT Organization and not a Financial Institution.

I am not going into the

01) The modus operandi of this incident.

02) What Wipro need have done, to prevent such an incident?

There are far more competent people than me, to address the above issues.

What I am interested is what can be done to prevent such incidents in any Organization, be it IT, Finance, Oil, etc.

There are a large number of companies in this world, whose Balance Sheet is equal/more than Wipro’s.

This means such incidents can occur in any Organization, as long as the crooks find easy money.

What is NOT the Solution:-

01) Educating employees that sharing of Login Id’s and Passwords is wrong.

Let us accept the fact that in today’s environment, sharing of Login ID’s and Passwords is the rule, rather than the exception.

Than what is the Solution:-

In my view, the following measures will reduce the number of fraudulent incidents.

Critics might say that lots of money is involved in the measures, but than if the Money spent is less than the potential loss, it is better to spend the money.

01) Have a minimum number of Applications/Software Programs, which have access to the Organization’s monies.

I know an institution, in which the users for their routine operation had to remember 17 Login Id’s and the corresponding passwords!!

So you cannot blame the users for having a single login id and password for all the 17 Applications/Software Programs.

02)         All the routine Applications/Software Programs are linked to the HR Applications/Software Program.

The process flow could be as follows:

a)     Employee logs into the HR Application.

b)    On sign in HR Application,(attendance register) the access to all other Applications should be activated.

c)     In case of meetings or other work during the office timings, if the employee has to be away from his desk, he will log into the HR Application, and tick the Out of Desk option.  This should block access to all the other Applications, till the employee, unticks the Out of Desk option in the HR Application.

d)     When an employee is on leave, the same should be updated in the HR Application, and during the leave period, access to all other Applications is to be blocked.

This means HR Application will be the all-pervading Application in the Organization.

In fact this can be new business opportunity for IT Companies.

Tit-Bit- - Income Tax-Electronic Mails

Income Tax-Electronic Mails

The fraudsters have a found out a new way, to gain access to credit card numbers along with the CVV number.

They have targeted mass mails to folks, as if the originator is the IT Deparment  

As per the contents of the Mails, the IT Department has requested for Credit Card Details, to process the Income Tax Refunds!!

Luckily, the media has widely published articles warning people not to fall prey to the fake mails.

Income Tax Department, too has released advertisements in leading newspapers, warning people of the bogus mails.

The Press Release of Income Tax Department can be accessed at 

http://www.incometaxindia.gov.in/archive/CBDT_PressRelease_09102009.pdf

As the ePayments gains popularity in our country, the scam-esters too resort to new thoughts, to expand their business!!

Hence, the users should be more careful, while parting with their data.

Credit Card and Date of Birth

Credit Card and Date of Birth

Major misuse of credit cards take place when they are lost/stolen/only Magnetic Data Stolen.

Two Additional features for Card-Not-Present Transactions(CNP), is the Date of Birth and the additional layer of password now required for Credit Card Payments in India.

If the credit card user, forget’s  the ‘additional layer - password’, a fresh password can be generated based on the 01) Card number 02) CVV number  03) Card Expiry Date  04) Date of Birth.

The first 3 are present on the Credit Card and the 4^th is expected to be kept secret by the credit card user.

Recently, I have come across advertisements in Papers/Magazines for A) Donations B) Subscriptions wherein a mode of payment is through Credit Card.

The requested details for payments through credit card is the

01) Card Number       02) Date of Expiry      03) Date of Birth.

Yes, you have read it right DATE OF BIRTH.

Folks, never ever mention your date of birth in such transactions. Once, the date of birth is mentioned, you are opening a Pandora’s box, for misuse of your credit card !!!!!!!!!

A more safer ePayments option, for such transactions is the NEFT mode. Of course, Indian organizations have yet to understand the benefits of NEFT.

Of course, the more relevant question is whether the Date of Birth is a safe security process to generate the ‘Additional Layer-Password’. Maybe, this might continue, till better options are presented.

Protect Yourself

Loan Disbursements through ePayments

Loan Disbursements through ePayments.

Today, Reserve Bank of India, Department of Banking Supervision, has released a Notification on Frauds in borrowal accounts having multiple banking arrangements. The Lr.No. is RBI/2008-09/508 DBS CO.FrMC BC No 8 /23.04.001/2008-09, dt.June 24, 2009.

The complete document can be accessed at

http://www.rbi.org.in/scripts/NotificationUser.aspx?Id=5051&Mode=0

The basic point is that the in certain cases the borrowers used the accounts maintained at other financing banks to siphon off funds fraudulently diverted from the bank on which the fraud was perpetrated.

The present norm for Loan Disbursements is through Banker’s Cheque/Demand Draft favoring 01) Suppliers of Goods 02) the borrower.

In case of property purchase, the Banker’s Cheque/Demand Draft is favoring the Seller and the Banker’s Cheque/Demand Draft details are entered in the Sale Deed.

A common fraudulent practice is to open benami accounts in banks, and to deposit the Loan Disbursement Instruments in such accounts.

To minimize frauds, I suggest that Loan Disbursements be routed through ePayments mode (RTGS), as the funds will be routed to the beneficiary account directly. The associated risk of manipulating the Loan Disbursement Instruments is also minimized.

Loan Disbursements through ePayments can be encouraged, except where the Loan Disbursement Instrument Number, has to be incorporated in the Legal Document.

As said in my Profile, my only aim is to increase the number of ePayments in India.

Multiply the delight of ePayments