Check misuse of user-id, password: CVC to banks, insurance cos

The Central Vigilance Commission has suggested surprise inspections by the chief vigilance officers of the public sector banks and insurance companies to check frauds due to misuse of user-id and password of officers by sharing it with unauthorised persons.
The Commission has of late observed that in many cases relating to banking sector, insurance sector, central public sector enterprises and even in other organisations functioning in a computerised environment, frauds were being perpetrated on account of the officers sharing their user-id and password with unauthorised persons and not disabling them on their transfer, retirement, suspension or long leave.
It was also noticed that the officers were not frequently changing their password. "The Commission is of the view that periodic change of passwords by officers would be an important preventive vigilance measures to address the issues," the CVC said in a directive to all ministries, banks, insurance companies and autonomous organisations.

The email-ids, user-ids, etc for accessing the secure systems should be disabled once an officer superannuates, placed under suspension or not required to perform any function on account of proceeding on long leave, training, deputation, transfer, etc, it said.
"Introducing a provision in the system, or software itself at a pre-decided time period (i.E. A fortnight or a month) to change password could also be one of the options for preventing misuse by unauthorised persons," the CVC said.
The move comes following cases of frauds worth crores of rupees were noticed by Commission through misuse of secure ids and passwords, Commission officials said.

"In addition, it also needs to be ensured by way of periodic surprise inspections or checks by next higher authority or controlling officers as to whether the user-ids and password are being shared by the officers with any unauthorised persons," the anti-corruption watchdog said.

The Commission had earlier advised chief vigilance officers (CVOs), who act as distant arm of CVC, of all public sector banks to ensure secrecy of employees' passwords and also keep on changing them frequently so that frauds being committed on account of misuse of passwords of employees may be avoided in the public sector banks. However, its instructions were not followed in toto.

"CVOs of banks were to take suitable action and regularly monitor secrecy of passwords and any instances of casual approach by any password holder was to be dealt ruthlessly by the concerned bank as the same may put huge funds at risk. It appears that the spirit of circular is not being implemented," the CVC said.
All CVOs have been advised to put in place preventive measures and carry out periodic inspections to check any such illegal practise. They have been also asked to send an action taken report to the Commission on the verification conducted by them in this regard, it said.