The Union finance ministry will meet chief executives of public-sector banks next week to discuss issues related to cybersecurity in the wake of the Rs 820 crore fraud that hit Kolkata-based UCO Bank earlier this month.
According to sources aware of the development, the ministry has asked banks to review their digital systems and cybersecurity-related measures.
During the Diwali week, UCO Bank was hit by an IMPS (Immediate Payment Service) fraud in which Rs 820 crore was credited to some account holders of UCO Bank without a debit from any other bank. While UCO Bank has been able to recover Rs 649 crore, or 79 per cent of the amount, the rest was withdrawn by account holders.
This happened between November 10 and 13. As a precautionary measure, UCO took the IMPS channel offline.
The bank has approached the Central Bureau of Investigation to investigate any attempt, including cyber attacks, aiming to manipulate the lender and disrupt the functioning of IMPS.
Sources said such frauds had occurred a couple of times before, involving some other public-sector banks, but they went largely unnoticed because the amounts involved were small.
The Reserve Bank of India (RBI) has been asking banks to develop business strategies, strengthen their governance framework, and implement cybersecurity measures to ease concerns related to fraud.
The RBI has said a minimum common framework for cybersecurity needs to be devised, outlining best practices and standards for financial institutions to follow. That can help ensure that all institutions are taking steps to protect themselves from cyber threats.
The regulator has mandated banks to have a board-approved cybersecurity policy, explaining the strategy with an approach to combat cyber threats, given the level of complexity of businesses and acceptable levels of risk. It has emphasised that the policy needs to be distinct from the broader IT policy.
On Thursday, RBI Deputy Governor M Rajeshwar raised the issue of cybersecurity measures of banks while asking lenders to fortify them and prevent cyber frauds in a hyper-personalised and tech-banking environment.
He said the efforts of the banks to provide timely solutions to customer grievances had not kept pace with the explosion in technology and products.
Earlier in June, former RBI Deputy Governor M K Jain had warned that cyber attacks could disrupt critical financial operations in banks, rendering them unable to process transactions, access customer accounts, or execute essential functions.
The RBI had said such disruption could result in a loss of confidence in the banking system, because customers and businesses might face difficulties in accessing funds or conducting normal financial activities.
Such disruptions can lead to financial instability especially if they affect multiple banks or are prolonged, Jain had said.
On alert
During the Diwali week, Uco Bank was hit by an IMPS fraud, crediting Rs 820 cr in some accounts
It was able to recover Rs 649 cr of the amount
Remaining amount was withdrawn by the account holders
Uco took the IMPS channel offline as precaution
The bank approached CBI to investigate any attempt to manipulate and disrupt the IMPS
RBI has been telling banks on the need to implement cybersecurity measures to mitigate frauds
To read the full story, Subscribe Now at just Rs 249 a month