Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label RBI. Show all posts
User Safety
Banking Security Cyber Security India RBI User Safety

RBI Launches "bank.in" Domain to Combat Digital Banking Scam

 

The Reserve Bank of India (RBI) has made the "bank.in" domain exclusive to all authorised banking institutions in India in an effort to strengthen digital banking security and shield customers from online banking fraud. This effort aims to minimise the rising threat of digital banking fraud by establishing a secure and verified online presence for the banks across the nation.

Due to the surge in online banking transactions, fraudsters have taken advantage of vulnerabilities by impersonating actual banks via phishing attacks, phoney banking websites, and fraudulent email campaigns. The only registrar for this will be the Institute for Development and Research in Banking Technology (IDRBT).

It is expected that domain registration will get underway in April 2025. By implementing an exclusive bank.in domain strategy, the RBI lowers the risk of financial fraud by ensuring that users can quickly recognise and trust legitimate banking websites.

Importance of “bank.in” domain in banking security

The increased use of digital banking has transformed financial transactions in India, providing easy access to banking services. However, this digital transformation has resulted in an increase in cyber threats, with scammers creating fake banking portals to trick users into disclosing sensitive data such as login credentials, OTPs, and banking details. The RBI's special domain for banks called "bank.in" intends to: 

  • Enhance banking fraud prevention by eliminating fake sites that pose as authentic banking portals. 
  • Increase consumer trust and awareness by ensuring that all Indian banks use a single, verifiable domain structure.
  • Strengthen India's digital banking security by creating a centralised domain that is challenging for fraudsters to replicate.

The "bank.in" domain will be reserved solely for RBI-regulated banking institutions, guaranteeing that only reputable financial institutions can use this domain extension. Each bank's official website will be hosted under the bank.in domain, making it easy for consumers to check legitimacy. For example, a major bank like State Bank of India (SBI) may have an official URL such as sbi.bank.in, indicating that the website is trustworthy. 

To facilitate this transition, the RBI is working with financial institutions, cybersecurity professionals, and domain regulatory agencies to ensure a smooth transition to the new domain. Banks will be expected to phase out their current domains and redirect consumers to their new "bank.in" addresses, ensuring a smooth transition and avoiding confusion.
Read more »
Software
AI Cloud Computing Cyber Attacks Digital threats Financial Sector Healthcare India RBI Software

Cyberattacks Skyrocket in India, Are We Ready for the Digital Danger Ahead?


 

India is experiencing a rise in cyberattacks, particularly targeting its key sectors such as finance, government, manufacturing, and healthcare. This increase has prompted the Reserve Bank of India (RBI) to urge banks and financial institutions to strengthen their cybersecurity measures.

As India continues to digitise its infrastructure, it has become more vulnerable to cyberattacks. Earlier this year, hackers stole and leaked 7.5 million records from boAt, a leading Indian company that makes wireless audio and wearable devices. This is just one example of how cybercriminals are targeting Indian businesses and institutions.

The RBI has expressed concern about the growing risks in the financial sector due to rapid digitization. In 2023 alone, India’s national cybersecurity team, CERT-In, handled about 16 million cyber incidents, a massive increase from just 53,000 incidents in 2017. Most banks and non-banking financial companies (NBFCs) now see cybersecurity as a major challenge as they move towards digital technology. The RBI’s report highlights that the speed at which information and rumours can spread digitally could threaten financial stability. Cybercriminals are increasingly focusing on financial institutions rather than individual customers.

The public sector, including government agencies, has also seen a dramatic rise in cyberattacks. Many organisations report that these attacks have increased by at least 50%. Earlier this year, a hacking group targeted government agencies and energy companies using a type of malware known as HackBrowserData. Additionally, countries like Pakistan and China have been intensifying their cyberattacks on Indian organisations, with operations like the recent Cosmic Leopard campaign.

According to a report by Cloudflare, 83% of organisations in India experienced at least one cybersecurity incident in the last year, placing India among the top countries in Asia facing such threats. Globally, India is the fifth most breached nation, bringing attention  to the bigger picture which screams for stronger cybersecurity measures.

Indian companies are most worried about threats related to cloud computing, connected devices, and software vulnerabilities. The adoption of new technologies like artificial intelligence (AI) and cloud computing, combined with the shift to remote work, has accelerated digital transformation, but it also increases the need for stronger security measures.

Manu Dwivedi, a cybersecurity expert from PwC India, points out that AI-powered phishing and sophisticated social engineering techniques have made ransomware a top concern for organisations. As more companies use cloud services and open-source software, the risk of cyberattacks grows. Dwivedi also stresses the importance of protecting against insider threats, which requires a mix of strategy, culture, training, and governance.

AI is playing a growing role in both defending against and enabling cyberattacks. While AI has the potential to improve security, it also introduces new risks. Cybercriminals are beginning to use AI to create more advanced malware that can avoid detection. Dwivedi warns that as AI continues to evolve, it may become harder to track how these tools are being misused by attackers.

Partha Gopalakrishnan, founder of PG Advisors, emphasises the need for India to update its cybersecurity laws. The current law, the Information Technology Act of 2000, is outdated and does not fully address today’s digital threats. Gopalakrishnan also stressed upon the growing demand for AI skills in India, suggesting that businesses should focus on training in both AI and cybersecurity to close the skills gap. He warns that as AI becomes more accessible, it could empower a wider range of people to carry out sophisticated cyberattacks.

India’s digital growth presents great opportunities, but it also comes with strenuous challenges. It’s crucial for Indian businesses and government agencies to develop comprehensive cybersecurity strategies and stay vigilant.


Read more »
Transactions
Cyber Fraud Digital Payment Financial Fraud Fintech RBI Transactions

Fintechs Encouraged to Join National Cyber Fraud Reporting System


The Fintech Association of India (FACE) has urged its members to register on the Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS). This platform, part of the broader National Cybercrime Reporting Portal, facilitates the reporting and management of financial cyber frauds. By joining, fintech companies can better handle customer complaints and collaborate with law enforcement to prevent fraud.

This initiative by FACE is noteworthy, especially as it seeks approval to become a self-regulatory organisation (SRO) for fintech lenders. The Reserve Bank of India (RBI) is expected to announce its decision soon, with FACE and the Digital Lenders’ Association of India both in the running to be recognised as an SRO. The establishment of an SRO will likely lead to more stringent industry oversight, promoting higher standards of operation and better consumer protection within the fintech sector.

The push for fintechs to join the CFCFRMS comes at a critical time. As digital transactions grow more common, the opportunities for cyber fraud have increased. The convergence of various financial entities— such as banks, non-banking financial companies, insurance providers, and payment services—has created more potential points of vulnerability. The CFCFRMS is designed to coordinate the efforts of all stakeholders, enabling action to block fraudulent transactions before they can be completed.

RBI’s New Platform to Combat Payment Frauds

In a parallel effort to bolster cybersecurity, the RBI is developing the Digital Payments Intelligence Platform (DPIP). This platform aims to use cutting-edge technology to detect and prevent payment fraud. A committee led by A P Hota, former CEO of the National Payments Corporation of India, is currently formulating recommendations for the DPIP, which is expected to upgrade the ability to share real-time data across the payment ecosystem. This initiative is especially important in addressing frauds where victims are tricked into making payments or divulging sensitive information.

Alarming Increase in Cyber Fraud Losses

The importance of these measures is empathised by recent statistics from the Ministry of Finance. Financial losses due to cyber fraud have more than doubled in the last fiscal year, rising to Rs 177.05 crore in FY24 from Rs 69.68 crore in FY23. This sharp increase underlines the growing threat posed by cybercriminals and the need for more robust security measures.

Public Awareness and Digital Payment Safety

While the rise in cyber fraud is concerning, a survey by the RBI offers some reassurance. According to the survey, 94.5% of digital payment users have not experienced fraud. However, the risk remains, especially in semi-urban areas, where fraud attempts are slightly more common than in metropolitan regions. The most prevalent form of fraud is vishing, or voice phishing, where criminals trick individuals into revealing sensitive information over the phone. Other common tactics include phishing emails, misuse of payment requests, and remote access scams.

As digital payments become increasingly integrated into everyday life, ensuring their safety is crucial. Initiatives like CFCFRMS and DPIP are essential in building a secure and trustworthy digital financial environment. By building up on fraud prevention measures, these platforms can help maintain public confidence and encourage wider adoption of digital payment systems.


Read more »
RBI
Cyber Attacks Cyber Heist CyberCrime Cyberfraud Cybersecurity Cyberthreats Fradulent Transactions Indusland Bank RBI

Cyber Heist: Rs 40 Crore Taken from IndusInd Bank

 


According to Maharashtra Cyber, which reported the recovery of 31.89 crores out of 40 crores allegedly fraudulently transferred from IndusInd Bank to 20 different mule accounts on Friday, the agency said. As a result of the fraud, more than $4.2 million were stolen from ATMs around the country, while police are still looking for the remaining $2.87 million. 

It has been reported that IndusInd Bank in Mumbai has reported a loss of Rs 40 crore as a result of an unauthorized transaction which took place on their network. Maharashtra Cyber Police, responsible for detecting and responding to cyber frauds in the state, has managed to recoup Rs 32 crore as a major achievement in one of the state's largest cases of cyber fraud. According to the bank's Hyderabad branch manager, he is being held responsible for making unauthorized transactions on behalf of the bank. 

By improving the reporting process through the National Cybercrime Reporting Portal (NCCRP), the Maharashtra Cyber Police were able to take swift action on the report of the cybercrime within a short period. With such a prompt response, the authorities were able to track down and freeze the fraudulent accounts in a short period. In addition to the fraudulent transactions, the Hyderabad branch manager also made two significant transfers of Rs 15 crore and Rs 25 crore with no authorization from the Mumbai head office on whether these transfers should be carried out. 

A total of nearly 20 accounts were involved in the disbursement of the funds. Even though the Hyderabad police department registered the FIR, it was Mumbai that originally made the complaint. The team’s efforts and process continued, resulting in blocking a total of ₹32.89 crore till July 25 in 11 bank accounts in India. The fraud managed to withdraw ₹4.24 crore from different ATMs of the bank, said Shintre. Efforts are still on to recover the remaining money,” he added. 

The amount was transferred to different banks from the Hyderabad branch, so an FIR has been registered there, and the Hyderabad police are investigating the case. After the Maharashtra Cyber Police team got wind of the complaint on July 19, one of its officers explained that the team immediately started pursuing the matter. In coordination with all finance intermediaries responsible for the processing of the money, they were able to place a hold on approximately Rs 31 crore by 6 PM on the same day. 

IndusInd Bank's Bandra Kurla Complex branch, which is located at the Bandra Kurla Complex (BKC), was alerted to the fraud through their helpline number after informing the cyber police about the fraudulent transactions. It was only after the cyber police took action that they were able to freeze the accounts worth 312.890 crores, which were held in various banks. According to the report, the team noticed on July 19 that there has been significant fraud involving transactions amounting to approximately $40 crore that have been reported. 

Following the realisation of the urgency of the situation, a team was immediately formed, and the following morning a follow-up process was initiated and immediate coordination was initiated with the appropriate financial intermediaries involved in the transactions. This resulted in an approximate saving of approximately 31 crores by 6 pm that day," said Shintre. A total of 31.89 crores of currency worth 32.89 crores were blocked from 11 bank accounts in India as a result of the team's work and process up until July 25. 

Shintre informed the press that the fraudster was able to withdraw a total of Rs.4.24 crore from ATMs across the bank. The team is constantly working on recovering the remaining money to get it back," he stated. It is believed that the money from the Hyderabad branch was transferred to different banks, which is why an FIR was filed there, and the Hyderabad police are presently investigating the situation. 

In the past three and a half years, Maharashtra Cyber has received 281,019 reports of cyber fraud, resulting in a staggering loss of approximately ₹3,325 crore to complainants across the state. During this period, efforts by the Cyber Police have successfully blocked and safeguarded around ₹358.77 crore in transactions through banking channels. 

The scale of the issue is reflected in the daily volume of calls received by Maharashtra Cyber's helpline number, 1930, which averages between 4,000 and 5,000 calls. To manage this influx, the organization operates 20 functional lines manned by a dedicated workforce of over 110 individuals working round-the-clock. A specialized team of 10 personnel focuses exclusively on follow-up procedures, liaising directly with banks and law enforcement agencies to expedite the resolution of complaints. 

Additionally, Maharashtra Cyber has implemented dedicated Artificial Intelligence (AI) units across various branches. These units facilitate data analysis, pattern recognition, digital forensics, and behavioural analysis, significantly aiding investigators in their efforts. From 2021 to July 26, 2024, the helpline recorded a total of 281,019 complaints, resulting in the recovery of ₹3,324.90 crore from fraudulent transactions, with an additional ₹358.77 crore placed on hold. This underscores the effectiveness and commitment of Maharashtra Cyber in addressing and mitigating cybercrime incidents. Ongoing investigations are aimed at ensuring compliance with RBI regulations and enhancing internal banking checks to prevent future occurrences.
Read more »
Risk Management
ATM Cyber Security Cyber Threats Digital Banking IT risks RBI Risk Management

RBI Issues Advisory to Support Cybersecurity in Banks


 

Amid escalating cyber threats, the Reserve Bank of India (RBI) has released a comprehensive advisory to all scheduled commercial banks. This advisory, disseminated by the Department of Banking Supervision in Mumbai, stresses upon the paramount importance of robust cybersecurity measures in the modern digital banking infrastructure.

The advisory highlights the crucial role of Corporate Governance in maintaining accountability within banks, emphasising that IT Governance is a key component of this framework. The RBI stresses that effective IT Governance necessitates strong leadership, a clear organisational structure, and efficient processes. Responsibility for IT Governance, the advisory states, lies with both the Board of Directors and Executive Management.

With technology becoming integral to banking operations, nearly every commercial bank branch has adopted some form of digital solution, such as core banking systems (CBS) and alternate delivery channels like internet banking, mobile banking, phone banking, and ATMs. In light of this, the RBI provides specific guidelines to banks for enhancing their IT Governance.

The RBI recommends that banks clearly define the roles and responsibilities of their Board and Senior Management to ensure effective project control and accountability. Additionally, it advises the establishment of an IT Strategy Committee at the Board level, comprising members with substantial IT expertise. This committee is tasked with advising on strategic IT directions, reviewing IT investments, and ensuring alignment with business goals.

The advisory also suggests structuring IT functions based on the bank’s size and business activities, with dedicated divisions such as technology and development, IT operations, IT assurance, and supplier management. Each division should be headed by experienced senior officials to manage IT systems effectively.

Implementing IT Governance PractiPracticehe RBI stresses the importance of implementing robust IT Governance practices aligned with international standards like COBIT (Control Objectives for Information and Related Technologies). These practices focus on value delivery, IT risk management, strategic alignment, resource management, and performance measurement.

Information Security Governance

Recognizing the critical nature of information security, the RBI advises banks to develop comprehensive security governance frameworks. This includes creating security policies, defining roles and responsibilities, conducting regular risk assessments, and ensuring compliance with regulatory requirements. The advisory also recommends that the information security function be separated from IT operations to enhance oversight and mitigate risks.

Risk Management and Compliance

The RBI underscores the necessity of integrating IT risks into banks’ overall risk management frameworks. This involves identifying threats, assessing vulnerabilities, and implementing appropriate controls to mitigate risks. Regular monitoring and oversight through steering committees are essential to ensure compliance with policies and regulatory standards.

The RBI’s advisory serves as a crucial reminder for banks to strengthen their cybersecurity defences amidst growing digital threats. By adopting robust IT Governance and information security frameworks, banks can enhance operational resilience, protect customer data, and safeguard financial stability. Adhering to these guidelines not only ensures regulatory compliance but also bolsters trust and confidence in the banking sector.

As technology continues to play an increasingly pivotal role in banking, the RBI urges banks to remain vigilant against emerging threats. Proactive measures taken today will help secure the future of banking operations against cybersecurity challenges. For detailed guidelines, banks are encouraged to refer to the official communication from the Reserve Bank of India.


Read more »
RBI
Banking fraud Cyber Crime Loan Scam online frauds RBI

Online Banking Frauds: The Silent Threat to India’s Financial Stability

Online Banking Frauds: The Silent Threat to India’s Financial Stability

Bank frauds in India: A soaring trend

According to an analysis of frauds recorded across banks, the number of fraud cases filed in FY24 increased by approximately 300 percent from 9,046 in FY22. However, the sum involved has decreased from Rs 45,358 crore to Rs 13,930 crore, according to the central bank's annual report for fiscal year 24 released on Thursday.

Every year, the amount involved in total frauds reported decreased by 46.7% during fiscal year 24.

The numbers speak

The RBI stated that, while private sector banks reported the most frauds in the recent three years, public sector banks contributed the most to the fraud total. According to the RBI, digital payments (card payments and internet) were the most common source of fraud. 

According to the RBI, digital payments (card payments and internet) were the most common source of fraud. However, in terms of value, the frauds were concentrated in the loan portfolio.

While small value card/internet frauds accounted for the majority of frauds recorded by private sector banks, RBI investigation revealed that frauds in public sector banks were primarily in loan portfolios.

The number of scams involving card and internet payments jumped from 3,596 in FY22 to 29,082 in FY24. In terms of value, it rose from Rs 155 crore in FY22 to Rs 1,457 crore.

Observing the time lag

In an assessment of cases reported in FY23 and FY24, the RBI discovered a significant time lag between the date a fraud occurred and its identification.

According to the RBI, the amount engaged in frauds from prior fiscal years accounted for 94.0 percent of the frauds reported in FY23 in terms of value. Approximately 89% of the frauds recorded in FY24 by value occurred in previous fiscal years.

Factors contributing to the surge

  • Technological advancements: The digital revolution has transformed banking, making transactions faster and more accessible. However, it has also exposed vulnerabilities. Cybercriminals exploit weak security measures, phishing attacks, and identity theft to siphon off funds.
  • Lax oversight: Despite regulatory frameworks, some banks struggle to implement robust risk management practices. Inadequate internal controls and complacency contribute to the rising fraud numbers.
  • Insider threats: Employees with access to sensitive information can be both an asset and a liability. Insider fraud—whether intentional or due to negligence—poses a significant risk.
  • Complex financial products: As financial products become more intricate, so do the opportunities for fraud. From complex derivatives to shadow banking, the landscape is ripe for exploitation.

Mitigating the risk

  • Enhanced security measures: Banks must invest in cutting-edge cybersecurity tools. Multi-factor authentication, real-time monitoring, and AI-driven anomaly detection can help thwart fraud attempts.
  • Training and awareness: Educating bank staff and customers about fraud risks is crucial. Regular workshops, simulated phishing exercises, and awareness campaigns can empower everyone to stay vigilant.
  • Collaboration: Banks, regulators, and law enforcement agencies must collaborate closely. Sharing threat intelligence and best practices can strengthen the collective defense against fraud.
  • Strengthening legal frameworks: Stricter penalties and faster legal proceedings can act as deterrents. Swift action against fraudsters sends a strong message.

Read more »
RBI
Banking scam Cyber Crime Digital Arrest Police Scam RBI

Don’t Be a Victim: How to Avoid Digital House Arrest

Don’t Be a Victim: How to Avoid Digital House Arrest

Criminals are using a new "Digital House Arrest" method to target individuals. Scammers contact victims and compel them to stay home by pretending to be law enforcement officials such as police officers, Central Bureau of Investigation (CBI) agents, or customs officials. 

They then exploit the victim's bank accounts. Numerous cases of this fraudulent conduct have recently emerged.

According to a Reserve Bank of India (RBI) study, India experienced bank frauds totaling more than Rs 30,000 crore in FY23. Over the last decade, Indian banks have reported 65,017 fraud instances, resulting in a total loss of Rs 4.69 trillion. 

To deceive naive people, cybercriminals use a variety of strategies, such as UPI, credit card, OTP, job, and delivery scams. Digital house arrest is a new popular scamming strategy.

About digital arrest

Digital house arrest occurs when cybercriminals trap victims in their homes to trick them. Perpetrators instill terror by making calls, frequently impersonating law enforcement officers via AI-generated voice or video calls.

They fraudulently accuse victims of misconduct involving their Aadhaar or phone number, creating a sense of imminent arrest and pushing them to send money.

Hackers usually contact victims and claim they shipped or received boxes carrying illegal substances such as narcotics or false passports. They may even fraudulently alert the target's relatives or acquaintances about their involvement in a crime, instilling a sense of urgency.

Criminals pose as law enforcement officers, and demand money from victims as compensation for covering the case. Victims are pressured to remain visible on video conferencing services until their requests are granted.

Forcing potential victims

Hackers use strategies such as setting up fake police stations or government offices and dressing in uniforms mimicking those of law enforcement authorities.

Uttar Pradesh Police launched an investigation into the first recorded case of 'digital arrest' in December of last year after receiving a complaint from a Noida resident.

The victim fell victim to the fraud, losing more than Rs 11 lakh and facing a day-long 'digital arrest'. Perpetrators posed as police officers, impersonating an IPS officer from the CBI and the founder of a bankrupt airline, and implicated the victim in a manufactured money-laundering case.

Government's response to frauds

The Indian Cyber Crime Coordination Centre (I4C) and the Department of Telecommunications (DoT) are collaborating to combat the influx of spoof calls coming from abroad. These callers falsely claim to be from law enforcement authorities such as the Narcotics Control Bureau or the Central Bureau of Investigation, among others, and claim 'digital arrests'.

In addition, I4C has partnered with Microsoft to fight the abuse of law enforcement emblems. These logos are regularly used by scammers abroad to take money from Indian nationals.

To raise awareness, I4C has released infographics and videos on its social media platform Cyberdost and its X (Twitter), Facebook, and Instagram pages. The Ministry has asked citizens to remain vigilant and raise awareness about cybercrime.

How to stay safe?

If you get a similar call or message, contact the authorities. The government of India has launched the Chakshu portal on the Sanchar Saathi website to combat cyber and online fraud. Individuals can also report similar incidents using the cybercrime helpline 1930 or online http://www.cybercrime.gov.in.


Read more »
RBI
Artifcial Intelligence Cyber Crime Cyber Laws Fraud RBI

Can Legal Measures Slow Down Cybercrimes?

 


Cybercrime has transpired as a serious threat in India, prompting calls for comprehensive reforms and collaborative efforts from various stakeholders. Experts and officials emphasise the pressing need to address the evolving nature of cyber threats and strengthen the country's legal and regulatory framework to combat this menace effectively.

Former IPS officer and cybersecurity expert Prof Triveni Singh identified the necessity for fundamental changes in India's legal infrastructure to align with the pervasive nature of cybercrime. He advocates for the establishment of a national-level cybercrime investigation bureau, augmented training for law enforcement personnel, and the integration of cyber forensic facilities at police stations across the country.

A critical challenge in combating cybercrime lies in the outdated procedures for reporting and investigating such offences. Currently, victims often encounter obstacles when filing complaints, particularly if they reside outside India. Moreover, the decentralised nature of law enforcement across states complicates multi-jurisdictional investigations, leading to inefficiencies and resource depletion.

To streamline the process, experts propose the implementation of an independent online court system to expedite judicial proceedings for cybercrime cases, thereby eliminating the need for physical hearings. Additionally, fostering enhanced cooperation between police forces of different states and countries is deemed essential to effectively tackle cross-border cybercrimes.

Acknowledging the imperative for centralised coordination, proposals for the establishment of a national cybercrime investigation agency have been put forward. Such an agency would serve as a central hub, providing support to state police forces and facilitating collaboration in complex cybercrime cases involving multiple jurisdictions.

Regulatory bodies, notably the Reserve Bank of India (RBI), also play a crucial role in combatting financial cybercrimes. Experts urge the RBI to strengthen oversight of banks and enhance Know Your Customer (KYC) norms to prevent the misuse of accounts by cyber criminals. They should aim to utilise technologies like Artificial Intelligence (AI) to detect anomalous transaction patterns and consolidate efforts to identify and thwart cybercrime activities.

There is a growing consensus on the necessity for a comprehensive national cybersecurity strategy and legislation in India. Such initiatives would furnish a robust framework for addressing the omnipresent nature of this threat and safeguarding the country's cyber sovereignty.

The bottom line is putting a stop to cybercrime demands a concerted effort involving lawmakers, regulators, law enforcement agencies, financial institutions, and internet service providers. By enacting comprehensive reforms and fostering greater cooperation, India can intensify its cyber resilience and ensure a safer online environment for all.



Read more »
Subscribe to: Posts (Atom)