Connect with us

Cyber Crime

India’s Biggest Banking Security Survey : How Safe Is Your Money?

Published

on

The420 along with Root64 Infosec Research Foundation conducted India’s first comprehensive bank and financial institution survey to find out if they are doing enough in keeping our money safe.

Years after recommendations by the Narasimham committee on banking sector reforms and security, where do banks stand? How safe is your money in the bank? Are banks secured enough? Are cash vans and micro-finance institutions following the security protocol? To answer all these questions The420 along with Root64 Infosec Research Foundation conducted India’s first comprehensive bank and financial institution survey to find out if they are doing enough in keeping our money safe.

The first chapter of the survey was done in Azamgarh district of Uttar Pradesh, which has an estimated population of over 50 lakh. To cater to such large number, the district has 310 branches of public sector, private, cooperative and foreign banks, 263 ATMs, 498 Common Service Centres (CSCs), 20 Insurance, 28 micro-finance and 19 Non-Banking Financial Company (NBFC), which were examined and studied in the survey.

The result of the in-depth banking survey not only exposes the security loopholes in banking institutions but also shows a way forward to improve the existing infrastructure and strengthen banking security.  The survey was done on the following parameters – physical security, electronic/information security, bank employees’ security awareness training and education and customers’ awareness.

The survey was done with the help of local police and district administration.

KEY FINDINGS:

Crime record shows that about 40 per cent of the frauds in the country take place in the banking sector. Despite dealing with millions of customers spread across the country banks and other financial institutions fails to follow basic security protocols.

CCTV: The420-Root64 survey shows that out of 310 bank branches and 263 ATMs in the district CCTV cameras are installed in 304 branches and 257 ATMs. Banks are yet to get 100 per cent CCTV coverage of their area.

A majority of banks which has CCTV cameras are basic in nature. They do not have a night vision feature or clarity which can help in the monitoring.

Most of the banks have installed CCTV cameras inside their premises, but in maximum cases criminal activities are planned outside the branch where cameras are not installed.

Recording of CCTV or DVR should be placed in a safe location so that it is out of reach from criminals during an emergency. In many cases, criminals break the CCTV cameras and take way DVR which stores footage from cameras.

CCTV camera display screen should be placed in a separate chamber so that police can check whole activities and can keep an eye on suspicious activities.

Guards: Shockingly, less than 50 per cent bank branches has armed guard and little over 10 per cent banks have unarmed guards. The survey shows that only 128 bank branches have guard with arms and unarmed guards are at just 34 banks.

Similar is the situation at ATMs where on 13 machines have armed guards and 103 ATM centers have unarmed guards. With increasing cases of banking fraud at ATM machines and jacking of ATM booths such low number of security is alarming.

Security guards deployed are mostly engaged in helping customers in filling of vouchers and other activities apart from bank’s security.

Siren: Only 296 bank branches have installed siren which is used in case of any emergency. 14 bank branches have not installed it yet. Shockingly, no ATM machines in the district has the feature of siren installed.

Bank alarm panic system should be based on app-based system, which will inform concerned police station immediately through its computer application once it is pressed. Intrusion alarm should be checked periodically to verify if it is functional.

Fire Alarm: The survey shows that only 215 bank branches have fire alarm installed while none of the ATM booths has this feature. So in case of fire, chances are high that the cash deposited with the bank faces a risk of getting destroyed.

Smoke Detector: The ground reality is worrying as only 125 branches and two ATM machines have the facility of smoke detection. The lack of this basic feature can not only increase the risk of money being destroyed but could lead to loss of life.

Physical structure: Several times bank walls, doors are older and dilapidated. It was observed that bank branch shutter is either fully opened or half-opened even after the cutoff time of cash withdrawal or cash deposit.

Information security management: The surveying team found several lapses in data and information management at the banks. There is no access control as anyone in the bank can get hold of crucial and vital banking information.

The user id and password of a few bank employees that gives access to customers’ bank account are available to most of the bank staff and can be misused. Bank staff at times leaves their computer or go on a break without logging out their system which exposes the crucial customers’ data and increases the risk of banking fraud.

The survey found that bank managers and employees have an elementary knowledge of cybersecurity. Periodical training and awareness the program should be done for bank employees.

Similarly, no education or awareness campaigns were done by banks for their customers’ result of much many feel uncomfortable while performing digital banking transactions. This is also among the top factors behind increasing cases of banking fraud.

Cash Vans: Cash logistics vans operators are not abiding by security guidelines issued by the RBI. There is a clear instruction by the apex bank on types of transportation, security system but private agencies are not following it. CMS and SIS are among the prominent service providers.

Most of the cash vans have one guard who is either 50 years or more, which is unfavorable for its security. Arrangement of GPS, CCTV (internal and external) and its storage/DVR in cash van should be done which is missing. There have been many instances of robbery and theft from the cash van

Mobile Number of Police Officer should be mention on the vehicle of bank or cash van also security guards should have their mobile number.

Mobile Number of security guards on cash van should be attached to emergency service number 112 so that they can be helped immediately in case of emergency after recognizing them.

EXPERT OPINION –

Cyber crime expert Amit Dubey

Cyber crime expert Amit Dubey

    “Result of first comprehensive banking security survey is alarming. There are loopholes on several ends which needs immediate attention of banks. If these gaps are not filled, it will only lead to increasing cases of banking and financial fraud. The survey is an eye-opener of the banking sector,” said Amit Dubey, chief mentor, Root64 Infosec Research Foundation

“There are guidelines and recommendations that need to be strictly followed. Awareness, education and training of bank employees and customers hold the key to success. Banks and financial institutions will have to carry extensive awareness program for employees and customers on data security and how to safeguard money,” said Amit Dubey

Questionnaire for the survey:

  1. Bank have CCTV Camera Yes [ ] No [ ]
  2. If yes then No(s) ………………………….……
  3. Type of CCTV Camera Dome Camera [ ] Bullet Camera [ ] PTZ Pan/Tilt & zoom camera [ ] Day Night Camera [ ] C-mount camera [ ] Infra/Night Vision Camera [ ] Network/IP Camera [ ] Wireless HD Camera [ ]
  4. Location of CCTV Camera Cash Counter [ ] Bank Entry Gate [ ] Chest [ ] Outside the Bank towards Road [ ] Branch Lobby [ ]
  5. Storage Capacity of CCTV Camera …….…………… Days
  6. Location of DVR ………………………………………………………
  7. Who Decides orientation of CCTV Camera? ………………………………………………………
  8. Who is responsible for maintenance and Cleanness of CCTV Camera? ……………….………….
  9. Frequency of maintenance and Cleanness of CCTV Camera ………………………………. Days
  10. Name of Technician of CCTV Camera :- Name……………………… Mob. No. …………………
  11. Name of Cash filling agency and mobile no. ………………………………………….…………….
  12. Does your bank ATM have electronic gate. Yes [ ] No [ ]
  13. Are the security guards at the ATM armed. Yes [ ] No [ ]
  14. Is Bank Alarm Working (Active)? Yes [ ] No [ ]
  15. Is Bank’s Fire Alarm System is working (Active)? Yes [ ] No. [ ]
  16. Who decides (Name of Agency) the Security system of Bank? :- RBI Guidelines [ ] Bank’s Internal Guidelines [ ] Local Branch Officer’s Guidelines [ ]
  17. No. of Security Guard’s in Bank ATM :- …………………………………………………….
  18. What time security guards are on duty in ATM – Only Day [ ] Only Night [ ] Day and Night[ ]
  19. Who decides your bank’s security budget …………………………………………………….
  20. What do the bank’s security guards do? Only bank security [ ] Guiding Customers [ ] Helping in Filling of Vouchers for Customers [ ] Helping other Branch Staff [ ]
  21. Bank have UID enrollment center in it Yes [ ] No [ ]
  22. Type of Ownership of Bank Building- Self Owned [ ] Rented [ ]
  23. Cutoff time of cash deposit/cash withdrawal
  24. Bank’s shutter is opened after cutoff time of cash withdrawal/cash deposit:- Fully Opened [ ] Half Closed [ ] Fully Closed [ ]
  25. No of ATM’s Linked with Branch ……………………………………………………….
  26. Location for Storage of CCTV/DVR of ATMs ………………………………….………………….
  27. Who checks the orientation of CCTV cameras in ATM and frequency of checking………….. Day
  28. Name of Concerned Agency/Officer for any communication/correspondence of the bank regarding security system: ………………………………………………………………..…………………….
  29. No. of Police Officers/Home Guards visit branch daily ………………………..……………………
  30. Your Suggestion related to bank security:- ………………………………………………………………………………………………………