To deal with problem of cyber crimes in the banking sector, the Reserve Bank today asked banks to set up committees to focus exclusively on information security management.

"For banks, as purveyors of money in physical form or in bits and bytes, reliable information is even more critical and hence information security is a vital area of concern," an RBI working group said.

The recommendations are on information security, e-banking, technology risk management and cyber frauds. The data and other informations are vital assets for banking operations.

The working group report said that since information security affects all aspects of an organisation, in order to consider information security from a bank-wide perspective a steering committee of executives should be formed.

It said an official of the rank of GM/DGM/AGM should be designated as Chief Information Security Officer.

The Group, under RBI Executive Director G Gopalakrishna, examined various issues arising out of the use of IT in banks and made its recommendations in nine broad areas.

These areas are IT Governance, Information Security, IS Audit, IT Operations, IT Services Outsourcing, Cyber Fraud, Business Continuity Planning, Customer Awareness programmes and Legal aspects.

With the advances in IT, most banks in India have migrated to core banking platforms and have moved transactions to payment cards (debit and credit cards) and to electronic channels like ATMs, Internet Banking and Mobile Banking.

Fraudsters have also followed customers into cyber space.

Cyber attack mechanisms are phishing, keylogging, spyware or malware and other internet-based frauds targeted at banks and their customers.

The Group was constituted after the April 2010 monetary policy.

RBI said that the banks need to ensure implementation of basic IT organisational framework and put in place policies and procedures which do not require extensive budgetary support, infrastructural or technology changes, by October 31, 2011.

"The rest of the guidelines need to be implemented within period of one year unless a longer time-frame is indicated," it said.

The apex bank would review the progress in implementation of the guidelines.