ICICI Bank gets a Rs 12.85 lakh lesson in e-security

Decision in the first case under Information Technology Act

PTI | April 13, 2010



An adjudicator under the Information Technology Act has directed ICICI Bank to pay Rs 12.85 lakh in compensation to an NRI customer who lost Rs 6.46 lakh due to fraudulent access to his bank account.
"The bank failed to put in place a foolproof internet banking system with adequate levels of authentication and validation," PWC Davidar, Tamil Nadu IT secretary and adjudicator under IT Act for the state, said in his ruling.

The order came on a complaint filed by Umashankar Sivasubramaniam who claimed he received in September 2007 what appeared to be an e-mail from ICICI Bank, asking him to reply with his ICICI Internet banking username and password.
Sivasubramaniam replied as asked and found subsequently that Rs 6.46 were withdrawn from his ICICI bank account.
It transpired then that the sender of email had used a false ICICI bank identity to get Sivasubramaniam to reveal his username and password in order to defraud him.  Such an email fraud is known as ‘phishing’ in technical parlance.

Davidar found ICICI Bank guilty of failing to ensure that fraudsters were not able to fake bank’s identity in sending emails to customers and not authenticating the identity of the person who accessed Sivasubramaniam’s bank account.
There was no way by which customers could identify an e-mail as not being from the respondent bank (ICICI); the bank could have obtained a digital signature for the officer responsible for communicating with customers, thereby providing a layer in authentication of such mails, Davidar observed.
There appeared to be no effort of that nature by ICICI, he said, adding that access to the petitioner’s account details "reflects very poorly on ICICI’s systems and procedures in the event of a customer facing this situation."
It happened to be the first case filed in the country under Information Technology Act.

ICICI Bank has sought to reassure customers that their internet banking is fully secure and said they will appeal the ruling as the fraud was the result of the callousness of the customer (See the comment posted below on behlaf of ICICI Bank. Though GovernanceNow cannot be sure that it is from a bonafide, authorised officer of ICICI, we are publishing it in good faith.)

 

Comments

 

Other News

PM Modi to inaugurate Navi Mumbai International Airport

Prime minister Narendra Modi will inaugurate key infrastructure projects in Maharashtra on October 8–9 including the much-anticipated Navi Mumbai International Airport (NMIA). He will also host his UK counterpart, Sir Keir Starmer, who is visiting India for the first time since taking office.

Bihar to vote on Nov 6, Nov 11

The much-awaited Bihar elections will take place in two phases, on November 6 and November 11, and the results will be announced on November 14, the Election Commission of India (ECI) announced on Monday. Meanwhile, bye-elections to eight assembly constituencies in J&K, Rajasthan, Jharkh

Master novelist explores fleeting nature of truth

Ian McEwan’s latest novel, What We Can Know, is a profound meditation on memory, environmental culpability, and the limits of historical inquiry, wrapped in the guise of a literary detective story. Set against the bleak backdrop of a post-‘Derangement’ twenty-second century, the

Philanthropy: From cheque-writing to systems change

There was a time when philanthropy in India meant two things: generosity and immediacy. You saw a problem, wrote a cheque, and a life was eased. That impulse is pure and indispensable. But increasingly, many of us who have been gifted the capacity to give are asking a different question: how can my giving

How the world observes Gandhi Jayanti as Day of Non-Violence

October 2 is celebrated as Gandhi Jayanti and globally as the International Day of Non-Violence, as declared by the United Nations – a dual tribute that reflects both national pride and global respect for the Mahatma. The UN General Assembly adopted a resolution in June 2007 affirming

Deadline extended for exercising option under UPS to Nov 30

The Ministry of Finance has announced an extension of the deadline for eligible individuals to opt into the Unified Pension Scheme (UPS). The revised deadline is now November 30, 2025. The Unified Pension Scheme, implemented on April 1, 2025, allows eligible existing employees, past retirees

Visionary Talk: Amitabh Gupta, Pune Police Commissioner with Kailashnath Adhikari, MD, Governance Now





Archives

Current Issue

Opinion

Facebook Twitter Google Plus Linkedin Subscribe Newsletter

Twitter