ICICI Bank gets a Rs 12.85 lakh lesson in e-security -Governance Now

ICICI Bank gets a Rs 12.85 lakh lesson in e-security

Decision in the first case under Information Technology Act

PTI | April 13, 2010

An adjudicator under the Information Technology Act has directed ICICI Bank to pay Rs 12.85 lakh in compensation to an NRI customer who lost Rs 6.46 lakh due to fraudulent access to his bank account.
"The bank failed to put in place a foolproof internet banking system with adequate levels of authentication and validation," PWC Davidar, Tamil Nadu IT secretary and adjudicator under IT Act for the state, said in his ruling.

The order came on a complaint filed by Umashankar Sivasubramaniam who claimed he received in September 2007 what appeared to be an e-mail from ICICI Bank, asking him to reply with his ICICI Internet banking username and password.
Sivasubramaniam replied as asked and found subsequently that Rs 6.46 were withdrawn from his ICICI bank account.
It transpired then that the sender of email had used a false ICICI bank identity to get Sivasubramaniam to reveal his username and password in order to defraud him. Such an email fraud is known as ‘phishing’ in technical parlance.

Davidar found ICICI Bank guilty of failing to ensure that fraudsters were not able to fake bank’s identity in sending emails to customers and not authenticating the identity of the person who accessed Sivasubramaniam’s bank account.
There was no way by which customers could identify an e-mail as not being from the respondent bank (ICICI); the bank could have obtained a digital signature for the officer responsible for communicating with customers, thereby providing a layer in authentication of such mails, Davidar observed.
There appeared to be no effort of that nature by ICICI, he said, adding that access to the petitioner’s account details "reflects very poorly on ICICI’s systems and procedures in the event of a customer facing this situation."
It happened to be the first case filed in the country under Information Technology Act.

ICICI Bank has sought to reassure customers that their internet banking is fully secure and said they will appeal the ruling as the fraud was the result of the callousness of the customer (See the comment posted below on behlaf of ICICI Bank. Though GovernanceNow cannot be sure that it is from a bonafide, authorised officer of ICICI, we are publishing it in good faith.)

Comments

Other News

What the US–Iran peace deal means for India

After months of rising tensions, the United States and Iran have reached a memorandum of understanding called the "Islamabad Agreement." This agreement allows for the immediate reopening of the Strait of Hormuz without tolls and provides Iran with relief from sanctions, depending on its complianc

V. M. Tarkunde: A legal luminary par excellence

14 Lawyers: Portraits from The Bar By Raju Ramachandran Juggernaut, 248 pages, Rs. 799

The Cost of Obesity

The latest episode of Checks and Balances focuses on the ticking time bomb of obesity in India, and Geetanjali Minhas of Governance Now spoke with a panel of experts. You can watch the episode here: https://youtu.be/mH

US-Iran deal: Path to peace or prelude to deeper regional quagmire?

In the midst of deep mistrust, the US and Iran are reported to have reached a framework deal for ending the West Asian conflict. But whether it will result in any meaningful breakthrough or pave the way for any lasting peace in the region, is in the realm of speculation. During

Lived life, philosophy, spirituality and other enigmas

The Ashes Are Warm: Memories of a Lifetime Spent with UG Krishnamurti By Mahesh Bhatt and Sunita Pant Bansal Rupa Publications, 384 pages, Rs 495

In Varanasi, fringe expansion vs. core heritage

For centuries, the urban framework of Varanasi was defined not just by its relationship with the sacred Ganga but by its multifaceted network of urban commons. Historic kunds, seasonal talabs (ponds), and open maidans served as the city’s basic ecological infrastructure. Th