Phishing in India: The onus of prevention now lies with banks

With increasing adoption of internet banking in India, internet frauds including phishing has been on the rise. An April 2010 judgement on a phishing case filed by a victim of phishing against ICICI bank went against the bank. This was a landmark case for many reasons: • This was the first phishing case filed under the relatively new Information Technology Act 2000 (though there are some phishing cases lying with consumer courts across the country) • The adjudicator (Tamil Nadu IT secretary) not only dismissed the bank’s plea of negligence on behalf of the aggrieved customer and ordered the bank to compensate him for the entire loss of money but also chided the bank for its lack of due diligence and even ordered the bank to compensate for the trauma suffered by the customer and his legal and travelling expenses. This judgement clearly puts the onus of prevention of phishing on banks (unless a higher court reverses it) In his judgement, the adjudicator gave the following reasons for favouring the customer: • The bank did not authenticate its email to customers with Digital Signatures (which is against RBI guidelines) • The money was transferred to an account which had been in debit for 2 years and encashed through issuance of self cheques. Failure to identify a major transaction on an overdraft account is evidence of negligence and lack of due diligence by the bank • The bank’s failure to retain CCTV record (as per Know Your Customer norms) is another evidence of negligence by the bank The reasons put forward by the adjudicator clearly highlight the problems with internet banking in India. In spite of RBI rules and guidelines, digital signatures are hardly used, KYC norms are often not adhered to and due diligence and fraud prevention systems are missing in arsenal of Indian banks to fight online fraud. The judgement has thereby been hailed as a wake-up call for the banks. However absolving the customer of all charges of negligence in a phishing case may have wider repercussions. Even if digital signatures are used by a bank in its communication with customers, it is ultimately upon the customer to check for the digital signature each time an email arrives from the bank. If an email comes from a fraudster and the customer does not even check whether it has a digital signature and divulges his login details, then it is negligence on part of the customer. Hence, the solution to phishing is not just better technology and due diligence by banks but better customer education. Just as everyone knows that a signature needs to be authenticated in a paper cheque; similarly everyone needs to know that digital signature needs to be authenticated in electronic communication. This is not an easy task in India, where everyday a large number of people with very basic knowledge of internet are starting to use internet banking. ICICI Bank has runs campaigns through emails to customers, on its website and through large advertisements in major newspaper about the dangers of phishing which explicitly warn customers not to divulge account details in links sent through emails as ICICI would never send such emails. If all liability in case of a phishing loss is transferred to banks, customers will inherently not be careful in their online transactions (the problem of moral hazard). Similarly if banks are not also held responsible for phishing, they will have no incentive to invest in better systems. Hence losses arising out of phishing needs to be shared by both the customer and the bank, depending upon the level of negligence of each.

Home loans: Major contributor to retail banking segment in India

Banks experienced single digit growth in home loan sector during last couple of years due to shock wave and post crisis effects from developed financial markets. However it did not take long for top 10 banks in India to accelerate the growth to hit 13.8 percent during 2009-10. Though the industry average for home loans remained at 8 percent, major players have experienced astonishing growth rates like SBI (32%), HDFC (74%) and Axis bank (41%). Home loans have been one of the rapid growing segments in retail banking in India. Banks are adopting teaser home loans wherein the bank offers fixed interest rates for the first couple of years and then switch to floating rates thereafter. While SBI initiated this scheme in August 2009 and was followed by other public and private sector banks. SBI offered homes loans at 8% in the first year, 8.5% in the second and third year. After 3 years the loan, it will be automatically converted and calculated on floating rates depending on the prevailing interest rate in the market. While banks are rolling out new schemes to offer and attract customers, teaser loan is the flavor of the season; this however depends on the liquidity of banks to offer fixed and floating interest rates despite market volatility and without affecting the net interest margin of banks.

Lok Adalat: The road to efficient dues recovery

Dues recovery for loans, credit cards and cheque bounces by banks in India has always been a dicey issue. Filing civil cases in India’s over burdened courts leads to prolonged litigation and inordinate delay. Hence banks employ collection agencies who sometimes use coercion or other quasi-legal methods which have been frowned upon by Indian courts. In such a scenario, Lok Adalats have presented a viable alternative for dues recovery. Lok Adalat (People’s Court) is an Alternative Dispute Resolution (ADR) mechanism in India for compoundable offences which are organized by the government and presided over by a judge or a person of respect with legal knowledge. A bank which has a large number of outstanding cases in the normal courts, can request the Legal Service Authority of a state to organize a Lok Adalat especially for the unresolved cases, the cost of which is generally borne by the bank. The advantages of Lok Adalat are: • It resolves disputes through negotiation and compromise in an informal atmosphere. If a compromise cannot be reached it is sent back to the normal court • Technical legal procedures are not strictly followed and hence the process is much quicker than normal courts. A Lok Adalat in January in Chennai this year disposed of 226 cases and recovered a whopping Rs.11.2crore (approx USD 2.4mn) on a single day. • No requirement of court fees or a lawyer and hence cheaper • Any decision by a Lok Adalat is fully enforceable by law and cannot be appealed against Indian banks have increasingly turned to Lok Adalats for dues recovery. The trend, which was started by public-sector banks like the State Bank of India, Bank of Baroda and Central Bank of India, has been adopted by private banks like ICICI as well. Public response has been extremely positive towards this mechanism as it is easier to resolve these issues via Lok Adalats rather than letting them linger on in normal courts and facing collection agents. The easier and quicker redressal of cases, more favourable terms of settlement (than would be possible in a normal court) coupled with the legal validity and enforceability of Lok Adalat decisions have made people adopt Lok Adalats. Lok Adalats have been hugely successful not only in metropolitan cities like Delhi and Chennai but also in smaller cities. With the increasing success of Lok Adalats, Lok Adalats have expanded in terms of size and technology use. ICICI organized a “digital” Lok Adalat in Delhi for 100,000 cases. It was organized across 5 district court compounds which were connected to a centralized server through which the case facts could be accessed and the resolution be electronically sent to the concerned judges. It is not that Lok Adalats have an unblemished track record – they have been somewhat of a failure in Mumbai – but Lok Adalats have offered a viable alternative to banks for dues recovery and it is likely to be adopted by more banks in future.

Necessity is the Mother of Implementation

Banks in India were a late entrant to the core banking wave, but have mostly caught up to the rest of the world. The advent of private banks, due to liberalization, increased the competition and forced many Public Sector Unit (PSU) banks to upgrade their legacy systems to support and service customers effectively. State Bank of Patiala was one of the first PSUs to function fully on a computerized infrastructure in 2005. Since 2005, a lot of PSUs such as State Bank of India and associates, Andhra Bank, Corporation Bank, Indian Bank, Oriental Bank of Commerce, Punjab National Bank, Syndicate Bank, Vijaya Bank and Union Bank of India have completed 100% core banking implementation. However, as of October 2009, there are still a number of PSUs like Allahabad Bank, Central Bank of India, Canara Bank, Dena Bank, UCO Bank, United Bank of India etc. who have not implemented core banking completely. There has been no deadline set by the Reserve Bank of India. However, the incentive to implement full computerization and core banking system has surprisingly come through an external necessity, namely the unique identification number (UID) scheme that is to be launched in 2010 across the country by the Government of India. With the scheme, the Government of India is planning to issue over 600 million UIDs over 5 years and the PSU banks have been nominated as sub-registrars for issuing the UIDs. And only core banking compliant banks are eligible for UID, which will help banks to leverage this to attract unbanked populations in the rural regions. The financial inclusion will be a major area of focus for all the banks in the years to come and the necessity to be a part of the UID scheme has forced the laggard banks to implement their core banking systems by mid 2010, when the Government of India launches the pilot phase of issuing UIDs. With the informal deadline soon approaching, will the banks be able to meet it? The banks will nevertheless be pushing hard to ensure that they become a part of the process, lest they want to miss a good opportunity to grow.

SEBI succeeds in curbing ULIP threat to Mutual Funds

The Securities and Exchange Board of India (SEBI), India’s capital market regulator has succeeded in achieving its underlying objective in the recent row with the insurance regulator, Insurance Regulatory and Development Authority (IRDA). The removal of the front-load commissions for mutual funds by SEBI in mid-2009 had led to an environment in which the mutual funds were at a disadvantage against the insurance companies’ unit linked insurance plans (ULIPs), which had a large investment component. For ULIPs, the commissions for the agents continued to be high, at times more than 40% for the initial installments. As a result, there was mis-selling (over-selling and resorting to unfair practices) on part of the insurance agents. By raising the issue of its role in the regulation of the investment component of the ULIPs, SEBI ensured that the IRDA was forced to take action to prevent SEBI from encroaching into its domain of insurance regulation. In the end, IRDA had to increase the insurance component of ULIPs and also to create disincentives for people who were investing in ULIPs for a period of less than five years. Also, the commission structure of ULIPs had to become more transparent to prevent mis-selling. The two main beneficiaries of this action have been the mutual funds that have regained their pre-eminence as a tool for investment, and the consumers who are enjoying more transparency in ULIPs than earlier, albeit at the cost of fewer choices, as the ULIPs are no longer directly competing with mutual funds. There are some important issues that have been raised by this entire episode. The main one is that there needs to be a redressal mechanism through which the regulators can solve problems with each other. The ULIP episode has been a highly long-drawn public affair that caused a lot of confusion for the investors and companies alike. The insurance companies’ revenues due to ULIPs will also suffer as there would be less investment in them now. Furthermore, the episode does not reflect well on the reputations of the regulators or the Ministry of Finance. There were contradictory signals coming from the ministry as the Finance Minister referred the matter to the courts, but the his Minister for State supported the IRDA’s case in a written reply to the Upper House. The early stage of development of financial regulation in India means that there will be more turf wars. The government is possibly trying to create the infrastructure for their quick resolution through the creation of the Financial Stability and Development Council (FSDC). Whether it is through the FSDC or some other means, it is important to lay down clear guidelines to be followed. Otherwise the Indian financial markets would more and more resemble the Wild West, entertaining for sure, but too chaotic to make sense of. This issue has been dealt with in greater detail in a recent Celent report: Capital Market Regulation in India: Turf Wars Inevitable?

Welcome to Celent’s Asia Blog

Celent is continually looking for ways to better connect and interact with the financial and technology communities. Continuing in the tradition of Celent’s industry-specific banking and insurance blogs, we are now launching a blog focused on issues in business and technology strategy in the Asian financial services. Welcome to Celent’s new Asia blog. From the beginning, a differentiator at Celent has been our coverage of financial and technology issues from a global perspective. As part of this commitment, over the past few years, we have been ramping up our research on Asia and India. We have now built up quite a substantial library of research on these regions, which we think is pretty unique. Building on this, we have recently also launched two new research services, one focused on India, the other focused on the rest of Asia. These services essentially bundle reports from our banking, securities & investments, and insurance services into regionally-focused services aimed at firms seeking cross-vertical competitive information on Asia and India specifically. And now the Asia blog. We have a baker’s dozen of analysts ready to lob commentary on what we see developing in the region, as well as on Celent’s activities. We think you will find our essays informative and stimulating. And we encourage you our readers to participate in the feedback loop by sending us your comments and questions. The goal is to create an active dialogue on the evolving financial services and technology markets in India and Asia.