Question : CYBER FRAUDS IN BANKS



(a) whether incidents of cyber fraud are on the rise in the country particularly in net banking/debit/credit card frauds including withdrawing money by cloning of credit and debit cards;

(b) if so, the number of such cases reported by the Public Sector Banks (PSBs) to Reserve Bank of India (RBI) and the amount involved therein along with the losses incurred to banks as a result thereof during each of the last three years and the current year, bank-wise;

(c) the details of the amount that has become Non- Performing Assets of such PSBs during the said period due to the said frauds, bank-wise; and ;

(d) the steps taken/proposed to be taken by the Government to check the fraudulent use of credit /debit cards and online transactions and to bring cyber security in banks?

Answer given by the minister


THE MINISTER OF FINANCE (SHRI PRANAB MUKHERJEE)

(a) to (d) A statement is laid on the table of the House.

Statement as referred In reply to part (a) to (d) of Lok Sabha Starred Question No.68 for 25.11.2011 regarding Cyber Frauds in Banks

(a) and (b): As per data submitted by Public Sector Banks to Reserve Bank of India (RBI), the incidents involving Debit Cards, Credit Cards, Internet Banking and ATM Frauds have increased during the three calendar years 2008-2010 and current year up to Sept., 2011 as shown below:

(Amount Rs. in lakhs)
SI.No.	Calendar Year	Total cases	Amount Involved.	reported
1. 2008 55 117.24
2. 2009 97 105.81
3. 2010 155 369.81
4. Till Sept., 2011 92 573.04

A statement containing details of number of cases of ATM/Credit/Debit Card and internet Banking frauds during last three years, and current financial year and amount involved, bank-wise is placed at Annex.-I.

(c) The details of NPAs in credit cards (consolidated) pertaining to all Banks during the last three years and current financial year upto Sept., 2011 is as under:
Data on Credit Card outstanding and Impaired credit pertaining to All Banks and PSBs
(Rs. Crores)
Month All Public Sector Banks Year Banks `A` `B`- Share of `C`- `D`- Share of Retail- Retail- `A` in Retail- Retail- `C` in `D` Impaire Outstan `B` in % Impaired Impaire in% d Credit ding Credit d Credit Card Credit Card Card Recelva Card Receivabl Receiva bles Receiva es bles bles March 5094 29941 17.01 59 346 17.09 2009 March 3653 21565 16.94 46 330 13.85 2010 March 2946 18655 15.79 55 341 16.11 2011 Septem 2660 20238 13.15 52 422 12.22 ber 2011

Source: Latest updated OSMOS database (Domestic Operations)/Bank-wlse details are at Annex.II

(d) RBI as a part of its supervisory responsibilities has taken various measures to prevent bank frauds and in this process has issued, from time to time guidelines on internet banking frauds to all scheduled commercial banks, as summarised below:

(i)RBI(DBS) caution circular dated 16.2.2006 on phishing attacks1 advising banks and customers about the modus operand on such attacks and minimum set of preventive/detective measures to tackle phishing attacks. (ii) RBI(DBS) circular dated 22.2.2006 on `security arrangements for ATMs of banks`. (iii) RBI(DBS) circular dated 26.6.2006 on `preventive measures to combat frauds relating to skimming or duplicating of debit cards1. (iv) Master circular dated 2.7.2007-Consolidated guidelines in the operation of credit cards. (v) RBI(DPSS) circular dated 18.2.2009 on `security issues and risk mitigation measures relating to online card transactions using credit/ debit cards` effective from 1.8.2009.(vi) RBI(DPSS) circular dated 23.4.2010 `regarding extending the system of additional authentication/validation to all cards not present transactions to IVR transactions` also effective from 1.1.2011. (vii) RBI(DBOD) circular dated 7.12.2010 on the issue of `Money Mules`,(viii) RBI (DPSS) circular dated 29.3.2011 advising banks to put in place a system of online alerts for all type of transactions irrespective of amount involving of usage of cards at various levels latest by 30.6.2011. (ix) RBI(DBOD) master circular dated 1st July, 2011 on `credit card operations of banks1 suggesting setting up of internal control systems to combat frauds and to take proactive fraud control and enforcement measures.

Besides above RBI (DBS) has also circulated on 29.4.2011 the recommendations of a Working Group on `information security, electronic banking, technology risk management and tracking cyber frauds` which was set up by RBI in 2010. The Group among its various recommendations have also suggested that chip based cards may be used as an alternative to magnetic strips card based as a measure to counter the risk of skimming of ATM cards.