Know the Law
Law School Corner
Lawyers & Law Firms
लाइव लॉ हिंदी
Know the Law
Law School Corner
Call for Papers
Law School Admission
Law School Cover Story
Law School Editors Pick
Top Corner Stories
Lawyers & Law Firms
Foreign Law Firms
Law School Corner
Lawyers & Law Firms
लाइव लॉ हिंदी
Banking System: Catching Up With The New Age Methods
31 May 2013 5:39 AM GMT
Your free access to Live Law has expired
To read the article, get a premium account.
Your Subscription Supports Independent Journalism
Subscription starts from
(For 6 Months)
Premium account gives you:
Unlimited access to Live Law Archives, Weekly/Monthly Digest, Exclusive Notifications, Comments.
Reading experience of Ad Free Version, Petition Copies, Judgement/Order Copies.
Already a subscriber?
Empowered by the Reserve Bank of India (
) Act, 1934 and the Payment and Settlement Systems Act, 2007, RBI has taken several initiatives in the recent past for ensuring development of technical and institutional infrastructure to meet the electronic payment system and banking needs of the country. With the increasing usage of mobile phones, mobile banking has become the latest banking method. In addition, for e-commerce transactions a gradual shift to cashless and online payments is happening in India. The banking and financial environment in India is changing and moving towards internet banking, online payments and e-banking, thereby compelling the regulatory bodies to react and provide secured environment for such transactions and the regulations to handle legal issues arising out of such electronic or mobile transactions.
The electronic payment system in India is burgeoning to match the international banking standards and cope up with the ever-growing challenges posed by the electronic systems. In this article, we will examine the most recent steps taken by regulators like RBI to simplify the vast banking regulatory system and increase its efficiency and how well prepared are the existing banking regulations to respond to the change in banking patterns.
Legal Basis for Secured E-banking
The e-banking system is essentially an extension of traditional banking and, therefore, the existing banking laws and regulations that are applicable to traditional banking also extend to e-banking activities. The RBI has taken several steps to secure electronic mode of transactions pursuant to section 58(2)(pp) of the RBI Ac, which reads as follows, “
the regulation of fund transfer
through electronic means between the banks or between the banks and other financial institutions referred to in clause (c) of section 45-I, including the laying down of the conditions subject to which banks and other financial institutions shall participate in such fund transfers, the manner of such fund transfers and the rights and obligations of the participants in such fund transfers.”
Further, the Information Technology Act, 2000 (
) granted legal recognition for transactions carried out by means of electronic data interchange. Though there are several risks involved in electronic transactions, yet the existing framework of law instills sufficient confidence in people to participate in electronic commerce in larger number.
The amendment to IT Act in 2008 introduced the concept of data protection through section 43A and imposed the obligation to follow reasonable security practices and procedures on all businesses handling sensitive personal data or information. This applies to banks and all such forums that deal in e-transactions. Further, the explanation to section 43A defines the “reasonable security practices and procedures.” The parties involved in e-business are at liberty to identify the best security practices, and incorporate them in an agreement between them. Banks and financial institutions have the liberty to adopt the best security practices to safeguard their transactions. Finally, section 72A of the IT Act addresses issues emerging from data sabotage, and imposes heavy punishment [up to three years or fine up to INR 500,000 (approx US$ 9,000) and in some cases, both] for the offenders.
Generally, the banking transactions are conducted at a higher 128 encryption bit at Secured Socket Layer which is specially secured for banking purposes. The section 3(2) of the IT Act provides for the usage of asymmetrical crypto system with hash function as a secured form of technology for electronic transactions in banks. Banks are supposed to have logical access controls to data, systems, application software, utilities, telecommunication lines, libraries, and system software. The logical access control techniques include creating user-ids, passwords, smart cards or other biometric technologies for operating in the system. Most of the banks in India are well equipped with these electronic gears.
Regulation for Mobile Banking
Generally, RBI issues directions for banks for effective commercial transactions. However, with the growing usage of technology in the banking system and especially the penetration of mobile phone and ever increasing usage of mobile phones for banking, the government decided to have a regulation governing the mobile operators to safeguard the commercial transactions conducted through mobile phones. Following recommendation of Inter-Ministerial Group on delivery of financial services through mobile phone that asked Telecom Regulatory Authority of India (
) to draw up guidelines to ensure high availability of associated communication services, the Mobile Banking (Quality of Service) Regulations 2012 (
) was issued. Under the Regulation, every access provider, acting as bearer, has to facilitate the banks to use SMS and interactive voice response to provide banking services to its customers and deliver the message generated by the bank or the customer within 10 seconds. This has to be delivered within two seconds for unstructured supplementary service data, which is generally used by operators to inform pre-paid cards users about their balance on a real-time basis. All the operators are already using these facilities and hence, do not have to make additional investments.
In order to get the benefit of banking services such as cash deposit, cash withdrawal, money transfer and balance enquiry, the Regulation provide that the customer should be able to complete the transaction in not more than two stages. The access providers have been mandated to maintain records of mobile banking messages for six months for audit purposes and that TRAI shall monitor the quality of services offered by the mobile operators on a regular basis. The network service quality parameters for cellular mobile telephone services as specified in the Standards of Quality of Service of Basic Telephone Service (Wireline) and Cellular Mobile Telephone Service Regulations, 2009 (7 of 2009) has been made applicable to all mobile banking messages.
Further, every access provider has been provided with the obligation to protect the privacy and security of mobile banking communication and ensure the confidentiality of end-to-end encryption, integrity, authentication and non-repudiation of such communication in accordance with the standards certified by International Telecommunication Union or European Telecommunications Standards Institute or Telecommunication Engineering Centre or international standardization bodies such as Third Generation Partnership Project or Third Generation Partnership Project 2 or Internet Engineering Task Force or American National Standards Institute or Telecommunications Industry Association or Interim Standard or any other international standard as may be approved by the central government.
The Regulation provides that three customer centric parameters that have been addressed therein includes, time taken to deliver error and success confirmation message, transaction update on the system on a real time basis and success of delivery of financial transaction messages. As far as security of the transaction is concerned, the crucial components are authenticity and authorization, integrity, non-repudiation, and confidentiality. The GSM/CDMA system architecture takes care of end-to-end encryption, authentication, authorization, integrity and non-repudiation, which are governed by international standard bodies.
Catching Up Yet Lagging
The RBI had issued a notification (RBI/2010-11/494; DBS. CO.ITC.BC. No. 6 /31.02.008/2010-11: “
Guidelines on Information security, Electronic Banking Technology risk management and cyber frauds
”) directing all banks to create a position of chief information officers as well as steering committees on information security at the board level. The notification examined various issues arising out of the use of information technology in banks and made recommendation in nine broad areas of IT governance, information security, IS audit, IT operations, IT services outsourcing, cyber fraud, business continuity planning, customer awareness programs and legal aspects. The notification provided guidelines which are fundamentally expected to enhance safety, security and efficiency in banking processes leading to benefits for banks and their customers. However, several banks are yet to implement these recommendations. Also, these banks have failed to train its staff regarding using the internet technological protection mechanism.
Further, the RBI has asked banks to provide a unique customer identification code to all its customers, which will help a bank to identify a customer, track the facilities availed, monitor financial transactions in various accounts, improve risk profiling, take a holistic view of the customer’s profile and smoothen banking operations for the customer. This will also help check e-frauds. Banks have so far failed to provide for higher encryption standards that could provide a more secure environment.
The mobile banking has opened a new channel for delivering services to banking customers, even in rural areas, and helps remove cumbersome and expensive paper processes. It is significantly cheaper and much more flexible. The RBI and TRAI have undertaken several steps to ensure the flexibility, reliability, security and stability of any electronic or mobile banking system. Moving ahead, the proposed Banking Laws (Amendment) Bill, 2011 addresses several of the pertinent issues but they are yet far from being sync with the everyday advancing electronic systems. More changes have been suggested in the aforesaid bill yet it will be pertinent to see how far it will address the relevant issues that still concern any electronic or mobile transaction.
Neeraj Dubey is a Principal Senior Associate with PSA Legal Counsellors. A corporate lawyer with over 9 years of experience, he routinely counsels manufacturing and service industry clients on a vast range of compliance in all elements of commerce and business including contracts, corporate governance, competition, labor & employment, health & safety, environment and taxation.
+ View more
[CARTOON] "It Is A Bridge Between Judiciary And Legislature": BCI Hails Ex-CJI Gogoi's Nomination To Rajya Sabha
COVID 19: Revised Default Trigger Under The Insolvency And Bankruptcy Code
United Nurses Association Move Supreme Court For Formulation Of National COVID19 Management Protocol [Read Petition]
Centre Modifies J&K Order To Extend Domicile Reservation To All Govt Posts [Read Order]
Advocacy- The Mantra Of Success: Justice N. Anand Venkatesh
SC Takes Suo Moto Case For Guidelines On Court Functioning Via Video Conferencing; Matter Listed Tomorrow
Amend SC Rules To Provide Video Conference Hearing Facility Even After Lockdown: Former SCBA President Writes To CJI [Read Letter]
The Micro, Small And Medium Enterprises Development Act, 2006 - A Subject Of Increasing Misuse
Allahabad HC Notifies Listing Schedule For Minor Bail Applications & Criminal Writ Petitions [Read Order]
Liquidation Value vis a vis Dissenting Financial Creditors: Aftermath Of Maharashtra Seamless And Orchid Pharma
लाइव लॉ हिंदी
[COVID-19] Limitation Of Fundamental Rights & Freedoms To Be Done "Only By Law": Kosovo Constitutional Court Holds Govt. Decision Restricting Movement Of Citizens Unconstitutional
'Reflects Public Sentiment & Beliefs': Singapore SC Upholds Law Criminalizing Homosexuality
[COVID-19] South Africa Constitutional Court Dismisses Plea Challenging 21 Day Lock Down
Uganda Constitutional Court Strikes Down Law Which Gave Wide Powers To Police To Prohibit Protests & Public Gatherings [Read Judgment]
Establishing Of New Saw Mills In Forest Not Allowed : Karnataka HC [Read Order]
'Ex Post Facto' Environmental Clearance Unsustainable In Law : SC [Read Judgment]
Environmental Compensation Can't Be Imposed Without Giving Notice To Violator: Delhi HC Asks CPCB Reconsider Order Against PWD [Read Order]
NGT Directs State/UT's To Have One District Environment Plan Ready In Three Months [Read Order]
Consultant Grade 2 (Law) Vacancy At National Financial Reporting Agency
Consultant (Law) Vacancy At National Financial Reporting Agency
Chairperson-cum-Member (Legal) Vacancy At Consumer Grievance Redressal Forum, Jamshedpur
Assistant Professor Vacancy At Mangalayatan University, Aligarh
Consultant Vacancy At Ministry Of External Affairs Headquarters
+ VIEW MORE