In one of the biggest banking security breaches in the country, it has come to light that nearly 3.2 million debit cards had been put at risk of fraudlent transactions after cyber criminal, who are assumed to be operating out of China, sole customer data from Indian ATMs.
While Indian banks have been busy assuring customers that their accounts are safe and that their systems are secure from attacks by cyber criminals, what additonal protection can banks and their customers have against possible losses arising out of such breach?
FeMoney spoke to Sushant Sarin, Senior Vice president, Commercial Lines of Tata AIG General Insurance, to understand whether one can take insurance cover against losses arising out of cyber crimes. Here are excerpts:
What are the liabilities of banks if customers’ accounts are compromised with loss of money through cyber crimes such as the recent one where Indian bank customers’ data were stolen from ATMs?
Without going into the position under different laws such as the Banking Regulation Act or Consumer Protection Act, a simple way to look at it is that if there is an error or omission on the part of the service provider i.e. a bank which has resulted in financial loss to a customer, it is the responsibility of the service provider to make good the loss suffered by the customer.
Are existing bank accounts protected for such loss? What should a customer do to recover loss if they notice that their accounts have been breached?
Generally, banks do take insurance to secure themselves and their customers against financial loss arising from cyber crime. Customers should immediately notify their bank of the unauthorised transactions and ask for these to be reversed. Depending upon the situation, a FIR may be lodged by customers or by the bank.
Can banks and their consumers take insurance protection against such attacks?
Yes. There are comprehensive insurance covers available for banks to protect themselves against cyber attacks, including Tata AIG’s Cyber Risk Protector Insurance policy, which provide the following cover:
* Third party liability arising from an unauthorised disclosure of confidential, personal or corporate information
* Legal fees incurred and fines resulting from regulatory investigations following such data breach,
* Cost and expenses of forensic experts to determine if a breach of network security has happened or is happening and how best to deal with it,
* Costs of notifying data subjects of the unauthorized disclosure of their confidential information,
* Fees of PR consultants and lawyers to help protect the reputation of the Insured and its data officers,
* Cost of monitoring services to prevent and contain misuse of the confidential information,
* Cost of recreating restoring lost data.
The cover can be extended to include:
* Liability arising from breach of IPR (other than patents), or defamation
* Cost of dealing with cyber extortion,
* Loss from business or network interruption,
* Computer fraud (to address the risk of cyber-crime)
What precautions should bank consumers take to guard against such loss?
Consumers should keep their pin numbers secure and not share these with others or record them here and there. One should avoid using public wifi while making financial transactions. ATMs at banks are generally more secure than those at stations or other public places; therefore using ATMs at banks should be preferred.