According to HSBC India Head Global Payments & Cash Management Arjun Bambawale: "As payments increasingly become electronic, banks and financial institutions, business, government and consumers are the ones who will be impacted the most."
Global e-Secure Ltds COO Rajeev Wadhwa said that there are two specific types of security threats - human and natural. Human threats are basically from outsiders (the hackers) or insiders (disgruntled employees, ignorant employees accident). Mr Wadhwa added that RBIs guidelines for Internet banking states that banks should have a security policy approved by Board of Directors, there should be an introduction of logical access control systems using Tokens, Smart Cards, Biometric devices etc. Banks will have to ensure server authentication using Digital Certificates issued to clients. The products will have to be compliant with domestic foreign exchange regulations, inter bank payment gateways should be set up and there should be a mandatory disclosure of risks in internet based dealings.
Authentication, access control and confidentiality said Mr Wadhwa, are facilitated through PKI. In addition to this, PKI would ensure online banking in a secure environment for the customers, a back-end tie-up with online shopping extending banking domains, strengthening of interbank transactions and lower transaction costs, without sacrificing trust.
Prof H Krishnamaurthy from the Indian Institute of Science Bangalore touched upon the concerns of network performance.
He said that deployment of innovative customer service is important but this would require a proper network infrastructure. Network architecture is one of the components of the total solution architecture. What is required is that it be robust and mature and fault tolerant. The other requirements are security, Quality of Standards (QoS) and confirmation to standards.
Computer Associates India National Manager Security Business (India & SAARC) Mr Vaidyanathan Iyer added that the trend in banking is e-banking. There is a need to safeguard data and for security needs to be seen as a process.