Select Your Location
As we all know that banks possess a large amount of personal and financial data about their customers, and with today’s technology, the information and data can be accessed by anyone who has the permission to access it. It is crucial that these data are secure. This article sheds light on the aspect of data protection in banking.
The rise of many financial innovations has caused many changes over the last few days years like wire transfers, debit and credit cards, internet banking, mobile payments, etc. Banks have required constant updating of their systems in order to keep up with these changes. Moreover, when implementing new technology, they have to transform their processes to provide security.
The banking regulations have also constantly changed as per the requirements of the modern banking system. Banks deal with sensitive customer data that must be protected and secured from being exploited by anyone. The banks require securing the customers-facing end of banking process and internal process involving their employees etc.
Banks are governed by the Information Technology Act 2000, which was amended in 2008. The amendment provides for provisions that banks must adopt reasonable security practices with regard to their databases. The IT Act provides that the customers of a bank can obtain compensatory relief for losses owing to any data leakage or any unauthorized disclosure of information by the banks.
Banks are one of those sectors that run the risk of privacy violations due to the sensitive and personal nature of the information that is stored, exchanged, and recorded. Banks deal with a large amount of customer data, and they are common targets for cybercriminals and malicious internal players.
The exploitation activities have become more sophisticated and more dangerous; therefore, a robust data protection system must be in place. In case where there is no in-depth defense strategy, one would be highly vulnerable to getting breached.
Banks handle a massive amount of Personal Identifiable Information (PII) and Personal Credit Card Information; therefore, there is a need for increased security and proactive security. An increase in digitalization means more vulnerability of banks for the data breach. This may be a bitter pill to swallow, but the banks need to be prepared for such instances.
In the case of Punjab National Bank vs. Rupa Mahajan Pahwa, in 2008, the bank was charged with issuance of duplicate passbook of a joint saving bank account belonging to a husband and wife being maintained with operational instructions to an unauthorized person.
It was held that the bank is accountable for the disclosed information, and thereafter the bank was charged with a fine and was asked to look into the conduct of the officials who were providing the sensitive information to the unauthorized person.
Here we find that a bank employee provided personal information to an unauthorized person. It brings us to the question if there is a need for a stringent privacy regulation that requires the employees to go through training on privacy procedures. Even if any personal information of a customer is disclosed, then prior notice must be given to the customers, and specific guidelines must be laid down that provides for cases where such information can be disclosed for strengthening the case for data protection in banking.
When it comes to protecting their data, banks must follow a 360-degree approach. This means protecting the customer-facing end of banking and internal process.
Here are some of the ways through which banks protect the data:
Authentication requires that for every transaction, the identity of the person initiating such transaction must be confirmed. This shall apply to customers using online banking to log into their accounts, those visiting the bank branches, and those using credit or debit cards. It shall also apply to employees of the bank who have access to customer’s data. Earlier authentication required an ID and a password/pin only, but these days banks use two factor and multi-factor authentication to know that the person is the one who he or she claims to be.
The banking history of a person is available in the form of statement or passbook, but additionally, banks maintain an audit trail for every event that transpires during a person’s interaction with systems. The time and details of the interaction are recorded whether a person is using mobile banking or online banking. This data is backed up on a daily basis and is never purged fully but archived.
Secure infrastructure means the database system and server where the data is stored, and the boundaries are drawn to secure it. Production data is encrypted in any core banking setup. Access to the production system is restricted. Bank employees are provided special equipment that blocks access to social websites, personal e-mails, etc.
In the past, banks have used different processes to ensure that security is tested and implemented. It includes KYC (Know your Customer), NDA (Non-Disclosure Agreement) for employees, remote data centers, etc. By using a Data Loss Prevention solution, banks can minimize insider threats and secure customer data.
Banks constantly communicate with customers regarding upgrades to systems, induction of new authentication procedures, more safe security measures, etc. apart from periodic account statements that are generated. Customers can set alerts to ensure that they are informed in the event of any unexpected activity with regard to their accounts.
Also, read: Cybersecurity in Digital Banking: Threats, Challenges and Solution
Ashish M. Shaji has done his graduation in law (BA. LLB) from CCS University. He has keen interests in doing extensive research and writing on legal subjects especially on corporate law. He is a creative thinker and has a great interest in exploring legal subjects.
The objective of the enactment of the Prevention of Money-laundering Act, 2002, i.e. PMLA (the...
Tax planning is a continuing effort and a management strategy for ensuring the minimization of...
On 18th May 2023, the Securities Exchange Board of India (SEBI) released a Consultation Paper o...
Infrastructure and real estate have been regarded as India's "sunshine sector" since the turn o...
On 22nd May 2023, the Central Board of Direct Taxes (CBDT) issued a new circular under secti...
Anyone can have different sources of income. With globalization and the opening up of economies...
The Reserve Bank of India (RBI) is crucial in regulating NBFC, including branch openings and cl...
In India, Non-Banking Financial Companies are subject to certain restrictions from taking publi...
It's usually a good idea to diversify the assets in your financial portfolio, especially during...
A nation is being built by the non-banking finance company through the development of wealth, t...
Are you human?: 4 + 8 =
Easy Payment Options Available No Spam. No Sharing. 100% Confidentiality
What is Regulatory Technology? Regulatory Technology, also called RegTech, is a form of new technology that, with t...
10 Jun, 2020
Regulatory Technology (RegTech) has begun to gain momentum in the fintech and banking industry. It has helped signi...
27 Nov, 2020
Red Herring Top 100 Asia enlists outstanding entrepreneurs and promising companies. It selects the award winners from approximately 2000 privately financed companies each year in the Asia. Since 1996, Red Herring has kept tabs on these up-and-comers. Red Herring editors were among the first to recognize that companies such as Google, Facebook, Kakao, Alibaba, Twitter, Rakuten, Salesforce.com, Xiaomi and YouTube would change the way we live and work.
Researchers have found out that organization using new technologies in their accounting and tax have better productivity as compared to those using the traditional methods. Complying with the recent technological trends in the accounting industry, Enterslice was formed to focus on the emerging start up companies and bring innovation in their traditional Chartered Accountants & Legal profession services, disrupt traditional Chartered Accountants practice mechanism & Lawyers.
Stay updated with all the latest legal updates. Just enter your email address and subscribe for free!
Chat on Whatsapp
Hey I'm Suman. Let's Talk!