Are Depositors at the Mercy of Bank IT Systems?

Far too many glitches in banks' IT systems affect consumers adversely. Who checks whether redressal systems exist and operate in a fair and equitable manner? RBI should work at depositors' protection instead of sitting in an ivory tower and producing reports on "disincentivising cheque usage" by penalising depositors

One of the many issues that Moneylife has taken up with the Reserve Bank of India (RBI) is the need for a technology audit of banks and the systems and processes that they adopt. While RBI’s department of supervision inspects banks, it is not clear if this covers the core banking technology that now drives all big bank operations. Over the years, individual banks have often configured systems in a manner that hurt depositors’ interest. And, since technology changes are complex and outsourced, the process of incorporating even small, but necessary changes is both cumbersome and expensive.

For instance, a few years ago, HDFC Bank insisted that it could do nothing about the fact that its system was configured to deduct TDS on fixed deposits from the principal, if the accumulated interest was insufficient in the quarter that it was deducted. Another bank auto-debited one more EMI (equated monthly instalment) when a loan was closed through pre-payment. It saw nothing wrong in dipping into the customer’s funds because its systems were badly configured. Such problems continue to be detected and depositors are left to the mercy or goodwill of the concerned banks to set things right. Here are a few issues that cropped up in the month of May 2013.  

On 10th May, Moneylife reported how “a human error in setting parameters” at the State Bank of India (SBI) led to a 40% tax deduction at source (TDS) from tens of thousands of special term deposits. The reversal process is complex because its automated systems had done a lot more than merely deduct tax at source. When accumulated interest wasn’t sufficient to cover the TDS, the deposits were prematurely broken. The process cannot be reversed automatically by re-creating the deposits, since the principal was already credited to the respective savings accounts without informing customers.

Most of us expect our banks to be accurate in their calculations and do not even check for errors. But Moneylife reader Naresh Nayak, a techie, says, he got SBI to reverse a wrong deduction of nearly Rs52,000 in 2010 and has found similar errors earlier too. Mr Nayak says, “The TDS deduction system has a glitch. It cannot ascertain the amount of interest accrued for a financial year for deposits that span across financial years. In these cases, it incorrectly calculates a higher amount of gross interest accrued.” We checked with TCS Limited, which has supplied the core banking software to SBI, its officials pin the blame on bank officials for entering wrong parameters.

On 12th May, clients of a payment gateway received this email: “This is to inform that, due to a technical issue we are facing fluctuations in processing transactions in SBI & HDFC Net banking payment options. This will impact customers who try to avail products/services on your website and choose to use SBI or HDFC Net banking payment option… We are in communication with the bank teams and we will update you once the issue is resolved. Inconvenience caused is deeply regretted. Feel free to get in touch with us, in case of any queries or clarifications.”

We checked. SBI told us that “there were no fluctuations” but its Internet banking was not available until Sunday for a planned upgrade. HDFC Bank took the issue more seriously and insisted that the payment gateway company must clarify the issue. So, on 13th May, it sent out an email saying, “earlier communicated fluctuations in processing payments using HDFC Net Banking payment option has been resolved. We apologize for the inconvenience caused.” So it confirms the technology issues, right? Well, think again.

Even more furious, HDFC Bank demanded a further clarification. So, on 14th May, there is a third clarification from the payment gateway saying that the 12th May email about fluctuations in HDFC Bank Net banking payment option “due to a technical issue, was erroneous. There was no technical issue and unavailability during that period was due to scheduled downtime. Inconvenience caused is deeply regretted.” Since Moneylife was asking the questions, we know why three emails were sent, but won’t other customers be totally flummoxed?

An e-voucher is a wonderful way of offering discounts and benefits for most companies. But, when it comes to a bank, is there a danger that the idea will become a phishing-magnet? What happens if cyber criminals produce authentic looking e-vouchers where the net banking details, PIN and password are captured by hackers? This is a question we asked HDFC Bank which sent out e-vouchers for Rs250 each earlier this month. The Bank accepted that the fears were genuine and that it could be misused and decided to drop the idea. But should such experiments be a matter of trial & error when it exposes customers to risk and hardship?

At Moneylife, we think that RBI as a banking regulator needs to have a crack IT team that is constantly monitoring the various tricks deployed by cyber-fraudsters to dupe gullible and not-so-tech-savvy people. This group must be mandated to conduct a technology audit of bank systems and software. It must also investigate all technology-related complaints including ‘unstable systems’, wrong deductions and excessive vulnerability to phishing attacks.

And, it must be the first on the scene when new kinds of tech crimes are reported so as to provide direction to the banking ombudsman on complaints relating to hacking, misuse of credit and debit cards through cloning, loss of customer data and the constant innovations in phishing techniques. RBI should work at depositors’ protection instead of sitting in an ivory tower and producing reports on “disincentivising cheque usage” by penalising depositors.

Comments
Dekho ji.com
9 years ago
RBI needs to setup a online complaints redressal mechanism wherein customers from any bank can lodge their complaints and the complaints should be redirected / handled directly by respective banks and proper ticket-tracker and issue-management software should be used to ensure issues are resolved within prefined SLAs. Complaints redressal cant be left to the individual banks who are always looking for ways to reduce their staff rather than hire more staff for customer service. Only RBI can force the banks to provide efficient customer service through such an online mechanism with penalties for any delays.
CK
9 years ago
hahaha...not new. ICICI estatements, when generated from netbanking, is hilarious. It shows every debit/credit entry thrice or nine times or whatever times, depending on the number of accounts, branches, etc. So, when there is programmatic error from IT developers, I am not surprised when they make mistakes in understanding even basic banking.
Vidyut
9 years ago
Netbanking is already vulnerable to hacking. The person who exposed the vulnerabilities was persecuted by the banks, but the vulnerabilities were not fixed. http://aamjanata.com/the-broken-online-b...
Anil Agashe
9 years ago
The problem is that software developers have no domain knowledge in banking. I have first hand experience of this. I had done training in a MNC bank's global IT development center and found that many developers did not even know the difference between a savings and current account! Now when they develop software they need to be tested by people who have knowledge of banking transactions but that does not seem to be happening.In the bargain it is always the customer who suffers.
balasubramanian
9 years ago
Worse the local branch managers point their finger upstairs,if somethhing wrong is brought to notice. For example tax recovvered from my pension in jan&feb 13-Rs 14230 i.e. 25% of tax deducted for the year is not appearing in AS26 till date.This is despite takiing up locally
balasubramanian
9 years ago
Worse the local branch managers point their finger upstairs,if somethhing wrong is brought to notice. For example tax recovvered from my pension in jan&feb 13-Rs 14230 i.e. 25% of tax deducted for the year is not appearing in AS26 till date.This is despite takiing up locally
arun adalja
9 years ago
if system is down due to some problem banks are not giving money and you have to wait till system starts.this type of happening must be avoided.
Rakesh
Replied to arun adalja comment 9 years ago
Why don't you use ATM instead, avoid the queue.
arun adalja
Replied to Rakesh comment 9 years ago
if you want more money you have to go to bank and atm can give 20 to 25 thousands only.
Dipakkumar J Shah
Replied to arun adalja comment 9 years ago
The message I sent tow days back of Fraud in credit of loan payment account is of JPIIM Branch at Pundicherry the name of the Bank if State Bank of India. So far, how they discontinued debit of EMI for 4 months and how after 4 months started debiting less EMI under C B S branch by whose authority as officer ? The Bank is not giving any details for this. Even R B I is not doing any thing for more than 5 months!!!
Harish
9 years ago
Cheque usage must remain. RBI and Banks should work together in improving innovating Cheque usage system in favour of Customers.
Rakesh
9 years ago
I had a recent experience with SBI. I had deposited a cheque in my PPF A/c on 2nd Apr, 2013 and the same was cleared on 3rd Apr, 2013. However the entry in my ppf passbook showed 8th Apr. When i approached the bank they said that there were some too much cheques and issues with clearing and hence the entry was done only on 8th.
Due to their negligence all customers will not earn interest in their ppf A/c for the month of April since interest is calculated on the 5th of every month.
pravsemilo
Replied to Rakesh comment 9 years ago
Yes very true. SBI is very lax about clearing cheques. Especially if you drop the cheque in their drop box in Saturday, it will be cleared only by Thursday or Friday next week. Had the same cheque been dropped in a pvt bank drop box, it would have cleared earlier.
Dipakkumar J Shah
9 years ago
This reminds me some time back I was asked by H D F C Bank for compliance of KYC norms. I gave reply to them that this , my , account is for more than 10 years. Do you accept deposits without PAN Number and without following KYC norms. Since then no reply from Bank. All and everything were given at the time of account opening.!!!!!!

Further to this with one of the big bank of India where depositor is at the mercy of all bank. His account had been frauded by Bank people at the branch level!!!!!!!!!! Paid out his Loan amount by paying cash , it was not credited to his loan account . The same amount is , heard from Branch staff, that the amount is credited to Union account!!!!!!!!!! Not only this but after payment of the amount , EMI for 4 months stopped by the Branch. After 4 months less E M I started debiting the account holder!!!!!!!!!This is complete environment of C B S branch. Up to Chairman level for more than 5 months not giving any reply as to how EMI was stopped for 4 months ? and How lesser amount of EMI started debiting to account ? Under whose authority this was done by at Branch level!!! No response . They say every thing is correct. !!!!!!!!!

At R B I Level no reply!!!!!!!!!!!

Regards,

C A Shah D J
pravsemilo
9 years ago
IMO a crack IT team can't work against cyber fraudsters. They can get to know the latest trick of the trade but will they be able to stop someone from clicking on a spam link? Although the same team can review the security of the banking infrastructure.

As far as the banks are concerned, for the tech issues being faced as of now, you don't need hi tech talent - just a bit of common sense while designing the software and willingness to fix the issues.
Veeresh Malik
9 years ago
When we want to, our domestic infotech vendors can set up cash management tech for DMRC or passenger reservation systems for Indian Railways, which are and set global benchmarks.

However, when we want to, our domestic infotech vendors can and shall screw up simple things like vehicle registration records, toll collection systems and ofcourse, banking tech.

It is all a question of what the person in charge wants the vendor to deliver.

I do feel that as far as the banking verticals are concerned, we are in for much worse.
GOPAL
9 years ago
RBI cannot afford to pay huge sums to have a crack IT team. As they are bound by Government pay regulations they cannot attract the best. Any change in parameter set up should be tested and properly authorised and placed in live system only after auditing the test cases in the bank itself. It looks like system administrators have the User and Authoriser credentials and do stuff without following the process.
Vaibhav Dhoka
9 years ago
As technology is complex and outsourced whenever one points to wrong entry, blame is placed on technology and matter is not resolved at branch level and is referred to higher authority and thus lingers.
Free Helpline
Legal Credit
Feedback