Do bankers handle own passwords with care?
Every other day, customers receive emails and SMS from banks about not sharing passwords, login details and one time passcode (OTP) with anyone else. This really is a good practice to follow. However, when it comes to following digital hygiene, bankers themselves are found to be ignoring their own advice - often at a huge cost to the bank. That bankers treat passwords so causally and have been repeatedly punished and pulled up for it, raises important questions about entrusting them with customer identity details (especially the biometric based Aadhaar) for access to bank accounts, credit and debit cards and net banking.  
 
Highlighting several instances where bankers were found to be careless with passwords, Corporation Bank Officers' Organisation (CBOO) in its monthly magazine, ‘Officers' Voice’, says, the important responsibility of keeping maker's ID and checker's ID secure appears to have discharged by officers in exceptions rather than as a mandatory rule resulting in frequent incidents of misuse of passwords, consequent disciplinary actions and recently, a few warranted and unwarranted suspensions. 
 
"Password compromise is an avoidable irresponsibility. But the awareness has not been digested properly into the CBS environment at most of the Branches," the Officer's Organisation says.
 
Here is what according to CBOO takes place in banking sector...
 
In a large number of Branches, the password of all employees and officers is known to each other. In the guise of expediency, quick customer service and speedy accomplishment of routine work, entry and authorisation passwords of any one are used by anyone at any time.
A few Branch Managers and/or second line officers are maintaining notepads of passwords of colleagues (in writing), like a key register, so that they do not forget or mix-up nor need to ask a colleague frequently.
A few or more Branch Managers are coercing the probationers and junior officers and clerks into yielding their passwords for some urgent work (?). The hapless officers/clerks simply submit without resistance like a lamb before the tiger.
In single officer Branches, Branch Heads have no hesitation to give the password to the award staff to enable them complete the transactions when he is out for business review meetings, recovery work or for canvassing business.
A few senior Branch Managers, who are averse to operate the system to carry out their managerial duties in computers, want other staff to assist, not only to open the system, but also to operate transactions. Their subordinates know the password, which the BMs neither remember, nor use!
In a very good number of Branches, single officer is opening all systems in the morning; everybody operates the entire day on it - since days and months – an undisputable trust with potent suicidal implications.
In one Branch, all the staff operate on a same password – a novel idea not to strain the brain, drained of care and prudence.
Even when branch manager or officer/s and employees are on leave, transactions take place in their IDs out of helpless conditions or for convenience!
 
CBOO says these are only a few samples of how the passwords are guarded by employees and officers at Branches. "Password sharing is fraught with serious risks as the honesty and integrity of humans is mostly factors of presumptions and assumptions; circumstances tend to brutishly strangulate honesty and integrity at the cost of those who take honesty and integrity for granted. Despite exhorting on the need to protect the secrecy of the passwords, many appear not to be serious on the matter, still. Such employees and officers are exposing themselves, their service to possible misery, their families into peril and the Bank to pecuniary loss, as the management is totally intolerant (rightly) to such instances," it added.
 
The Officer's Organisation feels that cases of compromise of password needs to be take very seriously by all participants. Employee education is a must and they need to frequently informed about risks of compromise to the knowledge of workforce. However, CBOO says management cannot absolve their responsibility simply by suspending Tom, Dick and Harry in their zeal to send message to the workforce and must analyse the causes leading to these happenings.
 
According to CBOO, single officer branches (SOBs) are future risk centres where maintaining password secrecy strictly is next to impossible. It says, "The Management is fully aware of the risk of compromise of password while opening single officer branches and must take sole responsibility of compromises here due to their failure to provide sufficient staff at these branches. Even the Board decided compliment of two officers, wherever the Branch business crosses Rs5 crore is not complied with. Similarly, the Board direction to depute a second officer in SOBs before sanction or disbursement of loans is compiled more in breach. No punitive action will be initiated for this non-compliance as the non-compliance of Board directions is not by officers in Scale I, II, III or IV and V."
 
All this raises worrying questions about the security of our money at a time when entire Information Technology systems are more vulnerable to attack and the power of artificial intelligence (AI) to impersonate humans is increasing significantly. Former Union Minister and Member of Parliament Milind Deora alluded to this in an article in The Economic Times. He correctly says that the challenge in India is "rendered complicated given its demographics. As we open more bank accounts linked to Aadhaar, it is not matched with the pace of digital awareness". Many, he says, are not even aware of issues like privacy and data rights.  “There is a massive state-sponsored push towards generating more sovereign data and mandatory requirements to put people’s personal data online through Aadhaar, bank accounts the like. In that sense, India is a ticking bomb”, says Mr Deora.
 
Coming back to the concerns raised by CBOU, it terms shortage of manpower as the major cause of employee related frauds and irregularities, the Officer's Organisation regrets that top management is determined not to be convinced by this. "Branch managers (BMs) moving out on Bank work have no option but to share their password with others in the branch to enable them to complete the day’s work. Absence of second and third officer in the Branches complicates the smooth running of the process resulting in password sharing to ensure conduct of Branch work and end of the day (EOD). There is no accountability for faulty manpower assessment," it says.
 
Corporation Bank uses Finacle software from Infosys Ltd for its core banking systems. However, CBOO feels that there is a need to review mandatory requirement for two supervisory  authorisations in several transactions. "Finacle or Infosys cannot change the banking norms to suit their product," CBOO says.
 
The Officer's Organisation feels that there is a need for employees to prepare a daily report for all transactions entered and authorised by them. It says, "Bank must explore the possibility of mandating all employees to generate and scrutinise a report on the transactions entered and authorised by them on a daily basis like an exceptional transaction report and incorporate system confirmation either before the EOD or after the process of login as a first exercise, the next day.
 
"Passing on the password is a peril. Security of service and safety of Bank’s money lies only in securing our passwords at all costs and circumstances. Habit of frequently changing the password before the system mandating it, must be inculcated. Safest place of our password is our brain and not another person’s, nor in any notebook or notice board. Password is for protection. Do not pass it on," the CBOO concludes in its editorial.
Like this story? Get our top stories by email.

User

COMMENTS

SRINIVAS SHENOY

6 months ago

The system of sharing passwords among the employees, is widely prevailent in the banking system, and innumerable instances of frauds have taken place, due to this laxity of observing the systems and procedures of the institution. Unless, strict measures are taken for such lapses, the sharing of passwords amongst the employees is difficult to be contained, which will result in the perpuation of frauds in the banking systems.

Sjn Ch

6 months ago

Incomplete and reckless article. How can you speak about all banks when your article is soley based on Corporation Bank's internal communication ? Many banks have biometric access system in place. You should have done extensive research else better keep quit. Do not mislead people.

REPLY

Mohan Krishnan

In Reply to Sjn Ch 6 months ago

Guilty conscience pricks the mind. Indians lack self discipline.

RBI expected to directly supervise urban cooperative banks by allowing them to convert into small finance banks
The Reserve Bank of India (RBI) said that it would allow urban cooperative banks to voluntarily convert themselves into small finance banks. This will bring them under small finance banks. The committee on urban cooperative banks, chaired by then RBI Deputy Governor R Gandhi, had recommended “the voluntary conversion of large multi-state UCBs into joint stock companies and other UCBs which meet certain criteria into small finance banks,” the regulator said in its statement on developmental and regulatory policies. The RBI will release detailed guidelines in this regard separately.
 
The committee, which submitted its report in July 2015, had stated that a business size of Rs20,000 crore could be considered the threshold limit, beyond which UCBs may convert themselves into commercial banks.
 
“Though UCBs were set up as small banks offering banking services to people of small means belonging to the lower and middle classes, a well laid out transition path is required for at least the larger UCBs to convert themselves into universal/ niche commercial banks due to the changing financial landscape in the country and providing further growth opportunity to well managed UCBs,” the committee report had said. The report had also proposed a transition period for these UCBs to convert into commercial banks.
 
RBI has received demand from some quarters to allow this conversion, Deputy Governor NS Vishwanathan said. “We will come out with a detailed scheme on conversion from urban cooperative banks into small finance banks,” he told reporters after RBI’s second bi-monthly monetary policy announcement.
It has been recommended that licenses may be issued to “financially sound and well-managed co-operative credit societies” having a minimum track record of five years which suit the regulatory prescriptions set by the RBI.
 
Small finance banks provide basic banking services like accepting deposits and lending to the unbanked sections such as small farmers, micro business enterprises, micro and small industries and unorganised sector entities. The small finance banks were created with an aim to encourage financial inclusion by provision of savings vehicles and supply of credit to small business units.
 
Resident individuals/professionals carrying 10 years of experience in banking and finance and companies and societies owned and controlled by residents are eligible to set up small finance banks.
 
UCBs operate under a 'dual control' regime with supervision by both the RBI and the State Governments. The non-availability of powers to the RBI to regulate and supervise UCBs at par with commercial banks restrains RBI from relaxing regulatory regimes, which in turn, is an obstacle for UCB’s commercialisation.  By turning into SFBs, these co-operative banks will be regulated only by the RBI.
Like this story? Get our top stories by email.

User

COMMENTS

Hariharan Krishnamurthy

6 months ago

Then in few years all small banks would be merged and urban banks movement would be history. Urban Banks are best institutions for financial inclusion. However, the theory and practice goes different. In fact, other banks should learn from Urban Banks on art of banking.

Vasant Kulkarni

6 months ago

HOW IT CAN BE SFB WHERE THE TURNOVER OF SOME UCBs IS MORE THAN RS.1000 CRs.? AGAIN THERE WILL BE BIG UCBs AND SMALL UCBs. THE DUAL CONTROL WILL REMAIN HEADACHE FOR RBI.

Quality of Small Home Loans Worries RBI
The Reserve Bank of India (RBI) said that it was closely monitoring the segment of home loans up to Rs2 lakh and would step in to increase the loan-to-value ratio or raise the risk weight for banks should the need arise. “After a careful analysis of the housing loans data, it has been observed that the level of NPAs for ticket size of up to Rs2 lakh has been high and is rising briskly,” the RBI monetary policy statement said. “Banks need to strengthen their screening and follow up in respect of lending to this segment.” 
 
The Pradhan Mantri Awas Yojana (PMAY) has made the affordable housing segment attractive to both borrowers and lenders by providing subsidies upfront. These are loans for small houses with a carpet size of up to 600 sq ft in non-metros and up to 345 sq ft in metros. Loan growth has soared but bad loans have also started increasing in recent quarters. 
 
In a boost to affordable housing under the PMAY, the RBI raised the housing loan limits under priority sector lending (PSL) for economically weaker sections and lower income groups. Analysts said the RBI move, in convergence with the government’s schemes for affordable housing, will help aspiring home buyers, as with the raised PSL limit, banks will tend to lend more for low-cost housing.
 
Home loans up to Rs35 lakh in metros (with population of 10 lakh and above) will now qualify for the benefits of priority sector lending, against up to Rs28 lakh earlier. Similarly, loans up to Rs25 lakh will now qualify under PSL for other centres, compared with Rs20 lakh earlier. However, the house cannot cost more than Rs45 lakh in metros and Rs30 lakh in other centres.
 
Under the PMAY, the government is aiming to build 3 crore houses in rural areas and 1 crore in urban centres. More than 47 lakh houses have already been sanctioned in urban areas and more than one crore in rural areas.
Like this story? Get our top stories by email.

User

COMMENTS

Hariharan Krishnamurthy

6 months ago

How to get LTV (Loan to Value) for unsecured small ticket housing loans. Also higher LTV on secured loans would impair the loan assets as the loaned fund would be less than the requirements for operations. These innovative visions would make banking industry weaker.

We are listening!

Solve the equation and enter in the Captcha field.
  Loading...
Close

To continue


Please
Sign Up or Sign In
with

Email
Close

To continue


Please
Sign Up or Sign In
with

Email

BUY NOW

online financial advisory
Pathbreakers
Pathbreakers 1 & Pathbreakers 2 contain deep insights, unknown facts and captivating events in the life of 51 top achievers, in their own words.
online financia advisory
The Scam
24 Year Of The Scam: The Perennial Bestseller, reads like a Thriller!
Moneylife Online Magazine
Fiercely independent and pro-consumer information on personal finance
financial magazines online
Stockletters in 3 Flavours
Outstanding research that beats mutual funds year after year
financial magazines in india
MAS: Complete Online Financial Advisory
(Includes Moneylife Online Magazine)