Parliamentary panel shows concern over cyber crimes and increasing data vulnerability, and suggest that the government should come out with a framework to deal with such risks.
The Standing Committee on Finance recommend setting up of Cyber Protection Authority (CPA) and advocate that the CPA engage ethical hackers to test ecosystem participants.
To enhance the prevention and detection of fraud in the banking sector, the committee head by Jayant Sinha strongly suggest the establishment of a Central Negative Registry and that the CPA should maintain this registry.
Current compensatory mechanism for victims of cybercrime in the financial sector has limited scope and coverage, the panel said financial institutions must play a supportive role as there is a fiduciary relationship between financial institutions and their customers.
The process of filing a compensation claim is complex and time-consuming, placing the burden of proof on the victims to establish the connection between the cyber crime incident and the resulting financial loss, which is particularly challenging due to the traceability issues associate with cyber crimes.
Parliamentary Panel strongly believes there should be an automatic compensation system as devise by RBI and it should be the financial institution’s sole responsibility to immediately compensate the hapless customer, pending further investigation and final traceability of funds, as per report.
This proactive approach aligns with the principle of safeguarding customer interests and ensuring rapid resolution in cases of cybercrime in the financial sector, as per report.
Observing that India is indisputably one of the best regulate and safest digital financial ecosystems in the world, the panel express concern over the mushrooming of cyber crimes and increasing data vulnerabilities even as digitisation has rapidly expand across the country.
As it is likely that a billion Indian citizens will be conducting hundreds of billions transactions online mediate entirely through large-scale, pervasive computer networks, systems, and algorithms, as per Parliamentary Panel.
Simultaneously Parliamentary Panel said, criminals are getting more and more innovative and difficult to track since they can now utilise powerful new technologies and operate in lightly police or hostile jurisdictions.
These new and threatening technologies include generative artificial intelligence (Al), chatbots, and quantum computing, which raises the threat level exponentially.
To maintain its status as one of the world’s best digital financial ecosystems, India should consider evolving its cyber security policy framework across five major dimensions to establish a more dynamic and proactive regulatory framework.
It should empower a centralize authority for cyber security which can work with all digital ecosystem participants in India and around the world, formulate fairer and more responsive consumer grievance redressal and compensation mechanisms, strengthen central and state cyber security enforcement capabilities, and achieve closer global cooperation with other leading countries.
Working simultaneously across all these 5 dimensions will ensure that India develops the world’s most innovative, secure and resilient digital financial ecosystem.
Parliamentary Panel said cyber security regulations will have to evolve rapidly to take into account various technological developments and to stay ahead of bad actors.
There have challenges in exerting sufficient control over third-party service providers, including Big Tech and Telecom companies on cyber security matters.
Secondly, downtime in critical payment systems is able to disrupt customer services, which is not currently regulate.
Parliamentary Panel said, there is no clear process to either continuously whitelist or blacklist apps and maintain a central registry of apps that have the ability to tap digital payment and settlement systems.
Parliamentary Panel said :
“Today’s regulatory frameworks are focused mostly on fire-fighting, but they need to be much more dynamic in anticipating and dealing with emerging threats and vulnerabilities of the digital financial ecosystem,”.
Specific threats include misuse of SMS templates, telemarketer verification lapses, insufficient maker-checker processes, weak security controls in fund transfer systems, and vulnerabilities in ATM channel communication.
The situation is exacerbated by limited coordination among different agencies and inadequate incident response as well as enforcement mechanisms.
Parliamentary Panel to strengthen cyber security measures, mitigate vulnerabilities, and ensure the integrity of the financial sector’s digital infrastructure recommend some concrete measures including regulation of service providers, maker-checker processes and ATM Channel security.
During the Parliamentary Panel hearings, RBI provide evidence that Big Tech companies have refuse to make various modifications to their mobile operating systems to make the OTP based two-factor authentication protocol even more secure.
It underline the importance of the enforcement system in addressing cyber fraud and stress the importance of local police to take effective action against cyber crimes.
Parliamentary Panel said that promoting supervisory cooperation and knowledge exchange with global regulators will facilitate a collective response to the exponentially growing cyber threats.
Lastly, Parliamentary Panel strongly urge the government to adopt and go beyond global best practices, in short to develop ‘next practices’ based on India’s specific needs and requirements.
