Internet Banking has become an important delivery channel for banking services enabling banks to offer traditional banking services like access to one or multiple accounts for fund transfers, bill payments and card payments etc through internet. The security of Internet Banking has become a major concern for the regulatory authorities because of increasing IT security risks which may lead to serious financial and reputation risks in case of any major security breach.
Bank shall develop, implement and regularly review Internet Banking Security Framework based on the following key security objectives:
a) Security and integrity of data and systems, to ensure that customers’ information has not been modified and systems are free from unauthorized access;
b) Confidentiality of customers’ data in storage, during processing and in transit;
c) Reliability and availability of Internet Banking systems to provide prompt access to systems for registered users and maintaining operational effectiveness;
d) Accountability by designing SOPs, policies and controls to ensure traceability of all transactions; e) Proactive approach to detect unauthorized access and identification of potential fraudulent transactions.
While developing the Internet Banking Security Framework the bank should take into account the complexity of systems, applications and products /services offered while at the same time ensuring the ease of usage and customers’ convenience. Further the framework should clearly define the roles and responsibilities of Board of Directors (BODs), senior management and employees with regard to its approval, development and implementation. This Framework and any reviews thereafter should be duly approved by the BODs. The Internet Banking Security Framework shall include the following components:
- Security Risk Assessment
- Implementation of Security Controls and
- Monitoring of Security Controls