Академический Документы
Профессиональный Документы
Культура Документы
rd
SECURE BFSI
CONCLAVE
CONTENTS
Introduction:
Key Speakers:
Pg 5
Pg 6-18
Bank Security:
Securing Banks in the 21st Century
Pg 21-25
Pg 29-30
Pg 51-52
News Briefs:
Pg 31
Pg 32-33
Pg 36-48
Cyber Security
Frauds
City Security and Police Modernisation
Smart Cities
Lead Writer: Pathikrit Payne
Contributors: Shelly Bhasin, Shivani Lal
Copyright Security Watch India 2015
Security Watch India (SWI) is a non-partisan, not-for-profit organization that addresses issues in the space
of the relatively new homeland security sector. SWI works towards a secure tomorrow by enhancing security
awareness and consciousness in Indian industry and civil society. SWI also guides and facilitates potential
investors interested in the Indian homeland security business. Security Watch India is not responsible for
the facts, views or opinion expressed by the author(s) in this report. Republication or re-dissemination of the
contents of this document are expressly prohibited without the written consent of Security Watch India.
You can avail these reports for a year by joining Security Watch Indian Membership program or independent
annual subscription for just Rs. 2500 (50USD).
The subscription will afford you latest and most relevant information on Indian Homeland Security situation
that will help you make right decisions for your business.
For advertisement related queries please contact:
Write for more information please contact
Amit Siddhartha E: amit@securitywatchindia.org.in Mob: +91 9953685326
Aniket Gupta
E: aniket@securitywatchindia.org.in Mob: +919811319236
www.securitywatchindia.org.in
rd
SECURE BFSI
CONCLAVE
Lead Sponsor:
Lanyard Sponsor:
Associate Sponsors:
Exhibitors
Knowledge Partner
INTRODUCTION
Following the overwhelming success of previous events, Security Watch India is proud to present 3rd
Secure BFSI Conclave on 10 April 2015 at Hotel Sofitel, BKC, Mumbai. PwC is the knowledge partner for
the event. The key themes of the event are Cyber/Information security and Fraud Risk Management.
Secure BFSI Conclave will traverse yet another milestone in presenting quality content, ensuring high
level of deliberations matching the expectations and aspiration of security and privacy professionals.
While doing so it will also host a comprehensive exhibition, showcasing cutting edge technologies
and service innovations.
The one day conclave will bring together cyber/information security and fraud prevention experts
from across the financial sector to discuss security vulnerabilities as well as bring forward
effective strategies and solutions to effectively mitigate them. For more details please visit www.
banksecurityindia.com
The event offers a unique one day, interactive thought leader forum full of relevant topics gleaned
from extensive research, market intelligence and feedback from industry leaders, influencers and
senior executives. In addition to expert panels, case studies and keynote addresses, the conference will
integrate new session formats that encourage audience participation, including: Unconference
KEY SPEAKERS
Mr. Agnelo Dsouza
SPEAKERS
joined the IT department (handling the CBS System development) in the year 2003 from where she
was also deputed to the Bank of China for giving a training on CBS.
Thereafter, she had a stint in I&MA deptt as a Credit Auditor on mobile duty covering large domestic
and international branches. She has also participated in various panel discussions including one on
CTS system conducted by NPCI.
Some of her papers are published in the IBA journal.
Mr. G K Gupta
SPEAKERS
Mr. K. S. Narayanan
Head Information Security & Business Continuity, Birla Sun Life Insurance
Company Limited
Makesh Chandramohan is an experienced and qualified information security
professional with more than 13 Yrs of professional experience across various industry
verticals like BFSI, ITES, Telecom &manufacturing. He is currently heading the
information Security and Business Continuity function at Birla Sun Life Insurance and he was instrumental
in setting up IS functions in various large financial services organization. By qualification he holds a Master
of Computer Application (MCA), CISA (Certified Information Systems Auditor) & CISM (Certified Information
Security Manager) from ISACA (USA). He is an eminent speaker and participate in various forums.
SPEAKERS
With 15+ years of overall experience, Mannan has served the domestic as well as International
business in the field of Information Security. He is a Certified Chief Information Security Officer (EC
Council), Certified Information Systems Auditor, Certified in Risk and Information Systems Control
and a Certified Ethical Hacker.
Mannans accolades include recognition as amongst Top 100 CISOs for risk management practices
by CISO Platform, and being awarded with the title InfoSec Maestros by Info Security group. He
has also been awarded with the Risk Titan award by Edelweiss.
SPEAKERS
Prior to this, Mr. Tanksale was the Chairman & Managing Director, Central
Bank of India and before that Executive Director of Punjab National Bank. Mr.
Tanksale started his career as an officer in Union Bank of India at Gwalior in
1974.
Mr. Tanksale, a seasoned Banker having rich experience in Banking is backed by professional
credentials like Associate Member of Institute of Cost & Work Accountants of India (ICWA), Company
Secretary (Inter)of the Institute of Company Secretaries of India, CAIIB, a Bachelor degree of Science
and a master degree in English literature.
In ICICI bank, Mr. Dudhwala headed various roles in Fraud risk management which encompasses
application and vendor screening, investigation in different segment of products like Cards, Payment
Product, Retail Asset, Mortgages, Small Medium Enterprise, Rural and Priority Sector lending. Prior
to taking Fraud risk management profile, Mr. Dudhwala has worked in business function and was
responsible to deliver top lines target and set up distribution channels. He has also worked with
General Electric Countrywide Consumer Financial Services for a stint of 3 years in sales and business
management role.
He is also an active core committee member of India Payment Risk Council (IPRC) and represent
on behalf of IPRC in various industry forums that work to combat card and payment fraud. He is a
regular speaker at academic university, industry forum and contributes actively to the industry. He
holds post-graduation Business Management and is an Associate Certified Fraud Examiner. He is
also a Certified Anti Money Laundering Expert.
10
SPEAKERS
11
SPEAKERS
His approach to financial crime management is, therefore, holistic and non-prescriptive - he espouses
the belief that there is no such thing as a one-size-fits-all solution. This fits extremely well with the
componentised nature of IBMs approach to the challenges that the FSS industry faces in 2015 and
beyond - especially with the fast-evolving threats in cyber-space. IBMs ability to draw on best-of-breed
component sensures that an institution is not tied to a specific specialisation or paradigm - a key benefit
when considering the specific nature of fraud and financial crimes within any single geography.
He has worked on major operational reviews for card issuers in South Africa and Switzerland generating
significant $ savings and operational efficiencies and has been instrumental in the recent adoption
of Business Rules Management Systems (BRMS) technology as a major component of a hosted fraud
detection capability at MasterCard. Current projects include driving a major transformational project
with one of the major UK banks AML group to ensure effective resolution of entities across business
units and geos using a combination of paradigms and technologies.
Richards ability to draw on global experience allows significant knowledge transfer of global best practice.
His approach is consultative and respectfulof geography and culture which ensures that the thoughtleadership that he provides is positively received - traits which have earned him significant respect
through his engagements.
He has a Bachelors degree in French and Economics and has published work by IBM.
SPEAKERS
Sameer is Pioneer in Indian banking industry for achieving ISO 27001, PCI-DSS and BS25999 certification
for the Bank; to establish ZACHMAN framework and SABSA based Information security architecture. He
has implemented huge security projects like 2FA, Data leakage prevention, Identity & Access management,
GRC, SOC, PCI-DSS , ISO 27001 , Business Continuity across major BUs of the Bank. Sameer is also on
the panel of Regulators and IBA on developing Security Standard for Indian banks.
He is also authoreda book Information Security-Demystified for banks users and employees. He is also
an active Information Security, Privacy and Cyber Crime speaker in various national and international.
SVP & Head Debt Management and FCU Retail Lending & Payments, Axis
Bank Ltd.
Shailesh Verma joined Axis Bank in 2008 and currently heads the Consumer
Lending and Agriculture Debt Management and Fraud Control Unit. He
has been instrumental in setting up and enhancing the Debt Management
Framework for the bank.
Today the Axis Bank Debt Management team is renowned for its Debt Management practices.Its strength
is underscored by one of the lowest debt numbers on a portfolio growing at a scorching rate since the last
3 years. The Axis Fraud Control Team has also been recognized at various industry forums for scoring many
Firsts in India. They have won the Best Acquiring Bank Award in South Asia at the Visa International Forum.
Shailesh is spearheading a path-breaking project for using IT & IT Enabled Services for developing
a complete automated ecosystem for Fraud Management & Debt Control.
Shailesh is also the current Chairperson of India Payments Risk Council an interbank initiative
to fight Fraud across the payments industry in India. Before joining Axis, Shailesh worked with
Standard Chartered Bank in India handling various functions, the last ones being the Country Head
India for Fraud Control Practices Unit.
Shailesh holds a Masters Degree in Business Administration.
13
SPEAKERS
Prior to her current assignment, Shraddha has worked for Reliance Communications and been a part
of various security implementation projects. She holds Bachelors in Computer Science degree and
carries with her extensive knowledge of IT Security challenges and solutions.
14
SPEAKERS
.
15
SPEAKERS
Executive Vice President and Chief Risk Officer, Reliance Life Insurance
SPEAKERS
entire DSP Merrill Lynch Group of Companies, Member of Risk and Audit Committees. This entailed
review of business and operations of the investment banking company, Broking Company and the
Asset Management Company
ING Vysya for the years 2003-05 as Senior Vice President and Senior Audit Manager - Corporate Audit
Services and a permanent invitee to various IT committees, Member of IT steering Committees, Risk
and Audit Committees. This entailed review of business and operations of the Banking Company,
Insurance Company and the Asset Management Company
Credit Lyonnais as Vice President Audit, Compliance and Integrated Risk Management and a
member of the weekly Managing Committee for the years 2000-02. A Member of Weekly Management
Committee responsible for running of the bank. Coordinate Concurrent Audit of Investments which
entails review all the investment transactions.
Standard Chartered as Senior IT auditor responsible for IT audits, payments audit for 12 countries in
Middle East and South Asia regions for the years 1998-2000, Handled two projects: Credit cards at
Dubai and Car Loans in Mumbai.
Bank Internasional Indonesia as Head of Audit and Compliance and a part of the weekly Management
committee of the Bank, Member of weekly management committee responsible for running of the
bank. ALCO committee and Coordinate concurrent audit of investments
Ernst & Young Audit Manager Managing a number of Financial Services assignments
Delloitte - Statutory audit of NOCIL, PIL, Tandon Group of companies in SEEPZ
Qualifications:
Bachelor in Commerce and Economics, Chartered Accountant, Certified Information Systems
Auditor (CISA), Inter Company Secretary and Check Point Certified Security Administrator (CCSA);
Enterprise Wide Risk Management Program from AIM Asian Institute of Management Manila
17
SPEAKERS
18
My voice is my password.
Voice Biometrics authenticates your customers through natural voice patterns, not robotic PINs,
passwords, and questions. Its a level up in security. Its a brand new user experience. By giving
them the freedom to speak, you let the customers be themselves.
voice is my password.
Simpler authentication.
Almost-instant ROI.
Voice Biometrics
Wipe out fraud.by the numbers.
Almost-instant ROI.
authentication.
49%
80%
49%
faster authentication
in 5 seconds.
67%
faster authentication
in 5 seconds.
edge-Based Authentication
67%
85%
80%
90%
of users prefer
Voice Biometrics
overa the status quo.
average savings over
three-year period.
$15M
90%
85%
of you
users
prefer
The ultimate
are.
Voice is actually the most secure form
of users are frustrated
with security measure is something
Voice
Biometrics
existing authentication.
Paul Heller, CIO, Vanguard.
over the status quo.
step.
spoken passphrase login through this technology is a logical next
ne
xt step.
2015
- Special
3 SECURE BFSI CONCLAVE
Deepak.Bhatia@nuance.com
|
+91 99111
81052Issue
rd
The ultimate security measure is something you are. Voice is actually the most secure form
19
20
BANK SECURITY
he last one year had witnessed many positives as well as several new challenges have come
up for the world and for India in particular. World over, the security scenario is no better
than it was a year back. The constant threats of terror attacks have not subsided and on the
contrary the spate of terror attacks and their dimensions continue to expand. In the last one year
the scenario in Middle East, one of the most prominent regions for financial activities, witnessed a
massive deterioration of with the civil wars in Syria and Iraq reaching an even worse situation. The
meteoric rise of the dreaded terror group ISIS and its stealing of more than $400 million from the
Central Bank of Mosul in Iraq vindicated not just the vulnerability of financial institutions in war
prone regions but also how major heist in banking institutions have always been a major source of
funding the nefarious activities of terror groups. That particular heist perhaps played a key role in
making ISIS one of the richest terror organisations of the world. This apart, some shocking new
trends of terror attacks could also be witnessed with terrorists now attacking soft targets such as
schools, shopping malls and universities. Needless to say, banks across the world and especially in
India continue to be extremely vulnerable and prone to terror attacks.
Back in India, the last one year witnessed a certain amount of political stability in the country with
the installation of Narendra Modi led NDA Government. While India has not witnessed any major
terror attack over the last one year, the threat of something sinister remains clear and present. The
multidimensional threat that India faces today have serious ramifications so far as security of Indias
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
21
BANK SECURITY
critical economic infrastructures are concerned. This multidimensional threat comes essentially
from cross border non state actors like the Islamic terror groups that operate in India including the
likes of LeT and JeM. This also includes several home-grown terror groups which allegedly have
funding and training from outside especially from Pakistan and this list contains names like Indian
Mujahideen and SIMI. Then there is this enormous and ever increasing threat to Indias economic
infrastructure that emanates from the Maoists who have continued with their mayhem and have
time and again been responsible for several major attacks on economic infrastructures including
derailing of trains, destruction of telecom towers and power transmission systems as well as looting
of banks. This apart, threat to Indias overall economic and physical security is also from organised
crime syndicates involved in dealing with counterfeit currencies, extortion and kidnapping business
as well as cyber terror groups who operate in a virtual world and have time and again proved their
ability to create mayhem with the global financial system. Overall, as it stands today, the physical
infrastructures of Indias financial sector face all these threats much in the same way as other
critical infrastructures face.
The Indian Banking Sector- Poised for the Next Big Leap
The Indian economy is rightly poised today to reach greater heights over the next one decade. The
story of the rise of Asia has just started. India along with several other major Asian players like China
has both demand and demography on their side to continue with the economic growth story. India
is already a $2 trillion economy and is expected to emerge as one of the fastest growing economies
among emerging economies in the times to come.
Further, the shift in the global economic theatre towards Asia would mean massive rise in the
opportunities for the banking industry as well and needless to say Indian Banking sector is going to
reap major benefits out of it. Already the steps taken by the incumbent government towards financial
inclusion and also by initiating the process of opening MUDRA Bank for reaching out to a large
section of micro units in India are positive steps. Today the Indian banking system handles more than
$1. 5 trillion of assets and is perhaps the most prominent backbone of Indias economic growth.
The resilience of Indian Banking industry is known world over. Be it the economic meltdown of
the Southeast Asian economies in the late nineties or the subprime lending crisis in the American
and European banking sector in 2008, on both occasions, Indian banking sector have been able
to successfully meander through the crises without succumbing to them. The Indian stock markets
too have made giant strides and are considered to be some of the most sophisticated in the world.
Further, the Indian financial systems have made giant leaps in terms of technological adaption as
well. One would have to give credit to it for its successful transformation from archetypal ledger
book banking to net banking and mobile banking. There is also no doubt that the banking sector
itself played a critical role in financing the growth of the Indian economy. With asset size of over
$1.5 trillion and with more than 1 lakh ATMs, the Indian Banking Sector is poised to be the fifth
largest in the world in terms of asset size as per KPMG and third largest in the world by 2025 as
per Boston Consulting Group. Its asset size too is expected to grow to $28. 5 trillion Thus, there is
no doubt about one thing that today, the Indian Banking and Financial Services sector is one of the
most critical economic infrastructures of the country.
22
BANK SECURITY
report prepared by the Fiscal Policy Institute for the New York City Central Labor Council and the
Consortium for Worker Education, immediately in the aftermath of the 9/11 disaster had stated that
the immediate impact of the 9/11 attack on the New York City economy was estimated to be $16.9
billion and it was also expected to have massive job impact in the securities, retail and restaurant
business. As per Institute for Analysis of Global Security, Counting the value of lives lost as well
as property damage and lost production of goods and services, losses already exceed $100 billion.
Including the loss in stock market wealth -- the markets own estimate arising from expectations of
lower corporate profits and higher discount rates for economic volatility -- the price tag approaches
$2 trillion. This itself is a vindication of the fact that radical extremist groups now seek to create not
just physical mayhem but also financial mayhem whose impact would be long term. There is thus the
need for caution and preventive measures as threat to banking sector can have cataclysmic impact.
23
BANK SECURITY
to create an institutional mechanism whereby it would be mandatory on the part of Banks to have
a basic first line of defence in each branch to thwart any terror attack or any attempt of heist and
hostage taking situation.
The unfortunate part of the whole saga is the fact that in India, security is still considered as a
governmental responsibility and physical security of banks in terms of having security personnel
is at best a tokenism here. Most banks unfortunately still consider expenditure on deployment of
professionally trained security manpower as an avoidable expenditure. Further, in the absence of
any clear cut mandate or directive from the financial regulatory authorities like the Reserve Bank
of India, banks still dont take physical security as seriously as it ideally should have been. Ideally
there should be clear cut guidelines from Reserve Bank of India and the Union Ministry of Home
Affairs on this issue.
BANK SECURITY
it ever be ruled out that perpetrators may target any major financial institution to create massive
panic across Indias economy? A terror attack of a proportion of 26/11, if it had happened on any
head office of any major bank or a series of banks, would have created massive ripples across the
economy, the effect of which would have been too enormous for the nation to bear. And thus, it is
of paramount importance that physical security of banks is given importance on a priority basis and
on a war footing.
The Way Ahead- Make Customer Security Part of Overall Customer Service
Compromising on the physical security of Indias financial sector may become self defeating in the
long run. It has to be understood that the life of a customer when he enters the banking premise
has to be protected and that too has to be become a critical part of the overall customer service.
A terror attack or a bomb blast inside a bank premise would jeopardise the lives of customers
as much as it did in 26/11 attack. If the Shopping Malls, Multiplexes and even Hotels can have
frisking and scanning of bags, then there is no reason to believe that the same cannot be applied to
Indian Banks. It has to be understood that the world is going through some tough times and under
such situations it becomes imperative to take decisive preventive actions for making sure that no
untoward incident happens.
25
Security Policy
Management
Automated.
Orchestrated.
Simplified.
Easily provision
application connectivity
26
Process firewall
changes 4x faster
Avoid risky
Demonstrate
misconfigurations
compliance in minutes
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
THE FUTURE
OF TECHNOLOGY
IS MORE SECURE
THAN EVER.
In todays world, connected devices are advancing healthcare,
transforming business, and evolving social connections in unprecedented ways.
Thats why security must be ubiquitousalways on and on every device.
Thats why Intel Security was formed. Were combining the experience and expertise of
McAfee with the performance, innovation, and trust of Intel to deliver secure computing
to consumers and businesses worldwide. We want everyone to have the confidence to
use technology to its full potential so they achieve their full potential.
The future ahead is ripe with possibilities. Join us on this exciting journey.
www.intelsecuritygroup.com
2014 McAfee Inc. McAfee is a part of Intel Security. McAfee and the M-shield are trademarks or registered trademarks of McAfee, Inc.
The Intel logo is the trademark of Intel Corporation in the U.S. and/or other countries.
27
SECURITY
EMPOWERS
FINANCIAL
INSTITUTIONS
Unlock the
Business Value of
Safe, Optimized Data
BANK SECURITY
10 Best Practices
for Cyber Security
in 2015
Applications are great. They give your business the tools it needs to function and be productive.
But they also put your sensitive data at risk. When IT security attempts to protect critical
information, it usually involves putting up firewalls and building your infrastructure around the
data you want to protect. Then you give applications access to this data. When hackers look
to steal your data, they wont try to hammer their way through your firewall, theyll look for the
least secure system with access to the data they need.
Once your IT network is secure, you need to be very careful about who you give the keys to.
Ideally, it shouldnt be anyone. By creating specific access controls for all of your users you can
limit their access to only the systems they need for their tasks and limit your sensitive datas
exposure.
For a complete record of what goes on in your systems both for security and troubleshooting
purposes you should collect detailed logs and report data. This is especially the case for
applications that dont have internal logging. By adding tools that can log the activities of these
applications you will be able to plug any security holes those applications may create.
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
29
BANK SECURITY
4. Maintain Security Patches
When cyber-criminals are constantly inventing new techniques and looking for new
vulnerabilities, an optimized security network is only optimized for so long. To keep your
network protected, make sure your software and hardware security is up to date with any new
antimalware signatures or patches.
All of the technical IT security you implement cant take the place of common sense and
human error. Social engineering tactics have been used successfully for decades to gain login
information and access to encrypted files. Attempts can come from phone, email or other
communication with your users.
No matter how gifted, your users will always be your weakest link when it comes to information
security. That doesnt mean you cant limit this risk through regularly educating your users on
cyber security best practices. This training should include how to recognize a phishing email,
how to create strong passwords, avoiding dangerous applications, taking information out of the
company, and any other relevant user security risks.
To strengthen and clarify the education you give your users, you should clearly outline the
requirements and expectations your company has in regards to IT security when you first
hire them. Make sure employment contracts and SLAs have sections that clearly define these
security requirements.
Trust but verify. While well trained users can be your security front line, you still need technology
as your last line of defense. User activity monitoring allows you to monitor users to verify that
their actions meet good security practices. If a malicious outsider gains access to their log-in
information or if an insider chooses to take advantage of their system access you will be
immediately notified of the suspicious activity.
No matter how well you follow these best practices, you might get breached. In fact, nearly
half of organizations suffered a security incident in the past year. If you do, having a response
plan laid out ahead of time will allow you to close any vulnerabilities and limit the damage the
breach can do.
Regulations like HIPAA, PCI DSS and ISO offer standards for how your business should conduct
its security. More than a hassle which you need to prepare audit logs for, compliance can help
guide your business.
30
About Teleste
Teleste is an international technology company that develops and offers video and broadband
technologies and related services. Our supply of technology contributes to the convenience
and safety of daily living. Our core business is video - image and data processing, transfer and
management. Our customer base consists of cable and telecom operators, as well as public sector
organizations. Our business is divided into two divisions, which are Video and Broadband Solutions
and Network Services. In both areas, we rank among the worlds leading companies and technological
forerunners. Video and Broadband Solutions focuses on access networks and product solutions in
video surveillance applications. Network Services offers comprehensive services for network design,
construction and maintenance. In 2013, Telestes net sales totalled about USD 250 million, and the
company employed more than 1,300 people. Teleste runs a worldwide network of offices and more
than 90% of its sales are generated outside Finland. The company is listed on the NASDAQ OMX
Helsinki Ltd. For more information see http://www.teleste.com and follow @telestecorp on Twitter.
SOURCE Teleste Corporation
31
Mr. Jayant Kumar Banthia, IAS Retd., former Chief Secretary, Maharashtra
Mr. D. Sivanandhan, IPS Retd., former CP Mumbai & former DGP, Maharashtra, & Chairman
SECONA
Mr. K. L. Prasad, IPS, Commissioner of Police, Navi Mumbai
Mr. Vijay Mukhi, Renowned Cyber Expert & President, FIST
Mr. Sushil Jiwarajka, Chairman, Artheon Group of Companies
Mr. M. V. Deshmukh, Director, Maharashtra Fire Services
32
About Videonetics
Videonetics is an Indian Company with world class technology in Intelligent Security and Surveillance
industry with its deployment in India, USA, and Middle East. Headquartered in Kolkata, the
company offers complete software solution including its unique and versatile Intelligent VMS (Video
Management Software) embedded with Intelligent Video Analytics applications to the IP Video
Security and Surveillance market, as well as Intelligent Traffic Management System, ANPR, Red
Light Violation Detection etc.
Videonetics was founded by Dr Tinku Acharya, who co-architect of the first webcam application
from Intel, an IEEE Fellow and renowned domain expert who holds over 150 US, European and
international patents, author of many books on technology.
Videonetics controls 70% of the market share in verticals like aviation, where they manage security
and surveillance for 73 airports across India. Videonetics has also installed its smart surveillance
systems at 5 major railway stations on the South-Eastern Railway network. It was also entrusted
with the pivotal task of putting in place a wide city surveillance network in the Alipore safe city
in Kolkata. It also executed the setting-up of an Intelligent Traffic & Law Enforcement regulation
system across Kerala- Trivandrum. Kochi, Calicut and Bhubaneshwar in Orissa. Videonetics has
also installed Intelligent Video Surveillance cameras at Allahabad City, Chandigarh High Court,
Anna Centenary Library, Indian Oil Corporation, AP Transco (Transmission Corporation of Andhra
Pradesh), ITC Munger - Bihar, Exide Industries Haldia, Welspun Gujarat, Infinity IT Park, Salt
Lake -Kolkata, Capital Plaza Mall and Mushriff Mall in Abu Dhabi UAE. Videonetics ITMS & Safe City
Solution is also under deployment at Indore, the commercial capital of Madhya Pradesh.
33
| www.winmagic.com
Reduce IT Costs
Simplify everyday tasks for IT Admins
35
NEWS BRIEFS
CYBER SECURITY
Banking passwords stealing virus prowling in Indian cyberspace
Cyber security sleuths have alerted e-banking users in the
country against the infectious and destructive activity of a
worm virus, which attacks and steals personal login secrets
and passwords of an individual.
The virus, of the deadly Trojan variant, has been identified
and named as Cridex and is considered notorious as it can
assume as many as six aliases to perpetrate its activities.
It has been observed that the new variants of Cridex malware
are spreading widely. Cridex is an information stealing
e-banking Trojan that propagates via removable drives and
targets users of online banking/social media for stealing user
name, passwords among others, the Computer Emergency
Response Team of India (CERT-In) said in its latest advisory to e-banking users in the country.
The virus spreads by simultaneously opening a backdoor for downloading a number of malicious files once it enters a
users personal Internet working stream.
Like the other major banking Trojans, the malware performs web injects into the HTML pages of financial institutions
contained in the configuration file. The malware routes the users to fake banking sites for divulging user information
and subsequently connects to the bank site from the victim IP address by bypassing IP reputation blocking, the agency
said in its alert.
Some of the identified aliases of this banking virus are Geodo, Dapato, W32/Kryptik.BVB, Worm.Win32.Cridex,
PWS:Win32/Zbot and Trojan.Gen.2 and can be noticed by these names when they appear online.
The agency said, once activated, the virus targets and steals login credentials of various banks and social networking
sites like Facebook, Twitter and Instagram among others.
The anti-sabotage cyber agency has also recommended some counter-measures for the users to deploy in their personal
computers and Internet-enabled devices from where they perform their e-operations and online banking jobs.
Enable firewall at desktop and gateway level, keep up-to-date patches and fixes on the operating system and
application software as well as anti-virus and anti-spyware signatures at entry points, it said.
It also suggested users to update and install the latest updates and softwares to protect computer from viruses,
Trojans, guard against social engineering attacks, usage of strong passwords, limiting user privileges, exercising caution
while opening attachments to emails received from known or unknown sources and avoiding downloading of pirated
software.
36
NEWS BRIEFS
Gulshan Rai becomes first chief of cyber
security
The Indian government has created a cyber-security chiefs
position under the Prime Ministers Office and has appointed
GulshanRai, said a top official in the IT ministry.
Rai, who has been heading the computer emergency response
team at the department of electronics and information
technology (DeitY), will now take charge as special secretary
for cyber security.Rai has been working since 1998 in the area
of evolving legal framework to address issues arising out of cyberspace. He is also expected to head the national cyber
coordination centre (NCCC) that the government is also setting up with a budget of Rs 1,000 crore. He was for a long
time tipped to become the first national cyber security coordinator. Rai couldnt be reached for comments. DeitY has
already posted a vacancy for the post of director general for Indian computer emergency response team.
Cyber security is fast becoming a nightmare for the government even as its Digital India initiative will increase the
relevance of the internet and expose the country to large cyber-attacks.Reported attacks on Indian websites have
increased nearly five times in the past four years. Until mid-2014, more than 60,000 incidents were recorded, according
to the Indian Computer Emergency Response Team.
Experts believe that a special secretary for cyber security under the PMO will help India secure its digital assets in a better way.
37
NEWS BRIEFS
Powergrid to develop Grid Security Export
System
Grid Security Expert System (GSES) is proposed to be developed
by POWERGRID and it involves installation of knowledge based
Supervisory Control and Data Acquisition (SCADA) system, numerical
relays and Remote Terminal units upto 132 kV stations and the
reliable Optical fibre Ground wire (OPGW) communication system
at an estimated cost of around Rupees 1200 crores. The objective of
the GSES is implementation of the Automatic Defense mechanism
to facilitate reliable and secure grid operation. This was stated by Sh.
PiyushGoyal, Minister of state for Power, Coal & New and Renewable
Energy (IC) in a written reply to a question in the Rajya Sabha.
The Minister further stated that CERT-In (Computer Emergency Response Team-India), Department of Information
Technology, Ministry of Communication and Information Technology, Government of India has prepared a Crisis
Management Plan (CMP) for countering cyber-attacks and cyber terrorism for preventing the large scale disruption in
the functioning of critical information systems of Government, public and private sector resources and services. The
Crisis Management Plan (CMP) for Countering Cyber Attacks and Cyber Terrorism outlines a framework for dealing with
cyber related incidents for rapid identification, swift response and remedial actions to mitigate and recover from cyber
related incidents impacting critical national processes.
In December 2010, Ministry of Power had constituted CERTs (Computer Emergency Response Teams) for power sector
i.e.; CERT-Thermal (nodal agency- National Thermal Power Corporation (NTPC)), CERT-Hydro (nodal agency- National
Hydroelectric Power Corporation (NHPC)) and CERT-Transmission (nodal agency- Power Grid Corporation of India
Limited (PGCIL) to take necessary action to prevent cyber-attacks in their domains. The State Power Utilities have
also been advised to prepare their own sectorial Crisis Management Plan (CMP) and align themselves with the Nodal
Agencies i.e. NTPC, NHPC & PGCIL and CERT-In for the necessary actions.
38
NEWS BRIEFS
one roof to develop synergy and keep constant vigil on cyber space.Expected to become functional within a year, the
center would enable the police to put a tab on the mischievous elements in the virtual world invading private cyber
space of individuals, government agencies, industrial houses and banks by indulging in hacking, phishing, cyber terror,
cash cards electronic thefts, industrial spying, web defacements, stocking and publication of obscene contents.
A cyber lab being developed at a cost of Rs 50 lakh would also be part of the centre for cyber security. Voice analysis
and digital forensic, which would come up at the Forensic Lab in Junga would go a long way in speedy investigations
and analysis of samples of computer files, voice recording and digital data being sent outside the state.
FRAUDS
RBI mandates 100% provisioning for fraud
cases
Alarmed by the growing number of fraud cases in the banking
system, the Reserve Bank of India (RBI) has told lenders
to make 100 per cent provisioning for such accounts if a
wrongdoing is detected.
If a delay in reporting the fraud, the entire provisioning is required to be made at once. In addition, RBI may also
initiate appropriate supervisory action where there has been a delay by the bank in reporting a fraud or provisioning,
the notification added.
Based on the Indian Penal Code provisions, RBI norms classify fraud in seven categories -- misappropriation
and criminal breach of trust, fraudulent encashment through forged instruments/manipulation of books of
account or through fictitious accounts and conversion of property, unauthorised credit facilities extended for
reward or for illegal gratification, negligence and cash shortages, cheating and forgery, and irregularities in
foreign exchange transactions.
39
NEWS BRIEFS
RBI to soon issue norms for Central Fraud
Registry
Reserve Bank of India (RBI) has almost finalised the structure
of the Central Fraud Registry and will soon come up with
guidelines to enable quick sharing of information about
unscrupulous borrowers and help banks fight bad loans.
RBI Deputy Governor S SMundra mentioned to press that
the proposed institution, which will enable quick sharing of
information on entities found to be defrauding banks, would
work under the supervision of RBI.
Currently, banks are advertising the list of wilfuldefaulterson their website and newspapers individually. With setting
up of this registry, list of all unscrupulous borrowers will be available on a single platform.
Thus, banks can take advantage of the registry at the time of sanctioning loan by checking the credentials of a borrower
from the registry.
It is important for the system to weed out the unethical elements at the earliest opportunity to ensure the credibility
and the efficiency of the credit system in the country, he said.
Efforts also need to be made to alienate the wilful defaulters and fraudsters and debar them from accessing the
banking system for further finance, he added.
As per RBI data, the gross NPAs (non-performing assets) of the PSU banks stood at Rs 2,60,531 crore, as on December 2014.
The top 30 defaulters are sitting on bad loans of Rs 95,122 crore, which is more than one-third of the entire nonperforming assets (NPAs) of public sector banks as on December 2014.
The total number of borrowers having defaulted on Rs 10 crore and above at the end of September 2014, stood at
2,897 with outstanding amount of Rs 1.60 lakh crore.
RBI has issued instructions including designing framework for revitalising distress assets to improve the health of the
financial sector, to reduce the NPAs, improve asset quality of the banks and to prevent slippages.
As per the framework, each bank has a Board approved loans recovery policy and it requires a robust mechanism for
early detection of signs of distress including prompt restructuring in the case of all viable accounts.
It has been stipulated to review NPA accounts of Rs 1 crore and above by Board and top 300 NPA accounts by the
management of the Board.
40
NEWS BRIEFS
Although the number of such fraud cases is the highest in countrys largest lender State Bank of India (SBI) at 474, the
total amount involved was less at Rs 1,327 crore.
Syndicate Bank reported 114 cases of frauds with total amount of Rs 749 crore involved, followed by Oriental Bank of
Commerce (OBC) at 86 cases involving Rs 719 crore.
PSU banks report fraud cases of Rs one lakh and above to banking regulator RBI.
As per the data, Bank of Baroda (BoB) reported fraud worth Rs 597 crore, followed by IDBI Bank (Rs 507 crore), UCO
Bank (Rs 424 crore) and United Bank of India (Rs 376 crore).
41
NEWS BRIEFS
42
NEWS BRIEFS
Police chiefs sound alarm in wake of cuts to
modernisation budget
Directors-General of Police from several states have warned
Home Minister Rajnath Singh that the governments decision
to slash central funding for state police forces could hit their
combat capability in insurgency and terrorism-hit states.
Police chiefs have also warned that the cuts will hit plans to
modernise the forensics and investigative skills of their forces.
The cuts to the centresModernisation of Police Fund (MPF),
will slash about Rs 800 crore from funding for key police infrastructureconstruction and upgrading of police stations,
police housing, forensic science laboratories and training facilities. The cuts to the MPF were announced in the Union
Budget as part of an effort contain the fiscal deficit. Now, state governments will be expected to provide their own
funds for these elements of police modernisation, through the additional 10% share of central tax revenue they were
granted by the Fourteenth Finance Commission.
SMART CITIES
Task forces for Smart Cities set up
City-wise task forces have been set up by Urban Development
Minister Venkaiah Naidu for drawing up concrete action plans
for development of Ajmer, Allahabad and Visakhapatnam as
Smart Cities.
The Task Force will have representatives of the ministries
of Urban Development and External Affairs, respective
state governments and cities and the United States
Trade Development Agency (USTDA), said a senior Urban
Development Ministry official.
Setting up of these Task Forces is in pursuance of the decision taken at a recent meeting between Naidu and the US
Secretary of Commerce Penny Pritzker.
The Task Force on Ajmer comprises Divisional Commissioner, Ajmer (Chairman), Secretaries of Town and Country
Planning and Municipal Affairs in Rajasthan government, District Collector of Ajmer, Administrator of Urban
Improvement Trust, Ajmer, Municipal Commissioner of Ajmer, Mayor of Ajmer besides Joint Secretary of Union Urban
Development Ministry, and representatives of Ministry of External Affairs and USTDA.
Allahabad Task Force comprises Divisional Commissioner (Chairman), Secretaries of Town and Country Planning and
Municipal Affairs in UP government, District Magistrate, Vice-Chairman, Allahabad Development Authority, Mayor of
the city besides Additional Secretary (Urban Development), Government of India and representatives of Ministry of
External Affairs and USTDA.
The Task Force for Visakhapatnam will be headed by Secretary (Town and Country Planning) in Andhra government,
Secretary (Municipal Affairs), District Collector, Municipal Commissioner, Vice-Chairman, Visakhapatnam Urban
Development Authority, Mayor of the city, Joint Secretary (Urban Development), GOI and representatives of Ministry
of External Affairs, Indian Navy and USTDA.
NBCC, DDA sign MoU for first smart sub-city in East Delhi
The National Buildings Construction Corporation Ltd. (NBCC) and Delhi Development Authority (DDA) have signed
anMoU for the first smart sub-city to come up at Karkardooma in East Delhi.
As per the MoU between NBCC and DDA, the project, which will be spread over an area of 30 hectares, will be completed
in phases and the first phase of construction will be completed within a period of 36 months. As per the MOU, NBCC
will manage the project and a joint team of VC, DDA and CMD of NBCC will monitor its progress.
43
NEWS BRIEFS
The finalization of designs etc will be done by a
Committee represented by both the Organisations
and experts. NBCC shall be paid project management
charges @10 percent of the final project cost (i.e. only
the cost of construction and development without
including the cost component of land) for coordination,
supervision and monitoring of the project as per
approved detailed project report.
NBCC with prior written permission of the DDA may
undertake marketing of the built-up space at such
terms and conditions which may be mutually agreed
from time to time.
NBCC in consultation with DDA will finalize disposal
methodology, phasing of disposal, period of disposal,
rates thereof and other terms and conditions for
disposal of the built-up space. NBCC shall be entitled to disposal fee @ one percent of disposal Price of such properties.
However, DDA would retain authority for pricing and disposal of the property.
It may be recalled that East Delhi Hub at Karkardooma project is the first TOD project which will be taken up and
since this will be a unique mix of small size town homes, apartments, studios, residents for senior citizens including
commercial, recreational etc. with world class facility etc, it is slated to change and shape the lifestyles of Delhiites as
there will be more emphasis on quality living with less use of personal transport and more of pedestrian commuting.
An MOU with NBCC has already been signed outlining the details of the responsibilities of NBCC and deliverables to
DDA. It has been agreed by both parties that the project should be designed in such a manner that it has the advanced
technology features.
44
NEWS BRIEFS
Gujarat to adopt Bengaluru model for city
roads
Gujarat government will adopt the Automated Traffic
Enforcement (ATE) system used by Bengaluru city police.The
system which aims to improve the traffic management and
punish traffic law violators in major cities of the state will be
launched in Ahmedabad and Jamnagar on a pilot basis. The
government has allocated Rs 6 crore for the pilot project.
Under the ATE system in Bengaluru city, constables note down
the numbers of the offending vehicle and pass the information
to the Automation Enforcement Centre equipped with
computers, software and vehicle database. Enforcement surveillance cameras keep watch on the motorists crossing
the stop line, breaking lane discipline, and violating other traffic rules.
The offender is issued computerized challans generated under the section 133 of M V Act and it is sent to the offender
by post.The traffic police also use smart phones to impose fine on the offender.
This type of system helps in on-the-spot fine collection and receipt generation. Cases booked are stored in the server
and repeated offenders are identified. For those who cannot pay the fine on the spot, notices are issued to them
and the details are put up on the server. The registration database from the transport department is linked to the
automated centre so it helps in taking action like cancelling licence of the repeated offender.
45
NEWS BRIEFS
cities in ports of Kandla and JNPT, complete with affordable housing and other necessary infrastructure, wind and
solar power generators for electricity generation, said Nitin Gadkari, Minister of Shipping, after the Cabinet gave an
in-principle nod to the project, aimed at port-led development in coastal States.
We are confident that the Sagarmala project will bring down cost of export-import, boost coastal traffic, improve
trade and will provide infrastructure by way of roads and rail to transfer goods from one port to another, he said.
Giving the example of high costs involved in transferring a shipment by road from Mumbai to Aurangabad vis--vis
by ship from Mumbai to Delhi, Gadkari said, Not only is mobility by road expensive and time consuming, but is also
environment unfriendly and comes with an added risk of accidents.
The port-led development is expected to lift Indias GDP growth by 2 per cent, Gadkari said. Terming the decision as
revolutionary Gadkari said, An allocation of Rs4,000 crore has been made for SEZ at JNPT. Our second SEZ is proposed
at Kandla port, for which we have two lakh acres of land in its possession. Gadkari said a National Perspective Plan
(NPP) for the coastline will be prepared within six months which will identify geographical regions to be created as SEZs.
The Cabinet also nodded the creation of a Special Purpose Vehicle by the Ministry of Shipping, which will be funded
by 12 major ports and Rail Vikas Nigam Limited. The SPV, which will improve the last mile connectivity to ports and
modernise evacuation infrastructure will aim at reducing time and costs involved in cargo transfer. Gadkari further said
that parliamentary nod is also being sought on the Bill to convert 101 rivers into National Waterways in the ongoing
Budget Session.
46
The forum will engage with central & state governments as well
as other public authorities to promote the Smart City initiative,
CII said. CII said it also hopes to finalise a similar agreement
NEWS BRIEFS
The idea is to help form consortiums to enable Smart Cities happen, working with the state governments to see how
we can bring expertise and knowledge from these countries to India to enable the vision of creating a 100 Smart Cities.
Industry partners will support the Mission by generating ideas promoting Smart City concepts amongst stakeholders.
They will also prepare and undertake demonstration projects, prepare prototypes to showcase best practices in various
fields related to Smart City development.
47
NEWS BRIEFS
of the prerequisites of a smart city would be to have an integrated and reliable database, which in case of Haryana
could benefit HUDA, licensed colonies, the public health department, municipalities, PWD (Buildings and Roads), Delhi
Metro, for future infrastructure expansion or development.
48
Nuance Identifier
Nuance Forensics
Nuance
Communications
Nuance Communications
Deepak
Bhatia
|
T +61 2 9434 2300
Ashish Bhat
|
australia.nuance.com
Brisbane
Melbourne
Sydney
Deepak.Bhatia@nuance.comLevel 23,| 40 City+91
99111 81052
245 - 249 Lutwyche Rd
Rd
Level 11, 124 Walker St
ashish.bhat@nuance.com
|
+91 98102 14664
Windsor QLD 4030
Southbank VIC 3006
North Sydney NSW 2060
49
50
BANK SECURITY
echnologys giant strides and its incredible success in terms of bringing more people in the
ambit of a digitized and connected world need no elaboration. If the last decade of the 20th
Century witnessed the advent of new age banking in India with the ubiquitous Indian customer
being introduced to the concept of ATM, the first decade of the 21st Century saw the expansion of the
sphere of plastic money, internet based banking or net banking as well as phone banking. Over the
last five years or so, the exponential growth of smart phones, tablets and the advent of the new age
of applications or app as there are commonly known as, has brought in a completely new dimension
so far as spreading the reach of banking is concerned. This has been extended even more with the
massive proliferation of blogging sites such as facebook and twitter. New age banking thus had to
keep pace with all these developments and bring innovations to match the pace of technological
developments. Today one can even operate or rather make banking transactions with twitter.
With time, the reality of today is that one can and does operate a bank account from multiple
platforms like the smart phone, the tablet as well as the PC or laptop. Ports have been replaced
by smart applications and even though cyber banking has made life and transaction extremely
convenient, it has not come without its baggage of inherent risk because of cyber related frauds.
A report by the Centre for Strategic and International Studies (CSIS) in 2014 stated that the global
cost of cyber crimes is to the tune of a whopping $445 billion. In fact the enormity of the impact of
cyber related crimes on the banking industry can be gauged by what was reported in February this
year. An article by The Telegraph of UK stated that a gang of Russia based hackers were behind a
cyber heist that resulted in stealing of 650 million from some UK as well as Japan, China and US
based banks, As pert the news report the modus operandi of the gang involved using malware to
infiltrate into the concerned banks network and then sending data back to the hackers for months.
To take another example, in 2013, it was reported how the hackers had stolen around $45 million
from a couple of Gulf based banks after successfully hacking into the system of a credit card
processing firm and then withdrawing money from ATMs from around 27 countries.
3rd SECURE BFSI CONCLAVE 2015 - Special Issue
51
BANK SECURITY
With India continuing to be the one of the fastest growing markets for internet, net banking and
digital payment industry has been growing by leaps and bounds here. Reports state that in 2013,
India 800 million financial transactions through the electronic media with almost 44% of the same
being through net banking. By certain estimates, the digital payment industry of India was worth
nearly $20 billion in 2014. The rapid increase of mobile banking as a result of a massive proliferation
of mobile telephony and popularity of smart phones have made the Indian market one of the fastest
for net based banking. However, as is the case with the global trends, the proliferation of net banking
and cyber world has brought with it, its own set of problems. India has been witnessing a whopping
40% increase in cyber crime annually and a substantial portion of this is related to banking as well.
Cyber attacks not just by non-state actors but also state sponsored concerted cyber attacks have
become a real issue.
The modus operandi of the cyber criminals remain more or less the same across the world with some
of the most popular method of attacks can be categorized as virus, spam mails, Trojan, malware,
scare ware, phishing, fiscal fraud and carders.
Criminal
Processes
Poor Practice
Accidental
Assets
Governance
Information Sharing
Mutual Aid
Reputation
Traditional
Regulations
Coordinated Action
Risk Markets
Embedded Security
Community
People
Corporate
Espionage
Terrorism
Responses
Policies
Hacktivism
Government
Driven
Values at Risk
Systemic
Vulnerabilities
Technology
Threats
52
Notes
53
Notes
54
BFSI
3 SECURE
CONCLAVE
rd
New Delhi
Next to Syndicate bank,
Subhanchal Hostel Building
Near Vikas Sadan, INA colony
New Delhi 110 023
T: +91 11 4955 6600
F : 91-11 4373 4477
Mumbai
103/104, 10th Floor, Maker
Chambar VI, Nariman Point,
Mumbai - 400021
T : 91-22-43423313 33
F : 91-22-43423322
Bangalore
503, 15th Main, 7th Cross 3rd Block,
Koramangala Extn
Behind BDA, Bangalore 34
T : 91-80-4125 4959
F : 91-80-4125 4958
www.securitywatchindia.org.in
or email us at
info@securitywatchindia.org.in