Professional Documents
Culture Documents
Academic Task No.: CA2 Academic Task Title: Case Study based on HDFC bank: Securing online
banking
Date of Allotment: 28th of March 2022 Date of submission: 4th of April 2022
Student’sRoll no: B36, B42, B34 Student’s Reg. no: 11706416, 11711708, 11702720
Evaluation Parameters:
Learning Outcomes: Through this case study, various facts related to banking and
information system was explained and understood. Various concepts with respect to
online frauds were also described.
Declaration:
I declare that this Assignment is my individual work. I have not copied it from any
other student‟s work or from any other source except where due acknowledgement is
made explicitly in the text, nor has any part been written for me by any other person.
The case talks about the revolutionary change it faced when internet hit the India and
how it changed the whole banking scenario for HDFC bank as online frauds
positioned its place inside the online banking process.
The phishing attacks on banks in India were an indication that the amount of online
clients of Indian banking had shown up at least sum. Enough electronic clients had
moved enough of their resources online to make an attack worthwhile for a phished.
The hardships of IS would simply fill in the future as progressively more record
holders changed to electronic banking. HDFC expected to spread out an IS structure
that would make the particular trades of the electronic clients of HDFC Bank free
from even a smidgen of damage.
Presenting an additional level of safety calling for new passages for each web-based
exchange seems an inescapable end product. In any case, the CISO should contend
with client benefit that is transforming into a wellspring of qualification in a serious
financial situation. The case offers an opportunity for students to think of a guide for
the CISO in fortifying the web-based security of a new generation bank.
Identification of the main problem
Phishing attacks: Stealing of user id and password was very common during
that time. Phishing is a sort of friendly designing attack regularly used to take
client information, including login accreditations and Master card numbers. It
happens when an attacker, taking on the appearance of a confided in
substance, hoodwinks a casualty into opening an email, text, or instant
message. Saved username and password, online browser save id and password
for user convenience but it’s a threat if computer is lost.
Hacking into bank database: Hackers able to get the bank data base and can
exploit customer data. The exploiter can take a lot of data about the customer
and can manipulate according his own advantage. With respect to HDFC
bank, it faced a lot of problems dealing with such fraudulent activities. Viruses
created by hackers are malicious code which can infect user login credentials.
Rigorous Protocol of IS: One of the goal lines for HDFC in their job as boss
chief security official was to guarantee that the IS conventions were not so
thorough as to make inconvenience customers. In spite of the fact that HDFC
Bank was not seeking after piece of the pie as a business objective by its own
doing, getting standard yearly expansions in new customer accounts was
essential to business development, and guaranteeing that current customers
remained on with the bank was similarly significant.
Secure Access: The issue before HDFC was whether the bank ought to give
secure admittance to each enlisted web-based client or breaking point secure
access just to dynamic clients. It was vita l to give a time span to dormant
clients to look for secure access prior to debilitating their records, however the
window must be little to forestall abuse during the interval time frame.
In India, Phishing attack came to light in August 2007 and HDFC was quick to take
corrective measures. It signed on with RSA security. The bank has introduced a
“cooling period” which provides bank, the time to check transaction. Along with
ensuring security, Salvi also ensure that IS protocols were not so rigorous as to cause
inconveince to customer. Phishing is one of the most common online frauds in
developed countries like US where one in every 115 customer had lost money in 2006
due to phishing.
Key Issue
It was important that the data of customer is secure and safe and they should not feel
any inconvenience while using the service of the bank. Therefore, Salvi was
contemplating the options he has to achieve this objective.
The bank should continue with the current level of security as it is now. The current
“adaptive risk modeling system” whereby the operating system assigned a score to
each transaction on the basis of pre-determined parameters. The higher the risk score,
the greater the system intervenes. Moreover, the system may ask the customer to use
one time password, call the customer to verify the transaction or blocking the
transaction automatically. The bank may increase the current level of security. For
instance, every online transaction, irrespective of any parameter, will go through
standard checks such as validation and authentication. The bank should have layered
security approach for the purpose whereby multiple security systems are in place to
protect customer’s data and money.
Current System
Pros:
Cons
The current system has lower level of security as it is not able to counter the
phishing effect.
Pros:
This would increase the level of security and reduce the risk for their online
customers.
A trustworthy system would be developed that would increase the reputation
of the bank.
Cons:
Digital Certificate: Be sure you are on the right site. HDFC bank
webpage are identified by the digital certificate to assure its customer’s
that they are on the correct site. The certificate is provided by Verisign.
This protects the customers from revealing their confidential account
information on fraudulent websites.
Charge Card PIN: Double validation for key exchanges is another step
towards safe transactions. First Feature IconGet twofold the security
for key exchanges and NetBanking enrollment or secret key recovery.
Second Feature IconThe online IPIN recovery and NetBanking
enrollment offices have been fortified by including Debit Card PIN
validation. Third Feature IconThis is notwithstanding SMS One-Time
Password (OTP)- based confirmation.
Recommendations
The phishing assaults on banks in India were a sign that the quantity of web-based
clients of Indian banking had arrived at a minimum amount. Enough web-based
clients had moved enough of their assets online to make an assault advantageous for a
phished. The difficulties of IS would just fill in the future as increasingly more record
holders changed to web-based banking. HDFC needed to lay out an IS structure that
would make the singular exchanges of the web-based clients of HDFC Bank free from
even a hint of harm. In doing as such, he needed to gauge the possibility of
introducing extra degrees of safety for each internet-based exchange. There was
likewise the issue of managing clients who had enrolled for web-based banking
however went through with their exchanges over the counter. Another issue was
whether to keep on facilitating the solid information on location or take it offsite.
Security and the IS perhaps the main hindrance to acknowledgment of IT
administrations and advanced administrations as a utility turning out to be totally
pivotal in a more unique frequently legitimize their creation by asserting that it
upholds and advances specific characteristics, regularly called non-practical
characteristics. Bank-Focused framework model, however less risky, does not offer a
lot of with regards to stretching out monetary assistance effort to poor people and
unbanked. Both Bank-Led and Nonbank-Led framework models offer a more
noteworthy potential to accomplish this goal. These framework models,
notwithstanding, shift in their true capacity as well as dangers. The choice regarding
which model should be taken on ought to be made after cautiously gauging the
gamble bring tradeoff back. A cautious methodology might be taken on to begin with
the safer bank-drove model and steadily adding more choices as the players and
stakeholders become more experienced. When a model of branchless banking is
chosen, run after establishing an empowering administrative climate for execution of
that model ought to begin. A large number of such a climate are now set up if bank-
drove framework model is embraced. Nonetheless, Clear rules with respect to
different parts of suitable exercises ought to be given to stay away from
vulnerabilities. Further, a powerful annihilation of any unlawful and unapproved
administrations and contributions (by and large given by unlicensed players) - which
might grow up - is an absolute necessity to advance and shield the interest of
certifiable players and the general framework. Banking frameworks ordinarily
contains inheritance frameworks alongside extremely enormous data set frameworks.
For web banking applications countless points of interaction are joined to work with
the clients particularly in buyer banking applications. Treatment of monetary
exchanges requires dealing with different issues including validation, purchaser
security, illegal tax avoidance, obligation for unapproved exchanges.