22 june 2001
rbi says depositors cannot open accounts online
mumbai—the reserve bank of india while laying out
guidelines on internet banking says depositors cannot open accounts online and though a
request to open an account can be accepted over the net, accounts should be opened only
after a proper introduction and physical verification of the customer's identity. the rbi
has barred banks from extending the facility, which some private banks offer to nri
customers.
it also says that non-banks cannot be part of internet payment gateways. besides, it has
asked banks to check the security of their internet banking systems, using the services of
'ethical hackers'.
while the restriction on opening online accounts may affect business plans of a few banks,
the barring of non-banks from setting up payment gateways will hit the plans of some it
services companies.
rbi said: "only institutions which are members of the cheque-clearing system in the
country will be permitted to participate in inter-bank payment gateways for internet
payment. each gateway must nominate a bank as the clearing bank to settle all
transactions."
besides, the central bank has said that payments done using credit cards, payments arising
out of cross border e-commerce transactions and all intra-bank payments (ie, transactions
involving only one bank) should be excluded for settlement through an inter-bank payment
gateway. inter-bank payment gateways must have the capability for both net and gross
settlement.
all settlements should be intra-day and in real time. the guidelines require that the
connectivity between the gateway and the computer system of the member bank should be
achieved using only a leased line network, with appropriate data encryption, and not
through internet standard.
once legislations are in place for digital signatures, all transactions must be
authenticated and digitally certified by any licensed certifying agency. rbi has
prescribed a ssl/128 bit encryption as the minimum level of security.
to ensure systems' security, rbi has said that the information security officer and the
information system auditor in the bank should undertake periodic penetration tests of the
system, which should include: application of special password-cracking software; attempts
to overload the system using ddos (distributed denial of service) & dos (denial of
service) attacks; and checks to determine if commonly known holes in the software,
especially the browser and e-mail software, exist.
18 june 2001
steps may be on to convert mumbai
into an offshore banking base
mumbai: if bureaucratic lawmakers do
not throw a spanner in the works, mumbai could well be the next offshore international
financial centre in asia.
