tag:blogger.com,1999:blog-8807770132617293371.post6057764324337748304..comments2022-12-06T02:42:30.285-08:00Comments on Techno Legal Journalists: Internet Banking Cyber Security In IndiaTechno Legal Newshttp://www.blogger.com/profile/10371257099627919749noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-8807770132617293371.post-50703812972822848132011-12-27T23:42:32.021-08:002011-12-27T23:42:32.021-08:00The RBI guidelines are grossly inadequate as it is...The RBI guidelines are grossly inadequate as it is. RBI has asked banks to implement 2 factor authentication which most of them have not. It is a well known fact that OTP (the most popular 2FA mechanism) as it is available today is completely vulnerable. This has been acknowledged by FFIEC and MAS. FFIEC clearly states in its recent security guidelines dated 22nd June 2011 that OTP mechanisms are defenceless against MiB/MitM attacks.<br /><br />I wish we had stronger guidelines and will from RBI to get banks to implement its guidelines. The IBA is very strong and is able to wrestle out of these guidelines. Banks want to use the internet to bring down the cost of banking but are extremely reluctant to invest in safeguards for the risks it brings to its customers...MShttps://www.blogger.com/profile/04925520422666463414noreply@blogger.com