This article is written by Raunak Sood, pursuing Diploma in Advanced Contract Drafting, Negotiation, and Dispute Resolution from LawSikho. The article has been edited by Prashant Baviskar (Associate, LawSikho) and Smriti Katiyar (Associate, LawSikho).
Albert Einstein once said, “Technological progress is like an axe in the hands of a pathological criminal”, this quote of Albert Einstein is the main crux of this paper, put forth in a simpler manner. The linking of the internet and banking has made the procedures, techniques and processes of banking simpler, easier, faster and efficient. Since the internet works on big chunks of data that are exploited by malicious elements, such as hackers, spammers, drudgers and infection vector creators who target and compromise data of financial institutions by using unlawful methods to put the safety, security and privacy of various individuals who confide, rely and trust the Banking infrastructure of India at risk. To protect the faith reposed by Indians in the Banking System, there are laws enacted by the Parliament of India to protect the confidence placed in the e-banking system, meanwhile, the currently existing legal structure is sufficient but due to the entry of artificial intelligence and daily evolution of technology, the current legal structure might fall short by a yardstick until and unless it undergoes an upgrade to protect Indian consumers. The objective of this paper is to analyse the existing legal structure of e-banking and give some constructive recommendations to upgrade, improve, enhance, and adapt to the forthcoming future of the banking processes in India.
Banking is defined as the business of accepting monetary deposits from the public with the sole objective of loaning, or financing, repaying money on receiving requests, and withdrawal of money via any financial instrument. The internet has been called the “highway of information” because it possesses the capability to connect billions of people across the globe at the touch of a button at the same time internet uses IP Addresses (Internet Protocol Address) to identify, locate and detect servers across its network to communicate information in bytes across the network laid down by the Service Provider.
The legal structure of e-banking in India
E-Banking or Internet Banking has eliminated the need for paper and physical financial instruments because funds, money and capital can be easily accessed and transferred to the beneficiary on this online platform, therefore Internet Banking has reduced problems like geographical barriers, lack of infrastructure, cost, difficulty in obtaining loans and time consumption. Therefore, it is important to know the existing legal structure of e-banking and the challenges that lie therein.
Reserve Bank of India minimum standards on e-banking
On 17th October 2000 the Ministry of Information Technology issued a notification exercising its authority under the Information Technology Act, 2000. Pursuant to this notice the Reserve Bank of India (hereafter referred to as “RBI”) issued a notification dated 14.06.2001 and formed the S.R. Mittal Working Group Committee and subsequently the previous notification of 14th June 2001 was amended by RBI notification dated 20.07.2005, where the need for the approval of RBI was scrapped off, the following were the minimum benchmarks of security set up by the RBI:
- Highly encoded 128 Bit Security Socket Layer based digital signatures for authentication purposes. Every bank should have Security Officer solely dealing with information technology and shall work towards the execution of the rules made under the IT Act, among other things, the Board of Directors shall approve the security policy that is adopted by the bank.
- At that time login id, password, biometric verification were new notions, hence the banks were asked to adapt to such new concepts wherein the bank must make sure that Internet and Digital Banking System respects the security and privacy by maintaining a line of proxy server-based firewall. All the security structures were to be tested before any kind of Internet Banking facility was available, whereas the upgradation, bug removal and other security software were deemed necessary to be installed.
- Any security fissure which might open up during the E-banking must be reported and taken care of at the earliest possible opportunity and future policies should be framed while keeping in mind security fissures that are incurred from time to time. Meanwhile, the burden lies upon the bank to keep both encoded and decoded records of all the transactions and messages received during e-transactions.
Information Technology Act, 2000 (“IT Act”)
E-banking is mainly regulated by the Banking Regulation Act, 1949 and the Reserve Bank of India Act, 1934 but all sorts of cybercrimes and electronic payment related systems are regulated by the IT Act and the important features of the IT Act which should be noted are:
- The legislative intent behind the IT Act is to enable e-commerce and governance wherein all electronic documents and digital signatures are recognized under IT Act which should be retained and analysed properly by the bank because all contracts and electronic transactions are lawful and enforceable under this Act.
- No e-banking transaction can survive if it is not in conformity with the provisions of the IT Act because the protection of privacy and crypto function-based authentication of E-transactions can only take place under the umbrella of this Act as theft of data via unethical means of hacking, creation and spreading of the virus is punishable under this Act. In fairness, the Act also grants immunity to prevent harassment to Internet Service Providers and intermediaries over the illegal activities committed on their networks.
- With the immunity granted, a duty is cast on the Bank (intermediary) to keep a record and conserve the same as directed by the Central Government from time to time, meanwhile the violation of security or privacy of E-transactions during sign-in, password typing, and other confidential information is protected under the aegis of this Act, wherein any violation thereof has been made punishable.
Overlap and disconnect between Indian Penal Code (“IPC”) and IT Act
- Section 378 IPC read with Section 424 IPC; prohibits and punishes people who steal or assist in the theft of data either by hacking, creation of infection vectors, or spreading viruses whereas Section 66-B of the IT Act overlapping with Section 411 IPC prohibits and punishes people for receiving stolen data and information from any sort of technological computer-based device. Even forgery or producing falsified electronic documents can be punished under Section 468 IPC but no such punishment has been prescribed under the IT Act.
- Any person who cheats another person by using a computer medium commits an offence of cheating-by-personation which is punishable under Section 66-C of the IT Act which is overlapping with Section 411 IPC, i.e., dishonestly receiving stolen property, whereas Section 425 IPC which punishes mischief has not been made punishable under the IT Act hence causing mischief by spreading the virus and refusing access to personal data of individuals can be punished with 3 months imprisonment, fine or both under Section 425 IPC.
Legal remedies and some solutions to the problems in the existing legal structure
There are various issues in e-banking which the existing legal structure has failed to address, hence the following are some of the remedies and solutions to the existing cyber problems faced during e-banking:
- Jurisdiction and enforceability- Since the internet is a borderless world and cybercrimes threaten the sanctity of e-banking, herein cyber-attacks can take place from any computer either located in India or abroad hence Section 75 of the IT Act gives universal jurisdiction whenever any sort of cyberattack takes place on any computer located within the territory of India. Such crimes are investigated and prosecuted by cyber cells which are located across various districts in India. If a cyberattack is foreign state sponsored, then compensation by means of attachment of property existing in India of that foreign state can be claimed by the Republic of India.
- Seeking Compensation, Penalty, and prosecution by Cyber Cells- Under Section 43A and 72 of the IT Act any theft, breach of confidential data, cheating or offences of the same nature are liable to be penalized and the victim shall be compensated in case any fraud takes place during E-Banking transactions. It is also pertinent to note that the Banker’s Book Evidence Act mandates that bank records in digital format can also be appreciated by the Court as it can be treated as documentary evidence under Sections 65A and 65B of the Indian Evidence Act, 1872.
- Approaching the Consumer Forum- Disputes regarding the privacy of consumer accounts, rights, deficiency in E-banking services, liabilities of banks towards its customers, and the rights of consumers can be enforced by the Consumer Forum having the relevant pecuniary jurisdiction under the Consumer Protection Act, 2019.
- Approaching Special Court for Money Laundering cases- Under Section 11 of the Prevention of Money Laundering Act, 2002, any money laundering taking place through E-Banking can be prosecuted and prevented under the aegis of this Act and Section 11 also casts a burden upon the Bank to maintain a record of each and every transaction occurring through its electronic payment gateway.
E-banking offers a higher level of convenience for managing one’s finances. However, it continues to present challenges to financial security and personal privacy. Many people have had their account details compromised, as a result of online banking. Thus, if one is going to use it for financial transactions, he should be aware of the risks involved. Awareness of the risks and problems enables him to take precautions for a more secure online banking experience. The e-Banking system is not only popular nationally, but also internationally, where a person can transfer money through any part of the world. The e-banking system is useful for bankers as well as customers of banks.
- https://indiankanoon.org/doc/123351751/#:~:text=%2DWhere%20in%20a%20contract%20 formation,on%20the%20ground%20that%20such
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join: