According to the latest information given by the Ministry of Home Affairs, there was a humungous 300% rise in cyber-attacks in the country in 2020. Amidst the Covid-19 pandemic, cyber-attacks rose to 1,158,208 in 2020 as compared to 394,499 in 2019.
The BJP led Government of India has been aggressively pushing Digital Banking ever since the debacle that was Demonetization. While oftentimes the government has tried to justify the troubles and even loss of life during the Demonetization process with the “greater good” argument, the shift towards digital modes of payment has been rapid and rigorous. A good percentage of Banks including the ICICI have adapted to it in such a way that they offer complete banking solutions at the click of a button. Almost every bank has an app to cater to online payments and other banking tasks like Bank Statements, NEFT, RTGS and IMPS. Even opening an account has been simplified to the extent of providing your Aadhar number and agreeing for Aadhar based KYC authentication, as simple as that.
Since, to successfully build an online banking ecosystem, everything needs to be linked with everything, like your Aadhar Card with your PAN, your PAN with your Bank Account, your Mobile Number with your Aadhar, PAN and Bank Account, this is where it gets tricky. Remember how after demonetization the government remembered that it has forgotten to get the ATMs recalibrated? Similarly, while making a switch to online banking, the government seems to have forgotten that the security of these banking websites has been top-notch at all times, against any hacking attacks, as is common in cyberspace. With the number of UPI apps and online wallets growing by the minute, data safety took a back seat and what followed was absolute chaos. From Scam calls to Phishing scams, and ATM frauds, everything is a result of this.
How the linkages between your Mobile Number, Aadhar Number, PAN and Bank Account number make it worse is that if one gets hold of one of them, he can figure the others out. Simply because they are inter-linked.
To add a layer of safety to the ever-growing online payments in this country of 1.3 Billion people, RBI devised the One-Time Password (OTP) mechanism where every online transaction requires a 6-digit unique code to be authenticated. This 6-digit code is sent to the registered email id and mobile number of the customer, making him the sole possessor of this unique code. By now the reliance on online banking has reached an extent where if this OTP service is affected even for a few minutes, it will send a large number of MSMEs into a tizzy and tailspin.
It was mid-February 2021 when customers of several banks started experiencing troubles while trying to transact online as the OTPs were either delayed to a point where they expired before delivery or were not delivered at all. This phenomenon has continued since then, with a tussle ensuing between the Telecom Regulatory Authority of India (TRAI) and the Banks.
As it unfolded, in 2018 TRAI had received a huge number of complaints from customers of different Banks regarding Unsolicited Commercial Communications (UCC) or excessive and unwanted messages being sent to customers’ number. To curb this menace, the Telecom Regulatory Authority issued Telecom Commercial Communications Customer Preference Regulations, 2018 (“TCCCPR, 2018”) on July 19, 2018. Subsequently, TRAI started communicating with the Principal Entities or senders of these messages through Telecom Service Providers (TSP) to fulfil the regulatory requirements. Telecom Service Providers made repeated communications to principal entities including major banks and telemarketers sending bulk SMSs who have failed to fulfil regulatory requirements and requested them to comply with the provisions of the regulations. But TRAI then learnt that Principal Entities including major banks like State Bank of India, HDFC Bank, Punjab National Bank, Axis bank etc. were not adhering to mandatory norms.