Digital payments watchdog urges banks for steps to prevent fraud

National Payments Corporation of India (NPCI) has issued an advisory note asking banks to take a series of measures to protect themselves against fraud, The Times of India reported.

The retail payments supervisor said the Cosmos Co-operative Bank fraud last week indicates malware had installed a ghost-switch that authorised fraudulent transactions without sending an alert to the lender’s servers.

In the Pune-based Cosmos fraud, cyber criminals siphoned off nearly Rs 94.4 crore ($13.5 million) through simultaneous withdrawals across 28 countries over the last weekend.

Of Rs 94.4 crore, an amount of Rs 80.5 crore was pulled out in 14,849 transactions in just over two hours on August 11 through ATM attack. The rest hackers transferred to a Hong Kong-based company's account by issuing three unauthorised transactions over the SWIFT global payments network, the bank said in a police complaint, a copy of which was seen by Reuters.

SWIFT stands for the Society for Worldwide Interbank Financial Telecommunications. It is a messaging network that financial institutions use to securely transmit information and instructions through a standardised system of codes.

The online heist at Cosmos has shown that, with payments getting integrated with global networks, even a small regional bank can become vulnerable to attack.

Worse, even formidable defence systems now seem vulnerable to artificial intelligence programs. Security researchers from IBM Corp have used an artificial intelligence technique called machine learning to build hacking programs that could slip past top-tier defensive measures.

In July, a study said that, for the Indian financial services sector, using AI for security and compliance was the fourth-ranking business objective. The study was a joint report by Nasscom (National Association of Software and Services Companies) and CyberMedia Research.