Critical Analysis Of Legal Framework Of The Internet Banking In India By - Adv. Priyanka Sahebrao Gade
Critical Analysis Of Legal Framework Of The Internet
Banking In India
Authored By - Adv. Priyanka Sahebrao Gade
Modern Law College,
Ganeshkhind, Pune, Maharashtra 411007
Academic Year 2022-23
LL.M. 2nd Year
ABSTRACT
The banking system as it
stands today has become more intricate with different services stemming from
reliance on technological changes which has shaped the complete banking system
from a manual intensive industry to a highly automated and technologically dependent
industry. But this technologically dependent banking continues to present
challenges to financial security and personal privacy. Crores of financial data
transactions occur online every day and bank cybercrimes take place every day
when bank information is compromised by skilled criminal hackers by
manipulating a financial institution’s online information system. This cause
huge financial loses to the banks and customers. So, one of the major concerns
of people transacting through internet banking is the safety related to data of
bank account, transactional information, and also the access path of their
accounts. And thus, accordingly the present paper tries to discuss the major
issues in internet banking and the legal framework which tries to overcome
these issues. Everything in this assignment is discussed with practical
illustrations.
Keywords: Banking, Internet
Banking, Issues, RBI, Legal Framework
I.
INTRODUCTION
Banking System always has an
important role to play in the economy of every nation. It is important as it
provides for the need for credit for all sections of society. The growth
prospective of India is based on its well-built banking institution. The
banking system as it stands today has become more intricate with different
services stemming from reliance on technological changes which has shaped the
complete banking system from a manual intensive industry to a highly automated
and technologically dependent industry. With the popularity of computers and
easy access to the Internet, banks had been increasingly using the Internet as
a channel for providing services to their customers. This form of banking is
typically referred to as Internet Banking and the infusion of the internet in
banking has revolutionized the banking sector completely[1].
In layman's terms, Internet
Banking is nothing more than traditional banking services provided through an
electronic mode whose backbone is the internet; it offers the traditional
banking services through a virtual medium. Internet Banking may be defined as
an Internet build system that empowers the customer of any financial
institution to make financial and non-financial banking transactions online
through the internet. This system gives internet-based access to almost every
banking service which were traditionally available through a local branch.
Thus, Internet Banking facilitates any user with a personal computer and a
gateway or browser to get connected to his bank's website and perform any of
the virtual banking function. And, so, it can be said that Internet Banking is
a vehicle which delivers the banking services to our doorstep.
II. MEANING
The word ‘Banking’ has been
defined in the Banking Regulation Act, 1949[2]
as ‘the accepting, for the purpose of lending or investment, of deposits of money
from the public, repayable on demand or otherwise, and withdrawal by cheque,
draft, order or otherwise’. Thus, banking means an industry that deals with
cash, credit, and other financial instruments. The bank accepts deposits from
its account holders and uses those deposits in lending loans for the purpose of
investment and earns interest in return. A connection of two or more computers
is called as a network and a connection of two or more such networks is called
as internetwork or Internet. It is the largest connection of such systems.
Internet is often described as ‘Information Superhighway’ as it is a means to
reach innumerable destinations. Thus, the word internet may be defined as a
global system of interconnected computer networks that uses the Internet
protocol or Transmission Control Protocol (IP & TCP) to communicate between
the networks and devices.
And thus accordingly,
Internet Banking may be defined as a form of banking wherein the funds are
transferred through an internet based medium between financial institutions,
rather than an exchange of cash, checks, or other negotiable instruments[3].
Some of the distinctive features of i-banking are:
1. Internet banking has
removed the traditional geographical barriers as nowadays the customer can access
the banking services from anywhere without actually visiting the bank. But it
is pertinent to note here that this feature of Internet banking has raised a
jurisdictional issue as to which jurisdiction or supervisory system such matter
be subjected.
2. It has reduced the
traditionally associated banking risks and problems like infrastructure
requirements, manpower requirements, etc., but at the same time, i-banking has
increased security related issues as well.
3. It is cost and time
effective to both the banker and the customer and it facilitates transactions
all time including holidays as well.
III. ISSUES
IN INTERNET BANKING
After looking at the
distinguishing features of Internet Banking, we can say that i-banking has
increased the ease of doing business in India. Though there are few Regulatory
and Supervisory concerns that arise mainly out of the distinguishing features
highlighted above. These concerns can broadly be categorized into the following
four categories:-
(i)
Legal and regulatory issues,
(ii)
Security and technology issues,
(iii)
Supervisory and operational issues, and
(iv)
Authentication issues[4].
Some of these issues are
more susceptible than others, for e.g., the privacy breach issue.
a. Security and Privacy
Issues:- The greatest roadblock in the adoption of internet banking is
Security, it is a prominent risk factor for the internet banking system, and
this is one of the major areas of concern for the regulators. Security issues
may be classified as: Internal or External, Human or Non-Human, Incidental or
accidental. The security issue involves adopting internationally accepted
technology, encryptions/ decryptions, verification of digital signatures, etc.
Easy access to financial accounts makes internet banking an easy and simple
target for hackers. ‘Phishing’ is one of the most common methods of hacking and
gaining confidential information of customers.
b. Privacy is vital for
mankind in today’s world. And a lack of securitized transactions may result in
loss of data, theft, tampering with customers or bank’s information, etc. which
may result in money laundering, and other frauds. There have been many
instances wherein security breach has resulted in leakage of important data and
thus, we can say that security issues are the major roadblock in a
fully-fledged adoption of internet banking in India.
c. Legal Issues:- As we know
that the internet is a public domain, where geographical territories are
eliminated, and therefore this raises issues relating to the jurisdiction of
law, the difference in the legal rules for electronic commerce, etc. Let’s
discern this with a practical illustration: ‘A’ (accessing the internet from
Indian) makes a transaction through his account in Bank ‘B’ (situated in the
U.K), and transfers the amount to ‘C’ (a resident of U.S.). Now in this
illustration, a question of jurisdiction arises, as to in whose jurisdiction does
the matter fall in, whether to apply the laws of the country where the internet
is accessed, or where the bank is situated or at the place where the
transaction has taken place? Allied to this question, where the income has
actually been earned, and who should levy the tax on such transaction? There is
still no definite answer to these questions, although this legal issue is being
debated, and is expected to head away to some positive result in the near
future.
d. Supervisory and
Operational Issues:- Operational risk is the risk of direct, or indirect, loss
resulting from inadequate or failed internal processes, people, and systems, or
from external events. They are the most common risk associated with internet
banking and are also known as Transactional Risks. Operational risks involve:
inaccurate processing of the transactions, non-enforceability of contracts,
unauthorized access, intrusion in the bank’s system, etc. This kind of risk
generally arises due to the inefficient design of the banking software, other
technological inefficiencies, human negligence, fraudulent activity by
employees etc[5].
Security and operational issues are two terms often used interchangeably,
though there is a thin line difference between these two.
e. Authentication Issues:-
The Authentication issue typically involves security procedures like: PIN No.,
Customer Relation No., Password, OTP, Account No., etc are involved to test the
authenticity of an instrument. Different nations have set out different
parameters to judge the authenticity of a transaction. In India, The
Information Technology Act, 2000[6]
provides that any subscriber may authenticate his electronic record through a
Digital Signature. The issue with authentication is that the Act recognizes
only one particular technology for authenticating electronic documents (i.e.,
asymmetric cryptosystem), so this raises the doubt whether the law recognizes
other banking authentication technologies or not. Legislatures of other
countries have kept the authentication process technologically neutral.
IV. RBI’S GUIDELINES ON INTERNET
BANKING IN INDIA
The Ministry of Information
Technology issued a notice, on 17th October 2000, in the exercise of the powers
conferred to them vide Section 1(3) of the IT Act, 2000, in furtherance of
which the Reserve Bank of India issued a notification 14th June 2001 and
constituted a working group under the chairmanship of Mr. S.R. Mittal. RBI
constituted this Working Group to scrutinize different issues relating to
i-banking and commend technology, security, legal standards, and operational
standards keeping in view the international finest practices. This group
contained experts and specialists from the fields of banking regulation and
supervision, commercial banking, law, and technology. The working group
recommended the guidelines for governing Internet baking in India, cumulated in
the report titled “Internet Banking Guidelines 2001. The report/guidelines
primarily dealt with three major issues:
a. Technology and security
standards
b. Legal issues (discussed
in the Previous section)
c. Regulatory and
supervisory issues (discussed in the Previous section)
According to these
guidelines, all the scheduled commercial banks were required to seek prior
permission of the Reserve Bank to offer Internet Banking Services. In 2005, the
Reserve Bank issued another notification, in which it reviewed all the above
guidelines and advised that the i-banking should continue to be governed by the
above guidelines only. However, the provision of prior approval of the Reserve
Bank to offer i-banking was withdrawn.
V. SECURITY
STANDARDS OF RBI[7]
(i) There are two types of
Keys in a digital signature: Public Key and Private Key. RBI recommends Public
Key Infrastructure (PKI) transaction to secure transactions, but since there
was no certified PKIs, thus until then transactions were taking place through
SSL (Security Socket Layer). SSL is highly encrypted and meets the
international standards. The RBI recommends 128 Bits SSL for secured
transactions.
(ii) As per the RBIs
guidelines the security policy of each financial institution should be duly
approved by the Board of Directors of that particular institute. The guidelines
further recommend that each institute must have a Security Officer who
exclusively deals only with information systems and leads the implementation of
Information Technology related policies
(iii) Various new concepts
were like user-id, password, etc were introduced. Banks were ordered to use
logical access controls to data, systems, applications, telecommunications
lines etc. Common types of logical access control include user ids, passwords,
smart cards, or other biometric technologies.
(iv) Banks were required to
ensure that there was no direct connection between the Internet and the Banks
System. This step was taken to facilitate high level of control and monitoring.
At the minimum, to ensure these banks should use a proxy server type of firewall.
Firewall was highly recommended which could thoroughly inspect the information
in sensitive systems of the bank.
(v) All the systems lined up
with the modem should be isolated so as to prevent the intrusion of any other
proxy server in the network
(vi) All the unnecessary
services should be disabled. The server should be isolated from such kind of
services.
(vii) If any security breach
is seen it must be immediately seen and should be reported immediately and the
follow up action must be kept in mind while farming future policies. Banks must
acquire all the tools that are required for monitoring the system and protect
it from intrusions and attacks. Such tools should be regularly used to ensure
security and to avoid security breach. In addition to the above, the Banks
should also educate their security personnel and also the end-users on a
continuous basis.
(viii) Banks should have
proper schedules for banking data backup and must ensure proper infrastructure.
The guidelines also recommended to have periodical testing of backed up data so
as to ensure recovery without any loss of data in limited time frame.
(ix) Banks should maintain
proper record keeping facilities for legal purposes. Its messages and
transactions must necessarily be kept in both encrypted and decrypted form.
(x) Security infrastructure
must be properly tested before resuming normal Internet banking operations. The
banking systems must be periodically updating their system application to
removes bugs and to upgrade to a newer version which would give better service
and security.
VI. LEGAL
FRAMEWORK OF INTERNET
BANKING IN
INDIA
Banking in India is majorly
regulated by the Banking Regulation Act, 1949, and the Reserve Bank of India
Act, 1934, and the electronic records & systems are governed by the
provisions contained in the Information and Technology Act, 2000 as amended in
2008. Internet Banking is not a separate business, it is just the banking being
used through electronic channels, and it is just an additional facility being provided
by the banks. There are several enactments controlling internet banking in
India. A few of those legislations are: The Information Technology Act, 200,
The Banking Regulation Act, 1949, Indian Contract Act, 1872, etc. Let’s look at
the provisions of all these major banking enactments.
1. Information Technology
Act, 2000
The Information Technology
Act, 2000 is a primary law dealing with cybercrimes and Electronic Commerce in
India. This act has a direct bearing on the working of the internet banking in
India and thus it can be said that Internet banking cannot be operated without
being in conformity with the IT Act 2000. Following are the points which
highlight the importance of Information Technology Act, 2000 in regards to
internet banking:
(i) Scrutinization of
Documents: Any banking transaction requires scrutinization and retention of
various documents and in internet banking these documents are retained and
scrutinized in electronic form. The legal recognition to these electronic
documents is given by the IT Act only[8].
(ii) Electronic Transaction:
Every transaction entered electronically is recognized by the provision of the
IT Act. Section 10-A[9] of the Act gives validity and enforceability
to a electronic transaction, and thus without the provisions of IT Act no
internet banking transaction can be challenged in the court of law.
(iii) Authentication:
Authentication of these electronic records for the purpose of electronic
banking should be in accordance with the provision of this act.
(iv) Digital Signature: If
the documents are signed electronically of digitally it is governed according
to the provisions of this act only. Thus, this act would satisfy the signing of
a document for the purposes of Internet Banking.[10]
(v) Privacy: Privacy is very
important in internet banking because if privacy and security wouldn't had been
there, Internet banking may not have survived.[11]
(vi) Data theft: Section 66
of the IT Act penalizes a number of acts relating to theft of done on computer
system, few ways in which data theft can be done are: hacking, introducing and
spreading viruses through computer networks, etc.
(vii) The object of the IT
Act is to facilitate e-commerce and e-governance which are important for the
functioning of Internet banking in India.
By looking at the above
points it can be said that the Information Technology Act, 2000 has laid down
the basic legal framework conducive to the Internet banking in India. And thus,
accordingly a comprehensive way needs to be adopted so as to bring uniformity
and harmony between the provisions of the IT act and the guidelines issued by
the Reserve Bank of India. Few of the important provisions of the IT Act are as
follows:-
a) Section 3(2): This
section recognizes only one particular technology (crypto function and hash
function) as a means of authenticating electronic records. This approach has
been kept technology neutral in various nations.
b) Section 4: This provision
gives legal recognition to all the contracts and agreements made in electronic
form.
c) Section 72: It provides
for the penalty in case of privacy breach
d) Section 79: It provides
immunity to the network service providers and excludes them from liability in
case of any illegal activity committed through their network.
In January 2011, RBI
constituted G Gopalakrishna Working Group to review the security of Electronic
Banking in India. The committee on April 2011 notified few changes which
constitute the current regulatory guidelines.
2. Indian Penal Code, 1860
Many of the Internet Banking
related crimes are penalized by the Indian Penal Code. There are various
provisions of IPC which protects Internet Banking related frauds, theft, etc.
Unsurprisingly there are a number of provisions in the Indian Penal Code that overlaps
the IT Act, 2000. Few of those provisions are discussed below:
1. Data Theft: As defined
under Section 378 of IPC, theft also includes theft of data online or
otherwise. There are a number of ways in which the data relating to internet
banking can be stolen like for example: hacking, spreading viruses, destroying
computer systems, denying access to a person authorized. And thus, protection
of data becomes crucial. And IPC bars such activities protects the interest of
internet banking users. Section 424[12]
of IPC also bars data theft in India by punishing the person who assists or
conceals the data.
2. Receipt of a stolen
property: If any person receives the furtherance of any property stolen from an
internet banking transaction, he shall be held liable u/s 411[13]
of IPC and shall be punished with imprisonment up-to 3 months or with fine or
with both. This provision of IPC is similar to Section 66-B of the IT Act,
which provides Punishment for dishonestly receiving stolen computer resource or
communication device.
3. Cheating by Personation:
Section 411 (Dishonestly receiving stolen property) of IPC provides punishment
for or any act committed through cheating by personation. Section 66-C[14] of IT Act also punishes the same. Any person
who commits the offence of cheating by means of computer is said to do Cheating
by Personation.
4. Mischief: It is needless
to say that any person who, with a wrongful intention, introduces viruses into
computer system, damages the computer system or denies the access to the person
authorized to use that system, shall be liable for mischief, which is
punishable under Section 425 of IPC with imprisonment up-to 3 months or with
fine or with both.
5. Forgery: In Internet
Banking Transactions forgery can be done by giving false electronic documents
or other records.[15]
There are a number of other
criminal activities which the IPC doesn't punish, but are punishable under the
IT Act. Few of them are:
1. IPC doesn't punishes a
person who charges the services availed by him to the account of some other
person by tampering or manipulating any computer system, or computer network.
Such an act is punished u/s 43(h) of the IT Act.
2. Tampering with computer
source document. To a certain extent it is punished u/s 409 of IPC but it is
not extensively been described there. And thus section 65 of the IT Act deals
with it.
3. Violation of
Security/Privacy while transacting online: Punishable u/s 66E of IT Act.
Privacy while logging, entering password, transacting, is very important in
Internet Banking.
4. Preservation of
Intermediaries (Banks in our case): Section 67 requires an 'intermediary' to
preserve and retain all such information that the central government prescribes.
This provision was challenged before the court in the case of Shreya Singhal
vs. UOI[16],
wherein the court affirmed the validity of this section.
VII. IMPACT
OF INTERNET BANKING
Internet Banking transaction
are much cheaper than the physical banking transactions. The Set-up of Internet
banking is comparatively cheaper to the banks and thus, it is leading to the
introduction of a lot of new trends in the Banking world. Traditional Banking
System may find it difficult to raise additional cash or investment in the
Stock Markets, but this in contrast to the Internet Banking System seems to be
a relatively easier task to interact investment. Internet Banking has now
become an integral part of global financial market, so as to meet the needs of
different financial markets/ institutions. And thus, accordingly Internet
Banking has a bold impact in the global and local markets, and its popularity
has been growing exponentially as the internet users in the world increases.
Internet Banking Offers a Number of Advantages to the Customers and the Banking
Institutions. Few of which are mentioned below:
• From Banking Institution’s
Point of View
1. Reduces the cost of
delivering services
2. Gives a competitive
advantage to the banks from their peers
3. Promotional
Advertisements on their site may also generate some additional revenue
4. Paperless transactions
5. Increase in Investments,
as the customers can apply for loans electronically without visiting the banks.
• From Customer’s Point of
View:
1. 24 x 7 access to the
banking services
2. Access to the account
activity in a very quick time
3. Application for loans,
ATM Cards, etc
4. Home based transfer of
funds, payment for purchasing something online, etc.[17]
VIII.
CONCLUSION
Banking System always has an
important role to play in the economy of every nation. The banking system as it
stands today has become more intricate with different services stemming from
reliance on technological changes which has shaped the complete banking system
from a manual intensive industry to a highly automated and technologically
dependent industry. Now the internet banking enables the business anywhere any
at any time. Internet Banking has now become a virtual blessing as it eliminates
few of the problems in the Banking sector and had been proved advantageous to
both, the banks, and its customers. As law has failed to keep the pace with the
changes in the technology, there had been an inadequacy and vulnerability of
law governing internet banking in India. Ascertaining the jurisdiction,
supervisory controls, security measures, authenticity issue, recording and
producing of evidence, etc, are few of the issues relating to internet banking
in India. The only good for Internet Banking in relation to its legal framework
is that, the Central Bank, Parliament, and few other authorities are working
extensively to bring up a consolidated law relating to internet banking and are
trying to match the international standards. And thus, on denouement it can be
said that there is an urgent requirement for the emergence of Internet Banking
Laws in India.
IX.
BIBLIOGRAPHY
1. R.N. Choudhary, Banking
Laws, (3rd Ed. 2014).
2. K.C Shekar., Banking
Theory and Practice, (20th Edition, 2007).
3. Joga Roa, Computer
Contracts and Information Technology Law, 123, (2nd Edition, 2005). 4. Gunjan
Bhagtan & Jhanvi Pandya, Contemporary Legal Issues in Indian E Banking
System, Volume 2, Issue 1, JBIL, 38-48, 2019.
[1]
R.N. CHOUDHARY, BANKING LAWS, 271 (3rd Ed. 2014).
[2]
Section 5(c), The IT Act, 2000, No. 21, Act of Parliament, 2000 (India).
[3]
Divya K, Legal Aspects of Internet Banking in India, Volume 2, Issue, IJLMH,
22, 19-20, 2019.
[4]
Reserve Bank of India, REPORT ON INTERNET BANKING, (22 Jun. 2001),
[5]
S.N GUPTA, THE BANKING LAW, 112, (14th Edition, 2015).
[6]
Section 3(2), The IT Act, 2000, No. 21, Act of Parliament, 2000 (India).
[7]
Reserve Bank of India, GUIDELINES ON INTERNET BANKING IN INDIA
[8]
Chapter III of The IT Act, 2000, No. 21, Act of Parliament, 2000 (India).
[9]
Validity of contracts formed through electronic means.
[10]
Electronic Document.
[11]
Penalized under Section 72 of The IT Act, 2000, No. 21, Act of Parliament, 2000
(India).
[12]
Section 424: Dishonest or fraudulent removal or concealment of property, Indian
Penal Code, Act No 45 of The Imperial Legislative Council, 1860.
[13]
Section 411 IPC: Dishonestly receiving stolen property, Indian Penal Code, Act
No 45 of The Imperial Legislative Council, 1860.
[14]
Section 66-C IT Act: Identity theft and cheating by personation, The IT Act,
2000, No. 21, Act of Parliament, 2000 (India).
[15]
Section 468 of IPC, Indian Penal Code, Act No 45 of The Imperial Legislative
Council, 1860.
[16]
(2013) 12 S.C.C. 73.
[17]
Dr. Prof Renu & Mr. Kuldeep Singh, The Impact of E Banking on use of
Banking Services and customer satisfaction IJTSRD, Volume 3, Issue 4, Pg. 23.