Critical Analysis Of Legal Framework Of The Internet Banking In India By - Adv. Priyanka Sahebrao Gade

Critical Analysis Of Legal Framework Of The Internet Banking In India
 
Authored By - Adv. Priyanka Sahebrao Gade
Modern Law College,
Ganeshkhind, Pune, Maharashtra 411007
Academic Year 2022-23
LL.M. 2nd Year
 
 
ABSTRACT
The banking system as it stands today has become more intricate with different services stemming from reliance on technological changes which has shaped the complete banking system from a manual intensive industry to a highly automated and technologically dependent industry. But this technologically dependent banking continues to present challenges to financial security and personal privacy. Crores of financial data transactions occur online every day and bank cybercrimes take place every day when bank information is compromised by skilled criminal hackers by manipulating a financial institution’s online information system. This cause huge financial loses to the banks and customers. So, one of the major concerns of people transacting through internet banking is the safety related to data of bank account, transactional information, and also the access path of their accounts. And thus, accordingly the present paper tries to discuss the major issues in internet banking and the legal framework which tries to overcome these issues. Everything in this assignment is discussed with practical illustrations.
 
Keywords: Banking, Internet Banking, Issues, RBI, Legal Framework
 
I. INTRODUCTION
Banking System always has an important role to play in the economy of every nation. It is important as it provides for the need for credit for all sections of society. The growth prospective of India is based on its well-built banking institution. The banking system as it stands today has become more intricate with different services stemming from reliance on technological changes which has shaped the complete banking system from a manual intensive industry to a highly automated and technologically dependent industry. With the popularity of computers and easy access to the Internet, banks had been increasingly using the Internet as a channel for providing services to their customers. This form of banking is typically referred to as Internet Banking and the infusion of the internet in banking has revolutionized the banking sector completely[1].
 
In layman's terms, Internet Banking is nothing more than traditional banking services provided through an electronic mode whose backbone is the internet; it offers the traditional banking services through a virtual medium. Internet Banking may be defined as an Internet build system that empowers the customer of any financial institution to make financial and non-financial banking transactions online through the internet. This system gives internet-based access to almost every banking service which were traditionally available through a local branch. Thus, Internet Banking facilitates any user with a personal computer and a gateway or browser to get connected to his bank's website and perform any of the virtual banking function. And, so, it can be said that Internet Banking is a vehicle which delivers the banking services to our doorstep.
 
II. MEANING
The word ‘Banking’ has been defined in the Banking Regulation Act, 1949[2] as ‘the accepting, for the purpose of lending or investment, of deposits of money from the public, repayable on demand or otherwise, and withdrawal by cheque, draft, order or otherwise’. Thus, banking means an industry that deals with cash, credit, and other financial instruments. The bank accepts deposits from its account holders and uses those deposits in lending loans for the purpose of investment and earns interest in return. A connection of two or more computers is called as a network and a connection of two or more such networks is called as internetwork or Internet. It is the largest connection of such systems. Internet is often described as ‘Information Superhighway’ as it is a means to reach innumerable destinations. Thus, the word internet may be defined as a global system of interconnected computer networks that uses the Internet protocol or Transmission Control Protocol (IP & TCP) to communicate between the networks and devices.
 
And thus accordingly, Internet Banking may be defined as a form of banking wherein the funds are transferred through an internet based medium between financial institutions, rather than an exchange of cash, checks, or other negotiable instruments[3]. Some of the distinctive features of i-banking are:
1. Internet banking has removed the traditional geographical barriers as nowadays the customer can access the banking services from anywhere without actually visiting the bank. But it is pertinent to note here that this feature of Internet banking has raised a jurisdictional issue as to which jurisdiction or supervisory system such matter be subjected.
 
2. It has reduced the traditionally associated banking risks and problems like infrastructure requirements, manpower requirements, etc., but at the same time, i-banking has increased security related issues as well.
 
3. It is cost and time effective to both the banker and the customer and it facilitates transactions all time including holidays as well.
 
III. ISSUES IN INTERNET BANKING
After looking at the distinguishing features of Internet Banking, we can say that i-banking has increased the ease of doing business in India. Though there are few Regulatory and Supervisory concerns that arise mainly out of the distinguishing features highlighted above. These concerns can broadly be categorized into the following four categories:-
(i)                 Legal and regulatory issues,
(ii)               Security and technology issues,
(iii)             Supervisory and operational issues, and
(iv)              Authentication issues[4].
Some of these issues are more susceptible than others, for e.g., the privacy breach issue.
 
a. Security and Privacy Issues:- The greatest roadblock in the adoption of internet banking is Security, it is a prominent risk factor for the internet banking system, and this is one of the major areas of concern for the regulators. Security issues may be classified as: Internal or External, Human or Non-Human, Incidental or accidental. The security issue involves adopting internationally accepted technology, encryptions/ decryptions, verification of digital signatures, etc. Easy access to financial accounts makes internet banking an easy and simple target for hackers. ‘Phishing’ is one of the most common methods of hacking and gaining confidential information of customers.
 
b. Privacy is vital for mankind in today’s world. And a lack of securitized transactions may result in loss of data, theft, tampering with customers or bank’s information, etc. which may result in money laundering, and other frauds. There have been many instances wherein security breach has resulted in leakage of important data and thus, we can say that security issues are the major roadblock in a fully-fledged adoption of internet banking in India.
 
c. Legal Issues:- As we know that the internet is a public domain, where geographical territories are eliminated, and therefore this raises issues relating to the jurisdiction of law, the difference in the legal rules for electronic commerce, etc. Let’s discern this with a practical illustration: ‘A’ (accessing the internet from Indian) makes a transaction through his account in Bank ‘B’ (situated in the U.K), and transfers the amount to ‘C’ (a resident of U.S.). Now in this illustration, a question of jurisdiction arises, as to in whose jurisdiction does the matter fall in, whether to apply the laws of the country where the internet is accessed, or where the bank is situated or at the place where the transaction has taken place? Allied to this question, where the income has actually been earned, and who should levy the tax on such transaction? There is still no definite answer to these questions, although this legal issue is being debated, and is expected to head away to some positive result in the near future.
 
d. Supervisory and Operational Issues:- Operational risk is the risk of direct, or indirect, loss resulting from inadequate or failed internal processes, people, and systems, or from external events. They are the most common risk associated with internet banking and are also known as Transactional Risks. Operational risks involve: inaccurate processing of the transactions, non-enforceability of contracts, unauthorized access, intrusion in the bank’s system, etc. This kind of risk generally arises due to the inefficient design of the banking software, other technological inefficiencies, human negligence, fraudulent activity by employees etc[5]. Security and operational issues are two terms often used interchangeably, though there is a thin line difference between these two.
 
e. Authentication Issues:- The Authentication issue typically involves security procedures like: PIN No., Customer Relation No., Password, OTP, Account No., etc are involved to test the authenticity of an instrument. Different nations have set out different parameters to judge the authenticity of a transaction. In India, The Information Technology Act, 2000[6] provides that any subscriber may authenticate his electronic record through a Digital Signature. The issue with authentication is that the Act recognizes only one particular technology for authenticating electronic documents (i.e., asymmetric cryptosystem), so this raises the doubt whether the law recognizes other banking authentication technologies or not. Legislatures of other countries have kept the authentication process technologically neutral.
 
IV. RBI’S GUIDELINES ON INTERNET BANKING IN INDIA
The Ministry of Information Technology issued a notice, on 17th October 2000, in the exercise of the powers conferred to them vide Section 1(3) of the IT Act, 2000, in furtherance of which the Reserve Bank of India issued a notification 14th June 2001 and constituted a working group under the chairmanship of Mr. S.R. Mittal. RBI constituted this Working Group to scrutinize different issues relating to i-banking and commend technology, security, legal standards, and operational standards keeping in view the international finest practices. This group contained experts and specialists from the fields of banking regulation and supervision, commercial banking, law, and technology. The working group recommended the guidelines for governing Internet baking in India, cumulated in the report titled “Internet Banking Guidelines 2001. The report/guidelines primarily dealt with three major issues:
 
a. Technology and security standards
b. Legal issues (discussed in the Previous section)
c. Regulatory and supervisory issues (discussed in the Previous section)
According to these guidelines, all the scheduled commercial banks were required to seek prior permission of the Reserve Bank to offer Internet Banking Services. In 2005, the Reserve Bank issued another notification, in which it reviewed all the above guidelines and advised that the i-banking should continue to be governed by the above guidelines only. However, the provision of prior approval of the Reserve Bank to offer i-banking was withdrawn.
 
V. SECURITY STANDARDS OF RBI[7]
(i) There are two types of Keys in a digital signature: Public Key and Private Key. RBI recommends Public Key Infrastructure (PKI) transaction to secure transactions, but since there was no certified PKIs, thus until then transactions were taking place through SSL (Security Socket Layer). SSL is highly encrypted and meets the international standards. The RBI recommends 128 Bits SSL for secured transactions.
 
(ii) As per the RBIs guidelines the security policy of each financial institution should be duly approved by the Board of Directors of that particular institute. The guidelines further recommend that each institute must have a Security Officer who exclusively deals only with information systems and leads the implementation of Information Technology related policies
 
(iii) Various new concepts were like user-id, password, etc were introduced. Banks were ordered to use logical access controls to data, systems, applications, telecommunications lines etc. Common types of logical access control include user ids, passwords, smart cards, or other biometric technologies.
 
(iv) Banks were required to ensure that there was no direct connection between the Internet and the Banks System. This step was taken to facilitate high level of control and monitoring. At the minimum, to ensure these banks should use a proxy server type of firewall. Firewall was highly recommended which could thoroughly inspect the information in sensitive systems of the bank.
 
(v) All the systems lined up with the modem should be isolated so as to prevent the intrusion of any other proxy server in the network
 
(vi) All the unnecessary services should be disabled. The server should be isolated from such kind of services.
 
(vii) If any security breach is seen it must be immediately seen and should be reported immediately and the follow up action must be kept in mind while farming future policies. Banks must acquire all the tools that are required for monitoring the system and protect it from intrusions and attacks. Such tools should be regularly used to ensure security and to avoid security breach. In addition to the above, the Banks should also educate their security personnel and also the end-users on a continuous basis.
 
(viii) Banks should have proper schedules for banking data backup and must ensure proper infrastructure. The guidelines also recommended to have periodical testing of backed up data so as to ensure recovery without any loss of data in limited time frame.
 
(ix) Banks should maintain proper record keeping facilities for legal purposes. Its messages and transactions must necessarily be kept in both encrypted and decrypted form.
 
(x) Security infrastructure must be properly tested before resuming normal Internet banking operations. The banking systems must be periodically updating their system application to removes bugs and to upgrade to a newer version which would give better service and security.
 
VI. LEGAL FRAMEWORK OF INTERNET
BANKING IN INDIA
Banking in India is majorly regulated by the Banking Regulation Act, 1949, and the Reserve Bank of India Act, 1934, and the electronic records & systems are governed by the provisions contained in the Information and Technology Act, 2000 as amended in 2008. Internet Banking is not a separate business, it is just the banking being used through electronic channels, and it is just an additional facility being provided by the banks. There are several enactments controlling internet banking in India. A few of those legislations are: The Information Technology Act, 200, The Banking Regulation Act, 1949, Indian Contract Act, 1872, etc. Let’s look at the provisions of all these major banking enactments.
 
1. Information Technology Act, 2000
The Information Technology Act, 2000 is a primary law dealing with cybercrimes and Electronic Commerce in India. This act has a direct bearing on the working of the internet banking in India and thus it can be said that Internet banking cannot be operated without being in conformity with the IT Act 2000. Following are the points which highlight the importance of Information Technology Act, 2000 in regards to internet banking:
 
(i) Scrutinization of Documents: Any banking transaction requires scrutinization and retention of various documents and in internet banking these documents are retained and scrutinized in electronic form. The legal recognition to these electronic documents is given by the IT Act only[8].
 
(ii) Electronic Transaction: Every transaction entered electronically is recognized by the provision of the IT Act. Section 10-A[9]  of the Act gives validity and enforceability to a electronic transaction, and thus without the provisions of IT Act no internet banking transaction can be challenged in the court of law.
 
(iii) Authentication: Authentication of these electronic records for the purpose of electronic banking should be in accordance with the provision of this act.
 
(iv) Digital Signature: If the documents are signed electronically of digitally it is governed according to the provisions of this act only. Thus, this act would satisfy the signing of a document for the purposes of Internet Banking.[10]
 
(v) Privacy: Privacy is very important in internet banking because if privacy and security wouldn't had been there, Internet banking may not have survived.[11]
 
(vi) Data theft: Section 66 of the IT Act penalizes a number of acts relating to theft of done on computer system, few ways in which data theft can be done are: hacking, introducing and spreading viruses through computer networks, etc.
 
(vii) The object of the IT Act is to facilitate e-commerce and e-governance which are important for the functioning of Internet banking in India.
 
By looking at the above points it can be said that the Information Technology Act, 2000 has laid down the basic legal framework conducive to the Internet banking in India. And thus, accordingly a comprehensive way needs to be adopted so as to bring uniformity and harmony between the provisions of the IT act and the guidelines issued by the Reserve Bank of India. Few of the important provisions of the IT Act are as follows:-
a) Section 3(2): This section recognizes only one particular technology (crypto function and hash function) as a means of authenticating electronic records. This approach has been kept technology neutral in various nations.
 
b) Section 4: This provision gives legal recognition to all the contracts and agreements made in electronic form.
 
c) Section 72: It provides for the penalty in case of privacy breach
 
d) Section 79: It provides immunity to the network service providers and excludes them from liability in case of any illegal activity committed through their network.
 
In January 2011, RBI constituted G Gopalakrishna Working Group to review the security of Electronic Banking in India. The committee on April 2011 notified few changes which constitute the current regulatory guidelines.
 
2. Indian Penal Code, 1860
Many of the Internet Banking related crimes are penalized by the Indian Penal Code. There are various provisions of IPC which protects Internet Banking related frauds, theft, etc. Unsurprisingly there are a number of provisions in the Indian Penal Code that overlaps the IT Act, 2000. Few of those provisions are discussed below:
 
1. Data Theft: As defined under Section 378 of IPC, theft also includes theft of data online or otherwise. There are a number of ways in which the data relating to internet banking can be stolen like for example: hacking, spreading viruses, destroying computer systems, denying access to a person authorized. And thus, protection of data becomes crucial. And IPC bars such activities protects the interest of internet banking users. Section 424[12] of IPC also bars data theft in India by punishing the person who assists or conceals the data.
 
2. Receipt of a stolen property: If any person receives the furtherance of any property stolen from an internet banking transaction, he shall be held liable u/s 411[13] of IPC and shall be punished with imprisonment up-to 3 months or with fine or with both. This provision of IPC is similar to Section 66-B of the IT Act, which provides Punishment for dishonestly receiving stolen computer resource or communication device.
 
3. Cheating by Personation: Section 411 (Dishonestly receiving stolen property) of IPC provides punishment for or any act committed through cheating by personation. Section 66-C[14]  of IT Act also punishes the same. Any person who commits the offence of cheating by means of computer is said to do Cheating by Personation.
 
4. Mischief: It is needless to say that any person who, with a wrongful intention, introduces viruses into computer system, damages the computer system or denies the access to the person authorized to use that system, shall be liable for mischief, which is punishable under Section 425 of IPC with imprisonment up-to 3 months or with fine or with both.
 
5. Forgery: In Internet Banking Transactions forgery can be done by giving false electronic documents or other records.[15]
 
There are a number of other criminal activities which the IPC doesn't punish, but are punishable under the IT Act. Few of them are:
 
1. IPC doesn't punishes a person who charges the services availed by him to the account of some other person by tampering or manipulating any computer system, or computer network. Such an act is punished u/s 43(h) of the IT Act.
 
2. Tampering with computer source document. To a certain extent it is punished u/s 409 of IPC but it is not extensively been described there. And thus section 65 of the IT Act deals with it.
 
3. Violation of Security/Privacy while transacting online: Punishable u/s 66E of IT Act. Privacy while logging, entering password, transacting, is very important in Internet Banking.
 
4. Preservation of Intermediaries (Banks in our case): Section 67 requires an 'intermediary' to preserve and retain all such information that the central government prescribes. This provision was challenged before the court in the case of Shreya Singhal vs. UOI[16], wherein the court affirmed the validity of this section.
 
 
VII. IMPACT OF INTERNET BANKING
Internet Banking transaction are much cheaper than the physical banking transactions. The Set-up of Internet banking is comparatively cheaper to the banks and thus, it is leading to the introduction of a lot of new trends in the Banking world. Traditional Banking System may find it difficult to raise additional cash or investment in the Stock Markets, but this in contrast to the Internet Banking System seems to be a relatively easier task to interact investment. Internet Banking has now become an integral part of global financial market, so as to meet the needs of different financial markets/ institutions. And thus, accordingly Internet Banking has a bold impact in the global and local markets, and its popularity has been growing exponentially as the internet users in the world increases. Internet Banking Offers a Number of Advantages to the Customers and the Banking Institutions. Few of which are mentioned below:
 
• From Banking Institution’s Point of View
1. Reduces the cost of delivering services
2. Gives a competitive advantage to the banks from their peers
3. Promotional Advertisements on their site may also generate some additional revenue
4. Paperless transactions
5. Increase in Investments, as the customers can apply for loans electronically without visiting the banks.
 
• From Customer’s Point of View:
1. 24 x 7 access to the banking services
2. Access to the account activity in a very quick time
3. Application for loans, ATM Cards, etc
4. Home based transfer of funds, payment for purchasing something online, etc.[17]
 
VIII. CONCLUSION
Banking System always has an important role to play in the economy of every nation. The banking system as it stands today has become more intricate with different services stemming from reliance on technological changes which has shaped the complete banking system from a manual intensive industry to a highly automated and technologically dependent industry. Now the internet banking enables the business anywhere any at any time. Internet Banking has now become a virtual blessing as it eliminates few of the problems in the Banking sector and had been proved advantageous to both, the banks, and its customers. As law has failed to keep the pace with the changes in the technology, there had been an inadequacy and vulnerability of law governing internet banking in India. Ascertaining the jurisdiction, supervisory controls, security measures, authenticity issue, recording and producing of evidence, etc, are few of the issues relating to internet banking in India. The only good for Internet Banking in relation to its legal framework is that, the Central Bank, Parliament, and few other authorities are working extensively to bring up a consolidated law relating to internet banking and are trying to match the international standards. And thus, on denouement it can be said that there is an urgent requirement for the emergence of Internet Banking Laws in India.
 
IX. BIBLIOGRAPHY
1. R.N. Choudhary, Banking Laws, (3rd Ed. 2014).
2. K.C Shekar., Banking Theory and Practice, (20th Edition, 2007).
3. Joga Roa, Computer Contracts and Information Technology Law, 123, (2nd Edition, 2005). 4. Gunjan Bhagtan & Jhanvi Pandya, Contemporary Legal Issues in Indian E Banking System, Volume 2, Issue 1, JBIL, 38-48, 2019.
 
 
 

[1] R.N. CHOUDHARY, BANKING LAWS, 271 (3rd Ed. 2014).
[2] Section 5(c), The IT Act, 2000, No. 21, Act of Parliament, 2000 (India).
[3] Divya K, Legal Aspects of Internet Banking in India, Volume 2, Issue, IJLMH, 22, 19-20, 2019.
[4] Reserve Bank of India, REPORT ON INTERNET BANKING, (22 Jun. 2001),
[5] S.N GUPTA, THE BANKING LAW, 112, (14th Edition, 2015).
[6] Section 3(2), The IT Act, 2000, No. 21, Act of Parliament, 2000 (India).
[7] Reserve Bank of India, GUIDELINES ON INTERNET BANKING IN INDIA
[8] Chapter III of The IT Act, 2000, No. 21, Act of Parliament, 2000 (India).
[9] Validity of contracts formed through electronic means.
[10] Electronic Document.
[11] Penalized under Section 72 of The IT Act, 2000, No. 21, Act of Parliament, 2000 (India).
[12] Section 424: Dishonest or fraudulent removal or concealment of property, Indian Penal Code, Act No 45 of The Imperial Legislative Council, 1860.
[13] Section 411 IPC: Dishonestly receiving stolen property, Indian Penal Code, Act No 45 of The Imperial Legislative Council, 1860.
[14] Section 66-C IT Act: Identity theft and cheating by personation, The IT Act, 2000, No. 21, Act of Parliament, 2000 (India).
[15] Section 468 of IPC, Indian Penal Code, Act No 45 of The Imperial Legislative Council, 1860.
[16] (2013) 12 S.C.C. 73.
[17] Dr. Prof Renu & Mr. Kuldeep Singh, The Impact of E Banking on use of Banking Services and customer satisfaction IJTSRD, Volume 3, Issue 4, Pg. 23.