Several Founders, Co-Founders, CXO Bankers, CXO Fintech professionals & people who participated in the e-Panel discussions:

  • Mr. Sudhish Sudhakaran, Head of Enterprise Architecture and Applications, Commercial Bank of Dubai
  • Mr. Ajay Shukla, Head – Trade Product, ECA Borrowings, Compliance – IFIG, ICICI Bank
  • Ms. Arti Handoo, Product Head – Digital Channels, Axis Bank
  • Mr. Rakesh Watal, Head Liability Operations Western Region, HDFC Bank
  • Mr. Sharad Goklani, President and CTO at AU Small Finance Bank
  • Mr. Jayaram M, Consultant (Partner), Basil Capital
  • Mr. Rajesh S. Kher, Head- Digital Marketing, DigiMark Global
  • Mr. Rahul Dayal, Head- Information Technology, Aditya Birla Sun Life Mutual Fund
  • Mr. Sugata Ghosh, Associate Editor at The Economic Times, BCCL
  • Mr. Rajiv Rai, Former Chief Digital Officer, Edelweiss Financial Services
  • Mr. Dhanender Chandna, Managing Director, Viren Business Solutions Pvt Ltd.
  • Mr. Vikas R Panditrao, Co-Founder, Forum of Industry and Academic Knowledge Sharing (FIAKS)
  • Many other CEO/CXO Bankers & Fintech professionals on FIAKS Forum requested to remain anonymous

Well going digital has led to a hell of a lot of passwords and remembering all those different passwords across various digital platforms is another painful task. Here’s another problem statement shared by a community member, community member says I am using the net banking of Citi Bank since 2006. In the last 14 years never this bank asked me to change the password. They added several new features like facial recognition to login etc. Recently I shifted my accounts to a large private sector bank and they are asking me to mandatorily change the password after 90 days. Why is this so? It’s really a painful process to remember the password.

It’s a painful process but just have a look at the live security threat maps once which might lead to a change of mind. 28% of Attacks are happening on Financial Services. [1]  India features in Top 10 Worst Botnet Countries. [2]  Cyber Security Experts are constantly thinking about new threats.

Now do banks truly understand risk-mitigating measures?

  • According to a member, the bank is taking a proactive stance in the above-given case and is working in the favor of the customer. Agreed that it can be painful to remember a password every 90 days but it is a small price as compared to the risk involved, but the bank is mitigating the risk here.
  • On the contrary, another member opines, asking users to change passwords too often is a huge risk. Eventually, customers write down passwords at the most obvious places – post on desk, diary, etc. If the password is complex enough why force changing it.
  • Every bank has its own policy to mitigate fraud risk. While one uses the password, those who are close by most of the time, do guess the pattern and can misuse it. There is no harm in changing the password, as it hardly takes a minute to do so. For all the banks, its customer is most valuable assets and every process is made keeping in mind the customers. And these processes are not the idea of one person, but a team and followed by many deliberations and also after taking feedback from different stakeholders.

Well, solutions are available but experts want a solution on lines of how security threats without reference to cost versus returns

  • Member makes a thoughtful recommendation that banks who are keen to change the password every 90 days should ask their customers “if you want to change the password?” If ‘No’ then the customer should be alerted of the risk of not changing the password. On pressing “Ok” it should generate an OTP and entering the same customer should be allowed to continue with the same password for several decades. Isn’t this a very easy solution?
  • A business account has to be differentiated from an individual user. Ask the customer how frequently he wants his password changed and be reminded at the period chosen. The customer should be given the choice.
  • A team of professionals decide what is good for the bank and customer but study with respect to India. For example, Rupee is not fully convertible. So an Indian Bank customer can protect himself by setting limits per transaction and the credit monitoring committee sends an SMS and emails immediately on any large spends. This works well in most cases.
  • It is this frequent change in passwords that makes an individual maintain a separate record for passwords. This parallel record is what enables fraud. But how many Indians as a % age of population goes abroad. So an international safety procedure is applied to all Indian populace?
  • What needs to be controlled are the social websites that sell direct and many are fraud. So make the app like say Facebook keep a KYC on companies that advertise a direct sale.

    Register and Read the complete discussions 

Please register to unlock the full content!

Related Post

Why Can’t Aadhaar OTP Mention Merchant Name In SMS...
IPO’s Of Fintechs v/s Banks
How To Address Frauds Due To Phishing Messages?
The Issues Of Monies Stuck In Pending Status