How vulnerable are the Indian banks: A cryptographers' view
With the advent of e-commerce and online banking it has become extremely important that the websites of the financial institutes (especially, banks) implement up-to-date measures of cyber security (in accordance with the recommendations of the regulatory authority) and thus circumvent the possibilities of financial frauds that may occur due to vulnerabilities of the website. Here, we systematically investigate whether Indian banks are following the above requirement. To perform the investigation, recommendations of Reserve Bank of India (RBI), National Institute of Standards and Technology (NIST), European Union Agency for Network and Information Security (ENISA) and Internet Engineering Task Force (IETF) are considered as the benchmarks. Further, the validity and quality of the security certificates of various Indian banks have been tested with the help of a set of tools (e.g., SSL Certificate Checker provided by Digicert and SSL server test provided by SSL Labs). The analysis performed by using these tools and a comparison with the benchmarks, have revealed that the security measures taken by a set of Indian banks are not up-to-date and are vulnerable under some known attacks.
READ FULL TEXT