AN ANALYSIS ON THE LEGAL FRAMEWORK OF DATA & INFORMATION THEFT IN THE E-BANKING & M-BANKING SECTOR
Author: Uma Narayanan, I year of LL.M. from Christ University, Bangalore
The world of technology is seen as a dynamic space with a rapid changes and transformations. There are a class of industries where with network effects, the digital space is used to create new markets and economies. Innovation and creativity are the driving forces for new online businesses to be born. With such online economy is where financial transactions also take place. Electronic banking along with mobile banking has eased the difficulties of financial transactions especially across borders but it also brings in many issues especially with regards to data theft. The online banking arena has bought with it the advantages and the challenges as to security and protection of these online transactions. This paper discusses the legal challenges that are present with the issues of data and information theft with regards to electronic and mobile banking. It also seeks to understand the difficulties in enforcement through the study of the laws and the technology behind it.
Keywords: Digital economy, e-banking, dominance, m-banking, phishing, data theft
Research Background: There are various laws in the Countries across to regulate the data and information theft happening. The personal information of the individual is sold and their interests are tracked down and offers provided. This is certainly not allowed in many developed countries as they have strict laws and policies regarding the issue. We are trying to critically analyse if our laws are enough to curb this issue. GDPR is a famous law put up the European Union to protect the data and information theft.
Rational Scope of Study: This study explores the various laws applicable in various parts of the country and the issues that arises in the process of dealing with the m-banking and e-banking applications which is in great use currently.
Objective of Study: The study aims to critically analyse and explore the issue of data and information theft in e-banking and m-banking. This study also seeks to provide plausible solutions to the issues discussed in this paper.
Review of Literature
1. Rolf H Weber and Aline Darbellay, “Legal Issues in Mobile Banking”, Journal of Banking Regulation, Vol.11, No.2, 2010,Pp 129-145.
In the article the author has explained the evolution where in people have started using technology like mobile phones and how it became an important part of their life. The article has also explained how the extension of technology has led to services of banks and make them easy and helped in e-banking and m-banking options to the customers. It speaks about the trust that the bank gives the customer regarding the data collected from them and how safe it is with them. The mobile operators also acting as mediators to the data. It is the need of the hour to seek protection and gain the customer trust and interest along with all this technological changes and adaption to the same to stay in the line of business.
2. Mohannad Moufeed Ayyash, “Identifying Information Quality Dimensions that Effect Customer Satisfaction of E- Banking Services”, Journal of Theoretical Applied Information Technology, Vol.82, No.1, 2015,Pp 122-130.
In this article E-banking aims to provide better and convenient services to customers, where customers are able to access their banking information and services at any place, at any time they need it. Time spent for travelling to and fro, and for queuing are considerable lessened. In this regard, online services are also more expedient compared to face-to-face services. Banking is a service where the more the customer use e-services, the more the operation and management costs are reduced. As such, banks are exerting efforts to provide efficient services through e-banking. The author also talks about how now the banking sector invests maximum of its capital in the IT Industry to develop software and other applications to serve the customers better and easier. This has reduced the queues in ATM also and makes it easier to do all the transfers and other functions that the bank actually offers.
3. Ahmad Kabir Usman and Mahmood Hussain Shah, “Critical Success Factors for Preventing e-Banking Fraud”, Journal of Internet Banking and Commerce, Vol. 18, No.2, 2018, Pp 1-15.
In this article the author mentions that security issue is a major barrier to e-banking as there are many sites through which payments are made and which can actually take away the information of the customer. The internal control can be extended only to a certain level. Customers even today try to prefer the normal banking due to the nightmare of the security or loss of their money. But as in the current scenario all banks are trying to promote e-banking to make it easier for the employees and customers.The issue of communication was found to play an important role in e-banking security in addition to organizational flexibility, availability of resources, e-banking project alignment, support from top management, information transparency and security knowledge and awareness. Hence the author tries to mention that measures need to be taken to get the trust o the customer and also protect their data and information by enhancing the security.
4. Jeremy Quitner, “Mobile Banking Identity Theft Risks Become Clear”
In this article the author talks about the younger generation who associate all their personal details with the social media. This is actually causing a threat; the posting of birthdays and anniversary and all updates is linking the information and the bank details get leaked and easier availability. The youngsters need much education on the risks that cause the fraud to happen and update them with the same.
5. Tara Siegel Bernard, “Scam Targets Citibank Customers; E-Mails Mimicking Firm Seek Personal Information in Latest 'Phisher' Scheme”, Wall Street Journal, Eastern edition; New York, N.Y. [New York, N.Y]19 Aug 2003: D.2.
In this article the author talks about “phishing” which is very common these days. It is a mail that is claimed to be coming from the bank side telling we have won something, but which is a fraudulent activity done by phishers to get the details of your account and then they draw all the amount and start controlling your account. It is advised that people be careful of such activities and do not provide any information or their bank details to anyone and bank never send mails asking for the customer details.
6. Amtul Fatima, “E-Banking Security Issues – Is there a Solution in Biometrics”, Journal of Internet Banking and Commerce, Vol. 16, No.2, 2011.
This article speaks of a plausible solution to e-banking security issues i.e., with regards to data and information theft. The author has suggested biometric based authentication and further security measures to protect e-banking data. The author has also explored on how far this solution would be acceptable and diminish the security issues.
7. MarinelaVrincianu and Liana Anica Popa, “Considerations regarding the Security and Protection of E-banking Services Consumer’s Interests”, Academic of Economic Studies
This article deals with the various security issues surrounding e-banking and also suggests tools to protect consumers in e-banking. It has made an in-depth study of the Romanian consumer perception of protection and security of e-banking services.
8. DebrorahUzoamakaEbem, “Internet Banking: Identity theft and solutions- The Nigerian Perspective”, Journal of Internet Banking and Commerce, Vol. 22, No.2, 2017.
The author details the account of internet banking present in Nigeria along with the issue of identity theft that surrounds e-banking. It also discusses the lack of information dissemination; computer literacy and other issues present in Nigeria. The paper has primary survey research along with analytical descriptions. Also, effective solutions are suggested by the author to curb these issues in Nigeria.
1. Are the present laws sufficient to curb the issue of data and information theft in the arena of e-banking and m-banking?
2. What are the issues, conflicts and differences in the law towards data and information theft with e-banking and m-banking?
3. Is enforcement of laws towards data and information theft in e-banking and m-banking really be effective and enforceable?
Present laws around the world regarding data and information theft are insufficient and only a global regulatory system can help curb the issues of data and information theft in e-banking and m-banking.
This study is conducted in a descriptive and analytical manner. Also, a thorough research on the existing laws relevant to this study is done.
Preface to the Key Concepts
Introduction on Data and Information theft
Internet has inﬂuenced in the way we carry out our tasks in daily life. From financial transactions to simple communications, data and information technology has vastly improved and enhanced the way of life. It is to be observed that the evolution of internet banking has entirely changed the ways in which banks implement their business and consumers conduct their everyday banking activities. Any business which has online presence collects and holds personally identiﬁable information about their employees, customers, or business partners. If sufﬁcient measures are not taken in protecting this information, there is a risk of identity theft. There are many ways by which cyber thieves steals identity and phishing is one of the most popular and successful techniques employed by cyber thieves to steal identity by using deceptive e-mails. Phishing represents an online method of identity theft employed by phishers to steal attributes (like passwords or account numbers) used by online consumers. In a typical phishing attack, a phisher faking as an agent from the customer’s bank or ﬁnancial institution, sends e-mails to customers and ask them to click on a hyperlink to further process their account details. 
Identity theft crisis is only a part of the entire problem. Data and information theft include other important anecdotes be stolen and used for profitable means. Stealing an identity, however, gives access to other data of a person and this in turn would benefit the person stealing in numerous ways than with just simple data theft.
It is also to be noted that in the recent days even mobile banking is more prominent over internet banking because it is just a click away and all have android phones which makes things easier. The mobile banking application is supported by most banks today as it is easier and time saving. But the risk of information and data theft still persists.
It is noted that in the global market today, online transactions play an important role in everyday life. There is not a single day when we do not use money or transactions in our everyday life. With the updating technology every single day it is now easier to transact using online payment modes and not actually use cash or liquid money. Everyone prefers using the online mode as they feel that it lights the burden of carrying cash around, paying exact change are the problems. When online transactions are available it is easier way to pay the exact amount without having the trouble to search for exact change. The mobile application provided by banks eases the task of the banks as well as the users as it is just a click away. The one thing that we don’t realise is that such payment tracks are more threat prone then the cheques, and personal information confidentiality. There is a high risk of hacking the smart phones and all your transactions.
Now in India the Government is itself promoting online transactions by providing various offers and single card for all transactions. The Rupay card is very much popular in India today and supports all kinds of transaction. One thing that we don’t realise is that the Visa and Forex cards are the service providers and are not situated in India and they are just liaisons helping the payments to be made. The banks collaborate with the card chip providers to help the transactions. It is now to be observed that the tendency of people to use card to transact also has reduced over time. People prefer to use bank applications for fund transfers or other substitute applications to make payments such as the Google Pay or the Paytm application which are in the Top of the list. These applications directly link to your bank accounts and the payments directly reflects to the account.
Laws relating to E-Banking
Analysis of the Law and its Aspects in some countries
In this the role of GDPR will come in play and all other laws used by all other countries comes into light. Each country has its own rules and regulations to ensure the safety of its citizens. The online transactions can lead to a lot of issues which in turn will adversely affect the economy of the country. Hence, it is the duty of the State to make rules to protect the data and information of all individuals. One of the highlights regarding the laws in some countries is that it has in place a security mechanism as the law for their citizens. While GDPR has bought about a revolution in many European and global markets, there have been and are still existing other laws that revolve around the issues of data and information theft relating to e-banking.
Security Threats in E-banking
The number of malicious applications targeting online banking transactions has increased dramatically in recent years. The disclosure of important information that should remain confidential, by unauthorized persons or that exceed their authority can cause significant losses for financial institutions. Alteration of information by entering, modifying or overwriting data into the system without authorization or by exceeding one’s authority is a type of attack that could potentially harm greatly the banks and their customers.
Security threats can affect a financial institution through numerous vulnerabilities. No single control or security device can adequately protect a system connected to a public network. Many problems concerning the security of transactions are the result of unprotected data being sent between clients and servers. E-Banking platforms offer several methods to ensure a high level of security: (a) identification and authentication, (b) encryption, and (c) firewalls mechanism. The identification of an online bank takes the form of a known Internet address or Uniform Resource Locator (URL), while the customer is identified by his login ID and password to ensure only authorized users can access their accounts. On the other hand, messages between customers and online banks are all encrypted so that another person cannot view the contents of messages. 
As customers increasingly rely on the Internet for business, personal finance, and investment, Internet fraud becomes a greater threat. Internet fraud takes many forms, from phony items offered for sale to scams that promise customers great riches if assistance can be given to foreign financial transaction through the customer’s own bank account. A common online phishing scam starts with an e-mail message that looks like an official notice from a trusted source, such as a bank, credit card company, or reputable online merchant. In the e-mail message, recipients are directed to a fraudulent website where they are asked to provide personal information, such as an account number or password. 
Globally speaking, security threats to data and information have closely been related to the formation of data protection laws. However, the specificity of this protection is not limited to e-banking alone. The laws around the world, whether in a developed nation or in a developing nation, are not entirely targeted on the issues of e-banking. This is mostly due to the complex nature of the technology and its usage.
Laws relating to M-Banking
Laws in Developing and Developed Countries
Mobile banking can be seen as one solution to the financial and problems. Advancements in mobile technology have changed our lives over the past ten years. It has the potential to even more powerfully transform the lives of the world’s poorest people. It is also a cheap, fast and efficient way to connect people.
South Asia: Access gap South Asia is one of the fastest growing regions in terms of mobile phone subscribers. Mobile phones play a prominent role in creating and exchanging information, allowing SMEs to communicate with clients and suppliers and allow individuals to remain in contact to family members. There is a clear market demand that needs to be served. Domestic and international financial remittances have become indicative of the potential of mobile banking. International remittance has significant contribution to South Asian countries’ national economies. The large amounts of money that are remitted home by economic migrants each year are sent home with cost and concerns. Charges for sending money internationally are based on whether sender and recipient have bank accounts, the speed of transfer, destination country, sent amount, exchange rates, and so on. Generally, the smaller the amount of money sent, the higher the charges. With mobile devils easy to access and being portable in nature can facilitate financial transactions of any degree at comfort and ease. M-banking can shift the paradigm of costs in a convenient and affordable manner. 
The laws with this regard extend to not only facilitating the transactions but to also data protect and taxation. Some countries, although well developed, are still expanding the scope of laws of m-banking. In May 2018, President Trump signed into law the Economic Growth, Regulatory Relief and Consumer Protection Act, commonly known as the Dodd-Frank repeal. While this law removes many of the regulations imposed on banks in the wake of the Great Recession, it also bears particular relevance to mobile banking and e-signatures. While this act has made it easier for customers to transact more easily and upload information through mobile banking much more efficiently, it has also placed a hardbound reliance on e-signatures and its significance. However, in countries like US, there is ample data protection laws that this act deals only with the implementation issues of mobile banking.
Chile passed significant amendments to Law No. 19,628 on the Protection of Private Life. The amendment was passed in August 2018 and regulates the protection and processing of personal data. Furthermore, the law creates a new agency responsible for data protection.
Australia will be implementing a phased rollout of the open banking regime beginning July 1, 2019. This includes data related to mortgages, credit and debit cards, deposits, personal loans and more.
In Singapore, the Monetary Authority of Singapore (MAS) has directed all financial institutions to secure their customer verification processes. Effective immediately, additional information beyond name, NRIC number, address, gender, race and date of birth must be used for customer verification before undertaking transactions with the customer. This extra information could include a one-time password, PIN, biometrics, last transaction date and other authentication information.
As part of an anti-money laundering and counterterrorist financing initiative, reporting institutions are now required to perform ongoing due diligence on their business relationships with their customers in Malaysia.
Across the developing countries, millions of people rely on formal and informal economic activity and local level networks to earn their living. Most of these populations are from BOP (according to World Bank people who earns less than $2 a day: annual income less than PPP US$ 3000) and they don’t have access to basic financial service e.g. banks as access to those is costly, not inconvenient and very limited. Access to financial services or banks are vital for those people as- “This lack of access to finance in some parts of the developing world stifles entrepreneurship, stunts development and leaves people trapped in a poor, cash-only society”. (Alexander, 2009). Developing countries are still struggling to ensure access of most of its unbanked BOP citizens and the informal sector to the formal financial services.
Mobile banking can be seen as one solution to these problems.Advancements in mobile technology have changed our lives over the past ten years. It has the potential to even more powerfully transform the lives of the world’s poorest people. The technology is no doubt the cheapest and most convenient way to connect people and provide array of innovative services.At the start of this century, just 12% of the world's population had a mobile phone. Now that figure is well over 61% per cent (ITU, 2008).
South Asia: Access gap: South Asia is one of the fastest growing regions in terms of mobile phone subscribers. The mobile phones are already transforming lives of people here for the better by enabling people to ‘leapfrog’ (Alexander,2009). Mobile phones play a prominent role in creating and exchanging information, allowing SMEs to communicate with clients and suppliers and allow individuals to remain in contact to family members.But there are scopes of doing more, above 40% have mobile phones while less than 10%
Issues in Indian Context and RBI Regulations
The rules and regulations applicable in India are the IT Act and that also only to a limited extent. The rules to protect such data and information theft is not rigid in our country and there are no specific guidelines to prevent such thefts. There is a huge number of users for all these transactions in our country every day, but no specific rules are yet formulated to protect the users and the banking service providers who can easily sell the information and earn huge sums of money.
E-banking is being used in India for some time now in the form of digital data in computers, credit and debit cards, Automated Teller Machines, Mobile Banking, net banking and internet banking or e-banking means any user personal computer and a browser can get connected to his bank’s website to perform any of the virtual banking functions.
Legal provisions on e-banking in India
India is a signatory of WTO. The basic principles of WTO are Liberalization, Globalization and Privatization. Therefore, trade and commerce in India has been liberalized. Incidentally, the financial sector has also undergone major changes. With the advent of e-banking, India is facing unprecedented competition from the World at large. If technology is not updated in financial sector, international trade would be a distant dream. The deregulation of the banking industry coupled with the emergence of new technologies has enabled new competitors to enter the financial services market quickly and efficiently. Various provisions of law, which are applicable to traditional banking activity, are also applicable to internet banking. This is does not overcome the problems, and therefore there is need for introduction more stringent rules and laws specifically to meet the problems of e-banking. The legal framework for banking in India is provided by a set of enactments, viz. The Banking Regulation Act, 1949, the Reserve Bank of India Act, 1934 and Foreign Exchange Management Act, 1999 are few among many such legislations. It is mandatory on the part of all entities to obtain a license from Reserve Bank of India under Banking Regulations Act, 1949 to function as bank. Different types of activities which a bank may undertake, and other prudential requirements are provided under this Act. Reserve Bank of India has regulated acceptance of deposit by Non -Banking Institutions also. Under the Foreign Exchange Management Act, 1999, Non-Residential Indians can lend, open a foreign currency account or borrow from a bank in India including from a Non-Resident bank, except under certain circumstances provided under the law. Besides, banking activities are also influenced by various enactments governing trade and commerce, such as, Indian Contract Act, 1872, the Negotiable Instruments Act, 1881, Indian Evidence Act, 1872, etc.
Obligation of banks and the Online banking
There are certain obligations which the banker is supposed to fulfil. They are
1. Banks have to maintain secrecy of customer’s account. Now with the advent of new technology, this obligation has become a difficult task for there are hackers who can operate others account. Bankers are not in a position to trace them. They come to know only when the customer informs them of some irregularity in their transaction. Hence, to meet out this obligation, banks have to update their technology to the requirement.
2. Banks are also under obligation (public duty), to produce documents to the court whenever called for.
3. Obligation to verity forgery of signatures
4. The other obligation on the banker is to provide proper service to the customer. Otherwise the bank is answerable. Not providing proper service attracts Consumer Law which amounts to deficiency in providing service. It has been held in Vimal Chandra Grover v. Bank of India, that banking is a business transaction of a bank and customers of a bank are consumers within the meaning of Section 2(1) (d) (ii) of the Act. This obligation extends to electronic banking also.
The Reserve Bank of India has issued New Circular to Internet Banking. The Reserve Bank of India as a supervisor will cover the entire risks associated with electronic banking as a part of its regular duty. It is the statutory duty on every bank that they should develop a clear Customer Acceptance Policy laying down explicit criteria for acceptance of customers. The Customer Acceptance Policy must ensure that explicit guidelines are in place on the following aspects of customer relationship in the bank.
The differences in law of various countries has certainly made way for issues and conflicts to arise but at the same time these conflicts are not as grave as they could be in the future. The underlying principles are generally the same and countries are looking forward to having more similar laws or harmonious laws to one another so as to not only keep peace and promote trade and business but also avoid financial crises. It can be concluded that enforceability of any law with regards to the issues in data and information theft in e-banking and m-banking can only be possible when such specific laws are harmonious with other laws like data protection laws, taxation regulation, financial regulations, etc., and also with other nation laws and regulations, given that e-banking and m-banking are today global entanglements. It can also be concluded that it would be wrong to say that the present laws are completely insufficient to curb the issue of data and information theft in the e-banking and m-banking arena. However, countries like India still need to improve on their technology and data protection laws so as to curb these issues better. The problem in the laws is not the law itself or lack thereof but, in the implementation, and enforcement. Implementation and enforcement of such laws require high level of technology and advancement in security in all fronts. This is seen possible only in some countries while the others are struggling hard to achieve it.
Geeta DV, “ONLINE IDENTITY THEFT – AN INDIAN PERSPECTIVE” (2011) 18 Journal of Financial Crime 235
Rolf H Weber and Aline Darbellay, “LEGAL ISSUES IN MOBILE BANKING”, Journal of Banking Regulation, Vol.11, No.2, 2010,Pp 129-145.
MohannadMoufeed Ayyash, “IDENTIFYING INFORMATION QUALITY DIMENSIONS THAT EFFECT CUSTOMERSATISFACTION OF E- BANKING SERVICES”, Journal of Theoretical Applied Information Technology, Vol.82, No.1, 2015, Pp 122-130.
Ahmad Kabir Usman and Mahmood Hussain Shah, “CRITICAL SUCCESS FACTORS FOR PREVENTING E-BANKING FRAUD”, Journal of Internet Banking and Commerce, Vol. 18, No.2, 2018, Pp 1-15.
Jeremy Quitner, “MOBILE BANKING IDENTITY THEFT RISKS BECOME CLEAR”
Tara Siegel Bernard, “SCAM TARGETS CITIBANK CUSTOMERS; E-MAILS MIMICKING FIRM SEEK PERSONAL INFORMATION IN LATEST 'PHISHER' SCHEME”, Wall Street Journal, Eastern edition; New York, N.Y. [New York, N.Y]19 Aug 2003: D.2.
Amtul Fatima, “E-BANKING SECURITY ISSUES – IS THERE A SOLUTION IN BIOMETRICS”, Journal of Internet Banking and Commerce, Vol. 16, No.2, 2011.
MarinelaVrincianu and Liana Anica Popa, “CONSIDERATIONS REGARDING THE SECURITY AND PROTECTION OF E-BANKING SERVICES CONSUMER’S INTERESTS”, Academic of Economic Studies
DebrorahUzoamakaEbem, “INTERNET BANKING: IDENTITY THEFT AND SOLUTIONS- THE NIGERIAN PERSPECTIVE”, Journal of Internet Banking and Commerce, Vol. 22, No.2, 2017
Oghenerukevbe EA, “PERCEPTION OF SECURITY INDICATORS IN ONLINE BANKING SITES IN NIGERIA”  SSRN Electronic Journal
Nadagoudar SV and P CM, “LAW RELATING TO E-BANKING IN INDIA – AN OUTREACH CHALLENGE” (2013) 5 INTERNATIONAL JOURNAL OF CURRENT RESEARCH 3508
Sultana R, “Mobile Banking: Overview of Regulatory Framework in Emerging Markets”  SSRN Electronic Journal
Sarangi SK, “Threat Perception of the Customer and the Role of RBI in Online Banking ”(2015) 2 International Journal of Innovative Science, Engineering & Technology
 Sultana R, “Mobile Banking: Overview of Regulatory Framework in Emerging Markets”  SSRN Electronic Journal  Sarangi SK, “Threat Perception of the Customer and the Role of RBI in Online Banking”(2015) 2 International Journal of Innovative Science, Engineering & Technology  2000 (3) SCR 587 Nadagoudar SV and P CM, “LAW RELATING TO E-BANKING IN INDIA – AN OUTREACH CHALLENGE” (2013) 5 INTERNATIONAL JOURNAL OF CURRENT RESEARCH 3508