Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Profile
Location
Bangalore
Member since
2009
Writes about
Retail banking

Chandrashekar's blog archive

2013 (1) 2010 (1)
Chandrashekar Gopalarao

Chandrashekar Gopalarao

Product Manager at Infosys Technologies Ltd
Message Message me Posts: 2 Comments: 4
Bio Lead Consultant in Finacle (Core Banking Software) unit of Infosys Technologies Ltd, a leading player in IT industry. The job profile includes market research for emerging products & services in banking domain and product development to meet the emerging banking requirements across the globe apart f Career History Vast experience in banking industry have served both on the business and IT side of banking.

Blogs

 

Balance Check without login - do we need such innovation?

04 Apr 2013

The news that Bank of the West has introduced a new feature to help customers check account balance without login left me a bit amused and a bit scared. The first thought that comes to my mind is, Are banks encouraging risky behaviour among their customers in the name of innovation? We have seen a spate of security incidents involving bank accounts...

10

 

Complaints and technology

02 Oct 2010

The recent news about the flood of complaints received by top banks in the UK has understandably evoked serious concern. FSA has called upon the banks to overhaul their complaints handling mechanism. In the days ahead the banks are sure to come under intense scrutiny and would be expected to show some good results in this area. Obviously there i...

See all Chandrashekar's blogs

Chandrashekar is Commenting on

Jury tells Wells Fargo to pay USAA $200m over cheque imaging patent infringement

  Trying to get my head around this 'logic'. A owns some property. B steals it. A & B get to an understanding that it's ok for B to keep the stolen property. B in turn sells part of the property to X, Y & Z. A sues X, Y & Z because he can't sue B. Fantastic 'logic'!

08 Nov 2019 Reply Read article

Future of the Branch: Conclusion - Its about employee experience too

  Fully agree with the views in the article. In the rush to develop technological solutions to solve different problems, many banks have not taken care of end to end solutions but build solutions in silos. If its a simple transaction, technology handles it smoothly. Bring in a bit of complexity and the cracks in the whole system start showing up. If the people in the branches can't solve problems of their customers when they do visit the branches - something that's getting less frequent - they are sure to be turned off, not just from the branches but from the banks themselves! Here is my own experience from a recent branch visit:

03 Apr 2017 Reply Read article

Researchers propose acid-spitting ATMs to fight off thieves

  Wondering why they assume that what went wrong with the pepper spray "solution" will not happen in this case?

09 May 2014 Reply Read article

Balance Check without login - do we need such innovation?

  Ketharaman, We certainly need innovation but not at the cost of basic security. How many people really appreciate the risk involved in being "always logged in" to their bank accounts? A system that does not provide the feature of automatic logoff will never get through system security audit. All major banks recommend that their customers logoff once they are through with what they want to do in their mobile banking application. They also log you out automatically if you don’t use the application for more than a few minutes. It is not just what the security professionals recommend. Let me quote two specific regulations. The FFIEC guidelines clearly say that “. . . an institution’s layered security program will contain the following two elements at a minimum (emphasis mine) . . . . Initial login and authentication of customers requesting access to the institution’s electronic banking system and initiation of electronic transactions involving transfer of funds to other parties” Information Security Guidelines of RBI says “An online session would need to be automatically terminated after a fixed period of time unless the customer is re-authenticated for the existing session to be maintained” HIPAA, ISACA, Sarbanes Oxley all recommend automatic logoff as an essential security policy. If you think all this is over reaction by regulators and security professionals, I would merely say that you are entitled to your views. But when something is regulatory, ones views don’t really count in the courtroom. And you make a curious comment on “innocuous information”. Volumes have been written about what a social engineer can do with seemingly trivial information and so I don’t want to say much here. But I recommend that you read The art of deception by Kevin Mitnick, an excellent book on the ways of social engineers. There is even a chapter titled When Innocuous Information Isn’t. A better innovation in my view is to make login much easier and safer than typing one’s password rather than ask people to be logged in all the time. I would rather spend a few seconds to open the lock rather than keep the front door open all the time and allow a stranger to walk in and take a look, even if there is nothing much that he can steal. Ditto for my bank account.

11 Apr 2013 Reply Read article