Speaking at a seminar on `Information Security in Banking and Financial Networks' organised jointly by Tata Consultancy Services (TCS), and the Institute for Development and Research in Banking Technology (IDRT), Bhave opined: "If an organisation wants its system to be secure, it cannot let its guard down. Also, one should be very clear of the information that one is trying to secure. The security aspect should cover privacy of communication, authenticity, integrity, and also non-repudiation of the communication", adding: "The user profile of the site should also be known - whether the users will be accessing the site from their own computer systems or from cyber cafes - as it is very easy to copy the key stroke of the computer, thereby putting the security system at risk."

Others like TCS's CEO, S Ramadorai, were of the view that the old model of buying a software and then tinkering on the performance, scalability and the bugs have undergone a sea-change, and that financial Institutions, banks, and stock exchanges need software, which can be scalable and also free of bugs.

Said TCS's executive vice president (advanced technology), M Vidyasagar: "There is a sense of complacency while using e-mails. Anybody can hack into e-mails and see the messages that are transmitted. It is also true for telephones as most of the the exchanges are digital - they have an IP (Internet Protocol) address and, therefore, they can be tapped from anywhere across the world" while observing that once security systems are in place, a difference can be made between the messages that are tampered. "The exchange of digital signatures for authentication will also help in validating the messages... the smart card along with a PIN number is a good way of augmenting the security. The combination of these will help in delaying a break in by an aspiring thief if the card is stolen", said Vidyasagar.

A major advantage for banks and financial institution is that they have a closed-user group unlike e-commerce sites making it easier to deny access, if necessary, even to authorised users if there is suspicion of the identity of the user. A view was aired that there should be a difference between servers - for providing general information and application-information, and that a hyper-link can be provided in the generic site to the application server to restrict any threats.

On the application of biometric technology by banks and financial institutions, Vidyasagar was of the view that "it is easier for the CIA's of the world to put up biometric-technology to restrict user-entry, but for financial institutions, the same is not the case because of time constraints and the costs involved.

"It will take more time for identifying a fingerprint from a database of a million users for which banks do not have the leverage", said Vidyasagar. Says HDFC Bank's senior vice-president and head IT, CN Ram: "Internet banking provides a cheaper way of servicing the customers. However, public perception is that the Internet is dangerous. The system should be continuously scanned and monitored for new methods of attack", adding that "if data is to be protected, it should be kept in silos-like structure so that even if it is lost, the information will be protected as it will not be in any logical order. It is also necessary to communicate to all staff members that protecting the system is in everyone's best interest".