Reserve Bank executive director G Gopalakrishna, speaking to reporters on the sidelines of a banking technology conference here, further said the banks will have to implement the facility of "second factor verification" at merchant establishments and ATMs shortly.

"Many small banks do not have a designated CIO and also do not have a clear framework on information sharing...Over a period of time we want to access all the information from the main server of the bank once the RBI's IT Vision is implemented. Those banks having no CIOs and a steering committee will have to have these positions implemented at the earliest," he said.

"Against the current practice of seeking the password, banks will have to ensure that ATMs and points of sale (Poses) will have the second factor verification soon to avoid any room for fraud," Gopalakrishna added.

The second factor verification is a facility that helps prevent fraudulent transactions during online purchases, by asking the buyer or payee to give a second password which is not the three-digit CVC number in the case of a credit card and the ATM password in the case of a debit card. Currently this is not mandatory at the Poses and ATMs.

It can be noted that the RBI on February 28 had released its IT Vision 2011-17 document, which seeks to make the use of information technology beyond core banking and into newer areas like management of information systems (MIS) and better regulatory reporting.

The document calls up on commercial banks to use IT in areas like MIS, regulatory reporting, overall risk management, financial inclusion and customer relationship management.

The document, prepared by a high-level committee chaired by deputy governor KC Chakrabarty, also dwells on the possible operational risks arising out of adopting technology in the banking sector, which could affect financial stability.

Gopalakrishna informed that due to the strict implementation of the second factor verification, credit card frauds have almost become non-existent now. On the implementation of the core banking facility, he said, all the commercial banks will have to implement the core banking facility by the end of this month.

Gopalakrishna further said the IT vision document, once fully implemented will ensure that the RBI gets access to the servers of all banks, including foreign banks so that it has access to all the banking transactions.

The IT vision document emphasises on the need for internal controls, risk mitigation systems, fraud detection/prevention and business continuity plans, the document added. The vision document notes the use of technology for analytical processing by banks is still at a nascent stage.

"Banks have to work towards reaping benefits of technology in terms of cost reduction of small value transactions, improved customer services and effective flow of information within the banks and to the regulator," the RBI statement had said.

The vision document stresses on transforming RBI into an information intensive knowledge organisation and adopting appropriate business process re-engineering.

PTI