ICICI Bank says mobile app malware not a threat to customers

Mumbai: Largest private sector lender ICICI Bank on Friday virtually acknowledged the presence of a malware in its mobile banking application, but underplayed its impact on its customers.

“Whatever we have seen, the malware seems to be not very significant,” bank’s chief technology and digital officer B Madhivanan told reporters over a conference call.

The admission comes days after Quickheal, a Pune-based cyber security firm, had warned lenders of the presence of a malware in the mobile banking apps running on the popular operating system, Android.

“Anyone who wants to sell their anti-malware kind of products, they have the right to continuously test and bring it in,” Madhivanan said, retorting to the warning from the anti-virus maker last week.

According to media reports, Quickheal had spotted a malware that imitates over 200 apps, including some offered by some of domestic banks.

The malware is distributed through a fake flash player app and can ultimately trick the user into sharing his/her login details and password for any of the 232 applications, if they are present on the device.

The cyber security firm asked users not to download any apps from third-party stores or links provided in SMSes/emails to keep their credentials safe, according to media reports.

“There is always somebody or the other who is trying to attack, and that’s how this entire world of cyber criminals work. But given the multilevel securities that we have put in place, we believe we are extremely capable of defending it within our entire financial structure,” Madhivanan said.

He asserted that in its ten-year history, the bank’s mobile banking, which was the first such application to be launched by any bank, has not “had even one single incident of a technical breach” which has harmed customers.

The incidents which have been faced are due to “social re-engineering”, rather than “technical” faults, he claimed.

“Our bigger worry has never been on the technical security part. It’s always been on social engineering fraud, where customers are giving away some of this data where they are cheated by someone masquerading as an Aadhaar person or a telecom person,” he said.

To check and avoid any mishaps, the bank has a strong security architecture which consists of a chief security officer, two network operation centres and a security operation centre, he said.

The bank has 8 million customers using its mobile app, which is growing fast, he said, adding mobile transactions now account for half of its overall digital transactions and will soon be overtaking Internet banking.

“Growth of mobile transactions is much faster than the incremental transactions through the Internet. We expect mobile transactions to overtake it and become the new standard when it comes to banking transaction,” he said.

In FY17, it handled Rs 2.4 trillion worth of transactions through mobile banking, which hit Rs 3.1 trillion by October 2017, he said.