Bank staff login leaks under CVC scanner

Bank officials who deal with their official logins and passwords in a casual manner must face the music, the Central Vigilance Commission (CVC) has said.

Fearing that sharing sensitive details could lead to big-time frauds, the CVC has directed anti-corruption officials in banks to “deal ruthlessly” with those having an easy-go approach.
The CVC’s fresh direction to chief vigilance officers in banks came after it was revealed that the earlier instructions were disregarded.

Citing that a 2010 circular was not followed in spirit, the CVC said CVOs were to “take suitable action and regularly monitor secrecy of passwords, and any instances of casual approach by any password-holder was to be dealt ruthlessly by the concerned bank as it may put huge
funds at risk”.

These instructions came as part of a recent circular issued by the CVC that no fraud is committed using the government system.

In its warning, the CVC said it has observed in many cases relating to banking and insurance sectors as well as public sector enterprises that frauds have been committed due to officers revealing their email passwords to others.

Those working in a computerised environment should be careful, the commission has said.
“Frauds are being perpetrated on account of officers sharing their user id and password with unauthorised persons and not disabling them on transfer or retirement or suspension or long leave of officers,” it said.

It is also found that officers do not change their passwords frequently, which the CVC felt could lead to problems.

“The Commission is of the view that periodic change of passwords by officers would be an important preventive vigilance measure,” the circular said.

E-mails and other IDs used for accessing secure systems should be disabled once an officer superannuates or placed under suspension, it said. Even if one officer takes long leave or goes on deputation, this practice should continue.

“Introducing a provision in the system itself at a pre-decided time period, (i.e, a fortnight or a month) to change password could also be one of the options for preventing misuse by unauthorised persons,” the circular said.

The CVC also mooted the idea of periodic surprise inspections to check whether the officer has shared login details with any unauthorised persons.