Rediff Logo Infotech The Rediff Music Shop Find/Feedback/Site Index
February 18, 1999


The money machines: Fast computers and networks are the only hope for India's finance sector, argues N Vittal. At first look, it may not seem immediately obvious, but the growth of information technology throughout the world has been significantly linked to financial services.

Email this story to a friend. As economies grow and competition becomes intense, velocity of business becomes important.

There is one aspect of information technology that is very relevant in this context and it is speed. Information technology means accessing and processing massive data, it means bringing down the transaction costs because of the operation of Moore's Law.

No wonder then that today's dominant economy, that of the United States, is so dependent on information technology.

Alan Greenspan has pointed out that but for information technology, the inflation in the US would have been 1 per cent higher rather than the current 2.1 per cent.

But here in India, as far as information technology is concerned, we have got into just one compartment of the gravy train and that is of the IT services, starting with body shopping and slowly maturing up the value chain.

When it comes to financial services, it is true that many information technology companies in India are doing outsourcing work for the foreign companies.

The issue before us, therefore, is what is the scope for the financial services within the country itself?

Just contrast the pace of India's software exports with the sluggish progress of information technology in Indian banks. You will then realise why I maintain that 'Indians are so brilliant that there is no technology that they cannot master but at the same time there is no technology that can face the challenge of Indians!'

We have mastered missile technology, nuclear technology and of course information technology as far as application of the mind in these is concerned. But is there any technology that can meet the challenge of Indians? There is none.

Some people in banking have been very successful in resisting computerisation. Only 5,000 of the 65,000 bank branches in our country are computerised!

And this is in spite of the fact that Harshad Mehta's scam took place because the public debt office of the Reserve Bank of India was not computerised and this is turn led to the perpetuation of the scam.

The message does not seem to have been realised. I wonder whether the so-called talk about computerisation of banks is public relations exercise.

I am making this statement because after I became the chief vigilance commissioner of the country, purely from the point of view of vigilance, I issued an order under Section 8(I)(h) Annexure to improve vigilance administration in banks by deploying electronics and computers.

While I thought I had made a breakthrough I found that Dena Bank claimed that they have already done 60 per cent computerisation. Some other bank reported 53 per cent computerisation. I am now wondering whether we are talking about the same subject.

For me computerisation of banks means that if anybody goes to the bank with an outstation cheque it should be cashed immediately and must be credited into his account.

The issue of thousands of millions of rupees remaining unreconciled should not exist. Those things are not happening in our country.

I have therefore asked the bankers and the RBI to clarify and make public what they mean by 70 per cent computerisation of services.

I am sure this issue should be focussed on so that when we think of the scope of IT in financial services we know the areas where IT can be used.

So far we have looked at the issue on a branch-by-branch basis. But I think that in integrated competitive services like financial services this is just the first step.

What we need is total integration of transactions by applying information technology.

Financial services depend also on the degree of confidence they generate among investors. I have found that in our system there is no communication of information about wilful defaulters that now I have made mandatory under a CVC order (Annexure).

The RBI also pointed out and as mentioned in the CVC order that all listed companies also should go in for electronic clearance systems.

The RBI has got a hub at Hyderabad and has got 438 VSATs that hopefully should be commissioned before the year is out.

From what I have heard from bankers, one of the reasons why financial services are not using enough information technology is because our information technology industry is suffering from two defects.

The first is that they want to go only to metropolitan areas and ignore rural banking. Our politicians know where the vote banks are. They are in the rural areas.

This may be true for the business also. But our IT companies are probably too lazy to go for this market.

The second is that there is a perception that the IT companies are making a lot of indecent profits. In fact the current Sensex boom which is riding on IT companies also strengthens this perception.

A few bankers asked me why some of the IT companies should not take lesser profit and give better services in rural areas? This is a challenge that must be considered.

From a technology point of view, perhaps the most sensitive issue that needs to be discussed is that of encryption.

In this connection when I was pushing for computerisation in banks, Dr Vidyasagar wrote to me as follows:

'It is not enough merely to computerise the operation of each bank branch, it is imperative also to computerise the transaction between branches and between banks. In other words, both intra-branch and inter-branch (as also inter-bank) transactions must be through a computer network so that the opportunities for fraud and delay are greatly reduced if not eliminated.

'Once the computerisation of banking is adopted as an objective to be attained at top speed, we must all squarely confront the issue of security. There are at least two security related issues to be addressed: (1) the security of the network itself. And (2) the security of the traffic being carried on the network.

'The first item involves protecting the network against hackers who will try to disable the network, while the second item involves preventing anyone from understanding or manipulating the traffic on the network by using tools such as encryption and decryption, digital signatures, message authentication etc.

'Unfortunately, most of the firewall products sold by commercial vendors for network security incorporate only very rudimentary packet-level filtering and can be compromised very easily.

'Indeed it is not an exaggeration to say that by providing a false of security these weak firewalls are worse than having no firewall at all.

'As for the security of the traffic, you may be aware that, by US law, no encryption software products can be exported from the US if they are too strong to be broken by the US National Security Agency.

'To put it bluntly, only insecure software can be exported. When various multinational companies go around peddling "secure communication software" products to gullible Indian customers, they conveniently neglect to mention this aspect of US export law.

'Another related point is that when we buy imported software product that is a "black box" to us. We cannot be sure that the software package does not contain a time bomb of sorts, to cause havoc to the network when an external command is issued by a hostile nation.

'The only way to guard against insecure or booby-trapped software products is to write our own software and to develop our own hardware. It so happens that both network security and traffic security are core competencies of the Defence Research and Development Organisation and to this centre in particular.

'We have now (1) evolved a set of software tools that protect a wide area network against hostile attackers. And (2) drawn up a plan to action for developing a set of software tools that provide security for the traffic passing through the network.

'Our network security software tools give protection at several layers and thus provide much greater security than simple packet level filtering.

'As for providing secured communication between computers, fortunately the mathematics for encryption algorithms is well known and the ides themselves are either not patented or else in the public domain since the patents have expired.

'Thus it is possible to write our own code for encrypted communication. With the assistance of another DRDO laboratory (SAG located in Delhi) we in this centre have begun to develop secure communication tools, and hope to have a prototype in place within three months.

'The encryption part of the software is already complete and only the communication protocols remain to be written. Since the software has been written by us there is no upper limit on the security level provided by the encryption in contrast with software exported from USA.

'Moreover, we can guarantee that the software is not booby-trapped and this guarantee can never be given with imported software.

'Now I come at last to my purpose in writing to you. I believe that, as the CVC, you must make it mandatory for vital institutions such as banks to adopt indigenously developed and tested software.

'Without such strong and coercive administrative action, our Indian institutions will have a tendency to succumb to fancy marketing brochures and put in place a network and communications tools that are easily compromised.'

I had asked Shri Vidyasagar to come up with encryption software in three months and Shri Vidyasagar recently wrote to me saying that he has already developed a test version of the software.

I am not pleading that you should go in for the DRDO's encryption software. The point is that while introducing computerisation, the sensitive nature of the banking operation, need for secrecy, prevention of fraud etc, must be taken into account.

That brings me to another important aspect of human resources. Perhaps the most critical factor we have to overcome is changing the mindset of the people.

There may be explicit or implicit resistance to computerisation. Part of it may be due to technophobia. Part of it also may be because in this game the juniors might be more knowledgeable than the seniors are. But the seniors are the ones who make all decisions.

Yet another aspect may be the fear of frauds. Because if there are frauds in the manual system, there are also frauds in the computerised system.

Oscar Wilde said that "The thief is an artist and the policeman is only a critic." Confidence will have to be built up by ensuring how frauds can be controlled.

On the issue about manpower, another aspect would be creating competent manpower to run the systems. Even in present circumstances, there exists scope for inducting direct recruits for entry at high levels. Technically competent people are needed in banks to see that computerisation is smoothly done.

Take, for example, the issue of credit cards that is based on magnetism technology. I understand that with ordinary magnetism technology when you give the credit cards in hotels or any shop, the assistant can just make a copy of the same and use it elsewhere, at least for the next 24 hours or till it is found out.

I am told that Visa and MasterCard are together losing about $5 billion per year on this alone. But they are living with this loss because it is costlier probably to go in for another technology developed by the Thorne & Security Services Incorporated who claim to have an extra strip with the magnetic tape to provide a special watermark that would prevent frauds of such nature.

The point is that technological solutions are available and we should be aware of the pitfalls of technology.

Financial services is a term that covers not only banks but also others like the capital market, insurance and so on.

One healthy development is the National Stock Exchange and the initiative taken by the Securities and Exchange Board of India for dematerialising stock.

The potential of these developments must be studied. Because we have come on the scene late, we should be able to get the best technology at an optimum cost so that the scope for IT in the Indian financial services can become a significant factor in making India an economic superpower in the years to come.

N Vittal is the chief vigilance commissioner of India. But he is most popularly recognised as the biggest evangelist for IT within the government.

Tell us what you think