Skip to main content

Biometric Check Mulled for Stock Trading via Apps

Biometric Check Mulled for Stock Trading via Apps
Securities and Exchange Board of India (Sebi) has proposed biometric authentication for traders and investors when they access mobile applications to buy and sell stocks.
Aimed at improving cyber security, this is part of a long list of recommended dos and don’ts compiled by the markets regulator in a note recently shared with stock exchanges and brokers.
“The draft note says that in case of applications installed on mobile devices such as smartphones and tablets, a cryptographically secure biometric twofactor authentication mechanism may be used,” a person familiar with the subject told ET.
The proposal, if implemented, would require retail investors use touch ID-enabled smartphones for trading and sharing biometric features like fingerprint or eye-scan to access their trading and demat accounts. Offered as an option to accountholders by some of the private sector banks, the mechanism involves the handheld device carrying out one step of the authentication instead of the service provider.
According to the Sebi note, after a certain number of failed log-in attempts, the customer’s account should be ‘locked’ till fresh authentication is completed by sending an email or a random one-time password to the customer. The paper asks brokers to ensure that no person by virtue of rank or position has any right to access confidential data, applications, system resources or facilities.
Further, they should formulate an internet access policy to monitor and regulate the use of internet and internet-based services such as social media sites and cloud-based internet storage sites within a broker’s critical IT infrastructure.
Concerns for Small Brokers
 
“For algorithmic trading facilities, adequate measures should be taken to isolate and secure the perimeter and connectivity to the servers running algo trading applications,” said the note.
 
Also, employees and outsources staff (such as employees of vendors or service providers) who may have authorised access to a broker’s critical system should be subject to stringent monitoring, says one of the recommenddations.“Sebi has sought comments from different people and will have to examine the preparedness of brokers before implementing it. We have done categorisation. The proposals will be implemented in phases,” said a regulatory official.
 
Some of the recommendations in the draft note can be onerous for small brokers who operate on waferthin margins and low-cost structure. “For instance, one of the suggestions is that off-the-shelf products being used for core business functionality, such as back office applications, should bear Indian common criteria for evaluation assurance level 4. Any technology person will admit this is a very demanding requirement as there are only one or two labs from where such certification can be obtained. The telecom department had attempted this in the past,” said a brokerage official.
 
According to an industry person, keeping in mind smaller brokers who can’t afford the cost, the regulator may explore the possibility of one of the stock exchanges managing the security setup for these entities.While the Sebi draft paper is a compilation of suggestions from an expert committee, it has been circulated at a time when two well-known brokers serving retail and high networth investors faced cyber-attacks.
 
One of the intermediaries informed clients about the breach involving unauthorised access to customer information; in the other case, a virus found its way into a few back office servers and PCs, and even though there was no data breach or trading interruption, the brokerage concerned had to run some of the back office processes manually for a day or two till those servers were brought back online after a clean-up.The attack on stockbrokers follows malware attacks on some of the Indian banks and credit card data bases over the past few years.

The Business Standard, New Delhi, 23rd April 2018

Comments

Popular posts from this blog

New income tax slab and rates for new tax regime FY 2023-24 (AY 2024-25) announced in Budget 2023

  Basic exemption limit has been hiked to Rs.3 lakh from Rs 2.5 currently under the new income tax regime in Budget 2023. Further, the income tax slabs in the new tax regime has been changed. According to the announcement, 5 income tax slabs will be there in FY 2023-24, from 6 income tax slabs currently. A rebate under Section 87A has been enhanced under the new tax regime; from the current income level of Rs.5 lakh to Rs.7 lakh. Thus, individuals opting for the new income tax regime and having an income up to Rs.7 lakh will not pay any taxes   The income tax slabs under the new income tax regime will now be as follows: Rs 0 to Rs 3 lakh - 0% tax rate Rs 3 lakh to 6 lakh - 5% Rs 6 lakh to 9 lakh - 10% Rs 9 lakh to Rs 12 lakh - 15% Rs 12 lakh to Rs 15 lakh - 20% Above Rs 15 lakh - 30%   The revised Income tax slabs under new tax regime for FY 2023-24 (AY 2024-25)   Income tax slabs under new tax regime Income tax rates under new tax regime O to Rs 3 lakh 0 Rs 3 lakh to Rs 6 lakh 5% Rs 6

Jaitley plans to cut MSME tax rate to 25%

Income tax for companies with annual turnover up to ?50 crore has been reduced to 25% from 30% in order to make Micro, Small and Medium Enterprises (MSME) companies more viable and also to encourage firms to migrate to a company format. This move will benefit 96% or 6.67 lakh of the 6.94 lakh companies filing returns of lower taxation and make MSME sector more competitive as compared with large companies. However, bigger firms have shown their disappointment since the proposal for reducing tax rates was to make Indian firms competitive globally and it is the large firms that are competing globally. The Finance Minister foregone revenue estimate of Rs 7,200 crore per annum for this for this measure. Besides, the Finance Minister refrained from removing or reducing Minimum Alternate Tax (MAT), a popular demand from India Inc., but provided a higher period of 15 years for carry forward of future credit claims, instead of the existing 10-year period. “It is not practical to rem

Don't forget to verify your income tax return in August: Here's the process

  An ITR return needs to be verified within 120 days of filing of tax return. Now that you have filed your income tax return, remember to verify it because your return filing process is not complete unless you do so. The CBDT has reduced the time limit of ITR verification to 30 days (from 120 days) from the date of return submission. The new rule is applicable for the returns filed online on or after 1st August 2022. E-verification is the most convenient and instant method for verifying your ITR. However, if you prefer not to e-verify, you have the option to verify it by sending a physical copy of the ITR-V. Taxpayers who filed returns by July 31, 2023 but forget to verify their tax returns, will get the following email from the tax department, as per ClearTax. If your ITR is not verified within 30 days of e-filing, it will be considered invalid, and may be liable to pay a Late Fee. Aadhaar OTP | EVC through bank account | EVC through Demat account | Sending duly signed ITR-V through s