New Delhi: The Central Vigilance Commission has suggested surprise inspections by the chief vigilance
officers of the public sector banks and insurance companies to check frauds due to misuse of user-id and password of officers
by sharing it with unauthorised persons.
The Commission has of late observed that in many cases relating to banking sector, insurance sector, central public
sector enterprises and even in other organisations functioning in a computerised environment, frauds were being perpetrated
on account of the officers sharing their user-id and password with unauthorised persons and not disabling them on their
transfer, retirement, suspension or long leave.
It was also noticed that the officers were not frequently changing their password. "The Commission is of the view that
periodic change of passwords by officers would be an important preventive vigilance measures to address the issues," the CVC
said in a directive to all ministries, banks, insurance companies and autonomous organisations.
The email-ids, user-ids, etc for accessing the secure systems should be disabled once an officer superannuates, placed under suspension or not required to perform any function on account of proceeding on long leave, training, deputation, transfer, etc, it said.
"Introducing a provision in the system, or software itself at a pre-decided time period (i.e. a fortnight or a month) to
change password could also be one of the options for preventing misuse by unauthorised persons," the CVC said.
The move comes following cases of frauds worth crores of rupees were noticed by Commission through misuse of secure ids
and passwords, Commission officials said. "In addition, it also needs to be ensured by way of periodic surprise inspections or checks by next higher
authority or controlling officers as to whether the user-ids and password are being shared by the officers with any
unauthorised persons," the anti-corruption watchdog said.
The Commission had earlier advised chief vigilance officers (CVOs), who act as distant arm of CVC, of all public
sector banks to ensure secrecy of employees' passwords and also keep on changing them frequently so that frauds being
committed on account of misuse of passwords of employees may be avoided in the public sector banks. However, its
instructions were not followed in toto.
"CVOs of banks were to take suitable action and regularly monitor secrecy of passwords and any instances of casual
approach by any password holder was to be dealt ruthlessly by the concerned bank as the same may put huge funds at risk. It
appears that the spirit of circular is not being implemented," the CVC said.
All CVOs have been advised to put in place preventive measures and carry out periodic inspections to check any such
illegal practise. They have been also asked to send an action taken report to the Commission on the verification conducted
by them in this regard, it said.