The Bank has its own Data center with back-up DR, own EFT Switch and a secure IT ecosystem to take care of its banking activities. The Bank is one of the tech savvy PSBs having Core Banking in all its branches, Treasury , Forex, Internet banking, Mobile banking, IMPS, UPI etc

Ravindra Prabhakar Marathe
MD & CEO 
Bank of Maharashtra

Bank of Maharashtra, a premier Public Sector Bank with more than 80 years standing is the only PSB having its headquarter in Pune. The Bank has a pan India presence, having more than 1900 branches and 1800 plus ATMs and a business of more than Rs.2, 40,000 lakh crores as of March, 2017. The Bank is one of the tech savvy PSBs having Core Banking in all its branches, Treasury , Forex, Internet banking, Mobile banking, IMPS, UPI etc.

A robust IT Infrastructure...

The Bank’s IT infrastructure is quite robust and secure. The following are the ample testimonies for the same -

•             The Bank has its own Data Center that houses the IT infrastructure such as CBS servers, firewalls, Intrusion Detection System (IDS), Intrusion Prevention System (IPS), storage systems etc. It has redundant or back-up power supplies, redundant data communications connections and environmental controls (such as air-conditioning, fire suppression etc). The Data Center provides a reliable infrastructure for IT operations of the Bank

•             The Bank has an apex and comprehensive Information system Security Policy (ISSP) (mapped to ISO 27001:2013 controls) in place

•             The Bank also has Cyber Security Policy in place as per RBI’s circular dated 02 June 2016 on cyber security framework in Banks

•             The Bank also has a Cyber Crisis Management Plan (CCMP) in place as per RBI’s circular dated 02 June 2016 on cyber security                          framework in Banks

•             Implementation of Captive Security Operations Centre (SOC) using SIEM (Security Information and Event Management) solution

•             Implementation of Fraud Navigator tool in Bank’s EFT switch

•             Implementation of Enterprise wide Anti-Virus solution

•             Implementation of McAfee DLP (Data Loss Prevention)

•             Implementation of DAM (Database Activity Monitoring)

•             Implementation of ForeScout NAC (Network Access Control)

•             Implementation of Patch Management System

•             Implementation of MahaSecure, a 2nd Factor Authentication for Internet banking. Not even a single phishing attack has been reported since its implementation

•             Vulnerability Assessment and Penetration Testing (VAPT) of critical systems is conducted on bimonthly basis through an external Information Security Auditor

•             Vulnerability Assessment (VA) is also done through SOC on Quarterly basis for critical devices of the Bank

•             Participation in Mock Cyber Drills conducted by agencies such as CERT-IN, IDRBT

Services availed to mitigate cyber threats...

The Bank has availed the following services to mitigate cyber threats -

·         DDoS (Distributed Denial of Service) Mitigation Services

·         Anti-Phishing / Anti-Trojan Services

·         Blocking of Fraudulent/Suspicious IP addresses [reported by IDRBT (Institute of Development and Research in Banking Technology) vide their IB-CART (Indian Banks Centre for Analysis of Risks and Threats) portal and other authentic sources] at the Bank’s perimeter devices and at ISP level

·         Detection of Mule Accounts

·         Detection of compromised credentials

Cyber security awareness has been raised by the Bank of Maharashtra across customers, employees and top management through avenues like Cyber Security Advisories; Technical Advisories; Periodic customer awareness on cyber security in coordination with cyber police authorities etc. and Regular trainings for the Bank staff members on cyber security in the Bank’s training institutes.

The Bank of Maharashtra is also the recipient of coveted certifications like ISO 27001:2013 for IT locations, namely, Head Office-IT Dept, CBS Project Management Office, Data Centre and Disaster Recovery Centre, PCI-DSS (Payment Card Industry-Data Security Standard) Version 3.1 and PCI PIN SECURITY Version 1.0 Audit Compliance.

"