Hdfc Bank: Securing An Online Banking Harvard Case Solution & Analysis

Important facts:

The Indian Banking Industry

  • The Industry was regulated by the country’s central bank, the Reserve Bank of India.
  • According to the Internet and Mobile Association of India, there were 38.5 million internet users in India.
  • The movement of banks from offline to online banking includes the speed of response times, improved the quality of service and lowered transaction costs.

RBI Regulations

  • The security policy of the bank should be approved by the board of directors.
  • The bank should review its security infrastructure and security policies regularly.
  • Banks are also required to conduct risk management analyses and security vulnerability assessments at least once per year and to maintain full, up-to-date documentation of security practices.

HDFC Bank Background

  • The bank is headquartered in Mumbai earning an income of 84.1 billion for the year ending March 2007 and profit before tax of Rs 11.4 billion.
  • HDFC is one of the leading private banks of India.
  • In August 2007, it had deposits of Rs 682 billion (US$ 15.64 billion)
  • Vishal Salve, the Chief Information Security Officer, wants to strengthen the security system of the bank.
  • The bank was the target of Phishing which increases the important of keeping the banking systems secure.
  • Online security is comprised of a user ID and password that is known as the first level of security.
  • HDFC develops a partnership with RSA security to control and monitor the phishing attacks and take measures to secure the online transaction.
  • Vishal Salvi now had to take decisions to solve the key issues in his business.

Key Issue

             It was important that the data of customer is secure and safe and they should not feel any inconvenience while using the service of the bank. Therefore, Salvi was contemplating the options he has to achieve this objective.

Alternative Courses of Action

  • The bank should continue with the current level of security as it is now. The current “adaptive risk modeling system” whereby the operating system assigned a score to each transaction on the basis of pre-determined parameters. The higher the risk score, the greater the system intervenes. Moreover, the system may ask the customer to use one time password, call the customer to verify the transaction or blocking the transaction automatically.
  • The bank may increase the current level of security. For instance, every online transaction, irrespective of any parameter, will go through standard checks such as validation and authentication.
  • The bank should have layered security approach for the purpose whereby multiple security systems are in place to protect customer’s data and money.

Current System


  • No cost will be incurred as there would be no change in the system.
  • The current system is easy to operate and the bank knows how to do it.
  • The customers have become used to operating this system and convenient with it.
  • The bank has been able to retain their customers through this system and forms one of the factors of its’ competitive advantage.


  • The current system has lower level of security as it is not able to counter the phishing effect.

Increasing the level of security


  • This would increase the level of security and reduce the risk for their online customers.
  • A trustworthy system would be developed that would increase the reputation of the bank.

Hdfc Bank Securing An Online Banking Case Solution


  • A considerable amount of investment will be required to implement the new system
  • The customers may not be happy as they have to go through many hurdles to get their transactions completed.
  • The newer system would have slower response times which may also not liked by corporate clients.

Layered Approach to Security


  • This would maximize the security of the online banking and may effectively encounter phishing affect.
  • The corporate clients would be happy that their large sums of money are safe in bank accounts.
  • It would raise the level of customer service.


  • It would become very difficult for the bank to effectively handle this system if implemented.

Implementation of these systems would take considerable time and costs...........

This is just a sample partial case solution. Please place the order on the website to order your own originally done case solution.

Share This


Save Up To




Register now and save up to 30%.