Express news service
THIRUVANANTHAPURAM: Major flaws in the banking software used by the Karuvannur Cooperative Services Bank came to the aid of the cartel of employees who had committed fraud on loans worth Rs 300 crore over the years. Investigators suspect that the software flaws and neglect in software security were willful acts by senior employees to facilitate illegal transactions.
The state’s criminal branch is investigating the loan fraud case and six bank employees have been suspended following the FIR registration. Of the bank’s 27 employees, 18 had been assigned as administrators of the software. The administrators of the high security software included participant Suma, peon Sujamol and commission agent Rubco Bijoy. Those with administrative powers can modify personal books without the knowledge and assistance of those concerned.
“If someone with administrator access is manipulating personal records, the software cannot trace who did that. Several of the files, including Gahaan’s documents, loan narration details, surety details, and pledged land details were missing with respect to the suspicious loans. It even led to a situation in which the real beneficiaries of the suspected loans could not be identified, ”revealed the investigation carried out by a team led by the deputy clerk of Omana KL cooperation last year.
Another major anomaly detected in the investigation is that the software does not require details such as Gahaan number and title document number while adding the pledged land document as collateral. “This spread has been widely misused in banking,” the report notes.
The “open day, end of day” function to ensure that all transactions made on a given day are recorded on the same day in the banking software was not integrated into the banking software until June 6, 2017, according to the report. “Until the installation is introduced, any employee can execute transactions as they wish and even delete transaction records without leaving any traces. After the introduction of the ‘end of day’ function, deletion can only be carried out on request. There is no record of previous deletion requests in the file and it shows that there was no mandatory security system in place previously, ”observed the probe panel.
Suspended director MK Biju and bank secretary TR Sunilkumar had abused this facility to correct cases relating to benami loans granted to the employee cartel. An employee had testified before the commission of inquiry that her code and password had been used by MK Biju to manipulate files relating to a sanctioned loan.
During the inspection, it was also found that several of the login credentials used by retired employees and those on long-term leave were active. “Multiple users can log in from a single terminal, the automatic password reset system is obsolete, no logging in the software of changes to the login ID and password, and there is no has no system to record access log and remote log, ”the probe panel noted of other discrepancies.