IDRBT

Design and Development

of Social Media Strategies
for Banking
Under the Guidance of
Dr. Shakti Mishra
Submitted by:

Avinash Singh Bagri

IIT Delhi
7/16/2013

CERTIFICATE
This is to certify that Mr. Avinash Singh Bagri, pursuing Integrated
M.Tech course at Indian Institute Of Technology, Delhi in Mathematics
and Computing has undertaken a project as an intern at IDRBT,
Hyderabad from May 13, 2013 to July 17, 2013.
He was assigned the project Design and Development of Social
Media Strategies for Banking under my guidance.
I wish him all the best for all his future endeavours.

Dr. Shakti Mishra

(Project Guide)
Assistant Professor
IDRBT, Hyderabad

ACKNOWLEDGMENT
I express my deep sense of gratitude to my Guide Dr. Shakti Mishra, Assistant
Professor, IDRBT for giving me an opportunity to do this project in the
Institute for development and research in Banking Technology and providing
all the support and guidance needed which made me complete the project on
time.
I am thankful to my colleagues who constantly encouraged me for my project
work and guided me all along till the completion of my project work by
providing me all the necessary information.
I am also thankful to IIT Delhi for giving me this golden opportunity to work
in a high-end research institute like IDRBT.

Avinash Singh Bagri

M.Tech (4th Year)
IIT Delhi

CONTENTS
Introduction

3
5
7
10
11

Social Media Definition

Social Media Tools
Applications of Social Media
Impact of Social Media
Social Media Wheel

Social Media Applications for Banks

15
15
20
20
25
26

Employee Training and Recruitment

Marketing and Sale
Consumer Protection
Customer Education
Transaction Processing

Risk Assessment and Security

31
32
35
36

Risk and Security Concerns

Risk Assessment
Risk Management

Legal Issues

37

IT Act 2000
The IT (Amendment) Act, 2008
Article 66A

37
40
41

Social Governance Frame Work

42

Social-Media Policy Development

Job of Social-Medial Governance
The Importance of Social Media Audit
10 Essential Elements of Social Media Governance

Usage Guidelines

42
42
44
44

45

Social Media Guidelines laid by Government of India

FFIEC Proposes Social Media Guidelines

References

45
46

48

Chapter I
Introduction
With the advent of internet the
way the things are done have
changed drastically in last decade.
The growing accessibility of
internet to all quarters of society
is
mirrored
everywhere
nowadays.
It
ranges
from
purchasing soap for domestic use
to booking a ticket to travel
overseas without even moving
your feet. The growth of internet
usage has been quite rapid if we
compare it to other tools available
to us at any point of time. This
was not the case when the
Netscape first introduced www
to the world but with the entry of Google followed by various other big names like
Yahoo, Facebook etc. the popularity of internet has increased drastically. Hence, it
would not be wrong if we attribute this growth to the uprising of social media sites.
Over the last decade social media has taken giant leaps forward and now has
become a part of life of almost every person who puts his hands on computer. There
are several type of social media sites like Facebook for connecting and sharing
almost all kinds of data, Flickr for sharing photos, LinkedIn for professional
connects, then there are many others serving different purposes to various sections
of the society across the globe.
The growing stature of social media is reflected everywhere in todays world. The
enormous increase in number of users in every facet of the social media has
attracted every policy maker across the globe to have social media as one of the
delivery channel. The power of social media can be seen by some of the figures show
below1:

2/3rd of the global internet population use social networking.

Time spent on social networking is growing at 3X the overall internet rate,

amounting to approximately 10% of all internet time.

Nielsen, Global Faces and Networked Faces, 2009

Visiting social sites is now the 4th most popular online activity; ahead of the
personal email.
There are over 13 million articles available on Wikipedia.

100 million is the number of videos viewed everyday on YouTube.

As social media popularity among the people continues to grow, the interaction
between clients and investors continues to grow as well. But many banks and
financial institutions still struggle to incorporate social media within their
organizations. Few banks have established social media strategies, and those that do
tend to isolate social engagement to less than a handful of their employees.
In the BFSI sector, there are not many banks who have made their presence in social
media. In US there are a few banks who have started to interact with customers
through such tools but still there are reservations in the think tank of the banks who
are either worried about how public pages like Facebook will affect customer
security or simply dont know how to get started in the social media space. Its not
hard to empathize with banks that are struggling with this new form of customer
relationship building, branding, and online marketing. Operating in such a highly
regulated industry its no doubt that many banking executives are struggling with
giving up some control over their public image and placing it in the hands of those
they serve.

1.1 Social Media Definition

Social media is generally
termed as the means of
interactions among people
which allows them to
converse,
share
and
exchange information and
ideas via internet in virtual
communities and networks.
Andreas Kaplan and Michael
Haenlein define social media
as a group of Internet-based
applications that build on the
ideological and technological
foundations of Web 2.0, and
that allow the creation and
exchange of user-generated
content. Furthermore, social media depends on mobile and web-based technologies
to create highly interactive platforms through which individuals and communities
share, co-create, discuss, and modify user-generated content. It introduces
5

substantial and pervasive changes to communication between organizations,

communities and individuals.
Geocities, created in 1994, was one of the first social media sites. The concept was
for users to create their own websites, characterized by one of six "cities" that were
known for certain characteristics.
In order to understand social medial well, it can be referred as a group of various
kinds of online media, which share or carry following attributes2:
Participation: Social media allows contributions and feedbacks from every user
who is using the media. It blurs the line between media and audience.
Openness: Most social media services are open to participation and feedback.
They feature sharing of information, comments, voting etc. There are hardly any
restrictions on accessing and using the available content.
Conversation: In contrary to traditional media which was about "broadcasting"
only, social media is about receiving as well i.e. its a two-way conversation
media.
Community: An integral feature of the social media is the gradual formation of
communities of like-minded people i.e. an online group of persons having
something in common be it their likes, college, company or interests. It allows
them to communicate quickly and effectively.
Connectedness: Most types of social media have exploited this phenomenon of
connectedness quite extensively. It is putting links of other social media tools on
one page which direct people to other relevant pages but might belong to
different social media tool than the existing one. One such typical example
becoming extremely popular these days is putting buttons of like which reflects
users activity on Facebook or Twitter.

Antony Mayfield, what is social media?

1.2 Social Media Tools

Social Network

Blogging and
Micro-blogging

Collaborative
Projects

Social Media
Tools

Content
Communities

Podcasts

Virtual World

Figure 1 Social Media Tools

Social Media technologies make presence in various forms like magazines, Internet
forums, weblogs, microblogging, social blogs, social networking sites, podcasts,
wikis, picture sharing platforms etc. Depending upon the wide range of such
websites Kaplan and Haenlein distributed social media into six different types:

1.2.1 Social Networks

These are the sites which enable people to build personal pages or popularly known
as "profiles" and then connect with other people to communicate and share content.
It provides its users a platform to build social networks or social relations among
people who, for example, share interests, activities, backgrounds, or real-life
connections. The biggest names in this type of social media are Facebook, Orkut,
MySpace, LinkedIn etc.
7

1.2.2 Blogging and Micro-blogging

Blogging is another very popular form of social media, a resort of creative minds to
pen down their thought in rather sophisticated manner. Blogs are sort of online
journals with entries sorted by the date of creation. Examples for such platforms are
Blogger, Wordpress etc. Microblogging is a cocktail of social networking with bitesized blogging where small amounts of content are published online. Twitter is the
first name comes up in the mind while referring to microblogging sites.

1.2.3 Collaborative Projects (Wikis)

These particular websites are generally informative ones. These websites allow
people to add or edit the content about some particular topic and thus providing the
information to everyone using the internet. This is pretty much like a shared
database with access given to almost everyone. There are many such sites but the
most famous one is Wikipedia which is also known as the online encyclopedia and
has more than 2 million English language articles to date.

1.2.4 Podcasts
A podcast is a type of digital media having a series of video, ePub, PDF or audio radio
files that are available through subscription or being downloaded through web
syndication or streamed online to a computer or mobile device. The word is a
coinage derived from words "broadcast" and "pod" from the success of the iPod, as
audio podcasts are often listened to on portable media players.

1.2.5 Content communities

Content communities are akin to social networks as one needs to register in a
similar way, set up the home page etc. but unlike the social networking sites they
are content specific. Within the specific content, there can be various groups
focusing on areas of common interest. You can choose to share content with the
entire community or just your family and friends. Most content communities are
free to join and not specifically aimed at the business community. Those that do
encourage business use offer additional benefits and may charge for them. Examples
of such sites are YouTube, Dailymotion etc.

1.2.6 Virtual Worlds (Virtual Game World/ Virtual Social World)

A virtual world is a social media tool that takes the form of a computer-based
simulated environment through which users can interact with one another and use
and create objects. As virtual world is quite a vague and inclusive term which
generally is divided along a spectrum ranging from:

Massively multiplayer online role-playing games (MMORPGs), also called

virtual game worlds, where the user playing a specific character is a main
feature of the game (World of Warcraft for example).

Massively multiplayer online real-life games (MMORLGs), also called virtual

social worlds, where the user can edit and alter their avatar at will, allowing

them to play a more dynamic role, or multiple roles (e.g. Second Life).

1.3 Applications of Social Media3

1. Socializing
Easily the most common use of Social Networking sites, and the main reason for
them existing in the first place, is for personal reasons. The majority of people using
Facebook or Myspace keep to the social label. It is used for its original purpose to
keep in touch with friends.
This may seem very personal but this can be very useful from banking and financial
institutions point of view. The idea here which can be exploited by the banks here is
the extensive sharing of the information form the users and publicizing their likes
and dislikes. By learning these traits of the users the banks can strategise their move
to put an impact on the targeted user by providing the application or scheme
sharing similar likes as that of the user. This phenomenon has been used widely by
big IT names like Google, Facebook and Microsoft. They all learn the likes and
dislikes of the users by monitoring their activities and then follow up with the
advertisements suited best to the targeted audience on the basis of those like and
dislikes.
2. Business Connecting with Customers
With the rise of Internet Marketing, social media is being embraced by businesses
more and more. Innovative ways of utilising these tools by connecting directly with
customers are being found. Companies are seeing that the best way to conduct
themselves online is to speak to their customers directly using these social
networking sites, Twitter being especially useful for this. It increases the reputation
of the company, gets them positive reviews and shows that they really care about
the customer. It also gives a human face to the large corporation, meaning that
customers or potential customers will feel much more comfortable coming back.
One such example is utilization of Twitter in assisting customers of Citi Bank
following an online fraud. In June 2011, there were several online hacks including
that of Citi Bank. Fraudsters hacked into Citibanks computers, stealing customers
3

http://www.blogussion.com/general/uses-social-networking/

names, account numbers and contact information. But responding to the several
tweets posted by the customers, Citi Bank quickly arrested the slide and assisted the
aggrieved parties.
This excerpt is from one of the aggrieved customers:4
The fraudulent charges on my credit card were a result of this data breach.
Like many other Citibank victims, I turned to Twitter to relieve some
frustration. I composed a tweet about the fraudulent purchases on my credit
card, and also mentioned my disappointment with Citibanks fraud
prevention efforts. Ten minutes later, I received a mention from @AskCiti,
the official Twitter ID for Citi Customer Service:
@MeghanReilly314, Saw ur tweet re: fraud & Id like to ensure everything is
being handled. Pls DM ur ph# & best time to talk.
3. Business Networking
There is also the opportunity for business types to network and expand their
business on the social networking platform. This can take many forms, and take bits
of each of points 1 and 2.
Social media allows consumer opinions to spread like wildfire. Although Twitter
messages must be composed in 140 characters or less, tweets are easily searchable.
Businesses can be followed on twitter by customers, potential customers and even
competitors. By actively monitoring Twitter mentions, brands can quickly respond
to negative comments and reverse their image into a positive one. Message
dispersion via social media can really enhance a brands image and turn unsatisfied
shoppers into loyal customers. Companies have the ability to change an unhappy
customer into a satisfied brand advocate just like Citibank. Their effective crisis
control demonstrated the importance of businesses to actively monitor their
brands reputation via social media.
4. Marketing
Another Twitter success story is Dell and their recent Internet Marketing strategy.
Their outlet site sells refurbished PCs, and they post details about the newest ones
on their Twitter feed. They also post special offers just for Twitter users, and they
send information about sales, along with discount vouchers to their Twitter
followers. The company has generated $6.5million in revenue from this venture.
This shows the power of marketing on Twitter. This sort of strategy works well for
e-commerce sites especially as they can market to an already targeted audience.

http://www.walkersands.com/Blog/how-brands-can-use-social-media-for-crisis-management/

10

People would not follow the company or Bank if they werent interested in what
they have to say. It must be looked this way that the strategy works as an add-on to
the normal everyday operations and not as a new or the sole manner of marketing
for the bank, it should under no circumstances not be considered as a guaranteed
winning formula and is probably more inclined towards established brands like Citi
or RBS as they are more likely to get enough followers to make it effective in the
first place. It would probably not work for the banks which are not as established as
others like Rural Banks in India. Social Media Marketing is a trial and error business,
so it would be advisable to put into place experiments and do a lot of research
before putting all of your eggs into the social media basket.
5. Entertainment/Infotainment
Going hand in hand with the social element of Social Networking, people
sometimes go on purely for entertainment purposes. Myspace is a prime example of
this, as many famous artists have been discovered through these sites. Music is a big
part but also videos, such as YouTube viral offerings, are easily spread on social
networking sites. The newest craze is on Facebook, with all the game applications
that have appeared over the last couple of years. The most popular of these is a
game called Farmville which has managed to acquire 72.9 MILLION users per
month.
It is a very popular practice in such social networking sites. So, this is one aspect
which can be exploited to benefit of the banks. This may seem little boring for
grown-ups but putting some sort of game on such sites which not only entertains
the user but also teaches him about the various aspects of the banking can be the
boost needed by the banks in this sector. It will draw the interest of few users to
begin with but everything on networking sites being contagious will lead to chain
reaction and thus will definitely help the banks to find a ground among the internet
users.

11

1.4 Impact of Social Media on Customers

Bank Executive
Face to Face
Bank

Online

Internet Users
Figure 2 Impact of Social Media on Customers

It is very important to know the different usage of Social Networking sites before
implementing a Social Media strategy as the impact is very deep as seen in the
figure. A wrong move targeting the wrong people could jeopardise an organisations
online reputation as well as time, effort and money.

12

1.5Social Media Wheel

Figure 3 Social Media Wheel (Source: Zesty)

In order to understand a Social Media Wheel, we first categorise the available

material or tools (varying from general brand name to specific services) into several
buckets (brackets) so that we can fit in those tools in these buckets. We do it to
simplify the dynamics of social media and make it comprehensive to general users.
After categorizing the tools into the buckets we can prioritise form the bucket which
is most important to the least one. We need to do so as different companies have
different demands and hence may have different set of buckets.

13

Figure 4 Explaining Social Media(Source: Social Media Blog)

Social

Networks: In simple terms, social networks represent the

systematisation of your network of contacts (be they business or personal). For
an organizations presence in Social networking sites Chase tops the list with 2.9
million. Amex is second with 2.4 million, followed by Barclays with over 930,000
in Facebook5.
Blogs: A blog is a website that contains content that visitors can then comment
on, or contribute to. Blogs are used to enhance the communication channels of
an organisation and to humanise a corporate brand. Examples: popular blogging
platforms include Wordpress, Blogger etc. As of now there exists no bank which
has taken Blogging seriously and launched any sort of campaign through
blogging.

Social Media Monitoring: Listening is still the most important activity for any

company wanting to harness the social sphere. Social media monitoring has
evolved from the useful Google Alerts service into professional tools that
monitor an incredible array of information sources. Example: Radian6 and Scout
Labs.

The Financial Brand

14

Social Bookmarks: Provide a use with the ability to track, share, and organise
web based content. It may prove very useful for situations where user wants to
recall or use external content. e.g. Del.icio.us and StumbleUpon.

Social Learning: This is a new area that I started researching last month. The
idea behind social learning is creating a learning environment that includes the
various communities (internal and external). The core goal is to use technology
to help capture informal learnings/knowledge and then formalise this into the
organisation. Examples: Mzinga.

Multi-Media Sharing: This is a bit of a catch-all and refers to services like

YouTube, Flickr, iStockPhoto, Google Maps, etc. These services can be used to put
content out there for the public to find and consume. Example: YouTube, Google
Maps, Flickr etc.

Ratings and User Reviews: A lot of community sites now allow users to rate
content or add reviews. A powerful way to tap into the feedback loop. Example:
Digg.

Wikis: They are the user-friendly tools that allow users to collaborate around
content that might be business processes, project documents, procedures, or
sales/marketing content. Examples: Wikipedia.

Live Chat and Micro-Blogging: Live chat has been around for a while and is still

highly valued. Micro-blogging is the new black with Twitter dominating much of
the public discussion on social media. Examples: Yahoo Chat, Windows Live
(both now have video calling), and Twitter.
Following are some figures which reflect the presence of banks in Twitter and
what kind of response they have gotten so far6:

Banks with less than 200 followers: 188 (47%)

Banks with more than 1,000 followers: 40 (19.8%)
Banks with more than 5,000 followers: 27 (6.8%)
Number of people following banks on Twitter: 713,744 (246,334 or 35% of
which are attributed to AmEx, arguably not a retail bank)
Average number of followers per bank: 1,784
Mean number of followers: 222

American Express has the most number of followers followed by BofA and
Chase.
6

The Financial Brand

15

Social Community: represents the holy grail of social media and social business

design. Social communities involve the coordinated use of the other 9 categories
of social media. Social communities are a key way to develop sustainable
competitive advantage. Examples: Awareness Networks, Ingage, Jive etc.

1.5.1 Using the information:

The goal behind creating these buckets is to understand the likes and needs of the
user and prioritise how and where the business should be focused.

The first step is to help them understand that whatever product, tool or
service they hear about, it will fit into one of these buckets.

The second step is to then work with the industry to understand each bucket
and the relevance of this bucket to their business

The third step is to use those buckets that are identified as most relevant to
start building a social media strategy.

16

Chapter II
Social Media Applications for Banks
2.1 Employee Training and Recruitment
Employment exchanges, recruitment consultancies and classified advertisements
have become things of the past now. The majority of HR managers today look
towards the internet believing that social media platform is more effective
recruitment tool with a more direct and focused approach in contemporary
technologically-advanced era. Recruitment and subsequent employee training
through social media is becoming an effective way to make direct connections to
savvy individuals and attract employees that fit with the required company culture
and core values. It is often referred as Social Recruiting. Social recruiting is a
contested term which refers to the intersection of recruitment and the embryonic
field of social media. There are several other terms used frequently, signifying the
same, like social hiring, social recruitment and social media recruitment.
The most popular Social Media sites used for recruiting are LinkedIn, Facebook,
Twitter, Viadeo, XING, Google+ and BranchOut. Networking sites are affecting the
way that organizations manage their talent in several ways:

Firstly, organizations today are able to reach out prospective employees and
communicate to them in better and easier way, while building their employer
branding.

Secondly, they are also able to create a linkage with their own employees.

Thirdly, networking sites have become channels to observe and listen what
others are saying about the organization.

Lastly, it is also helping organizations to manage their alumni networks more

efficiently.

Following are the excerpts of few HRs from reputed firms on how social media has
helped and enhanced the process of recruiting7:
Avadhesh Dixit, head HR, CMC Ltd, says, We are targeting 20%-25% hiring through
various internet-based platforms, which include professional networks like
LinkedIn, the career page on our website etc.

Companies now hiring through social media

17

Subrat Chakravarty, head HR, business services, HCL Technologies says, Social
media, comprising Facebook, Twitter, LinkedIn, etc. is the fastest growing
communication platform in the world. It has become a way of life for millions of
youth across the globe who want to remain connected to things that matter
irrespective of location.
Job portals like naukri.com, monster.com in India have brought about a revolution in
the recruitment process. The difference between a networking site and a job
portal is fundamentally the following8:

The intent for people to register to these sites is different from the intent to
register in a job portal. A person that registers in a job portal is looking for a
job versus a person that registers in a professional networking site might or
might not be interested in changing jobs.

Because of policies of privacy and anti-spam the access to individual

information is limited. Companies cannot access a mass audience in one go,
limiting the scope of recruitment through professional networking sites.

Thirdly, the pricing to access to individual information is also very different.

The consequences of these differences are that the recruiter using
professional networking sites has no control over who would or would not
be interested to hear about a job opening. Productivity and control of the
process is lower and it is more expensive.

2.1.1 Dos9 and Donts

Targeting the Right Social Sites

The social media space is vast, with new platforms, like Pinterest or Highlight,
launching regularly. For companies willing to engage, just being present is not
enough. It is imperative to think as a unique employer brand. Instead of simply
latching on to the rise of Facebook, LinkedIn, Twitter or YouTube, a little target
marketing is required. Regularly published figures on social network traffic are a
good place to start. For instance, LinkedIn is the best site to reach executives
experienced in international business; while for a younger and less highly-qualified
target group, as well as localized recruiting in distribution or industry, Facebook
would be a better option. We can find the statistical distribution among various sites
in following table.

8
9

Role of networking sites in recruitment and talent management

Recruiting Through Social Media

18

Figure 5 Table representing most used sites for recruitment

The table shows the statistical figures of social networking sites used by various
organizations to recruit employees.
One of the best ways to connect with candidates with specific skills is to tap into
interest groups or professional communities. Whether as a group within a big
social network, or completely independent, they bring together experts with
experience in a certain sector or with specific know-how. These represent niche
social networks. In the United States, they exist for a wide range of career groups,
from federal employees to healthcare workers. Similarly, certain niches are
geographical, for example Viadeo in France, Xing in Germany, Orkut in Brazil.

Developing Own Community

Depending upon capabilities, skillset, job market, existing interest groups are
limited sources of quality candidates. But banks can attract target potential
employees by developing their own communities. A specialized blog, a collaborative
forum or a job information site can offer an authentic place to exchange opinions
and share experience. To be visible online, these community forums must make it
easy for interested visitors to find them: optimizing search engine visibility, using
relevant keywords, and creating links from the corporate site and career websites
and the companys page on Facebook, Twitter or LinkedIn. The point is not to
advertise vacancies. It is all about being proactive, engaging potential candidates in
dialog early on and forming a talent pool with an eye on positions that might not
even exist yet.
19

Employees Get Social

Methods to enhance a companys image online are gradually emerging. Activities do

not need to rely on recruitment experts or HR departments alone, but can also
engage existing employees to create momentum on social sites. Employees with
access to social networks are in an ideal position to act as ambassadors for their
company. It may even be in their own professional interests. Terry Terhark, a
recruitment industry expert at The RightThing, an ADP company, often tells clients
that one of the best ways to start engaging employees as company ambassadors is to
identify key individuals that get the objective of the brand, are socially savvy and
can provide the passion and personality that can help enhance your employment
image. As Terry notes, Keep in mind that there is no standard method for finding
the right people, and look across all departments and positions to maximize results.
Its also important to create a firm set of guidelines to help employees keep the
message consistent, factually accurate, and appropriate. Ensure employees are
properly trained before giving them the official green light to represent the
company and track and monitor activity. From there, establish an on-going dialogue
to help feed key messages and gather feedback on a regular basis.

New HR roles

The employer brand is everyones business. Clearly, using social media pushes
boundaries and creates new roles for HR teams. In particular, it is up to them to
choose which social media platforms they want to use and to create optimal
conditions for a sustained, dynamic online representation of the company and its
employer brand. Naturally, the results of a companys digital strategy must be
measured. Consultants agree on the need to take time to set it up and make minor
readjustments before rushing into using indicators. Yet once a strategy has been in
place for a while, the number of spontaneous applications sent in by people who
have discovered the employers brand online or were attracted by it, is a sure sign of
social recruitment success.

The pitfalls and challenges

Fake profiles, spammed inboxes and legal complications are cons of social media
recruitment. The biggest challenge is constant monitoring and evaluation of
responses and feedback from the customers, fans and followers. It needs the bank to
be little pro-active and respond to any query or comments in real time. Social media
is a long-term commitment and new HR managers are expected to have the
requisite technical competence. Its little difficult but they need to launch targeted
campaigns and keep the candidates engaged. The main challenge lies in finding the

20

authentic and best out of the vast information present on social networks which
could be helpful for the bank/organization.
On similar tracks social media channels can be very effective as well. While talking
about social media and employee training in the same sentence we must keep one
thing in mind, its not only training employees via social media but training
employees to behave in social media while representing the firm. So it becomes
increasingly important for the organizations, banks in our case to have social media
policy which would lay down some guidelines for the employees to behave in a
certain manner online.
Apart from this banks can use tools like content communities which include
YouTube, Dailymotion etc. to train their employees. These days availability of space
is becoming an issue for the industries so they tend to minimize the usage of such
infrastructure which could hamper their growth in other ways. Hence, its the need
of the hour to switch to such solutions to tackle the space and infrastructure issues.
Setting up a workspace for certain number of employees is one thing but with every
passing day he number is going to expand, so to train them and make them more
efficient in the way the firm wants them e-learning or e-training is one solution. It
could be done using Skype or giving lectures via uploading videos on YouTube.

Source: D.K. Neely

21

2.2 Marketing and Sale

Marketing is the process of communicating the value of a product or service to
customers, for the purpose of selling the product or service. It is a critical business
function for attracting customers.
From a societal point of view, marketing is the link between a societys material
requirements and its economic patterns of response. Marketing satisfies these needs
and wants through exchange processes and building long term relationships. It is
the process of communicating the value of a product or service through positioning
to customers. Marketing can be looked at as an organizational function and a set of
processes for creating, delivering and communicating value to customers, and
managing customer relationships in ways that also benefit the organisation and its
shareholders. Marketing is the science of choosing target markets through market
analysis and market segmentation, as well as understanding consumer buying
behavior and providing superior customer value.

2.3 Consumer Protection

10Considering

that the vast majority of consumers simply click through the legal
agreements to get to the applications on a website, there is no real downside to
companies spending a little time and money to ensure that their privacy policy,
terms of use and other legal agreements reflect their current practices. Similarly,
updating these agreements should be a routine part of changing how the company is
collecting and using information from its users. It should be coordinated between
marketing, IT and legal with each checking off on the updates being accurate. And,
finally, the website should clearly indicate that the privacy policy and/or
agreements have been updated so users have the option to review any changes. If
experience is any indicator, virtually all users will continue to visit the website
notwithstanding the updated policy or agreements.

2.3.1 Dos and Donts

10

Ensure that the published policies on their websites for terms of use and
privacy reflect what information the businesses are collecting from
consumers, and that the disclosures are clearly stated without unnecessary
and lengthy legalese;

Examine how the businesses are using personal information or anticipate

using it, and that these uses are being fully disclosed to consumers;

Take reasonable measures to safeguard consumer information. Because of

the risks of cyber-hacking, it is also worthwhile to conduct an audit on how

Social Media Law Blog

22

consumer information is being safeguarded, and what information is being

stored and for how long a period. The FTC settled a complaint
against Twitter for its alleged failure to take reasonable safeguards to
protect users' accounts against hackers.

Apps should not ask for the more information then what actually they
require.

Since, banks carry high reputation and work on the confidence of the
customer only hence the apps shall not breach the code they agree to abide
by with the customer. For example if in Facebook they tell users that they
could restrict sharing of data to limited audiences for example, with
"Friends Only" then it should not allow their information being shared with
the third-party applications their friends used.

Banks must not share customers personal information with advertisers.

2.3.2 Cross Selling

Cross-selling is simply selling additional banking services to existing customers.
Cross-selling is really cross-helping. It gives the customer-contact employees the
satisfaction of recognizing customers' needs and meeting those needs with a useful
product or service. Research statistics demonstrate that the average customer uses
less than two services from any one depository institution. That same customer may
use anywhere from two to six different financial institutions in the same community.
Seventy percent of all customers share their banking needs with more than one
financial institution. These customers may not be using more than one or two
products or services from same financial institution simply because no one has
asked them. The odds of keeping a customer with same financial institution increase
in direct proportion to the number of the services from same institution they use.

2.3.2.1 Why cross-selling is so critical

Its cheaper than acquisition. Its 8-10 times more costly to acquire new customers
than to sell additional products to ones you already have. Plus, cross-selling is also a
safe and stable way to generate core deposits, compared to more expensive liquidity
options.

It improves retention: On average, a customer with just one product at a bank

will stay with the institution for about 18 months. By adding just one more
product, it may be extended to four years. At three products, that
relationship will last an average of 6.8 years.

23

It increases wallet share: Community banks typically hold 35-50 percent of a

customers wallet share. Thats how much of the customers assets; including
checking, savings, money-market accounts, and such are held at the same
institution. Cross-selling may increase the investment and thereby increase
the share for the banks.

It broadens the profit base: A significant feat, since only 1-2 percent of a
banks customers usually account for almost all its profitability. Clearly, a lot
of customers add very little to banks bottom line. Cross-selling can bring
diversity and strength to the group you rely on the most

2.3.2.2 Steps to Effective Cross-selling

Know what current customers are like: using household segmentation

Measure what theyve already bought: so the bank can quantify its prospects
Determine best targets: identifying opportunities at each branch
Set realistic sales goals for each branch: based on averages for the franchise
as a whole
Go for the gold: leveraging the right resources to meet expected $ return

2.3.3 KYC Usage

KYC is an acronym for Know your Customer, a term used for customer
identification process. It involves making reasonable efforts to determine true
identity and beneficial ownership of accounts, source of funds, the nature of
customers business, reasonableness of operations in the account in relation to the
customers business, etc which in turn helps the banks to manage their risks
prudently. The objective of the KYC guidelines is to prevent banks being used,
intentionally or unintentionally by criminal elements for money laundering.
KYC has two components - Identity and Address. While identity remains the same,
the address may change and hence the banks are required to periodically update
their records. Know your customer policies are becoming increasingly important
globally to prevent identity theft, financial fraud, money laundering and terrorist
financing.
Related procedures also enable banks to know or understand their customers, and
their financial dealings better. This helps them manage their risks prudently. Banks
usually frame their KYC policies incorporating the following four key elements:

Customer Acceptance Policy

Customer Identification Procedures
Monitoring of Transactions
Risk management
24

Figure 6 How to Pass KYC Hurdle (Source: Mint Research)

2.3.4 Cards
Most Bank Cards are Chip and PIN Cards. To use them you will need the correct PIN.
Each card has a different PIN - a secret number just for the customer. If one finds it
difficult to use or remember a PIN, he can ask his Bank for a Chip and Signature Card
instead.

2.3.4.1 Different Types of Bank Card

Cash Card
If one has a Cash Card, he can only take out money from a cash machine, and
only as much as he has in his Bank Account.
Debit Card
With a Debit Card one can take out money from a cash machine, can use it to pay
for things such as online shopping or ticket booking etc. He can use the amount
available in his account only.
25

 Credit Card
A Credit Card is a Bank Card with which one can purchase items without actually
paying for them at that moment. Its like owing money to the bank which is to be
paid back to the bank by the user within some specified time period.

2.3.4 Loans
The act of giving money, property or other material goods to another party in
exchange for future repayment of the principal amount along with interest or other
finance charges. A loan may be for a specific, one-time amount or can be available as
open-ended credit up to a specified ceiling amount. The terms of a standardized loan
are formally presented (usually in writing) to each party in the transaction before
any money or property changes hands. If a lender requires any collateral, this will
be stipulated in the loan documents as well. Most loans also have legal stipulations
regarding the maximum amount of interest that can be charged, as well as other
covenants such as the length of time before repayment is required. Loans can come
from individuals, corporations, financial institutions and governments. They are a
way to grow the overall money supply in an economy as well as open up
competition, introduce new products and expand business operations. Loans are a
primary source of revenue for many financial institutions such as banks, as well as
some retailers through the use of credit facilities.

2.3.4.1 Types of Loans

2.3.4.1.1

Open-Ended and Closed-Ended Loans

Open-ended loans are loans that you can borrow over and over. Credit cards and
lines of credit are the most common types of open-ended loans. With both of
these loans, one gets a credit limit that he can purchase against. Each time he
makes a purchase, his available credit decreases. As he makes payments, his
available increases allowing him to use the same credit over and over.
Closed-ended loans cannot be borrowed once theyve been repaid. As you make
payments on closed-ended loans, the balance of the loan goes down. However,
you dont have any available credit you can use on closed-ended loans. Instead, if
you need to borrow more money, youd have to apply for another loan. Common
types of closed-ended loans include mortgage loans, auto loans, and student
loans.
2.3.4.1.2

Secured and Unsecured Loans

Secured loans are loans that rely on an asset as collateral for the loan. In the
event of loan default, the lender can take possession of the asset and use it to
cover the loan. Interests rates for secured loans may be lower than those for

26

unsecured loans. The asset may need to be appraised before you can borrow a
secured loan.
Unsecured loans dont have asset for collateral. These loans may be more
difficult to get and have higher interest rates. Unsecured loans rely solely on
your credit history and your income to qualify you for the loan. If you default on
an unsecured loan, the lender has to exhaust collection options including debt
collectors and lawsuit to recover the loan.
2.3.4.1.3

Conventional Loans

When it comes to mortgage loans, another term conventional loan is often

used. Conventional loans are those that arent insured by a government agency
like the Federal Housing Administration (FHA), Rural Housing Service (RHS), or
the Veterans Administration (VA). Conventional loans may be conforming,
meaning they follow the guidelines set forth by Fannie Mae and Freddie Mac.
Non-conforming loans dont meet Fannie and Freddie qualifications.

2.4 Customer Education

As talked earlier, social media is different from the traditional media because unlike
later it has many dimensions. Social Media works both ways, sending and receiving.
So far we have been talking about what Banks and other financial institutions can
take from Social Media but in the form of customer education they can give
something to customers which will ultimately help their own growth.
These days attacks on websites, attempts to hack them, bombard the customers
with phishing mails, posting infected links in disguise are increasing rapidly, hence
it has become very important to keep customers on their toes to avoid such kind of
attacks. With the social media not only we can keep them informed and updated
about the latest attacks and tricks but we can impart more knowledge. Banks having
a presence on social media can easily teach them about the products and services of
their institutions. Everybody is not aware of the services banks provide, which vary
with banks, but using social media channels banks can publicize the services and
also educate customers thus encourage them to subscribe those services.
There are various social media tools; blogs, microblogs like Twiter, content
communities like YouTube where banks can put up the information in detail and
make it more convenient for the public. They can convey their thoughts and
required pre-requisites through these channels and make customer feel comfortable
which will eventually help in increasing the business by significant margin.

27

2.5 Transaction Processing

The use of social media is not the only Internet business evolution, online financial
transactions have revolutionized the way companies collect money and pay bills.
Long gone are the days of hoarding checks until you have enough to warrant a trip
to your local bank. Transactions through social media are becoming more and more
common gradually. Customers can now pay for just about anything online or on a
mobile device. The payments made through social media channels are commonly
referred as Social Payments.
In perhaps the biggest step in this direction in Indian Banking ICICI announced that
it is working towards allowing its customers to make transactions through social
networking site Facebook. Third largest lender ICICI Bank on Monday said it is
working towards allowing its customers to make transactions through social
networking site Facebook. In a report11 published in DNA in September 2012, banks
CTO Mr. MK Jain was quoted saying, "It would be premature to say anything on this
now. But we are working on that (allowing transactions through Facebook). Over a
period of time, say next few months or so, you will hear some news about it."
Apart from that PayPal has unveiled a Facebook app that lets you send money to
friends. The app, simply titled SendMoney, is just as straightforward as its name.
You have the choice to send either an e-card with money or just money with no card.
You select a card, choose a friend to send it to and then select how much money to
send.

Figure 7 Paypal's fb app (Source: Mashable)

11

DNA

28

Transaction Processing engulfs online transactions; it could be online payment for

some sort of shopping or ticket booking or may be fund transfers and complaints on
public fora and their remedies.

2.5.1 Complaint Handling

Social media can amplify the bank's message. It can also do the same for the
customers when they have some issue with the bank. Ivar Kroghrud, CEO of the
social customer relationship management (CRM) firm Questback, in an interview
said "Social media can be used for many things, and one of them is customer
complaints or negative feedback about your company."12

2.5.1.1 Dos & Donts13

Do not delete negative comments
It will only aggravate the commenter, or move the conversation elsewhere.
Deleting things on the internet is an illusion anyway, and will bring into question
the banks integrity to not only the complainer, but all other followers. Do block
users who abuse the site, and remove inappropriate comments (i.e., racist,
derogatory, pornographic, etc.), ones that are too far off-topic, or just trying to
use the page to sell a product or service.

Decide Who You're Going To Respond To--And Who You Can Ignore

As part of that plan, lay out the approach for the types of people and messages
which can be addressed online. Then determine the criteria for queries to be
ignored. Trying to chase down every single bit of chatter is probably not an
efficient strategy; the ignorance-is-bliss approach won't work out well, either.
Some companies use Klout or other tools to assess what kind of online influence
the unsatisfied consumer wields before responding. Some use sentiment
analysis and other metrics to guide their decision-making.

Respond to each complaint in the public stream

The culture of social media demands that you are addressing the issue. That
doesnt mean you have to discuss every detail in public. So tweet or comment
back and say something like please e-mail me more info or looking forward to
helping you. Can you DM/message me more? Also when its resolved, tweet that
back as well. Try Thanks so much for letting us know. I hope the issue has been
resolved for you? Follow up is the key here. If its on Facebook, make sure the
reply is on the original stream where the complaint was written.

12
13

International Week SMB

Pennstate College

29

Dont delay

Word travels swiftly on social networks, so respond quickly, particularly during

a crisis. A slow response can damage a companys reputation. Delay here means
keep ignoring or not replying to complain for some considerable amount of
hours. An aggrieved person expects swift reply even if the solution cannot be
delivered instantaneously but mere confidence of thing will be taken care of
quickly does a lot of good to the banks reputation.

Deal delicately with People

While replying to complaints online one must keep one thing in mind that they
are still dealing with a person. The confrontation may not be usual like a
telephonic call or face to face but it still deserves same kind of attention.

Move Irate Customers To A Different Channel

The public nature of many social platforms adds pressure to negative social
interactions. The official pages of organizations themselves only complicate the
matter. Consider offering particularly upset customers the chance to address
their issues in a different forum, such as a phone call, email, or feedback survey.
Just don't make it inconvenient or difficult to do so. Otherwise, one might be
making a tough situation worse.

Consider another avenue for complaints

Chances are the customer is not seeking to defame the organization on the social
sites. They just want to vent out their frustration and ultimately seek the
organizations attention towards the issue. So its important for the
organizations to make sure they publicize other options for customers to
converse. Then follow through and get back to the customer quickly.

2.5.2 Funds Transfer

2.5.2.3 Case Studies:
Alior Bank
Alior Bank14 launched Alior Sync, Polands first digital bank and branch complete
with virtual branches, mobile apps, Facebook payments, personal finance
management tools and an entertainment area. Following the footsteps of New
Zealands ASB Bank, which has a virtual branch on Facebook, the digital branch is
targeting a younger, digitally-savvy generation. The advantages of such branch are:

14

Available anytime, anywhere

Sales Force Marketing Cloud

30

The site enables customers to engage and carry-out transactions with employees
through video, audio or text chat. In addition to regular banking features,
Android and iOS mobile apps have also been developed for Alior Sync to enable
customers to check their finances, transfer funds and pay bills using their
handsets cameras.
Transfer money through Facebook
Alior Sync also enables customers to transfer money directly to friends through
Facebook photos without having to leave the page. The transactions are
authorized using one-time codes, and PayPal payments can also be made via emails and four billion zloty in deposits within four years. The only requirement
of the transaction is that the recipient has to use the same application, and then
money can be transferred to any bank account in Poland. The safety of the
Facebook money transfer is protected by captcha and a one-time transaction
signing SMS password.
Innovative social media campaigns
Alior Sync has an entertainment area where customers can watch films, listen to
music and play games. Users can also get discount deals, and free movie tickets
by recommending the bank on Facebook.
Azimo
Azimo15 is a new money transfer app that removes the need to physically queue at a
bank or Western Union desk. It is also
the first money transfer service that
integrates social media, enabling you to
transfer money directly to Facebook
friends. Using Azimo to send money via
Facebook works as follows: The sender
invites their intended recipient to sign
up to Azimo via an automatically sent
Facebook message. The recipient then
logs into Azimos Facebook app and fills
out their details, including where they
want the money sent to, which could be
one of the 150,000 payout desks in the
125 countries supported, a mobile
Source: TechChurch
phone top up, or a bank account. And since the recipient fills out that crucial
information, those details are kept hidden from the sender, while the company
claims that less mistakes are likely, too.

15

Watch My Wallet

31

Azimo at a Glance - The Money Saving Money Transfer App

No commission fees
Fewer middle men means lower admin fees of around 2 percent
No bank account required
Quicker than bank or wire transfer
Social media integration
10 percent of Azimo profits go to charity
Available 24 hours a day
Minimum 50 transfer
Transfer to over 150,000 global locations
128-bit encryption and physical security
FSA registered

32

Chapter III
Risk Assessment and Security
The use of social media brings many risks to the enterprise. One common attribute
of Web 2.0 and the social media is the user generated content. Any website that
allows a visitor to post content makes the organisation vulnerable to such risks.
Although there are many social media sites and they have incorporated features to
counter those risks but its still not foolproof. With the rapid increase in use of social
media tools, the companies ought to be at par with tools to tackle the associated
risks growing at even faster rate.
According to a September 2011 survey, 63% respondents indicated that employee
use of social media puts their organizations security at risk while 29% say they
have the necessary security controls in place to mitigate or reduce the risk
(Ponemon Institute, 2011). In another study 49% of executives surveyed said that
they feel that the use of social media could damage company reputation, yet in that
study only one in three companies addressed those concerns (PRNewswire, 2009).
These two studies indicate that social media poses a substantial risk to the
organization but the risk itself is not being adequately addressed. For these types of
risks the organization has less control because they do not own, manage or
controlled the systems involved.

Figure 8 Risk Assessment Chart (Source: ISACA)

33

3.1 Risks and Security Concerns

Many consultancies around the globe along with the FFIEC (Federal Financial
Institutions Examination Council) have cautioned banks of the risks involved in
engaging customers in social media. For example, if a bank uses social media to
market products or originate new accounts, it must make sure all its
communications are in accordance with existing laws.
The risks which a bank or an organisation must take into consideration before
entering into social media are categorised in three main forms16:
Reputational Risk
Legal Risk
Operational Risk

Figure 9 Types of RisksReputational Risk

Social Media: The Business Benefits May Be Enormous, But Can the Risks-- Reputational, Legal,
Operational -- Be Mitigated?
16

34

3.1.1 Legal
The legal risks associated with social media should be carefully considered prior to
engaging in a social media strategy. The main risks include: employment, privacy,
security, intellectual property and media risks. Business managers who want to
implement a social media legal strategy should consult with inside and outside
counsel who understand information technology law. While these legal risks can be
significant, with forethought and planning, they can be managed. In this part of the
paper, we will provide an overview of the key risks. The following are some
common situations in which social media can be the occasion for legal action:

31.1.1 Employment Risks:

Now-a-days companies have got accustomed to practice of investigating potential

and existing employees through social media. According to The Allentown Morning
Call, Seventy percent of recruiters and hiring managers in the United States have
rejected an applicant based on information they found online. In total, nearly one in
five companies has disciplined or fired an employee for social media misdeeds.
There have been myriad instances where employment of a person has been affected
by the information collected from his social networking. This kind of practice has
been under legal scrutiny because of the adverse effects it carries and the risks
associated with it are high at times.

3.1.1.2 Security Risks:

Social media sites pose potentially increased security risks, and if a security breach
arises from social media activities, the organization may face liability. Security
breaches may occur because of malware downloaded onto an organizations website
through the use of social media. This can happen when an employee downloads an
application, or is a victim of phishing or click-jacking 20 on a social media site
while using a company computer. If the organizations social media-related security
policies, procedures, and technical safeguards are inadequate, it may be held liable
for a breach arising from the surreptitiously acquired malware. In addition, social
engineering within social media sites, as well as spoofed social media profiles or
pages, provide other points of entry for attackers and pose more legal risks for
organizations.

3.1.1.3 Intellectual Property and Media Risks:

PR News warns, Make sure your social media team understands what they can and
cant do with the intellectual property of others. If your employees post or re-post
information [belonging to others] without permission, this can lead to infringement
claims against your company. It could also result in potential contractual breach
claims, if the intellectual property belongs to an existing client. Companies may be
held directly liable for hosting material on their website. Furthermore, employee
discussions on social media sites could disclose third-party trade secrets that the
company is legally required to protect, and that can lead to misappropriation and
35

other contractual and tort claims. Companies are generally legally responsible for
any financial statements on social media sites made by them, or on their behalf,
through the antifraud provisions of securities laws. Employees who praise or
promote their organizations products and services may create legal liability. It may
be regarded, positive statements by employees (when their relationship to the
company has not been revealed), as improper advertising.

3.1.1.4 Defamation Risks:

Defamation is yet another common claim that may result from social media
activities, and companies need to be aware that they face potential liability for
defamatory statements made by their employees about competitors, and for
defamatory statements made by the public on the companies third-party social
networking pages.

3.1.1.5 Privacy Risks:

Companies may have an obligation to protect the privacy of members of the public
who join their social networking pages on third-party sites, or who provide personal
information through social media sites just as they do, in many cases, when the
public provides personal information on the companys own website. For example,
not only do companies need to guard against violating the Childrens Online Privacy
Protection Act (COPPA in US), they need to conform to the privacy regulations and
terms of use of those third-party sites. Facebook, for instance, has stringent
guidelines surrounding company promotions on their site. Finally, companies may
run into legal trouble if their social media activities violate their own privacy
policies. There are several ways in which social media activity might compromise or
leak sensitive company information (or client information) that could have legal
consequences.

3.1.2 Reputational Risks

The reputational risks of social media are as much as the reputational benefits
because of the vast reach of social media platforms which offer not only a vast
frontier of promotional opportunity, but a vast uncharted sinkhole of risk. General
bad behavior by employees, or the posting of embarrassing information, has the
potential to reflect poorly on the company (especially when that behavior is
exhibited in a branded social media location, for example on a companys Fan
page on Facebook).

3.1.3 Operational Risks

When employees access social media platforms at Work, even those employees who
are designated as social media spokespersons for the organization -- they risk
endangering the organizations networked computers by unknowingly acquiring
malware, viruses, and spyware. Social networking sites, particularly Facebook and
Twitter, are a favorite playground for those with bad intentions.
36

3.2 Risk Assessment

Determine the threats that apply to the organization's social media environment.

Determine the vulnerabilities (weaknesses) that can create an environment in

which the threats can manifest. In some cases a threat will have only one
vulnerability associated with it. However, in the majority of cases there will be
multiple vulnerabilities associated with each threat.

Once the threats and vulnerabilities have been identified it is time to determine
the internal controls that are in place. Internal controls are the practices and
processes that will keep the vulnerability from turning the threat into a reality.
There are some common controls related to these risks. It is not likely that every
organization will have every control listed. The greater the number and breadth
of controls in place, the less likely the threat will take place. Each control should
be listed on the risk assessment.

Based upon the internal controls in place and the nature of the threat and
vulnerability, the organization must determine the likelihood that the threat will
take place.

Next, the organization must determine the severity of the effect of the threat if it
were to manifest based upon the existing controls.

Finally, the organization uses both the Likelihood of Occurrence and the Impact
of Severity to determine the Risk Level.

After completing the social media risk assessment it should be reviewed.

Considerations in the review include a risk level that is too high relative to the
organization's risk appetite. For example, it may be the policy that all "moderate"
and "high" risk areas be reviewed with senior management to discuss further
internal controls that can be implemented to reduce the risks.

It is generally a good idea to summarize the risk assessment process and deliver a
report to the organization's Audit Committee and possibly the Board of Directors.
Along with the report may be recommendations or action items that will be taken to
increase the number of internal controls to reduce the overall risk. Once such action
items are completed the organization can again perform the risk assessment to
determine if the internal controls have been effective in reducing the risk level.

37

3.3 Risk Management17

By combining new technologies and methods of engagement, social media can pose
new risks to organizations and magnify existing ones. In addition to amplifying
information technology risks such as viruses, malware, privacy, security and
unauthorized applications, organizations must also manage brand, reputational and
defamation risks and protect against the loss of intellectual property or
inappropriate disclosures. Despite the many specific risks introduced by social
media, organizations must also evaluate the growing risks of doing nothing of not
embracing social media. A prime example of the need for balance is human
resources. While organizations initially worried about potential productivity losses,
the new worry is that restricting social media access may deter candidates. Leading
organizations are now using social media to identify, attract and engage potential
employees.

3.3.1 Steps for Risk Management:

17

Develop a social media strategy consistent with your organizational goals

and objectives
Clearly establish roles and responsibilities with respect to social media
Identify risks inherent in the organizations social media strategy
Determine key required risk management practices including the
communication of social media policies
Implement a process to proactively monitor and respond to what is being
discussed online about your organization

Managing the risks of Social Media-Deloitte

38

Chapter IV
Legal Issues
Information technology is one of the important law relating to Indian cyber laws. It
had passed in Indian parliament in 2000. This act is helpful to promote business
with the help of internet. It also set of rules and regulations which apply on any
electronic business transaction. Due to increasing crime in cyber space, Govt. of
India understood the problems of internet user and for safeguarding the interest of
internet users, this act was made.

4.1 IT Act 2000

The Information Technology Act 2000 (also known as ITA- 2000, or the IT Act) is an
Act of the Indian Parliament (No 21 of 2000) notified on October 17, 2000.
An Act to provide legal recognition for transactions carried out by means of
electronic data interchange and other means of electronic communication,
commonly referred to as "electronic commerce", which involve the use of
alternatives to paper-based methods of communication and storage of information,
to facilitate electronic filing of documents with the Government agencies and further
to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books
Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters
connected therewith or incidental thereto.

4.1.1 Provisions
Information technology Act 2000 consisted of 94 sections segregated into 13
chapters. Four schedules form part of the Act. In the 2008 version of the Act, there
are 124 sections (excluding 5 sections that have been omitted from the earlier
version) and 14 chapters. Schedule I and II have been replaced. Schedules III and IV
are deleted.
Information Technology Act 2000 addressed the following issues:
Legal Recognition of Electronic Documents
Legal Recognition of Digital Signatures
Offenses and Contraventions
Justice Dispensation Systems for Cybercrimes

4.1.2 Objectives
It is objective of I.T. Act 2000 to give legal recognition to any transaction which is
done by electronic way or use of internet.

39

To give legal recognition to digital signature for accepting any agreement via
computer.
To provide facility of filling document online relating to school admission or
registration in employment exchange.
According to I.T. Act 2000, any company can store their data in electronic
storage.
To stop computer crime and protect privacy of internet users.
To give legal recognition for keeping books of accounts by bankers and other
companies in electronic form.
To make more power to IPO, RBI and Indian Evidence act for restricting
electronic crime.

4.1.3 Scope
Every electronic information is under the scope of I.T. Act 2000 but following
electronic transaction is not under I.T. Act 2000
Information technology act 2000 is not applicable on the attestation for creating
trust via electronic way. Physical attestation is must.
I.T. Act 2000 is not applicable on the attestation for making will of any body.
Physical attestation by two witnesses is must.
A contract of sale of any immovable property.
Attestation for giving power of attorney of property is not possible via electronic
record.
4.1.4 Highlights18
There are 13 chapters in law and all provision is included in this chapters:

Chapter II

Any contract which is done by subscriber. If he signs the electronic agreement by

digital signature, then it will be valid. In case bank, the verification of digital
signature can be on the basis of key pair.

18

Business Education

40

Chapter III
This chapter explains the detail that all electronic records of govt. are acceptable
unless any other law has any rules regarding written or printed record.

Chapter IV

This chapter deals with receipts or acknowledgement of any electronic record.

Every electronic record has any proof that is called receipt and it should be in the
hand who records electronic way.

Chapter V

This chapter powers to organization for securing the electronic records and secure
digital signature. They can secure by applying any new verification system.

Chapter VI

This chapter states that govt. of India will appoint controller of certifying authorities
and he will control all activities of certifying authorities. Certifying authority is that
authority who issues digital signature certificate.

Chapter VII

In this chapter powers and duties of certifying authority is given. Certifying

authority will issue digital signature certification after getting Rs. 25000. If it is
against public interest, then C.A. can suspend the digital signature certificate.

Chapter VIII

This chapter tells about the duties of subscribers regarding digital signature
Certificate. It is the duty of subscriber to accept that all information in digital
signature certificate that is within his knowledge is true.

Chapter IX

If anybody or group of body damages the computers, computer systems and

computer networks by electronic hacking, then they are responsible to pay penalty
up to Rs. 1 crore. Fore judgment this, govt. can appoint adjudicating officer.

Chapter X

Under this chapter, cyber regulation appellate tribunal can be established. It will
solve the cases relating to orders of adjudicating officers.

Chapter XI

For controlling cyber Crime, Govt. can appoint cyber regulation advisory committee
who will check all cyber-crime relating to publishing others information. If any fault
is done by anybody, he will be responsible for paying Rs. 2 lakhs or he can get
punishment of 3 years living in jail or both prison and penalty can be given to cybercriminal.

41

Chapter XII
Police officers have also power to investigate dangerous cyber-crime under IPC
1860, Indian Evidence Act 1872 and RBI Act 1934.

Advantages of I.T. Act 2000

Helpful to promote e-commerce
Email is valid
Digital signature is valid.
Payment via credit card is valid.
Online contract is valid
Enhance the corporate business
Filling online forms
High penalty for cyber-crime

4.2 The Information Technology (Amendment) Act, 2008

The Government of India has brought major amendments to ITA-2000 in form of the
Information Technology Amendment Act, 2008. ITA A 2008 (Information
Technology Amendment Act 2008) as the new version of Information Technology
Act 2000 is often referred has provided additional focus on Information Security. It
has added several new sections on offences including Cyber Terrorism and Data
Protection. A set of Rules relating to Sensitive Personal Information and Reasonable
Security Practices (mentioned in section 43A of the ITAA, 2008) was released in
April 2011.

4.2.1 IT ACT 2008 Amendment (Sec 43A)19

It designates the responsibilities of a company handling personal data. It is an
endeavour to safeguard the sensitive personal data from being stolen, modified
without consent of owner, misused or sold in underground markets.
For e.g. A bank deals with sensitive personal data of its customers in its computer
networks/servers. It has customers names, account numbers, passwords, Date of
birth, Sex, credit/Debit card details, etc. Therefore, to make sure the bank complies
with Mandate of IT ACT, it needs to either get certified with ISO 27001 (world
renowned standard for data protection) or it may develop its own security manual
which describes full in depth details of its IT assets, the Life cycle of assets, the
physical security measures (viz. CCTVs, Locks, vaults, fire prevention/detection,
temperature controls in server rooms, security guard details and so on). It should
19

[Yearbook] Information and Technology Act: Salient Features and Provisions

42

also have a detailed Business Continuity plan (In case of any natural/manmade
calamity the organization must have a detailed backup process so as to continue its
business). Other applicable procedures of separation of duties of key personals,
background checks of employees before employing, etc. Not only Banks, but the
BPOs/KPOs, hospitals, and various other businesses which deals with sensitive
personal data, need to comply with this act.

4.3 Article 66A

66A states Punishment for sending offensive messages through communication
service, etc. i.e. any person who sends, by means of a computer resource or a
communication device:
(a) any information that is grossly offensive or has menacing character
(b) any information which he knows to be false, but for the purpose of causing
annoyance, inconvenience, danger, obstruction, insult, injury, criminal
intimidation, enmity, hatred, or ill will, persistently makes by making use of
such computer resource or a communication device
(c) any electronic mail or electronic mail message for the purpose of causing
annoyance or inconvenience or to deceive or to mislead the addressee or
recipient about the origin of such messages shall be punishable with
imprisonment for a term which may extend to three years and with fine.

4.3.1 Explanation
For the purposes of this section, terms "Electronic mail" and "Electronic Mail
Message" means a message or information created or transmitted or received on a
computer, computer system, computer resource or communication device including
attachments in text, image, audio, video and any other electronic record, which may
be transmitted with the message.

4.3.2 New Guidelines

No less than a police officer of a rank of DCP will be allowed to permit registration of
a case under provisions of the Information Technology Act that deals with spreading
hatred through electronic messages, following uproar over recent arrests under the
controversial law. In the case of metropolitan cities, such an approval would have to
come at the level of Inspector General of Police i.e. the concerned police officer or
police station may not register any complaints (under Section 66 (A)) unless he has
obtained prior approval at the level of an officer not below the DCP rank in urban
and rural areas and IG level in metros.

43

Chapter V
Social Governance Frame Work
According to the Altimeter Group, almost two-thirds of companies say that social
media is a significant or critical risk to their brand reputation. Forrester Research
tells us that 64% of large companies have no social media policy in place, or if they
do, they lack tools to sufficiently enforce and support the policy.

5.1 Social Media Policy Development

Once the strategy and risks associated with banks usage of social media are
assessed and understood, it important to establish a social media policy to guide
employee behavior. Numerous other organizations already have framed policies
varying from reactive policies which focus primarily on risk to proactive policies
which focus on the vast potential of social media strategy execution. One of the most
important elements of any social media policy is the direction that determines how
to respond to user-generated content or comments anywhere on the social network
or media i.e. should company employees ignore public complaints, address them
publicly or address them privately? Social media policy also should include
guidelines that govern employees general social behavior online while they are at
work.

5.2 Job of Social Media Governance20

Effective social media governance results in social capabilities that are thoughtfully
embedded throughout the organization.

Operating Strategy
Companies must define and implement an enterprise-wide social operating strategy
that (1) ensures consistent customer experiences across channels and (2) integrates
with existing strategy and planning processes.

Business Process
They should infuse social media into business processes in ways that maximize the
lifetime value of customers while synthesizing the diverse perspectives of affected
internal process owners.

20

Empowerment with Accountability- Accenture

44

Figure 10 Componentsof Social Media

Marketing Quality
Ensure that marketing tactics in social and digital media are consistent with the
companys definition of quality marketing. Then, as social media accounts
proliferate and as brands begin to empower their employees to represent the brand
in social media, align accounts and content with audiences.

Solution Architecture
Develop, deploy, and maintain an enterprise solution architecture that allows the
company to optimize the technology costs required to achieve social business goals.
In addition, some companies create more restrictive guidelines that apply when
employees post comments about the company or its products, spelling out
requirements such as protecting confidentiality, privacy and security. If the
company runs its own social site, such as a blog, the company should also create
acceptable use policies for external users who post comments. Although social
media policies will vary somewhat depending on the type of company and industry,
some common employee guidelines apply to most companies21:

21

Employees should always disclose that they are employees of the company
when commenting on matters related to the company

Unless employees are company spokespeople, they should make it clear that
their opinions do not represent the company

Social Media Strategy, Policy and Governance, Ernst & Young

45

Employees should think before they post, knowing that once information is
published online it essentially becomes part of a permanent record, even if it
is removed or deleted later

Employees should not comment on legal matters or the companys financial

status Among corporate social media policies, IBMs Social Computing
Guidelines have been called a valuable model for other companies because
they break down potentially complex issues with strong, simple language
that defines clearly yet encouragingly what is and is not expected of
IBM employees in social networks. 11 IBM posts its employee guidelines on
its public website.

5.3 The Importance of a Social Media Audit

Importantly, whether a company has just begun to develop its social media strategy
or already is executing, social media audits are paramount. After all, regardless of
where your organization is in its social media planning, some percentage of your
employees and customers are likely to already have a social media presence. Social
media audits can offer a company a clear understanding of those social media
activities, sanctioned or not. For companies that have social media policies in place,
audits can assess compliance with that policy. And for companies with established
social media strategies and objectives, audits can assess the effectiveness of their
execution and recommend ways to improve. Given the speed with which social
media has hit business agendas, a social media audit may be the most important
first step leading to an immediate assessment of corporate exposure, as well as longterm social media strategy and policy development. And, on an ongoing basis, social
media audits can help optimize the effectiveness of strategies and policies.

5.4 10 essential elements of social media governance22:

1. Rules to flag unacceptable content
2. A process for approving content
3. Involvement from the legal team in setting down content guidelines
4. An established procedure for handling escalation
5. The means to track incidents until theyre resolved
6. A procedure for handling any rogue social media accounts
7. Single-point password control that goes across the entire enterprise
8. Rules that limit the sharing of passwords
9. Standards for managing access
10. A set of social media guidelines

22

Jeremy Epstein, vice president of marketing at Sprinklr

46

Chapter VI
Usage Guidelines
As discussed in previous chapter due to the risks associated with social media a
proper framework and guidelines are required to direct the organisation to make
apt use of social media. As cited by Government of India while discussing the policy
regarding social media that many apprehensions including, but not limited to issues
related to authorisation to speak on behalf of department/agency, technologies and
platform to be used for communication, scope of engagement, creating synergies
between different channels of communication, compliance with existing legislations
etc. It was therefore felt that Guidelines for use of Social Media were required which
would enable project owners/implementers to effectively use these platforms.

6.1 Social Media Guidelines laid by Government of India

The Social Media Framework and Guidelines for the Government of India has been
created to enable government agencies to use these platforms more effectively and
reach out to their stakeholders and understand their concerns and hear their voices.
It comprises of the following elements23:

Figure 11 Social Media Framework and Guidelines

23

Framework and Guidelines for Use of Social Media for Government

47

Objective: Why an agency needs to use social media

Platform: Which platform/s to use for interaction
Governance: What are rules of engagement
Communication Strategy: How to interact
Pilot: How to create and sustain a community
Engagement Analysis: Who is talking about what, where and what are the main
points of conversations
Institutionalisation: How to embed social media in organisation structure

6.2 FFIEC Proposes Social Media Guidelines24:

While social media can be an effective way for such organizations to engage
customers, it also poses new security risks. In light of this, the Federal Financial
Institutions Examination Council (FFIEC) released a draft of new guidelines for
social media, which it defines as a form of interactive online communication in
which users can generate and share content through text, images, audio, and/or
video. The proposed rules would apply to banks, savings associations, and credit
unions, as well as nonbank entities supervised by the Consumer Financial
Protection Bureau and state regulators. The final version is expected to be published
later this year.
The proposed regulations would require that organizations have a documented
social media policy in place, enforcement, and employee training. Moreover,
financial institutions would need to conduct due diligence when using third party
services to ensure they understood the regulations and policies that financial
institutions must follow.

Strategy and Governance

A governance structure with clear roles and responsibilities whereby the board of
directors or senior management direct how social media usage contributes to the
strategic goals of the institution (for example, through increasing brand awareness,
product advertising, or researching new customer bases) and establishes controls
and ongoing assessment of risk in social media activities;

Policies and procedures

Policies and procedures (either stand-alone or incorporated into other policies and
procedures) regarding the use and monitoring of social media and compliance with
all applicable consumer protection laws, regulations, and guidance. Policies and
procedures should incorporate methodologies to address risks from online postings,
edits, replies, and retention;

24

Social Media: Consumer Compliance Risk Management Guidance

48

Vendor Management
A due diligence process for selecting and managing third-party service provider
relationships in connection with social media;

Training
An employee training program that incorporates the institutions policies and
procedures for official, work-related use of social media, and potentially for other
uses of social media, including defining impermissible activities;

Monitoring
An oversight process for monitoring information posted to proprietary social media
sites administered by the financial institution or a contracted third party;

Compliance
Audit and compliance functions to ensure ongoing compliance with internal policies
and all applicable laws, regulations, and guidance; and

Reporting
Parameters for providing appropriate reporting to the financial institutions board
of directors or senior management that periodically evaluate the effectiveness of the
social media program and whether it is achieving its stated objectives.

49

Chapter VII
References
Social Media and Banking
Reputational Risks Deloitte
Shwayri, R. N. ,The Risks Associated with Financial Institutions Use of Social
Media
Merill T., Latham K., Santalesa R., Navetta D., Social Media: The Business
Benefits May Be Enormous, But Can the Risks-- Reputational, Legal,
Operational -- Be Mitigated?
A practical guide to risk assessment* - PwC
SANS Institute- Risk Assessment of Social Media
ISACA- Social Media RIsk and Mitigation Guide
Yurcan B., The Compliance Risk of Social Media
The Financial Brand
DNA
IBNLive
Wikipedia.org
FFIEC.org
CGI, Implementing social network analysis for fraud prevention
Accenture, Empowerment with Accountability
Social Media: Consumer Compliance Risk Management Guidance
Framework and Guidelines for Use of Social Media for Government
Jeremy Epstein, vice president of marketing at Sprinklr
Social Media Strategy, Policy and Governance, Ernst & Young
[Yearbook] Information and Technology Act: Salient Features and Provisions
Managing the risks of Social Media-Deloitte
Business Education
Watch My Wallet
Sales Force Marketing Cloud
International Week SMB
Pennstate College
Social Media Law Blog
Companies now hiring through social media
Role of networking sites in recruitment and talent management
Recruiting Through Social Media
http://www.walkersands.com/Blog/how-brands-can-use-social-media-forcrisis-management/
http://www.blogussion.com/general/uses-social-networking/
Antony Mayfield, what is social media?
Nielsen, Global Faces and Networked Faces, 2009
50

51