Updated: 05 May 2026
The relationship manager at the Thane branch arrives at 9:15 AM. Opens the shared workstation. Types a username. Types a password. The core banking system opens. The day begins.
The same username and password have not changed since 2021. The same credentials are known to the two colleagues who cover the workstation during lunch and leave periods. There is no second factor.
This is authentication in a significant portion of Indian bank branches in 2026. The core banking system has been upgraded twice in that period. The authentication has not.
The RBI IT Governance Master Direction requires MFA for all employee access to critical information systems - including branch access to core banking platforms. An existing requirement that branch authentication has not yet satisfied in many banks across Mumbai, Delhi NCR, and Tier 2 cities.
CERT-In's mandatory audit guidelines require individual accountability for every access event, a standard that shared branch workstation credentials cannot meet, regardless of the MFA layer deployed on top of them.
The reason it has not been satisfied is operational. Deploying MFA across 300 branches requires migrating away from shared workstation credentials - one of the most embedded operational habits in Indian branch banking. It requires a factor that works where personal mobile devices are not permitted. It requires session management that fits the branch working day without creating friction that slows customer service. These are solvable problems.
Cisco Duo - Cisco's identity security platform - replaces shared workstation credentials with named individual accounts. Shift-based session management means staff authenticate at shift start, the session is maintained through the working day, and auto-terminates at close. Hardware TOTP tokens, not smartphones, are the correct authentication factor for Indian bank branch environments where personal mobile devices are not permitted on the floor. Pre-provisioned before rollout, distributed to branch staff before Day 1.
In Proactive's branch banking deployments across Mumbai, Delhi NCR, and regional cities, the pre-rollout branch communication - explaining to every branch manager exactly what changes and when - consistently reduces Day 1 helpdesk volume by more than half. The phishing false-positive flood, where staff report enrolment emails before the communication reaches them, is entirely preventable. We prevent it.
The authentication logs, individually attributed, timestamped, and exportable, satisfy the RBI IT Governance Master Direction and provide the CERT-In audit evidence for every branch access event. Named individual access to core banking, India-wide, from a single Cisco Duo admin console.
Proactive is a Cisco Preferred Security Partner that deploys Cisco Duo across Indian bank branch networks - named account migration, hardware token provisioning, shift-based session management, and RBI-ready authentication logs from Day 1 across Mumbai, Delhi NCR, and Tier 2 cities.
The password that has been there since 2009 is the risk. The deployment that replaces it is the conversation. Talk to a Proactive Cisco Duo specialist and start your MFA journey.
We'll get back to you shortly.
