From cloning to ATM passwords, learn how to save yourself from debit card frauds
The data breach that has led to an estimated 3.2 million debit cards getting compromised is only a small manifestation of a larger malaise called cyber crime. The breach occurred due to an introduction of malware in the network of a third-party payment processor.
Living in a digital world, we need to be aware of different types of cyber frauds and take steps to safeguard our financial well-being.
- SBI's Arundhati Bhattacharya among Fortune's top 50 global leaders
- Unions willing to sign banks' turnaround pact, with riders
- PSBs in focus; Nifty PSU Bank index up over 2%
- Farm loan waiver affects credit discipline: RBI Deputy Governor Mundra
- SBI advises some 100 Snapdeal sellers to cut outstanding loans
Password theft: Today, people have apps on their mobiles for almost everything - buying vegetables or furniture, booking a taxi, stock trading or anything else. Given the large number of apps, many people keep the same password and e-mail id for convenience - a wrong move. "The level of security at all online websites is not uniformly good. While Google's site will be difficult to hack into, an online retail start-up may not have the same level of security. Stealing of passwords usually happens from websites that have a lower level of security," says Shomiron Das Gupta of NetMonastery, a threat management provider.
Most use the same password at numerous websites. After hacking one weakly protected site, the hacker will have your user name, password and, in most cases, your email ID. He will then enter the other websites and misuse these. He could even send out mails from your email account and receive new passwords for other sites, thus blocking you out.
Precaution: Use a different password for each website. Most people find remembering numerous passwords impossible. Hence, you need to use a password manager. Install it on the browser or device. It will create unique, long and complex passwords for each website. It will also store them securely and auto-fill on all the websites you use. Some good password managers are Lastpass, 1password, Keypass and so on.
Cloning: An SMS that your debit or credit card has been swiped in Amsterdam while you were sleeping in Mumbai could happen because of cloning. This is one of the oldest tricks for stealing card information. The simplest form is when you hand over your card at a merchant establishment for payment. The person receiving the card uses a device (skimmer) that copies all the data on the card. Later, the data is transferred to a duplicate card and used.
Criminals also install skimmers on top of the card slot of ATM machines and fix a spy camera next to it. When a person inserts the card in the machine, it passes through the skimmer, it copies the card information, and the camera records the password.
Precaution: Check if the card accepting slot is shaky or loose. If it is, don't use it. If the machine swallows your card, block it immediately. Opt for a chip-based card, instead of one with a magnetic strip.
Use your hand to cover the keypad at an ATM when keying in the PIN. If the keypad is covered with any membrane that looks like a protective covering, avoid it, as it is meant to capture your keystrokes. "Never let your card out of your sight at a merchant establishment," says Sivarama Krishnan, leader-cyber security services, PwC India.
Vishing: A call from a bank executive that your account is under threat and he needs your CVV number to ensure safety should be ignored. No bank executive is authorised to seek your CVV numbers. This method has caught on recently. Their target is mostly senior citizens, who are used to helpful bankers. In their naivety, they reveal all details and even share the one-time password (OTP) sent on the phone.
Precaution: Be suspicious of all unknown callers. Do not trust phone numbers, even if the number displayed is that of your bank, since these can be altered by using software. Never share personal or financial information, especially OTP, CVV, PINs and SMS messages you receive. "Avoiding sharing and uploading any private factual information, especially on social networking sites," says Mukul Shrivastava, partner, fraud investigation, EY India. Use the security options in these accounts to keep your information private.
Phishing: An email saying you have won $500,000 in a lottery and need to share bank account details for the transfer snared many people in the past. Now that most people ignore such mails, they use other methods, such as sending an email supposedly from the income-tax department. The email asks victims to pay an outstanding tax liability or claim a refund. It provides a link to their bank account, a fake one and looking just like the website of a bank. Without realising it is a fake net banking website, the victims give away their credentials.
Precaution: Look closely at the email address. It might seem to be originating from incometaxindia. gov.in but many service providers, such as Gmail, inform the user if it has actually originated from that website. Such emails will have 'via' right after the email address and then the name of the server. Says K V Karthik, partner-financial advisory services, Deloitte Touche Tohmatsu India, "Be suspicious of any email that seeks personal information."
Install anti-virus and anti-malware software. "Always be very careful while clicking links shared through the body of the text asking you to update your personal information," advises Rohit Srivastwa, senior director-cyber security and education, Quick Heal. When transacting online, check if the address starts with HTTPS rather than HTTP.
It should also have a closed-lock sign, which indicates that the website is secure. Never download a file attached to an unknown email. "Opening the wrong attachment can introduce malware to your system," says Ritesh Chopra, country manager, Norton by Symantec.
In August, the Reserve Bank of India had come out with a draft circular that sought to limit the liability of bank customers in unauthorised electronic banking transactions.
It says customers will be entitled to compensation if a transaction occurs due to failure on the part of a bank's security architecture and systems or due to the bank's negligence. Once implemented, these provisions will offer some protection against banking-related cyber threats.