How to protect yourself against fraud
Wait a minute... Tax refund from the RBI? Credit card details for a refund ? If these questions didn't crop up in your mind, you may have fallen victim to Net fraud. The RBI or the Income Tax Department never ask for your PIN, passwords or credit card details. So, the next time you see such a mail, delete it.
Netizens regularly receive mails that tell them about jackpot prizes they have won and ask for bank or credit card details to transfer millions . "In the faceless, new era of banking, a customer's identification is done through his user ID and password. This has brought new vulnerabilities as anybody who possesses these can transact on his behalf ," says RVS Sridhar, president, IT & RBO, Axis Bank.
Common frauds
The most common Net attacks are phishing (fraudulent e-mails ) and vishing (fake voice messages and phone calls), data leaks while a card is inserted or swiped on a machine and copying of the personal identification number (PIN). Stealing information through counterfiet cards is also rampant. The data on the magnetic strip is electronically copied on to another card,while a surveillance camera observes the user's PIN, and this is then used without the cardholder's knowledge.
ATMs are more vulnerable than other channels. Says Uttam Nayak, country manager, Visa: "ATMs have poor security at the location and some controls on other platforms are missing."
If you travel abroad frequently and use your credit or debit card, beware . An RBI report says that counterfeiting typically happens during international travel.
Parampreet Kaur, 31, who works with an advertising agency in Delhi , had travelled to London in 2009 and shopped through her add-on card. A month after she returned, she got an SMS asking whether she had made transactions worth 2.82 lakh in Delhi. Realising that something was fishy she wrote to the foreign bank. "I was told that my card had been skimmed and eight transations were made on it," she says.
Even those who transact using cards on foreign Websites need to be careful. "Chances of fraudulent attack are higher on these as the 2-factor authentication mandated by the RBI is only for Web businesses in India ," says Bhavin Mody, senior product manager, ElectraCard Services.
Steps taken by banks
Banks are adopting measures to bring down fraud losses. Unusual transactions are immediately crosschecked with the customer. Card issuers are also moving away from the traditional magnetic strip-based cards to more sophisticated ones.
ATM manufacturers are doing their bit by adding security features. A fraudulent device inhibitor makes it difficult for criminals to attach foreign devices on or around the card reader. "The machine has a screen which asks the consumer 'Does your ATM card slot look like this?' If it looks different than that in the picture, consumers are advised not to transact and inform the bank," says Rakesh Aulaya, PR manager, South Asia Pacific, NCR, an ATM manufacturer.
Soon, many machines won't allow anyone else to use your card at the ATM. "Banks have started installing biometric ATMs. It is an effective way of preventing PIN theft," adds Aulaya. Banks are also issuing one-time use passwords to customers.
Preventive Measures
ATMs
While making transactions, watch out for suspicious looking devices around the machine. Block the view of the number pad with one hand while keying in the PIN. This may not be enough, though. "Criminals get better and better and may use small things which may lead to data leakages.
There may be a fake keypad atop the number pad. So, be alert," suggests Jelle Niemantsverdrie , principal consultant, forensics and investigative response, EMEA Verizon Business Security Solutions. If your card is stuck inside an ATM, be suspicious of anyone offering help.
Card transactions
While at a shop, keep an eye on the person swiping the card. If he swipes it on two different machines, there is something fishy. "If the merchant asks for the PIN, don't give it away. Punch in the number yourself," says Nayak. Register your e-mail ID and mobile number with the bank to get alerts whenever your card is used. Inform the bank when you get an alert for unathorised transactions.
Online transactions
Avoid using public computers for Net banking. "You must have the latest anti-virus , malware protection, personal firewalls, etc, enabled on your system," says Sridhar.
Phishing is a common trick. Don't supply information to fraudsters camouflaged as banks. "We already have your account number, customer ID, telephone numbers and other details . So, don't respond to mails that ask for this data," says Vishal Salvi, senior VP and chief information security officer, HDFC Bank.
It's a good idea to use virtual cards while transacting on foreign Websites. "The actual credit card number is never used, so virtual cards are the most secure way to pay," says Sridhar. Even if a fraudster gets hold of the card details, he won't be able to re-use these as the validity is for a single transaction.
Phone banking
While mobile banking frauds are few, data theft can happen easily via this channel. If the phone is stolen, inform the bank and get the registered mobile number changed because banks use mobile phones as another layer of securing transactions by messaging a one-time password.
Mumbai-based playback singer Vibha Dutt was going out of town, but her SIM was not working. The mobile service provider told her that she should collect it personally when she returned. By the time she returned , someone had collected the SIM and transferred 86,000 in eight instalments from her account. "I had used the Net banking facility on the mobile twice earlier," says Dutt.
Others
Be careful about banking information leaked through wasteful photocopies . Sunil Thatte, 27, a financial services industry professional in Mumbai, landed in trouble due to the misuse of a discarded photocopy of his PAN card. He got a call from a Pune-based company asking why he had fraudulently transferred a cheque to his Axis Bank account in Pune. Thatte was surprised as he never had an account in Pune. Later , the police found that the fraudster had used his PAN card copy, changed the picture and created a benami account in his name.
He then made a cheque in Sunil's name, taking help from a company insider, and deposited it in the benami account to encash 2 lakh.
"When someone is travelling by an airline and the ticket is booked using your credit card, a photocopy of the card is needed with the traveller . In such a case, strike out the CVV or CVC number from the back of the card," says Mody.
Discard cards and important documents properly. Cut the cards diagnolly so that the magnetic strip is destroyed . "Never throw your receipt in a public trash container. Avoid speaking out your account number if others are within hearing distance ," says a MasterCard spokesperson . Change the passwords and ATM PINs as soon as you get them.
10 Steps that can protect you from loss
Register for transaction alerts via SMS and e-mail . If you change your mobile number, update it with the bank. Reduce the limit on your credit card if you use it sparingly. Use virtual cards for e-shopping . Make use of the virtual keyboard wherever possible. Instead of going to the bank's Website using links in e-mails , type the Web address directly. Memorise the 3-digit CVV number at the back of the card and scratch it out.
Do not leave unwanted photocopies of essential documents at the photocopier. If you lose your phone, deactivate all banking services linked to that number. Place your Internet router away from doors and windows and switch it off when not in use.
|