According to recently released National Crime Bureau Statistics 2015, the reported cyber crime number in India is roughly about ten thousand with a conviction rate of 23%. A significant chunk of reported cyber crimes is of financial in nature. An interesting but not surprising fact about cyber crimes is that strangers commit most cyber crimes of financial nature, while the first or second circle of people around the victim often commits cyber crimes of personal nature. This makes financial cyber crimes harder to defend against and identify the culprits.
Various aspects of financial cyber crimes that are important to consider are,
• Majority of the financial crimes are organized crimes, with call centers of sometimes of innocent employees executing on behalf of crime syndicates. Some of you must have received series of calls asking you to verify certain aspects of credit/Debt cards. They claim that they are either calling from banks or from contractors of the bank.
• Many are globally spread, so catching them and prosecuting them under legal framework becomes much harder.
• In some cases insiders of the Telcos and Banks collude with the criminals making it much easier to breach into the system. Cloned SIM and calls from inside the bank call center numbers are good examples of such failures.
• Even when the culprits of the crimes are caught it takes long time for the legal system to act and get the money back.
Courts in many cases have penalized Banks and Telcos and sure enough they have implemented many measures to safeguard against such crimes. Some of measures are KYC for SIM, fraud analytics of accounts (detection and prevention of abnormal behavior in users accounts) and two-factor authentication (two different types of password to safeguard against any one of them being compromised; It is an additional layer of protection like a lock with two different keys needed for opening).
In spite of these criminals still continue to prosper due to lack of awareness of many of the users. Most users fall prey to what is called social engineering; it is a technique of making people believe that they are talking to authentic folks (such as banks) and extracting secret information such as passwords. Some examples of social engineering are:
• Call from someone claiming to be from the bank and asking for password due to system upgrade or any other plausible and believable excuse.
• Mails, seemingly from banks such as “yourbank”@gmail.com asking you to change your password. Most people wouldn’t notice the domain name changes.
• Fake e-commerce sites to collect card data along with static PIN.
• Fake ATMs to read magnetic strips of the cards (Not possible with new chip and pins)
• In some cases, faking phone calls from relatives and asking for password and pins.
No amount of technology measures from the Banks and Telecoms can be used to safeguard against such aspects if you/consumer become the weakest link. So it is very important for individual users to be aware of crimes and take precautions. So here are the safety measures to adopt for the online banking or other online financial institution access.
• Spread the money in multiple accounts.
• Enable all sorts of notifications (mobile, email, slow mail) for transactions. This will help in case of cloned mobiles.
• Use only dedicated private computers (or phones) for online banking.
• Use safe and private networks (strongly secured home WiFi or office WiFi)
• Use strong passwords (Not related to Date of Birth, family members name etc).
• Enable two-factor authentication provided by banks wherever possible. These are
o OTP – One time passwords usually come on SMS but in some cases apps are available on smart phone which display the number)
o Smart cards (Downloading of specific keys to your computer and hence blocking any computer that doesn’t have these.
o Hardware tokens (which display OTP)
• Use trusted websites and wallets for sharing your banking information.
• Make sure your primary email used for notifications is protected with two factor authentication as well. Google authenticator is a popular choice for many.
• Install a good anti virus on the primary computer and mobile.
• Do not reveal birthdays etc. on public/private social media profiles. Criminals can easily scrape them and use to gain access.
• Do not install unverified software/apps in the main accounts. Many apps and software can contain malware that can eavesdrop on your transactions. Same with many sites on the Internet. If you must use a virtual box or a different device.
• Do not share your password to anyone on phone or web for whatever reasons. When in doubt cut the call politely and call back on official support numbers of the institutions.
• Do not use public computers at hotels and airports for any logins.
• Do not use random WiFi/networks (airports, hotels, Cafes) for online transactions
• Avoid unbranded standalone ATM machines especially in some high-risk areas such as some well know tourist locations (Many to list, so just avoid)
With increasing technology advances and immense focus on Digital India, technology is going to be part of every aspect of our life. While we are instinctively safety conscious, the new technology paradigms are unknown territory to us and hence educating oneself on these aspects and taking appropriate safety measures if the best way forward.
So take care and stay safe.
(This blog was originally published @ techinasia https://www.techinasia.com/talk/avoid-financial-scams-fast-digitalising-india)