By Preeti Kulkarni, ET Bureau
Despite several regulatory and technological safeguards being put in place to prevent frauds in the banking space, they continue unabated. The only safeguards customers can rely on are awareness and constant vigilance.
A few months ago, VN Kulkarni, chief credit counsellor at the Bank of India-backed Abhay Credit Counselling Centre came across a case of credit card fraud involving a 25-year-old victim. "He got a call from someone claiming to be a senior officer from the bank. He was told that as part of due diligence of all card holders, he had to disclose all the card-related information, including the password, failing which the card would be deactivated within five minutes," says Kulkarni.
Unfortunately, he fell prey to the tactic. "Within ten minutes of sharing this information, entire amount from his account was utilised. Going to the cyber cell or the police did not yield results and the banker, too, took the stand that since card was in his possession, he was responsible for the transaction," he adds.
This is not an isolated case. Many banking customers get tricked into the revealing sensitive information like their CVV number or the PIN over the phone or emails. This apart, victims also unwittingly end up helping fraudsters in their mission by storing their passwords in mobile phones and computers or believing tall claims.
Last month, the Reserve Bank of India cautioned bank customers against using the 'RBI' mobile app, a tool with the central bank logo that claimed to be an 'All Bank Balance Enquiry No'. "Members of public are, therefore, advised to use the application, if at all, at their own risk," the RBI alert stated.
To counter various online and card-related frauds, the banking regulator and banks have taken a series of measures, the latest being the RBI's decision to ask banks to issue new cards using the chip-and-PIN technology. Starting September 1, all new cards - debit and credit, domestic and international - issued by banks will come with an embedded chip (that can be seen on the face of the card), and you will need to enter your Personal Identification Number (PIN) each time your swipe your card at a merchant terminal to make purchases.
However, all the measures will yield the desired results only if you are aware of the types of frauds and alert enough to avert them.
Here are financial frauds you need to be aware of:
1) Card from the 'Reserve Bank of India' The Reserve Bank India (RBI) has, in the past, issued an alert, drawing customers' attention to a credit card scam where fraudsters issue cards in the name of the central bank. This is how it works: Initially, the 'RBI' credit card allows withdrawal of small amount of money -- this is just a ruse to get the users to deposit a large sum in a bank account linked to the card. Predictably, the card stops working after this transaction and the fraudster, too, is unreachable.
2) Congratulatory messages or offers from 'RBI' According to the banking regulator, fraudsters posing as RBI officials have, over phone or e-mail, made fictitious offers of transferring large amounts or lottery winnings. The modus operandi is simple: Victims are told that they are eligible for a huge sum or have won a lottery, but need to deposit a 'small' transaction or processing fee into a bank account to facilitate the transfer.
Once the victim transfers this amount in hope of receiving a larger sum, the caller becomes incommunicado after transferring the money abroad. "To lend credence to such offers, the communication is often sent on/from letterheads/websites that appear to be like that of some public authorities like the Reserve Bank of India. The offers are purportedly signed by top executives/senior officials of such authorities. While the names of the officials might be correct, their signatures are fake," noted RBI's caution to the public at large. Fictitious offers have been made even in the name of RBI governor Raghuram Rajan, International Monetary Fund (IMF), income tax authorities and so on.
3) Fake Reserve Bank website for online transactions Another fraud perpetrated in RBI's name, this came to light when RBI issued an alert last year. It sought to draw customers' attention to fake websites with URL address similar to RBI's that had sprung up. "It has come to the notice of the Reserve Bank of India today that a fake website has been created at www .rbi-inonline.org/savings.html by some unknown persons offering various banking facilities and asking members of public to apply on-line for opening 'RBI Savings Account'," the cautionary note pointed out. The objective of creating such links is to steal your sensitive bank and credit card details and misuse the same to siphon off your funds. Remember, RBI's only website goes by the URL www .rbi.org.in
4) Calls for customer verification This is perhaps the most commonly used trick to elicit personal information from unsuspecting users. Typically, emails sent from fraudulent IDs masquerading as official ones from banks seek such information from accountholders. The purpose stated is 'customer verification'. Once you provide the information, it is used to make purchases on your behalf or withdraw funds from your account. Such emails have been sent by fraudsters posing as RBI, too.
A few months ago, the central bank had advised customers against responding to mails from no-reply@rbi.com which attempted to trick them into revealing sensitive data. The email claimed that the RBI was offering online security protection to reduce frauds in the system. Again, the purpose was to misuse the information. Merely clicking on the link would result in identity theft.
5) Frauds at POS terminals While the introduction of chip-based cards and additional PIN for debit card transactions has made card-present transactions more secure, negligence at your end can bring these security measures to a naught. "If you hand over your card to the attendant at a restaurant with your CVV number, you are putting your card security at risk.
In fact, I have come across cases where the cardholders had even divulged the second factor authentication (PIN required to be keyed in on the swipe machine)," says Kumar Karpe, CEO, Techprocess, payment processing company. Your information can easily be misused to duplicate your card. According to Karpe, frauds also take place in organisations when employees are not at their desk.
"Cards get stolen from the wallets and also replaced later after duplicating them. Many users tend to store their PIN in their mobile phones or maintain passwords that are easy to crack like birthdays, mother's name and so on, making the task easier for fraudsters," he says.
Be Alert Fraudsters rely on gullibility of banking customers to extract sensitive information that can compromise their accounts or lure them into depositing money into accounts where the holder's name sounds authentic. In case of both 'RBI' card and money transfer offers, remember, RBI will never contact you for such schemes. It neither issues a credit card nor asks for fee to facilitate any transaction. The central bank or any other regulator will never contact you asking for fees or any personal, account or card-related information, neither will your bank. The RBI, too, will never contact the public via unsolicited phone calls or emails asking for money or any other type of personal information. It does not maintain individuals' accounts or extend loans to them. Similarly, no bank will ask for such sensitive information.
Besides, you need to follow basic hygiene during both card-present and card-not-present transactions. Wherever available, use the one-time-password (OTP) option for second factor authentication. "When you are transacting at POS terminals, wipe the keypad after you are done, if possible," says Karpe.
In case of online transactions, register your number with the card issuer. Similarly, use the virtual keypad facility to prevent capturing of keystrokes on compromised computers. Look for secure websites starting with 'https' and avoid carrying out transactions while using free
Wi-Fi. Make sure your passwords are not your date of birth, pincode or close relatives' or pets' names.
Source :The Economic Times