With the significant rise in the use of digital systems over the years, cybercriminals have swarmed the internet to perform online crimes such as data fraud, theft as well as hacking and the banking sector is also not out of their reach.
To make unlawful transactions, such cybercriminals attack online banking services, credit/debit/ATM cards, payment portals, and other net banking approaches. Over the years, cybersecurity experts have been noticing one major factor—cybercriminals are becoming more sophisticated, which is making it harder for organisations to defend themselves from such attacks.
Devious ways
The most common forms of banking fraud in India are:
- Vishing- Phone calls pretending to be from bank / non-bank e-wallet providers/telecom service providers to lure customers into sharing confidential details in the pretext of KYC-updation, unblocking of account / SIM-card, crediting debited amount, etc.
- Phishing- Spoofed emails and/or SMSs designed to dupe customers into thinking that the communication has originated from their bank/e-wallet provider and contain links to extract confidential details.
- Remote Access- By luring customers to download an application on their mobile phone/computer which can access all the customers’ data on that customer device.
- Misuse the ‘collect request’ feature of UPI by sending fake payment requests with messages like ‘Enter your UPI PIN’ to receive money.
- Fake numbers of banks/e-wallet providers on web pages/social media and displayed by search engines, etc.
This is not it. According to a report from last year, the majority of online bank frauds occur on the second and fourth Fridays of a month. Similarly, most bank fraudsters prefer to target victims using mobile phone apps rather than PCs and laptops, which are slower and more likely to be traced. Mobile phones are easy to dispose of and are also less expensive.
RBI noted in its annual report, which was published on May 27 last year, “Central banks used their social media handles extensively for educating people on safe digital banking practices. These efforts came in handy for financial education as mischiefs by certain fraudulent entities engaged in phishing, financial frauds and other cybercrimes surged during the lockdown.”
Last year, RBI also stated that in 2020-21, for the first time in 8 years, the total amount of fraud reported by banks decreased, while there is a growing trend of private sector banks reporting a higher number of thefts related to card and internet banking.
RBI noted that the commercial banks reported Rs 1.38 trillion in frauds in 2020-21, down from Rs 1.85 trillion the previous year. Banks reported frauds of Rs 36,342 crore in the first half of the current fiscal year.
Prevention
First of all, it needs to be understood that consumers aren’t the only ones who are victims of online banking fraud. Businesses are becoming increasingly vulnerable to cyber fraud as the frequency of data breaches and bogus emails targeting stores and organisations rises.
RBI in its last updated guideline noted that fraudsters attempt to get confidential details including user id, login/transaction password, OTP, debit or credit card details such as PIN, CVV, expiry date, and other personal information.
As mentioned by the central bank, “RBI urges the members of the public to practice safe digital banking by taking all due precautions, while carrying out any digital (online/mobile) banking/payment transactions. These will help in preventing financial and/or other loss to them.”
It also has issued certain guidelines for users to avoid such incidents. The RBI urged the customers to avoid sharing account details including login ID, password, card details and other information with anyone, not even the bank officials, “however genuine they might sound”.
According to the bank, any phone call or email claiming to block the banking account on the pretext of not updating the KYC or advising people to click a link to do so is a frequent tactic used by fraudsters.
“Do not accept offers to have your KYC amended or expedited. Always go to your bank’s / NBFCs / e-wallet provider’s official website or call the branch,” RBI stated.
It also asked people to avoid downloading unknown apps on their smartphones, access the official website of the bank/ NBFC/e-wallet, make sure that users don’t share the password of the email linked to your bank/e-wallet account and follow other preventive measured.
“Do not be misled by advice intimating deposit of money on your behalf with RBI for foreign remittances, receipt of commission, or wins of a lottery. Secure your cards and set a daily limit for transactions. You may also set limits and activate/deactivate for domestic/international use. This can limit the loss due to fraud,” according to the advisory.
“Regularly check your email and phone messages for alerts from your financial service provider. Report any unauthorised transaction observed to your bank / NBFC / Service provider immediately for blocking the card/account/wallet, so as to prevent any further losses,” it added.
However, while massive data breaches at international corporations tend to garner the most attention, it is a fact that all organisations are vulnerable to fraud. Banking fraud can swiftly put a company’s finances in jeopardy and in some situations, even destroy its brand. To prevent that every organisation also needs to follow some safety measures.
This may include spreading awareness among the employees, always using protected internet connections, using complex passwords and paying attention to suspicious activities such as dubious emails.
Read all the Latest Tech News and Breaking News here
Comments
0 comment