Safeguarding Digital Transactions

In the recent past, there is a significant surge in digital modes of financial transactions, which have led not only to customer convenience, but have also helped improving the realisation of the national objective of financial inclusion.  At the same time, it has given rise to increase in the number of frauds.  Not a day passes without hearing about one fraud or another, and each varying with the other in terms of ingenuity and innovativeness.

This presentation attempts to create awareness of the types of frauds that take place and also suggest some precautions that can be taken to safeguard against being cheated while conducting financial transactions online or through other digital modes.

Phishing links:

Ingenious fraudsters create a third party website which resembles a genuine website replete with logos, slogans etc., and the public can easily be fooled by its appearance.  These links get circulated through e-mails, sms, social media etc.  It is difficult to resist the temptation of providing secure credentials by clicking the links, which results in the customer getting redirected to the phishing links.  The credentials entered are immediately captured and used by the fraudsters either immediately or at a later date.

We need to exercise caution and never click on unknown links or a link which starts with http and not https.  It will also be a safe practice to delete these e-mails or messages immediately.  Needless to emphasise, secure credentials should never be entered in these spurious links.

Vishing calls:

Fraudsters posing as bank officials, government officials, executives etc., call or approach customers to share credentials or OTPs, citing the need to block a card, or comply with KYC norms etc., to get attractive discounts etc., The details obtained will then be used to defraud them.

It must be borne in mind that bank officials or any genuine entity never ask credentials user ID, passwords, CVV or OTPs to be shared.  One must refrain from answering such calls.

Online Selling Platforms:

Those desirous of selling their products online can be tricked by those pretending to show an interest in the product and instead of paying money, can Request Money through UPI apps.  If the request is approved, money from the bank account can be siphoned off.

Caution needs to be exercised for online transactions.  To receive money, there is absolutely no need to enter PIN or password anywhere.

Unknown/Unverified apps:

Several app links masked by authentic looking names/logos etc., are shared through social media. Once an unknown or unverified or malicious app is downloaded in the mobile, laptop, desktop, tab or I-pad, fraudsters can gain complete access to the device. 

It is wise NEVER to download apps from unknown or unverified sources.

ATM card skimming: 

A recent modus operandi of the fraudsters is to install discreet skimming devices in ATM machines to steal card data.  Pinhole cameras, dummy keypads etc., are unobtrusively placed near the machine to capture PINs.  Some may even pretend to be other customers waiting for their turn while they watch the PIN being entered.  This can then be used to create duplicate cards and perpetrate frauds.

The precaution would be to ensure that there is no extra device attached near the card insertion slot, or anyone hovering around.  Wherever possible, the PIN may be entered by covering the keypad with one hand.

Screen Sharing/Remote Access:

Customers are lured to download screen sharing apps and fraudster gain access to financial credentials stored in the device.  This will then be used by the fraudsters for internet banking or payments.

The wise thing would be to refuse to activate the screen sharing feature to unknown people.

SIM Swap or Cloning:

Since all or most account details and authentication are linked to the registered mobile number, fraudsters may even try to clone or obtain a duplicate SIM card to carry out transactions using the OTPs received on that number.  This is done by the fraudsters posing as mobile network staff enticing the customers with providing free upgrade or providing additional benefits.

It is best never to share credentials pertaining to the SIM card.  In case the mobile signals are not received in a regular environment one should get suspicious and explore the possibility of a duplicate SIM having been issued.  

Impersonating through Social Media:

Not infrequently, fake accounts get created on popular social media platforms such as facebook and Instagram, where requests for money to meet medical urgencies etc are made.

Confirm from the friend by making a call or contacting him/her by other means as to the genuineness of the request.

Juice jacking: 

Sometimes, when mobiles are connected to unknown/unverified charging ports, malware get installed, which facilitate the fraudsters to gain access, steal and control sensitive data and passwords stored in the mobiles.

It is best to avoid charging mobiles in unknown public ports.

Lottery fraud:

This has been one of the earliest types of fraud, where the customer is informed by phone or e-mail that he has won a huge sum of money in a lottery, but that he has to confirm his identity by verifying through a bank account or credit card on the website.  Sometimes a demand for payment of a nominal sum towards handling or processing fee is made and the customer falls a prey to it and makes the payment, falling into their trap.

Never trust such unbelievable lottery winnings or offers.

Other forms of frauds are fake advertisements for extending loans, OTP based sanctioning of loans or enhancing credit limits, Chain Marketing/Pyramid structure schemes, 

The common precautions one must exercise while transacting online and for device or computer security are:

  1. Check for secure payment gateway – https:// URL with a padlock symbol b=while making payments online
  2. Keep PIN, password, credit/debit card number, CVV etc., very private
  3. Avoid saving card details on websites/ devices/ public laptops or desktops
  4. Turn on two factor authentication where available
  5. Never open e-mails from unknown sources containing suspicious attachment
  6. Never share copies of chequebook, KYC documents with strangers
  7. Change passwords regularly
  8. Install anti-virus on the device and keep them up to date
  9. Always scan unknown USB drives before use
  10. Never leave your device unlocked
  11. Do not install unknown applications.

For safe internet browsing and internet banking, avoid using unsecured websites or browsers, log out of the internet banking session immediately after usage, do not use the same passwords for e-mail and internet banking and exercise more than ordinary caution when using public or free networks.

by Mrs Revathi Bhasker, resident of Covai S3 Retirement Community

Reblog – originally published as a podcast at CovaiVani  

Leave a Comment