The country's largest ATM security breach is ending shivers down the spine of customers as various banks have been hit by the malware infestation of ATMs. The banks have started taking steps to take prevent any potential large-scale fraud.
However, according to National Payments Corporation of India (NPCI), there were complaints of fraudulent withdrawal through cards issued by 19 banks and 641 customers have been affected.
"The total amount involved is Rs 1.3 crore as reported by various affected banks to NPCI," it said in a release on Thursday.
However, if you are concerned that your card may be compromised and is in danger of fraud exposure, there are a few simple things you should do without fail.
The following checklist has been prepared by speaking to experts and from media reports. It is not only applicable to the present situation but should be followed universally.
1) Register your mobile number and mail address with your bank. As pre RBI rules, the bank has to sent SMS alerts and mails on each transaction that happens in your account.
2) Do NOT ignore any alert from the bank. Read all the text messages and mails carefully. It could be about a transaction that has already happened or is currently happening. Customers need to be alert to these messages and take proactive measures if they detect an anomaly," says a cyber security expert with a global consultancy firm.
3) Avoid sharing any private factual information, especially on social networking sites, says Mukul Shrivastava, Partner, fraud investigation & dispute services, EY India.
4) When creating a password, try to make it a unique one. It has to be strong, alpha-numeric. IT should not be easily traceable ones.
5) Change the passwords at regular intervals. This will, to a large extent, mitigate such thefts.
6) Do NOT throw away the receipt that you get at ATMs into the waste paper basket. It contains information of your account.
7) Better still, do not ask for receipts from ATMs. Why do you need them as text messages and emails are anyways being sent by the banks? Not taking receipts is a safety measure and also reduces of wastage of paper.
8) While keying in your PIN at payment counters, always cover your with swiping machine key pad with your other palm. This will protect your PIN being viewed by strangers.
9) Do NOT EVER hand over their your debit cards to others, at restaurants or petrol pumps to do transactions on your behalf. "By doing so, the customer is exposing himself to risks," says the cyber security expert. According to a report inThe Indian Express, this careless action by customers results in 'card swapping' - the fraudster swaps your card with another similar card. Such people keep cards of many banks handy, says the report. Such frauds now-a-days are easy to commit as banks do not print the name of the cardholder on the card at all now.
10) Check and make sure the card that you get back from the payment counter is same as yours. Remember at least last 4-8 digits of your card. So this makes confirming this easier.
11) If you find any malfunction at ATM while trying to withdraw the cash, call the bank first. Do not leave the kiosk before you get a transaction cancelled message. As per the Indian Express report quoted earlier, fraudster nowadays jam the keypad at ATM kiosks which will force you to leave the ATM without completing the transaction. The fraudster enters the kiosk soon after and keep the transaction alive until he withdraws the money. To avoid this, speak to the bank from the ATM kiosk and wait until the transaction cancelled message flashes on the screen.
12) Skimming is another kind of fraud where the fraudster uses a device to record the personal details of your card and create a clone card. A camera installed at the ATM helps the fraudster to get your PIN, which makes committing the fraud easier. As the IE report says, there is nothing much the customer can do about this.
All experts are almost unanimous is saying that with the rise in digitisation, the possibility of frauds also increases and that it is a global phenomenon.
However, the cyber security expert quoted above says that the RBI has been proactive in dealing with the security concerns.
"I would say that unlike any other country, the RBI is on top of security measures and have come out with ingenious ways to contain losses by coming out with the OTP — one time password code which is mandatory for online transactions, email and text messages," he says.
However, there is only so much the regulators can do about such events. The ultimate responsibility lies with the customer. In most cases, it is the customer who can be the first informers of any such frauds. For this customer needs to remain alert and exercise utmost care.
As K V Karthik, partner, Financial Advisory Services. Deloitte Touche Tohmatsu, India LLP, says: "Digitisation brings about its fair share of fraud risks and the only way to mitigate these risks is to be alert and constantly monitor one’s environment. Typically, fraudsters tend to be one step ahead of any security measures and therefore one cannot rely on the same set of controls for too long."
Image Source Firstpost.com