By Siba Narayan Panda, Cybersecurity Mentor at India Accelerator
Technology is almost everywhere. All necessary activities like shopping, grocery orders, bill payments, etc have shifted to digital space. With this, the Indian economy is moving rapidly from cash to digital transactions, making the country vulnerable to cyber-attacks. To make transactions flexible for customers, banks have transitioned to the integration of digital platforms to facilitate digital payments that contribute to the rising number of cyber frauds in the banking sector.
Online banking frauds
Technological advancement in the banking sector is the doorway to a convenient banking experience. However, as technology expands, the scope of online banking frauds is growing at an exponential rate. Further, the growing volume of online transactions and the absence of stringent cybersecurity systems give fraudsters the space to commit malicious acts. A total of Rs 615.39 crore have been lost in more than 1.17 lakh cases in online banking in India from April 2009 to September 2019, according to a media report.
Customers are aware of the common risks associated with online banking. However, the technology is evolving at an unmatched rate that makes the fraudsters come up with new and innovative ways to trap the customers. Moreover, several forward-moving digital platforms are integrating new technologies to have customers perform financial transactions. Thus, banking institutions should dedicate more resources to customer education and awareness programs and conduct them in various regional languages and geographies.
Credit card fraud
Nowadays, fraudsters have started scamming through specific targeting. One of the most common scamming techniques involves credit cards that are more prone to unauthorised transactions. The credit users must adopt stringent preventive measures to save their credit cards from any fraudulent activity. Users must use their credit cards with extreme safety by keeping their PIN, card details, and log-in details private. In case the card is not in use, the users should block it for online transactions and enable it as required. Further, credit cards should not be used for online transactions on unsecured/unknown websites as credit card information such as log-in details and card numbers can be stolen.
The widespread use of technology has made people go paperless. The majority of people store information on their computer or cloud which again involves certain risks and requires customers to adopt sound preventive measures. One of the most effective ways to protect confidential information is by not clicking on the link embedded in emails received from unknown sources. Before opening any link, it is also imperative to read the URL carefully as phishers usually set up websites with identical links to direct the users to insecure webpages.
Another most important security tip that protects the customers from banking frauds is not to save any online banking detail such as username and password on the web browser. When we visit a website, it always asks for remembering or storing the password so that the user can log in to the account automatically. This technique provides ease to the customers of not typing their online banking details every time, at the same time, it makes it easy for a third person to gain access to the user’s account. This usually happens if somebody else uses the user’s device or it gets lost or stolen.
Protection of confidential information
For a safe online banking experience, the users need to be aware of the common phishing techniques that cybercriminals use. They attempt to gather confidential information of the user such as credit/debit card details, online banking details, account details, usernames, or passwords by deceptive means. The fraudsters usually pretend to be belonging to reputed organisations or the user’s respective banks and ask for a PIN, expiry date of the ATM or credit card, online banking details, etc. To protect the account from phishing attacks, the users should stay away from strange calls and messages. They should not share login or important details including OTP by any means as a legitimate organisation will never ask for such important details.
Every fraudulent case starts with stealing information from the user. To prevent this, the user must use a two-way or multi-factor authentication to keep the hackers away from peeping into their bank account.the multi-factor authentication technique is used as an effective defense strategy against such acts. It is recognised as one of the safest ways to verify the user by combining multiple security factors such as passwords, answer to the security question, OTP, device code, etc that is accessible only to the user.
Another technique that cybercriminals use to trap customers is through public Wi-Fi available in shopping malls, coffee shops, libraries, public transports, etc. These networks are used by millions of people and it is essential to know that they are not safe. Hackers usually stay active on public Wi-Fi networks that offer them access to the information of multiple users. Furthermore, many hackers create a free Wi-Fi hotspot for people’s convenience. With this, they get access to their important files and information leading to fraudulent cases. Responsible users should not use public Wi-Fi for performing any financial transaction as putting banking credentials on a public network can be risky.
What should be done?
The threat landscape in digital banking is evolving with the pace of technology. As a sound cyber safety practice, financial institutions should simulate cybersecurity breach situations of different types in the form of cybersecurity drills at regular intervals. This will help organisations to gear up for facing and combating challenges in the cybersecurity space. Additionally, the organisations should emphasise certain security breaches which had happened in the past with due end-to-end analysis and build up their database of security breaches. Due analysis of each breach will provide the insights to be acted upon.
Furthermore, the organisations should also reiterate the importance of cybersecurity culture, cybersecurity consciousness and due monitoring of the functioning of all the cybersecurity tools, taking prompt action, as required. Thorough implementation and monitoring of cybersecurity tools will prove to be effective in driving away from the cybersecurity risks.