The biggest concern for online customers is the possible theft of their online credentials, especially those relating to net banking. This often happens without the customers’ knowledge, enabling fraudsters to steal money from their accounts in a recurring manner.
The basic security threat a net banking customer is exposed to while transacting online is the compromise of his/her login credentials and other confidential and personal information,� says Shalini Mehta, executive vicepresident, Kotak Mahindra Bank. One of the most common threats that customers face online is ‘phishing’. Phishing scammers send fraudulent email disguised as an official request from a bank for account information. Recipients of the scam mail are lured to believe that the email is from the bank and are prompted to click on a particular link. The click causes the fake website to open in a browser and the recipient is usually asked to input the user ID and password of his/her net banking profile. The fraudsters capture these details and use them to their advantage.
Customers get deceived and part with confidential information like an IPIN or net banking password, making it easy for the scamsters to commit a fraud.
‘Vishing’ and ‘identity theft’ are some other ways through which customers are tricked to reveal their confidential information online. While ‘phishing’ is carried out via fraudulent emails, ‘vishing’ is orchestrated via bogus voice messages and phone calls. In ‘identity theft’ fraudsters try to obtain the key pieces of personal information such as date of birth, mother’s maiden name, passport number, etc, to gain access to the customer’s accounts, says Mehta.
In view of the increasing cases of online banking frauds, most banks have implemented 256-bit secure socket layer (SSL) encryption. It is recognised as the best industry standard for encryption of information transmission for net banking sessions.
SHUN PIRATED SOFTWARE
Pirated softwares on an end-user’s desktop should not pose any harm to safety features of online banking unless they are injected with malicious codes (malwares) or viruses specifically meant to dynamically alter contents of the visited pages or user input fields, a net banking page, for example, asking additional information such as credit/debit card numbers, ATM PIN, CVV details on a login page, which is never asked by any bank. Pirated softwares sometimes contain malwares or some sort of an automated virus initiated at the time of optical copying.
The biggest risk in using pirated software is that there is no security upgrades available for them. This leads to the software being vulnerable, which can be exploited by the latest trojans. These trojans can then steal customer information from the PC and transmit it to a fraudster, says Vishal Salvi, chief information security officer, HDFC Bank. The solution to these concerns lies both with banks and customers. Bankers as well as IT experts believe it is not the security systems, but poor customer awareness that leads to most internet banking frauds.
Cyber cafes should be strictly avoided for online transactions. There are higher chances of viruses capturing your data from terminals in internet cafes, thereby increasing the scope of misuse. The line and systems of an internet cafe are usually not secure. There is no guarantee about the authenticity of the software on the cafe’s system. Further, smart hackers will use desktop cookies saved in the system to access your bank account details. Some counterfeit software might inject key loggers, bots, spywares, which collect all the login credentials with keystroke entries or search locally for any password related files and send them to the fraudsters.
Computers with pirated software can sometimes behave erratically. The worst scenario is when you have downloaded a counterfeit software that may be infected with viruses that will damage your hard drive or cripple your network. Also copying or using pirated/counterfeit copies of software at work or at home puts the entire company or individual at risk of copyright infringement, which may lead to civil penalties and criminal prosecution, Mehta of Kotak Mahindra Bank says.
In view of this, banking sites are regularly scanned for any such injection of malwares or bots by pirated softwares to prevent malware from being downloaded from the banking site itself.
The most common trojan impacting bank customers in India in Zeus. This trojan gets downloaded on a user PC when the user clicks on a link, opens an attachment from an unknown user or accesses a website which has the trojan. Once installed in the user’s PC, the trojan waits for the user to open the bank’s net banking site. As soon as the user opens the site, the trojan starts collecting all the user information, including the user ID, password, account details, etc, and transmits it to a drop site manned by the fraudster. The fraudster is then able to use the compromised credentials to carry out fraud on the customer’s account,� says Salvi of HDFC Bank.
USE VIRTUAL KEYPAD
While accessing net banking from public computers or internet cafes there is the risk of the customer’s password being captured by malicious ‘spyware’ and ‘trojan programmes’ designed to capture keystrokes.
To mitigate such risks, banks have implemented the dynamic ‘virtual key pad’. Virtual keypad is an online application, which substitutes the physical keyboard with a mouse. When you click on the virtual keyboard option at the time of net banking, the monitor flashes a keyboard on your screen. You have to use the mouse to click on the relevant keys to sign into your net banking ID.
Changing passwords often helps in protecting your account, especially after you may have inadvertently disclosed it to someone. Moreover, avoid passwords that could be obvious, like your spouse’s or your pet’s names. Alpha-numeric passwords, along with some special character like * or #, are the safest bet.
Lastly, whenever you have to submit sensitive information online you have to check if the site uses encryption to protect your personal data. The URL in the address bar should start with ‘https://’ and not just ‘http://’. So the next time, do not get wary of online transactions. Just follow these security measures for a safe online banking experience.
Safe Way to Internet Transaction
Win32/Bancos and Zeus are among the most common banking malwares, known as trojans, used to steal bank details to perpetrate fraud. Here is how you can prevent any damage
* Make net banking passwords difficult to guess, change them regularly
* Before keying in sensitive information, ensure the site is running in a secure mode by looking for the padlock symbol at the bottom of the browser
* Scan email attachments for viruses before opening them. When unsure about the source of an attachment, delete it
* Tear or shred any old cheques or account statements before discarding them
* Don’t share your password or CVV details orally with banks. Bank never asks for confidential information like user ID, password, credit card number, CVV, etc, via mail, SMS or bank initiated phone calls.
* Customers should install a good anti-virus system on their PCs and ensure that it is updated regularly.
* Do not share passwords with anybody, including family members, friends or bank employees
* Don’t access bank website from a link provided in an email from any source. Instead, type the address of the bank website in the address bar of browser to access the bank account
* Don’t click on any link provided in emails, they may redirect users to a fake/phishing site.
* Never note down user ID, password on piece of paper, documents or phones for easy retrieval.
* Customers should also never use the ‘remember password’ feature provided by browsers to save their net banking passwords.
* Don’t access net banking from cyber cafes. If you have to, use the virtual key board to key in details and ensure you log out of the system once you are done.