Fraud alert: How to keep that cash card safe

Ten days before India’s festive season, during which we spend a third of our annual festive shopping needs, came the shocking disclosure that data of some 32 lakh bank cards had been hacked and compromised. This puts a large number of Indians out of the bank spending spree during this period. The incident actually reveals a faultline in India’s cyber-security standards — especially in banking, which affects millions of Indians. Yes, we have a robust banking system, but does it safeguard us from falling prey to the hackers and the phishers Are the laws effective in protecting bank customers from liabilities arising out of threats to cyber security (RBI has just started cracking the whip in this direction). How effective are our banks in disclosing any breaches of security (Only one bank has disclosed the big breach so far). In the world of proliferating channels, touch points etc. for transaction of cash, cyber threats can never be “zero” or wished away. From contact-less-cards to e-wallets, from Immediate Money transfers to RTGS, Unified Payment Interface to m-wallets, we are very vulnerable to attacks today. And from vishing and phishing emails, which first steal identities of gullible users of online banking channels, the hacker groups have now turned their eyes to areas more vulnerable — IT architectures of the banks itself which has the data of both savvy and unsophisticated users.

This year, the share of electronic funds transfer through NEFT has gone up 84.4 per cent from the 74.6 per cent in the previous year — that’s about 1.2 billion transactions valued at `83 trillion, at a peak monthly volume of 129 million transactions. This means it is easier for the gangs of the dark web to target the most exposed networks in the banking system and the recent September 8 attack (of 32 lakh cards) underscores that the payoffs are better in mass attacks than specifically targeting the innocent.

However, a lot needs to be achieved in making Indian bank accounts foolproof from cyber attacks instead of the recurring focus on e-KYC and Anti-money laundering regulations (which always seem work-in-progress).

S.S. Mundra, the deputy governor of the Reserve Bank of India, in a speech delivered just one day before the sensational data breach on September 8, said a common thread in most cases of vulnerabilities to cyber threats is “the lack of Board-level oversight and commitment from the executive management”. Sure the RBI is pushing the envelope in making cyber-risk as imperative and addressable a risk as credit, market and operational risks, which are mostly the focus by banks but the coming months will see a larger focus on these issues. And to quote John Chambers, CEO of Cisco, there are only two types of organisations — “ones who have been hacked and others who don’t know that they have been hacked”.

Always use a “https” rather than a “http” when logging into banking websites or emails. This single character is often ignored in the URL but it’s the single most important element standing between your life savings and a digital dacoit. Also, use virtual keyboards whenever possible. And here’s a pro tip. For frequently visited online sites, use an alternative debit card which is preloaded with smaller amounts of say, Rs 10,000 so, if there is an attack, your exposure is automatically limited.

And keep your net banking needs of large transfers restricted to home-use laptops or desktops.

The author can be reached at sridhar.sattiraju@gmail.com