A couple of my recent Banking Transactions inspired me to write this post. Despite the efforts from RBI, the fraudulent transactions are on the rise. The fraudsters take advantage of a loophole in Banking process to exploit the same. For ease of understanding in this post, i will refer all the transactions i.e. Credit Card, Debit Card or Net Banking as Banking Transactions. Most of the frauds are carried out from outside India so that the fraudster remain out of the clutches of India Law. Big frauds hog limelight in newspaper reports but the majority of frauds are of small value. Some time back, one of my office colleague observed 2 credit card transactions of Rs 13,000 & Rs 10,000 through his credit card. A fraudster made a purchase on Nigerian site from Nigeria. The transaction was done during a late night at 1:30 AM and 3 AM. A complaint was registered in Cyber Cell. After this incident, i wrote a post, 11 Tips to avoid credit card fraud. I met him recently and since these topics are of interest to me. I asked him whether he got the amount back. At first instance, he could not recall and then told that nothing moved after that. Therefore, any fraud of small value is typically forgotten and ignored. Also, one common pattern is that majority of frauds are the chain of Banking Transactions of low value in a quick succession at regular interval.
To share my experience. A couple of days back, i was doing some Banking Transactions during the late night as i could not find the time during the day. There were multiple transactions of high value through net banking facility. Normally i wait for Instant SMS Alerts as a confirmation of successful Banking Transaction. To my surprise, i did not receive any SMS alert for all my Banking Transactions. As the transaction was through Net Banking, therefore, i checked account balance online and went for sleep. The next day morning i received all the SMS alerts between 6 AM to 6:05 AM. Practically, any SMS alert after 5 hours of the transaction is of NO RELEVANCE. As the alerts are called Instant SMS Alerts, therefore, should be delivered instantly. Moreover bank charges the customer for SMS alert facility. The banking system is a lifeline of country’s economy, and i understand that that it cannot be made 100% safe. Easy to fix loopholes can be plugged to make it more safe and secure.
Banking Transactions – Current Loopholes
I can think of following gaps that can be plugged easily.
(a) Instant SMS Alerts: My bank charge Rs 15 for Instant SMS Alerts but as i mentioned that bank should ensure that alerts are truly instant. If a transaction is done during the late night, then, SMS alert should be delivered instantly. As i mentioned that such fraud Banking Transactions are chain events therefore if SMS alert is delivered instantly then, consecutive transactions can be stopped through immediate action by the account holder. Moreover, the objective of SMS alert facility is to alert a buyer immediately about the banking transaction.
(b) Save Credit Card / Debit Card Details: I was planning to highlight this point from quite long but was not finding the right forum. Some time back, i observed that one of the leading e-commerce portals saved my Credit Card details though i never opted for the same. To check the same, i created another account and observed that i was never given an option to opt out of this feature. In short, this portal will not allow purchase if you don’t want to save your credit card/debit card details. From last 6 months, i observed that each and every portal including mobile wallets offers to Save Card details for next transaction. In most of the cases, this option is selected by default and buyer has to opt out else the details will be stored. There will small tick somewhere hardly visible. From a buyer perspective, it is a convenience factor but you are risking your card details. You must have read in newspapers how the perceived to be safest systems are hacked, and stored card details are compromised. The govt should regulate this and BAN the practice of Saving Card details by 3rd party portals. It will make Banking system more safe and secure.
(c) Fraudulent Calls: I was a potential victim of one such call. Though TRAI has implemented DND registry to control telemarketing calls. Smart cookies are smart enough to find an alternative solution. One of the biggest threat to the banking system is fraudulent calls. Though RBI and banks are doing their bit to control this menace. There is large scale awareness program to stop consumers from sharing their details over the phone. The fraudsters use a technique that’s hard to resist. I received a call, and the caller told me that “Thank you for using VISA/Master Credit Card credit card.” Now, this is brilliant technique as they don’t know which bank’s credit card, i am using VISA/Master Card is the right way to approach. Once i am in their database, i received chain of calls over next few months. In all probability, the database is leaked by bank employees only.
To know modus operandi, during one the call, i decided to go ahead with the call. These fraudsters will pamper the customer to get banking details. They told me that they were sending me a GIFT for being a premium customer. For that, they will verify certain details. Then the game begins. I shared all the fake details. They asked for Credit Card no, Date of Expiry and CVV no. Here i would like to clarify that only in India we have 2 level authentication but outside India, you only need CC No, Date of Expiry and CVV to complete the transaction.
In this case, i complained to TRAI but mob no used for the call are switched off after the call and used only for few days. I am sure, the name and address for KYC must be fraud. The mob no’s used are normally acquired through fraudulent way from small telecom operators. Therefore, DND is not effective for such fraudulent calls. In my opinion, there should be a separate mechanism to complain about such fraudulent calls and email to clean banking system from fraudsters.
(d) Fake Mobile Apps: Currently there is no mechanism for a bank customer to check whether a particular mobile app is authentic or not. When i searched for SBI Freedom, there was large no of options. Even i took long to figure out the authenticate mobile app. Fake Mobile Apps will be next BIG opportunity for fraudsters. Therefore beware about mobile banking and download the official app of your bank. I am not discouraging you for mobile banking but be cautious. The best option is to download through SMS. Almost all banks provide this facility. You can request for Mobile Banking app through SMS. You will receive SMS with the official link of a mobile app for download. Social Media Banking is also gaining popularity, but i have my reservations about certain aspects of same.
Words of Wisdom: Always remember that you are responsible for the safety of your Banking Transactions even if the loophole is from bank’s end. You should always highlight any loophole you observe to your bank. I have raised a complaint with my bank on Instant Alert service. It is my contribution towards safe and secure banking.
Copyright © Nitin Bhatia. All Rights Reserved.