Don't care to share data
If a person gets the card number, expiry date, CVV and PIN, they can use it for online transactions.
A gang was arrested a few months ago by the Uttar Pradesh Special Taskforce for cloning debit/credit cards. The gang had created duplicates of thousands of cards belonging to residents of Chandigarh, Lucknow and Delhi. A lot of card cloning cases have been reported in India. But this time, what was shocking was the involvement of hotel waiters. The waiters at bars and restaurants copy the card details when the customers give them the cards for payment. Later, they run the card on skimmers and capture the PIN using a pinhole camera. The skimmers copy all the information stored in the magnetic strip of the card and make duplicate cards. The stolen data are copied to white PVC cards, which is used to withdraw money. The waiters are paid Rs 2500 per card for performing the fraud.
People disclose their PIN to restaurant waiters just because they don’t want to leave the comfort of their seats to make payment. If a person gets the card number, expiry date, CVV and PIN, they can use it for online transactions. For international e-commerce purchases, mostly, PIN/OTP is not even required, which makes things even worse. The card can also be cloned. How many of us are aware of this? The skimming devices are available online on e-commerce websites for about Rs 17000.
Social engineering
Banks ask for OTP while making an online transaction. Still, people are fooled by social engineering attacks (influencing human mind by tricks) to get PIN and other confidential information. Customers get phone calls which look like from banks, asking them to share their OTP/PIN. By using the stolen details, money is transferred to the hacker’s bank account. Most of the time, the account would be registered giving fake details or would be outside the country. The money can also be transferred to digital wallets and is withdrawn immediately, which makes the recovery even more difficult for the law enforcement officers.
Nowadays, almost everyone uses Truecaller app to find out unknown numbers. Truecaller works on a give-and-take policy. If you want the details of people calling from unknown numbers, then you have to surrender your phone book contacts. The data is crowd-sourced from the millions of users who have downloaded the Truecaller app on their smartphones.
SIM swap
SIM swap or simply SIM card exchange is basically registering a new SIM card with your phone number. Once it is done, your SIM card will become invalid and your phone will stop receiving signal. Now, once the miscreants have your phone number, they will get OTPs on their SIM card. With this they can initiate bank transfer and even shop online.
Banks have introduced an option for their customers to block/unblock their card transactions. The users will get an option to manage their ATM withdrawal, online transaction, and international transactions. They can unblock the option whenever they need and block it after the use. Hence, they can ensure that the card is not misused. The feature is available in Internet banking, mobile banking, and SMS methods. Also, do report to the law enforcement agency immediately if something goes wrong.
There was a recent report of scammers editing Google map’s bank listings to trick people. This was brought to light by the Maharashtra cyber police. Google’s user generated content policy allows the user to change the details of a place on Google maps. So, anybody can edit the address or phone number of a particular site listed on Google maps. According to the Maharashtra cyber police, a few con artists took advantage of this loophole. When users searched for the number of a particular bank, it automatically directed them to these scammers and they ended up giving all the information to the frauds. The issue was reported and was acknowledged by Google.
Care about personal data
We should be extremely careful while dealing with digital transactions. Data has become the oil of the future. We should have a clear idea about what will happen if our data reaches a third person. Europe has already implemented Data Privacy Laws (GDPR). California and India are to implement the same in near future. This has flagged the importance of protecting data.
The PIN/OTP is meant for protecting us from financial frauds. Please don’t share these details with anyone else. The banks never ask you for the PIN or any other details. Also, make use of the block/unblock option of your card for managing the card transactions.
(The writer is Manager, cyber security, at UST Global)