Centre for Internet & Society

With data of about 10 crore bank accounts available in the public domain, it has become easy for cyber criminals to steal money. What makes detection of such crimes tough is the lack of convergence between various departments and sectors.

The article by Kiran Parashar KM was published in the New Indian Express on July 26, 2017. Pranesh Prakash was quoted.

A recent report of Centre for Internet and Society-India suggests that data of 10 crore bank accounts is available in the public domain. It points out that the availability of Aadhaar numbers along with bank accounts and phone numbers increases the risk of financial fraud. Social engineering is often used to find out details of bank accounts, credit card numbers and passwords to steal money.
Investigating officials say once a victim files a complaint, they seek information from banks and many times, private banks don’t even reply.

“Also, we also have observed there are a lot of loopholes in the banking system. Banks outsource credit/debit card issuance and maintenance to agencies who follow security protocols. In many cases, insiders helped in sharing information,” a police officer said.

Nilesh Jain, Country Manager — (India and SAARC), Trend Micro, which provides cyber security solutions, says, “With more people using online transactions, there is a growing number of hackers. Most ATMs are on the legacy operating system of Windows. Banks have started realising that there are malwares designed to attack ATMs.With RBI mandating that banks should report security attacks within six hours, hackers will no longer get an upper hand.”

Pranesh Prakash, Policy Director at the Centre for Internet and Society, says, “There are many ways bank customers can safeguard themselves: using a browser-based password manager, and by never entering their banking username on any site other than their bank (which they should confirm via web address). Banks should offer a form of multi-factor authentication called “universal 2nd factor” (U2F) which prevents fraud in the form of man-in-the-middle attacks by phishing websites. Unless banks roll out U2F, they should refund any losses a customer faces due to fraud.

Case studies

June 2017
Vinod Kumar Pacchiyappan, manager of SBI Cards and Payment Services Pvt Ltd filed a police complaint that Know Your Customer data of customers was compromised.

May 2016
A US couple were cheated of D6 lakh in just two hours where criminals used their bank data and shopped online.

January 2016
Seven people from Telangana, including an Axis Bank deputy manager, were held in Bengaluru for allegedly hacking into people’s bank accounts using mobile banking apps and stealing money.

Filed under: