Indian economy is moving rapidly from cash to digital transactions which is opening up several new fronts. On the other hand it is also making the country vulnerable to cyber-financial attacks.
It is important to note that all day to day activities like shopping, grocery orders, bill payments etc., have shifted to digital space. To make transactions flexible for customers, banks have transitioned to the integration of digital platforms to facilitate digital payments that contribute to the rising number of cyber frauds in the banking sector.
According to the RBI’s annual report, bank frauds of ₹100,000 and above have more than doubled in value to ₹1.85 lakh crores in FY20 as compared to ₹71,500 crores in FY19. Also, the number of such cases has increased by 28% in the same period.
Let us look into the Major Types of Cyber Financial Frauds in India
- Social Engineering
- Card Skimming
Most cases in which the victim says “I have been hacked”, actually they are the victims of Social Engineering and would have given sensitive information by themselves.
Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information. In this technique the criminal makes use of the sense of fear, excitement, temptation of the victim to make him fall prey to the fraud.
Such frauds are initiated in one of the following similar ways:
- You have won a lottery
- Your account is hacked, you need to share OTP to regain access
- I’m from Bank / Police Department, we are verifying your account
- Download a Movie for free by entering your card details
Phishing attacks are the practice of sending fraudulent communications that appear to come from a reputable source. It is usually done through email. The goal is to steal sensitive data like credit card and login information, or to install malware on the victim’s machine.
Website identical to Bank’s Website
Victim thinks that it is Bank’s website and enters all sensitive info like username, password etc.,
Genuine looking Email with malicious link
Email with malicious link which leads to malicious portals which pretends to collect your KYC details.
Obviously the most heard term in Cyber Financial Frauds! and also used as a blanket term by all the victims. Hacking refers to an intentional attack on the Banking Network Infrastructure or the Customer’s Physical Device (Computer or Mobile phone) by identifying the security vulnerabilities or by manually inducing the vulnerabilities to access sensitive information.
Some common scenarios:
- Attacking and Intruding into core Banking Infrastructure to obtain sensitive information.
- Man in the Middle Attacks. Public Networks, Wifi Hotspots etc.,
- Installing malicious software or app into the victim’s device which will share all the sensitive information without his knowledge.
‘Card Skimming’ refers to illegal copying of information from the magnetic strip of a credit card or ATM card. However these type of frauds have significantly reduced with the introduction of several security measures in the Cards issued by Banks, however they have not completely obsolete.
- Never Share Password or PIN with ANYBODY, even with Banks or Police
- Never use computers in public places to perform financial transactions
- Never use public WiFi to perform financial transactions
- Update your Anti Virus Software Regularly
- Do not click on links if you are not sure. Stay away from online advertisements and offers which are too good to be true.
- Your UPI PIN is only needed to send money and check balance. Receiving payments needs no PIN. In case someone asks you to enter your PIN, it means you are approving an outward payment.
- Never make a financial transaction — be it a recharge, bill payment, or anything else while distracted.
- Never do it under pressure with someone on the phone line.
- Never share sensitive personal details on social networking sites.
- Never use screen sharing app when you make transactions.
Role of Banks in Preventing Cyber Financial Frauds
- Securing Network Infrastructure even from the local branch level
- Educate employees about current Modus Operandi of cyber criminals
- Conducting awareness programs among the customers of the Bank
- Responding to the cyber frauds reported in-time to minimize the losses
- Transaction Verification mechanism should be built into the system
- Deploy advanced techniques that detect cyber crime on the basis of the patterns detected in transactions.
What if the Fraud has already taken place?
The Golden Hour Principle
The concept of the Golden Hour is used to describe the time immediately following a crime. Positive action taken during the Golden Hour gives police officers the best possible opportunity of managing a situation and gathering evidence that will lead to an eventual prosecution. This process requires coordinated efforts of Victim, Law Enforcement and the Banks.
RBI has defined the Golden Period for Banks to be two hours within which the Banks are supposed to freeze the beneficiary account.
Introduction of C.I.R
Cybercrime Incident Reporting System
Currently operational only in Bangalore, soon expected to be implemented in other districts of Karnataka
To save the precious time of the Golden Period, the Police Department in Karnataka have come up with something called a Cybercrime Incident Report. In case of a cyber crime reported by a victim, first a C.I.R will be registered to freeze the money in the bank account and later an FIR will be registered.
Ideal Process Flow in CIRS once the fraud has taken place
- It is expected that the victim reports the incident to the Police in time and an instant CIR is initiated, as the process is time sensitive
- On the Basis of CIR, Police will Send Stop Loss Communication to the Beneficiary Bank Nodal Officer to freeze the account
- If the money is found in the fraudster’s account, the victim needs to lodge an FIR and obtain the money through a court order
- If money is not found in fraudster’s account, the victim can opt to lodge an FIR and the conventional investigation process follows
As a final note, It’s in our hands how we treat our sensitive financial information. Never share sensitive information like usernames, passwords, OTPs etc., under any circumstances. No official will ask you to share any sensitive or confidential information. We have reached a stage where we need to safeguard our passwords and other sensitive information more than we safeguard the cash we possess in hand.
Have a safe journey online!
Recently got a chance to speak about the same at the Cyber Crime Awareness Program for Banking Officials and the Police Department. I was surprised to see how the banking system is facing difficulties accessing data during cyber frauds because of the integrations with online wallets, payment services etc., At the time of fraud, banking officials are not able to access the beneficiary account details where some of these wallets and other third party UPI apps are involved. This calls for implementation of a centralized platform for banking sector to tackle cyber financial frauds and reduce the operational time delays as much as possible.