“Debit Cards data compromised, State Bank group issues 6 lakh new debit cards.” I got a screenshot of this news notification from my friend, Ashish. In no time, my phone was ringing and Ashish at the other end seemed worried. It was an obvious reaction, considering the fact that he was using a State Bank debit card for all his financial transactions. However, I made sure he understood what exactly the issue was and why he need not worry much about the same.
As per the media reports, the data of the cards used at a particular bank’s ATM were leaked from the database of their outsourced service provider. This might put debit card holders in a fix since their personal and card data had been compromised. While the reports have been acknowledged by several banks, precautionary actions have already been taken by the affected banks in the form of card blockages/PIN reset. Further, media reports suggest that the data breach had happened somewhere around July this year and has only come to light in October 2016. Hence, if any unwanted transactions were to happen, the same would have already taken place. However, just to feel more safe, you may also consider changing your ATM PIN.
These days, most of the banks come with an additional layer of authentication in the form of PIN in case of POS swipes and One Time Password (OTP) in case of online transactions. However, the fraudsters don’t really worry about calling you up posing to be bank representatives and asking for crucial details necessary for transaction execution.
I received one such call a couple of days back from someone posing to be from one of the private sector banks calling from Chandigarh, while Truecaller app detected them to be from Bihar. I could easily make out from their way of talking that they were not from the bank they were posing to be from and this call could be a fallout of the recent data leaks. Even if you consider that the call is a genuine bank call, still do consider checking the incoming number for its source. You might get similar results, just like I came across :
Similarly, fraudsters are now turning to innovative ways for fooling people. The most recent technique is to ask you to send a message from migrating your SIM to a new upgraded SIM wherein they will ask you to send a message to the official telecom care number. If by mistake you fall prey to such a message, your number linked with the bank account will now start generating signals from the new SIM which will enable the fraudsters to receive OTP directly on that new SIM. I received an advisory from Airtel just today regarding such messages as per screenshot below:
As they say, prevention is always better than cure, it is equally true that precautions are better than repentence later. One should be aware of the following while doing any financial transactions:
- Beware of Phishing Mails – Always be extra cautious if you receive an unusual mail which seems to originate from your bank. Such mails will normally desire an urgent action and will redirect us to a webpage very similar to the bank’s actual netbanking login page. However, if we accidentally type the login details believing it to be the original login page, our login details will get captured and will be transmitted to the hacker. The image below is a perfect example of a phishing mail:
Just notice that the mail seems to originate from ICICI Bank and at a cursory glance nothing seems suspicious. However, you may notice that the website name starts with an ‘L’ instead of ‘I’. Make sure you do not fall prey to such mails.
- Sharing is Not Always Caring – We have been taught since childhood that ‘Sharing is caring’. However, when it comes to the financial information, one must forget this golden rule. Your bank will never ask for any account specific details over a phone call especially when the call originates from the other person’s end. One of my colleagues accidentally shared One-time password (OTP) for a financial transaction over the call posing to be from the bank and he received a debit alert of Rs. 56,990 within next 60 seconds. OTPs are additional authentication layer for banking transactions hence make sure you don’t share it unless you are sure and approve of the transaction.
- Limiting the Damage to the Least – While being cautious is the need of the hour, do take an immediate step in case you suspect that you have become a victim of a financial fraud. In case you realise your mistake after falling prey to a phishing mail by keying in your login credentials, change your password immediately through the official website of the bank. Also, in case you have shared your debit card details, get the card blocked through the bank’s customer care to limit the financial loss.
In the lure of making easy money, financial frauds are increasing. Earning money is difficult, but preserving it is becoming equally difficult. However, by being cautious, one can avoid being a victim in such cases.
Do share your experience if you have ever been a victim of such financial frauds or have any tips to share with us.
Simardeep Singh is a Chartered Accountant based in Delhi. He loves sharing his knowledge about personal finance and investment. He blogs regularly at www.simardeep.com.