STOCK MARKET BSE NSE

Data in the open makes it easy for cyber criminals

With data of about 10 crore bank accounts available in the public domain, it has become easy for cyber criminals to steal money.

Published: 26th July 2017 08:04 AM  |   Last Updated: 26th July 2017 08:04 AM   |  A+A-

Express News Service

BENGALURU: With data of about 10 crore bank accounts available in the public domain, it has become easy for cyber criminals to steal money. What makes detection of such crimes tough is the lack of convergence between various departments and sectors.

A recent report of Centre for Internet and Society-India suggests that data of 10 crore bank accounts is available in the public domain. It points out that the availability of Aadhaar numbers along with bank accounts and phone numbers increases the risk of financial fraud. Social engineering is often used to find out details of bank accounts, credit card numbers and passwords to steal money.
Investigating officials say once a victim files a complaint, they seek information from banks and many times, private banks don’t even reply.

“Also, we also have observed there are a lot of loopholes in the banking system. Banks outsource credit/debit card issuance and maintenance to agencies who follow security protocols. In many cases, insiders helped in sharing information,” a police officer said.    
Nilesh Jain, Country Manager — (India and SAARC), Trend Micro, which provides cyber security solutions, says, “With more people using online transactions, there is a growing number of hackers. Most ATMs are on the legacy operating system of Windows. Banks have started realising that there are malwares designed to attack ATMs.With RBI mandating that banks should report security attacks within six hours, hackers will no longer get an upper hand.”

Pranesh Prakash, Policy Director at the Centre for Internet and Society, says, “There are many ways bank customers can safeguard themselves: using a browser-based password manager, and by never entering their banking username on any site other than their bank (which they should confirm via web address). Banks should offer a form of multi-factor authentication called “universal 2nd factor” (U2F) which prevents fraud in the form of man-in-the-middle attacks by phishing websites. Unless banks roll out U2F, they should refund any losses a customer faces due to fraud.

Case studies

June 2017
Vinod Kumar Pacchiyappan, manager of SBI Cards and Payment Services Pvt Ltd filed a police complaint that Know Your Customer data of customers was compromised.
May 2016
A US couple were cheated of D6 lakh in just two hours where criminals used their bank data and shopped online.
January 2016
Seven people from Telangana, including an Axis Bank deputy manager, were held in Bengaluru for allegedly hacking into people’s bank accounts using mobile banking apps and stealing money.



Comments

Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.

IPL_2020
flipboard facebook twitter whatsapp