Debit card scare: Here's a comprehensive checklist to secure your ATM activities

The country's largest ATM security breach is sending shivers down the spine of customers as various banks have been hit by the malware infestation of ATMs. The banks have started taking steps to prevent any potential large-scale fraud.

However, according to National Payments Corporation of India (NPCI), there were complaints of fraudulent withdrawal through cards issued by 19 banks. As many as 641 customers have been affected.

Representational image. Reuters

Representational image. Reuters

"The total amount involved is Rs 1.3 crore as reported by various affected banks to NPCI," it said in a release on Thursday.

However, if you are concerned that your card may be compromised and is in danger of fraud exposure, there are a few simple things you should do.

The following checklist has been prepared by speaking to experts and from media reports. It is not only applicable to the present situation but should be followed universally.

1) Register your mobile number and mail address with your bank. As per RBI rules, the bank has to sent SMS alerts and mails on each transaction that happens in your account.

2) Do NOT ignore any alert from the bank. Read all the text messages and mails carefully. It could be about a transaction that has already happened or is currently happening. "Customers need to be alert to these messages and take proactive measures if they detect an anomaly," says a cyber security expert with a global consultancy firm.

3) Avoid sharing any private factual information, especially on social networking sites, says Mukul Shrivastava, Partner, fraud investigation & dispute services, EY India.

4)  Change your debit card PIN at regular intervals. This will, to a large extent, mitigate thefts.

5) Do NOT throw away the receipt that you get at ATMs into the waste paper basket. Beware: It contains information of your account.

6) Better still, do not ask for receipts from ATMs. Why do you need them as text messages and emails are anyways being sent by the banks? Not taking receipts is a safety measure and also reduces wastage of paper.

7) While keying in your PIN at payment counters, always cover your hand while punching your PIN. This will protect your PIN from being viewed by strangers and captured by cameras. Case in point, Romanian nationals who committed a hi-tech ATM fraud in Kerala.

8) Do NOT EVER hand over your debit cards to others at restaurants or petrol pumps to do transactions on your behalf. "By doing so, the customer is exposing himself to risks," says the cyber security expert. According to a report in The Indian Express, this careless action by customers results in 'card swapping' - the fraudster swaps your card with another similar card. The fraudster keeps cards of many banks handy, says the report. Such frauds now-a-days are easy to commit as banks do not print the name of the cardholder on the card.

19) Check and make sure the card that you get back from the payment counter is yours. Remember at least last 4-8 digits of your card number so that you can ascertain the card returned to you is yours only.

10) If you find any malfunction at ATMs while trying to withdraw cash, call the bank first. Do not leave the kiosk before you get a transaction cancelled message. As per the Indian Express report quoted earlier, fraudsters nowadays jam the keypad at ATM kiosks which will force the customer to leave the ATM without completing the transaction. The fraudster enters the kiosk soon after and keeps the transaction alive until he withdraws the money. To avoid this, speak to the bank from the ATM kiosk and wait until the transaction cancelled message flashes on the screen.

11) Skimming is another kind of fraud where the fraudster uses a device to record the personal details of your card and create a clone card. A camera installed at the ATM helps the fraudster to get your PIN, which makes committing the fraud easier. As the IE report says, there is nothing much the customer can do about this.

Experts are almost unanimous that with the rise in digitisation, the possibility of frauds will increase and this is not a India-specific phenomenon but a global one.

However, the cyber security expert quoted above says that the RBI has been proactive in dealing with the security concerns.

"I would say that unlike any other country, the RBI is on top of security measures and have come out with ingenious ways to contain losses by coming out with the OTP — one time password code which is mandatory for online transactions, email and text messages," he says.

However, there is only so much the regulators can do about such events. The ultimate responsibility lies with the customer. In most cases, it is the customer who can be the first informer of frauds. The customer needs to remain alert and exercise utmost care.

As K V Karthik, partner, Financial Advisory Services. Deloitte Touche Tohmatsu, India LLP, says: "Digitisation brings about its fair share of fraud risks and the only way to mitigate these risks is to be alert and constantly monitor one’s environment. Typically, fraudsters tend to be one step ahead of any security measures and therefore one cannot rely on the same set of controls for too long."


Published Date: Oct 21, 2016 10:29 am | Updated Date: Oct 21, 2016 11:17 am