The well-known American writer, philosopher and founding father - Benjamin Franklin had once rightly stated, “An ounce of prevention is worth a pound of cure.” While the vast majority of us totally agree with this principled position – not many adhere to it.
The importance of prevention is especially important in today’s highly connected and technology intensive financial sector wherein frauds can be disruptive and dampen spirit of customers and public at large especially when the country is moving towards digitization.
Therefore, in the recent past, we have witnessed an increasing number of alternate channels into retail banks, and customers demand more innovative technologies to access their financial data and for convenience of transactions.
In spite of all efforts, according to a study by Assocham, credit and debit card frauds have seen a six-fold increase in the past three years. The study also stated that, India will see a 65 per cent rise in mobile frauds by 2017.
As of March 2017, a total of 29.84 million credit cards and 854.8 million debit cards were in operation, according to the Reserve Bank of India. Therefore debit and credit cards are no longer in exclusive usage of society’s crème de la crème but also used by the common man.
Hence, it is necessary to remember - staying ahead of fraud is a never-ending battle wherein fraud prevention is always a preferred approach since there is no permanent cure. Today, securing the ATM channel and other alternative payment channels is not a choice but a priority since any fraud can cause serious financial damage.
There are various techniques fraudsters use to steal information:
• Card skimming
• Keypad jamming
• Card trapping
• Leaving card/PIN
• Keystroke logging
• Card swapping
Out of the above, card skimming remains, by far, the most frequent form of ATM attack and currently represents nearly 95 percent of all losses. However, card skimming can be effectively prevented through the deployment of comprehensive anti-skimming solutions.
Card skimming continues to evolve, and criminals are becoming more organized, migrating to the weakest link. Global losses from these types of attack exceed $2 billion annually. As industry leaders NCR offers skimming protection solution that is integrated and scalable. Such anti-skimming solution helps everyone to reduce risk and protect ATM networks.
NCR Skimming Protection Solution (SPS) uses multiple jammers that generate multiple random signals, preventing any attempt by a criminal to isolate and record data from the magnetic stripe on the card. NCR SPS has a new design that focusses the jamming and protection on the actual card data path on the magnetic stripe. This means that even the smallest skimming devices won’t be able to capture card data.
The world just encountered the WannaCry malware which did impact organizations across industries. NCR recommends advanced protection software that is necessary to prevent physical infection of the ATM by malicious software. Malware infections of the ATMs became especially prevalent after Trojans capable of replacing traditional skimmers appeared on the international black market and started being even more dangerous after remote cash dispensing Trojans. We recommend to include device control for anything connectable to ATMs, using firewalls and providing the possibility to update software securely and without risks.
RBI initiatives: Financial cyber crime in India has been steadily increasing over the years. For the year 2015-16, the Reserve Bank of India (RBI) reported 16,468 cybercrimes related to ATM, debit card, credit card and net banking frauds. The number of frauds reported by the RBI were 13,083 in the year 2014-15 and 9,500 in the year 2013-14. The central bank is aware of the situation and have taken proactive steps to educate the banks. In India, most notably, over 3.2 million debit card details were likely stolen by hackers from ATMs and POS machines in October 2016. The National Payments Corporation of India (NPCI) said that the complaints of fraudulent withdrawal are limited to cards of 19 banks and 641 customers. The total amount involved is Rs. 1.3 crore.
Cyber attacks: Identify and assess risks, technologies adopted, regulatory compliance, delivery channels (online/ mobile, etc.), organizational culture, internal and external threats, and processes and policies in place to manage and combat risk
Continuous surveillance by testing for vulnerabilities through a SOC (Security Operations Centre) that is constantly updating on the nature of emerging cyber threats
IT architecture to be conducive to security measures to be implemented by the bank post assessment of readiness and ensure that network connections to database are allowed through a well-defined process and by authorized personnel only
Ensuring the confidentiality, integrity and security of customer data is preserved, without any compromise of the same
Formulating a Cyber Crisis Management Plan (CCMP) whose primary focus should be: detect, response, recovery and containment to address various types of cyber threats
In June 2016, RBI issued instructions on a cyber security framework in banks, asking them to put in place a board-approved cyber security policy, prepare a cyber crisis management plan, and make arrangement for continuous surveillance. The circular also asked banks to share unusual cyber security incidents with RBI. Apart from this, RBI has set up an expert panel on IT Examination and Cyber Security to provide assistance in banks’ cyber security initiatives, and proposes to cover, by 2017-18, all banks under a detailed IT examination programme that it launched in October 2015.
Here are some steps the card users should follow:
• Set up app based/SMS/ email alerts for every form of transaction
• Monitor your bank statements regularly
• Report to the bank immediately in case you have lost your cards or you know your credentials for online transactions have been compromised
• Don’t link accounts for automatic transfer of funds
• Don’t have passwords which are easy to guess. Use a firewall, anti-virus software and update them as prescribed. Change your ATM pin and online passwords from time-to-time
• Update your current contact information all the time with your bank
• In case your card gets stuck in the ATM, call your bank immediately
• Sign up for paperless banking so there is lesser chance that other people have access to your financial statements
• Prefer ATMs attached to banks, they tend to have better security checks than others
• Globally, credit cards are more secure and it’s advisable to use them for point-of-sales gateways
• Always destroy your old ATM/ debit cards
• Don’t have all your money in a single account
• Always wait for ‘Welcome’ screen to be displayed after completing transaction
Understanding all the various attack vectors and crimes can seem complex and overwhelming at times but looking out over the landscape, a broader attack type and structure emerges. Hence, it is necessary to unravel and understand the broader attack type and structure before damage is suffered.
Adherence to these simple steps will help the card holders to stay safe. The Indian banking sector also needs to swiftly firm up regulations to spot the breach to safeguard consumers from any potential threats.
(The writer is Managing Director, NCR Corporation India Pvt. Ltd.)
Updated Date: Jun 01, 2017 16:03 PM