With the advent of digital systems and consequent digital or online banking, there has been a rapid increase in cyber frauds worldwide. The Indian banking industry is no exception for the same. Cyber financial scams in banking mainly include cons that have taken place in automated teller machines (ATMs), debit cards, credit cards and Internet banking platforms.
While the number of reported cyber frauds have remained above 50,000, money recovered by banks in all these cases is less than 10%, the Lok Sabha was informed.
Although the number of fraudulent transactions increased in FY20-21, the amount was down as compared to the previous year. The data for FY21-22 is available only till December and on a pro-rata basis, looks similar to FY20-21. Banks have been able to recover Rs15.18 crore (10%) in FY18-19, Rs24.78 crore (10%) in FY19-20, Rs13.51 crore (6%) in FY20-21 and Rs11.7 crore (7%) in FY21-22 till December, respectively, from the total fraud amount, shows data shared by Dr Bhagwat Karad, minister of state for finance.
Krupal Balaji Tumane and Vinayak Raut, both members of Parliament (MPs) have asked for details of the number of financial cyber frauds, the amount involved, and cyber frauds committed on digital payment platforms like unified payment interface (UPI).
Maharashtra has been reporting highest number of cyber frauds, both in terms of number of frauds and amount. Haryana, TamiNadu, UP and NCR (National Capital Region) of Delhi are the other top destinations. In FY21-22 (Till December) these regions amounted to ~75% fraudulent transactions and ~70% in fraud amount, down from 87% transactions and 75% amount in FY18-19. This shows that frauds are becoming more prevalent across the country.
Kotak Mahindra Bank, American Express and HDFC Bank have been reporting many cyber frauds over the years, though American express seems to have got its act together.
Over the years, cybercriminals are becoming more sophisticated, which is making it harder for customers and organisations to defend themselves from such attacks.
According to RBI guidelines following are the main types of cyber frauds taking place in banking space
• Vishing- Phone calls pretending to be from a bank or non-bank e-wallet providers and telecom service providers to lure customers into sharing confidential details in the pretext of KYC-updation, unblocking of account, SIM-card, and crediting debited amount.
• Phishing- Spoofed emails and or SMSs designed to dupe customers into thinking that the communication has originated from their bank or e-wallet provider and contain links to extract confidential details.
• Remote Access- By luring customers to download an app on their mobile phone or software on the computer, which can access all the customers’ data on that customer device.
• Misuse the ‘collect request’ feature of UPI by sending fake payment requests with messages like ‘Enter your UPI PIN’ to receive money.
• Fake numbers of banks or e-wallet providers on web pages and social media and displayed by search engines.
RBI mentions the following safe digital banking practices that banking customers should follow for not falling prey to cyber frauds
• Never share your account details such as account number, login ID, password, PIN, UPI-PIN, OTP, ATM / debit card or credit card details with anyone, not even with bank officials, however genuine they might sound.
• Any phone call or email threatening the blocking of your account on the pretext of non-updation of KYC and suggestion to click the link for updating the same is a common modus operandi of fraudsters. Do not respond to offers for getting KYC updated or expedited. Always access the official website of your bank, NBFC or e-wallet provider or contact the branch.
• Do not download any unknown app on your phone or device. The app may access your confidential data secretly.
• Transactions involving receipt of money do not require scanning barcodes or QR codes or entering MPIN. Thus, exercise caution if asked to do so.
• Do check the official website of the bank, NBFC or e-wallet provider for contact details. Contact numbers on internet search engines may be fraudulent.
• Check URLs and domain names received in emails or SMSs for spelling errors. Use only verified, secured, and trusted websites and apps for online banking, that is, websites starting with “https”. In case of suspicion, notify local police or cybercrime branch immediately.
• If you receive an OTP for debiting your account for a transaction not initiated by you, inform your bank or e-wallet provider immediately. If you receive a debit SMS for a transaction not done, inform your bank or e-wallet provider immediately and block all modes of debit, including UPI. If you suspect any fraudulent activity in your account, check for any addition to the beneficiary list enabled for internet or mobile banking.
• Do not share the password of your email linked to your bank or e-wallet account. Do not have common passwords for e-commerce and social media sites and your bank account or email ID linked to your bank account. Avoid banking through public, open or free networks.
• Do not set your email password as the word “password” while registering in any website or app with your email as the default user ID. The password used for accessing your email, especially if linked with your account, should be unique and used only for email access, not for accessing any other website or app.
• Do not be misled by advice intimating a deposit of money on your behalf with RBI for foreign remittances, receipt of commission, or lottery wins.
• Regularly check your email and phone messages for alerts from your financial service provider. Report any unauthorised transaction observed to your bank, NBFC or service provider immediately for blocking the card, account, or wallet to prevent any further losses.
• Secure your cards and set a daily limit for transactions. You may also set limits and activate/deactivate for domestic/international use. This can limit the loss due to fraud.
Reporting Cyber Frauds
Customers needs to contact their bank immediately. If bank finds that there was no fault of customer then the bank reimburses the money, else the customer has to bear the loss. The cyber fraud complaint can also be registered in writing with a cybercrime cell of the city the customer currently is in. If one does not have access to any of the cyber cells in India, one can file a First Informa-tion Report (FIR) at the local police station.
In case complaint is not accepted there, one can approach the Commissioner or the city’s Judicial Magistrate.
The government has also launched a cyber fraud helpline 155260 in Chhatisgarh, Delhi, Madhya Pradesh, Rajastan, Telengana, Uttarkhand and Uttar Pradesh for reporting cyber frauds.
Liability
As per RBI rules, if the fraud happens and the bank is not at fault and a third party committed it through an act of scamming and phishing, the customer is not required to pay if the breach has been reported within three days of the fraudulent transaction. If the transaction is reported within three to seven days, then the customer’s liability will be limited to the transaction value or an amount set by the central bank, whichever is lower.
Source: timesofindia.com