Have a safe and healthy digital life: Use Internet discreetly

In the past 20 years, Internet has completely revolutionised the way we access and exchange information. This information exchange can range from casual gossip (think Twitter or Y! Messenger) to intricate financial transactions (e.g. online funds transfers). From booking movie tickets, paying electricity bills to surprising your loved one with a bouquet of flowers, almost every service today can be purchased online, using a bank account or a credit card.

Take the example of train tickets. Standing in long queues for hours at a booking centre to buy ticket after taking a half-day leave seems a distant memory! The Indian Railway Catering and Tourism Corporation (IRCTC) runs the world’s biggest e-commerce portal that clocks about 4 lakh online reservations per day, which is 45% of the total tickets sold by the Indian Railways.

With so many people online and so much money changing hands (digitally), there are bound to be digital pickpockets around. These unscrupulous elements go by such high-tech names like hackers and phishers and thrive on low awareness levels of people, their trusting nature and occasional carelessness.

The key to securing online financial transactions is to ensure that there is no eavesdropping on the digital conversation between the two genuine parties that are involved — between the one that initiates the transaction and the one who receives it. Let us see how this can be achieved.

In the early years, simple shoulder surfing kind of frauds was prevalent. A fraudster would observe a consumer performing internet banking transactions (especially in a cyber cafe) and later use the information to access the customer banking account. Now, the modus operandi is more sophisticated.
Every bank has a URL (or the website address) for customers to access the bank accounts. Normally for most website addresses, the URL starts with ‘HTTP://’. For an online banking website, the URL starts with ‘HTTPS://’. S stands for ‘Secure’ and literally secures the transport of information between the computer of the consumer and the computer of the bank against any effort by fraudsters to either eavesdrop and/or tamper with the contents of the information.

This certificate of security is issued by a certifying authority like Verisign and all websites secured by Verisign have Verisign’s logo on the website pages. As a consumer, one should click on the logo to ensure that the certificate is genuine, has not expired and is actually in the name of the organisation which runs the website. Otherwise, there is a chance that you will by mistake land up on the website of a cybersquatter (somebody who is impersonating the website of a genuine company) and key in your login and password.

Another kind of eavesdropping happens through unintentional installation of malicious software (called Trojans after the story of the Trojan horse) on your PC. This type of software is able to log every keystroke you type and transmit it to remote computers. These keystrokes include precious information like your username and password.

To avoid this very serious compromise of your computer, you have to exercise judgement on which links you click and which ones you avoid. Every day in your mailbox you get tons of junk, spurious offers for lottery, tax refund, prize money and the like. Included in these could be some very genuine looking mails from a reputable courier company with your POD for the shipment that did not get delivered or a tax refund receipt from the income tax department.

Before you click on these urgent sounding mails, stop for a minute. Did you send a courier? Are you expecting an IT refund? Look at the email address from which these mails are originating, the company will send this kind of email from an official domain and not a personal id or such as those ending with hotmail.com/ yahoo.com, etc. Delete suspicious looking, too good to be true e-mails. You just won $500,000 in a lottery in Las Vegas, yeah right! Recycle bin is the right place for such e-mails.
Similarly, be careful while browsing. When you download music or movies and try clicking on the downloaded file, stop right in your tracks if the file tries to install itself on your computer. An MP3 or DivX will simply play in your media player. If an app installation is getting triggered, then there is a good chance, malware installation is being attempted. In general, do not install applications and games from unknown and untrusted entities, howsoever tempting the features may be. Follow this one dictum and you will lead a safe and healthy digital life.

 Information security also concerns safe-keeping of your personal information related to banking such as the internet banking password, login ID, debit card number, ATM PIN and telephone banking PIN. Even the mobile phone and the SIM card would fall in the list of items that one should be careful about sharing as banks are nowadays sending one time passwords through the SMS. It is prudent to immediately call the bank if any of the above mentioned information is suspected of being compromised. There are provisions to block the internet banking access and debit cards immediately and on priority.

It is important that one should invest in reputed anti-virus software and periodically scan the computer. If there is a doubt over the integrity of the computer being used for internet banking, it is important that one uses the virtual keypad to type in the password -- even while you clean the machine by formatting if all measures fail. Most banks have a security feature called ‘Virtual Keypad’, which are designed to provide security against the viruses that can read keystrokes. Some banks have made the virtual keypad mandatory, and others have kept it optional. It is extremely critical that we use virtual keypads while accessing online banking in cyber cafes.

There is another feature that banks have launched in line with the guidelines of the Reserve Bank of India. It is called ‘One Time Password (OTP)’. The OTP is a random code that is sent to registered mobile number (and e-mail ID) of the customer for the customer to enter while executing a financial transaction. OTP expires after one use and is usually valid for a few minutes. As it is sent to the mobile number or the e-mail ID of the consumer, it has become very important to safe-keep the mobile and the access to e-mail ID.

Every convenience, including Internet banking, comes with added responsibility. When it works well, it saves you hours of drudgery, but if it goes wrong you can lose a small fortune. With a little care and knowledge, you can enjoy this facility with 100% confidence.

The writer is head – direct channels, private and business clients, Deutsche Bank