Losing a mobile phone or a SIM card can have huge repercussions on your bank accounts. Ask Vibha Dutt, a Mumbai playback singer.
She was out of the city early this month, when her SIM card got blocked. She contacted the customer cell of her telecom company, who told her a new SIM would be issued only when she visited the mobile gallery with an ID proof.
When Dutt returned to Mumbai and went to the gallery to collect the card three days later, she was told that it had already collected by someone called “Akash”. Worse followed.
On December 9, 2009, when Dutt went to her ATM to withdraw money, she realised fraudsters had transferred a whopping Rs 86,000 from her ICICI Bank account. The bank said there were eight fraudulent transactions done between 6.30 pm and 8.30 pm on the day Dutt’s SIM was blocked.
When contacted, an ICICI Bank spokesperson told DNA Money, “The internet banking fraud took place because of the issuance of a duplicate SIM card by the operator to an imposter without proper due diligence.”
It is unclear whether the mobile banking channel was used for the fraud. Dutt said she had used her iMobile service to transact twice or thrice in the past year, to book tickets and once to transfer funds to her sister’s account.
Still, “Banks are required to block transactions beyond Rs 10,000 per day as per RBI guidelines and Rs 5,000 per day for money transfer. This is probably more a case of internet banking phishing or fraud,” said Sanjay Swamy, chief executive officer of mChek, a mobile banking-infrastructure provider.
Ajay Adiseshann, founder and managing director of Paymate, which supports transactions via mobile, said: “I may be free to conclude that the fraudster has used an online banking channel. Online banking channels, in many cases, use two-factor authentication (two passwords or levels of security check), where they might send a code to the customers mobile. This is to be entered back on the website to verify a transaction. This has nothing to do with mobile banking/ payments.”
Cellular access
Mobile banking is of two types — via SMS and via GPRS, or accessing the internet via your phone. “SMS banking allows only enquiries and there are no financial transactions. GPRS-based mobile banking service allows customers to make financial transactions apart from regular information-based transactions from their mobile phones,” said Shalini Mehta, executive vice-president at Kotak Mahindra Bank.
Most banks will send passwords for the internet and phone banking channel through SMS or e-mail. So, if a phone or SIM is lost, a person savvy with the system may use that mobile to fish for bank passwords and siphon money.
Banks offer various banking services via mobile, and some even offer incentives on charges through the new technological channels vis-a-vis branch channel.
While some banks keep the validity of such passwords short — 3 hours, 24 hours etc,
sensitive information such as all-time use passwords may also be sent to your mobile via SMS. This is a key feeding area for fraudsters, so once you have used or memorised them, discard such messages from your mobile.
Staying safe
“The best way to stay protected is by not sharing personal details such as passwords with strangers. No bank asks for such information. One should also avoid accessing banks’ websites through cyber cafes or unreliable PCs and always use the latest browser versions and use anti-virus solutions,” said the ICICI Bank spokesperson.
And apart from strangers, be wary of people you know, say experts. “Remember, most of these crimes are committed by known people and not strangers,” warned Adiseshann.
He suggested other precautions: “If you were to leave your debit card somewhere with your PIN written on it, it’s asking for trouble. If you signed on a blank check and it ended up in the wrong hands, again you are courting trouble. Therefore, while using any banking channel, you need to ensure that sensitive data like PINs are stored safely and committed to memory and not left on pieces of paper for someone to misuse.”
Be wary also of e-mails asking for usernames and passwords. “People get e-mails asking them to spend $3 and get back $15,000. When these e-mails ask for username and password, people tend to give away the passwords which are the same for their banking transactions,” said Rajiv Chadha, VP - India, VeriSign, a security service-provider.
Sometimes, a software which generates one-time use passwords is installed on the mobile as part of the mobile banking service. This software would get blocked if the SIM is blocked. But to be on the safe side, inform the banks for which you use these passwords to block the service, said Chadha.
And if you fear your password has been leaked while making a transaction, change it.
“Change the password and intimate the bank immediately in case of any compromise. Also, customers should not save their login information anywhere,” said Mehta of Kotak Mahindra Bank.
Comments