x

Why It Pays To Pay For Info-Security

Home »  Magazine »  Why It Pays To Pay For Info-Security
Why It Pays To Pay For Info-Security
Why It Pays To Pay For Info-Security
OLM Desk - 04 February 2023

We are in the age of digitized finance. No wonder that financial crimes today are also digitized. To achieve serenity, you need to keep track of your digital safety...

...There is a wide variety of scams and fraudulent activities you must guard yourself against. Take tech support scam, for example. In a 2021 report on tech support scams, Microsoft said 31 per cent of the Indians surveyed lost money in a scam, the highest for any country.

The RBI recently said that 83,000 bank frauds were reported in 2020-21. In these instances, Rs 1.38 lakh crore were fraudulently withdrawn from accounts. Less than 1 per cent of this amount could be recovered.

I have been the target of sophisticated digital attacks, too. In one case, the attacker sent an email in my name to BankBazaar’s chief financial officer (CFO) instructing him to transfer funds to my bank account. Our alert CFO spotted the fakery. The email was from an unknown domain. The mail, too, was unusual...

...You must educate yourself about the many digital risks that exist today. Knowledge alone can help you identify a trap and steer clear of it. It will prevent you from losing your hard-earned money through your bank account, credit card, or a payment app.

Your ATM PIN and Netbanking passwords should be updated every few months. When setting them, steer clear of the obvious: your date of birth, birth year, or the child’s birth year. These may be some of the easy guesses. Try something less obvious.

Authors: Adhil Shetty, A.R. Hemant; Paperback price: Rs 395; Kindle price: Rs 263; Publisher: Rupa Publications

Authors: Adhil Shetty, A.R. Hemant; Paperback Price: Rs 395; Kindle Price: Rs 263; Publisher: Rupa Publications

For example, you are a Sachin Tendulkar fan, and your ATM PIN is inspired by his batting average in Test cricket: 5378.

When setting passwords, be creative. Consider information security firm Nordpass’s list of the top-200 most common passwords in 2021, so that you know what is to be avoided. Some of the most used passwords in India were ‘qwerty’, ‘password’, ‘123456’, ‘india123’, ‘abc123’ and ‘sairam’. Using these passwords could invite financial nightmares into your life.

Create your passwords with mixed cased letters, numbers and special characters, as these are harder to guess. Test them on password strength websites. For example, according to Security.org, it takes a password-cracking computer programme about seven milliseconds to guess that your password is ‘sachin’.

It would become just a little more secure if the password is ‘Sachin’. Notice the uppercasing. But it still takes only 400 milliseconds to guess it, so it is not enough. It takes three days to guess ‘Sachin123’, five years to guess ‘Sachin@123’ and one sextillion years to guess ‘Sach!n@t3ndulkar@5378’. The more complex your password, the harder it will be to guess.

Password strength, along with regular updates, will give you enhanced security. This will, however, not protect you against a data server breach that leads to login credentials being exposed. For protection against this, set a unique password for each Web service you sign up for. We tend to use the same password across Web services. Avoid using the password you use for a sensitive account (such as a bank or email) on a low-tech and unsafe website. If that website gets hacked, it jeopardises your sensitive data.

There are many ways by which fraudsters can steal your passwords. A common method is to send you a Web link via text or email. The link is a website masquerading as a reputable website, such as that of your bank. This method is called phishing—an activity on the rise in India...

...Ensure you are using your login credentials on the right Web service. Look for the SSL certificate and check the link you are on. A secure link would have ‘https’ instead of ‘http’. If you are using an updated Web browser, pay attention to the security warnings it provides.

No bank or financial institution will ask you to disclose your login information, card CVV number or one-time passwords in any circumstance. Never ever disclose sensitive data through any other channel than the one explicitly meant for the use of that information. In case of phishing attempts, report to your bank to allow them to investigate the matter.

When it comes to ATM and cards, be aware of your surroundings. Avoid unsafe ATMs. Look out for shoulder surfers—people who try to see your password as you type it. You are at higher shoulder-surfing risk in crowded places like grocery stores and petrol pumps. Conceal your typing the best way you can. If you feel you have been compromised, change the password immediately.

When using an ATM, give the swiper a shake to check for skimming devices. These are illegal attachments to the machine meant to collect your card information. Watch this video by a cybersecurity expert who explains why it pays to be paranoid: https://bit.ly/atm-skimmer.

When paying with your card, ensure the swipe machine is brought to you and the transaction is conducted in front of your eyes...The data procured through these unauthorised swipes can be used to make copies of your card, which can then be used for fraudulent transactions.

If you are browsing from a home computer, use up-to-date versions of Internet browsers and operating systems. Older software presents greater cybersecurity risks. They were not built to protect against modern crime technology. Make sure you have the latest anti-virus and malware support on your computer systems. These keep viruses, Trojans, malware and ransomware, which can jeopardise the safety of your sensitive data, at bay.

Ransomware is especially terrible. It is a software designed to hold your computer captive. It demands credit card or cryptocurrency payment as ransom through unsecure channels...

...Dispose your data safely. Credit card bills, bank statements or mutual fund statements in printed form carry sensitive information, such as your name, address, PAN or partial credit card number. If someone means harm, they may dive into your trash to dig out these documents. Different aspects of your life may be pieced together by your digital and financial footprints...

...It is not unusual to share things like credit cards with your children. But remember that they are not experienced enough to discern a real website from a phishing one. They will also tend to make downloads from unauthorised websites that are full of cyber security risks. They should be first taught about how to make safe online transactions.

Lastly, do keep yourself updated about the regulations around payments fraud. For example, a customer’s liability will be zero if he is not at fault for an unauthorised transaction and has reported it to the bank within three working days.

Cybersecurity is financial security, and financial security is the key to serenity.


Book excerpt from The Bee, The Beetle and the Money Bug. Adhil Shetty, is CEO, BankBazaar; A.R. Hemant is AVP, Communications, BankBazaar

The Pocket Aide To Sort Your Finances
Steer Your Mutual Fund Investment Drive Yourself