As India attempts to go digital and cashless in a hurry, threats of cyber crime haunt banks, traders, customers and investors
By Ramesh Menon
As cash is in short supply post demonetization, you use your credit/debit cards wherever you can. It is nice to carry plastic money. But watch out for what can happen. As you type in the details of your card while shopping online, beware. As you store passwords in your diary, beware. You love technology as it makes your life easier, but beware of the hacker who is on the prowl in another part of the world watching every digital move you make.
Online payments are going to open up lucrative opportunities for cyber criminals who will trick you into divulging sensitive banking information before you figure out that you have been tricked.
With a large illiterate population forced to use credit and debit cards or even mobile phones to transact business, the danger is real. There are millions of new Jan Dhan accounts, mostly held by those who cannot comprehend what cyber crime can do to their hard-earned money. And this is one of the biggest threats that India will face as there is an almost maniacal hurry to go digital without having constructed firewalls to protect people.
This was evident when news came in recently that malicious phishing websites had been created by cyber criminals that could spoof 26 Indian banks and in the process, steal your banking information and siphon off your money. These include top banks like HDFC Bank, ICICI Bank, IDBI Bank and State Bank of India. Think of smaller banks. Think of cooperative banks in villages.
FireEye, a cyber security firm from the US, discovered a new domain called csecure-pay.com that was registered a couple of months ago which served fake logins from the 26 banks. This should worry millions of India. In its report, “2017 Security Landscape-Asia Pacific Edition”, FireEye claimed that ATMs, particularly in underdeveloped countries, were vulnerable as they continued to use old software which could easily be broken into by cyber criminals.
When you unsuspectingly navigate to the URL to get to your bank, you are gently taken to a page which looks like the one your bank has. You are requested to enter the bank account number, pin, mobile number, email address and other details. As you do this, malicious software copies crucial data from your spoofed online banking page. Once criminals have this data, a page will pop up announcing that there has been an error and you should therefore try after some time. This often happens in online transactions. When you log in later, you could well find that you have been robbed off your cash.
Here is another alarming incident that should indicate what lies ahead. Cobalt, a group of hackers, recently targeted ATMs across Europe making them dispense huge amounts of cash using malicious software. Such realities should make India realize that while going digital might be a great idea, it should not do it in a hurry without creating the necessary safeguards.
Just a few weeks back, major banks in India like SBI, HDFC Bank, ICICI Bank, Axis Bank and YES Bank blocked over 3.2 million debit cards that were compromised by cyber criminals. It was one of the biggest breaches in the financial sector in India. There is reason to fear.
SUPREME COURT MOVE
As there has been a huge surge of cyber crime, the Supreme Court recently asked the center if it was contemplating setting up exclusive cells to probe such crimes. It was shocked at the circulation of rape videos on social media by criminals. With the government failing to come up with an answer, a bench of Justices Madan B Lokur and UU Lalit pointed out that no action had been taken in the last one year though the government had said it was working on it. The Court had taken suo motu cognizance of the growing number of cyber crimes in the country after Prajwala, a Hyderabad-based NGO, had written to the Chief Justice of India about numerous rape videos being circulated through WhatsApp. It had directed the CBI to investigate all the cases.
After numerous banks worldwide were cheated by cyber criminals, the Reserve Bank of India earlier this year asked banks to step up the vigil against cyber crimes and work out a security policy. Banks should also have a system to exchange information with other banks and develop a quick response system to deal with increasing cyber crime, financial fraud and data theft.
The RBI missive came after a heist in a Bangladeshi bank early this year when cyber thieves issued instructions to transfer $951 million out of a Bangladesh bank’s account at the New York Federal Reserve. Fortunately, most of them were declined. But an amount of $81 million was transferred to a bank in the Philippines. It was never found. It naturally shook up the international banking community.
While numerous small Indian entrepreneurs are quickly trying to switch to digital technology to manage payments, it has opened a new window of opportunity for cyber criminals. We have seen how they can swiftly and effectively operate fraudulent monetary transfers and do counterfeiting of credit and debit cards. India with its huge population will definitely be on their radar. It will be easier for them as India will have more mobile phones than most other countries.
Firms that have anything to do with financial services will now have to build robust cyber risk management programs to achieve invincible security. They have no option but to do this as soon as they can. Cyber thieves have already demonstrated how dangerous they can be. You might just be their next victim.
Lead Illustration: Anthony Lawrence