Last fortnight, Quantum Asset Management launched a facility to enable new investors to buy any of its schemes without giving any physical signature. Though the initiative eliminates paperwork and is convenient, in reality, how safe is it? Hackers are after your crucial data, money and in worse cases, your identity. Are fund houses doing enough to protect your money?
Although your online MF accounts come with a unique username and password, it may not take long for a smart hacker to break into your fund house's system. To counter such potential attacks, many fund houses hire external agencies called Internet security firms such as Paladion, NII Consulting and Mahindra Securities, to run checks to ensure that your online interaction with your fund house is safe. These firms advise the fund houses not just on improving security measures but also check the robustness of the system.
A popular way to check the robustness of a fund's website is to carry out a test, commonly known as vulnerability assessment penetration test. These tests are carried out every few months. They visit your fund house's website and try and hack information using various permutations and combinations.
Is it really necessary?
If your online MF account gets hacked, your direct and personal loss is limited. For instance, even if your hacker mischievously redeems your MF units in your online account, the redemption proceeds will go straight in your bank account; you won't lose the money.
However, if there is a data breach, fund houses stand to lose their reputation. You could sue your fund house and it could be in serious trouble. Security experts also claim that a hacker can make an intelligent guess that the customer's password may be the same on many other sites including the Internet banking site and try to use those same credentials to cause greater damage.