For Lokesh Kardam, a 33-year-old Noida driver, phone banking will never be the same again. Some weeks ago, he got a call from an unknown person claiming to be a bank officer, who told Kardam his ATM card had been blocked. To unblock it, he immediately needed to disclose his card number and the three-digit CVV, or card verification value, figure at the back of the card.
A worried Kardam parked his car, took out his debit card and read out all details. Seconds later, he got another call asking him read out a six-digit OTP, or one time password, he had received as a text message. In a span of a few minutes, an unsuspecting Kardam read out three unique OTPs to the caller.
“Within seconds, I realised Rs 22,000 had been spent from my account,” Kardam, the main bread-winner for a family of seven, recounted in a choked voice.
Welcome to the world of vishing, or voice phishing, a technique used to trick gullible customers to part with confidential personal banking details. Vishing uses voice calls to steal identities and financial information. Such “vishing attacks” are designed to secure financial information in a short span by instilling fear in individuals. These calls are difficult to trace because they primarily ride through the internet.
For many Indians like Kardam, financial inclusion has also been an unpleasant introduction to the dark underbelly of hi-tech banking frauds. People commonly receive “phishing” mails where criminals create e-mails and web sites that closely resemble those of legitimate companies seeking individual banking information.
“There has been a significant rise in the number of these mails,” said a senior official from RBI, which has roped in the Central Bureau of Investigation’s Cyber Crime Cell to help curb the menace.
According to RBI data, banks incurred a loss of more than Rs 12,000 crore in 2014-15 on account of overall frauds, up from a loss of Rs 7,542 crore in the previous year. Between April 2011 and September 2014, banks reported 27,614 credit-card related frauds and another 3,835 debit-card related deceptions. Add to that another 1,969 cases of internet-banking related trickery, the numbers appear too big to ignore.
Bankers warn these numbers could be an underestimation as only frauds pertaining to big ticket are cases are being reported.
Kolkata’s Pallavi Gupta, received an email supposedly from the “RBI”, seeking her bank details. A confused Gupta, who had nothing to do with the RBI, did not share the data. “I have decided not to purchase anything online, I am petrified to give my details online,” she said.
Banks have been regularly sending messages to their customers, asking them not to disclose information to callers or through mail.
“We remain vigilant and are using various methods, including data analytics, to ensure a safe and secure banking environment,” Rajiv Anand, group executive and head, retail banking, Axis Bank.
Unless nipped in the bud, the growing incidence of tech-enabled banking frauds can potentially hinder the government’s plans to encourage plastic money and rein in India’s bustling parallel cash-driven economy that operates outside tax boundaries.
A cyber crime survey last year by audit firm KPMG showed more than half the respondents, or about 51%, saw themselves as easy targets for cyber attacks and 45% said cyber attacks had led to financial losses for them.
“In spite of very robust cyber security and fraud risk management tools in place in the banking sector, there has been a spate of cyber frauds,” Sandeep Dhupia, partner and head of forensic services, KPMG India, said.