Mahalaxmi resident and IT firm director Abhay Kimmatkar was careful with his debit card. He had subscribed to SMS alerts from his bank so he would be notified of transactions immediately and would ensure he gets a One Time Password (OTP) for each online transaction, instead of using a standard one. He was careful not to disclose his card information.
However, the 44-year-old became the latest target of fraudsters who used Rs. 64,435 from his account for online shopping in Beijing, China, even as Kimmatkar was right here in the city.
The police are clueless about how the accused had obtained details of his debit card – such as his card number, or his CVV number – and suspect they could have hacked into his bank’s data to access the information.
The Agripada police, whom Kimmatkar had filed a complaint with, have initiated a probe and recently approached the Bandra Kurla Complex (BKC) cyber police for help in tracing the Internet Protocol ( IP) address of the computer used for the online purchases.
On August 31, Kimmatkar, the director of ADDC Infocad Ltd, received four SMS alerts from his private bank, between 1.19pm and 1.54pm, about online purchases that had been made using his debit card. “When I saw the messages, I immediately called the bank’s helpline number and was informed that online transactions had been made using my debit card in Beijing. I got my card blocked immediately,” Abhay said.
“Surprisingly, I had not even received SMS alerts about my OTP [either an OTP or a ‘secure’ password is required for online purchases]. The fraudsters could have made changes in the card and other personal data ensuring I do not get the OTP message for the transactions,” he said.
The police suspect the fraudsters could have used the card details to clone the card.
The police have registered a case under sections 419 (cheating by personation) and 420 (cheating) of Indian Penal Code and 43B (If any person without permission of the owner of a computer or system downloads, copies or extracts any data, computer data base or information), 66A (Punishment for sending offensive messages through communication service, etc) and 66C (Punishment for identity theft) of Information Technology Act.
“With the help of the BKC cyber police, we are trying to get the details of the IP address of the computer system used in the crime,” said inspector Maniksingh Patil of the Agripada police. Kimmatkar claimed the day he had called the bank to report the fraud, the bank executive said they had received seven such complaints till afternoon.