The news last week of a massive data breach of the Indian banking system by fraudsters hacking into ATMs from abroad that left nearly 3.2 million debit cards at risk of fraud came a shock to bank consumers.
While Indian banks have assured its customers of having secure systems and the government too has stepped in by calling for a report on the data breach, what precautions should you take as a cardholder to be guard against the moves of such cyber criminals?
“Transaction Security not a choice anymore. Staying ahead of global fraud is a never-ending battle,” says Navroze Dastur, Managing Director, NCR Corporation, India & South Asia.”As the marketplace for electronic payments becomes bigger with the advent off a lot of new generation companies and start-ups getting into this space the larger is the risk of fraud or cyber-crime on ecommerce sites, internet banking, mobile wallets, payment gateway etc, he said. NCR, a global provider of financial solutions such as financial services ATMs, retail self-checkouts, restaurant POS and travel ticketing kiosks, enables 55 million transactions daily.
Dastur has the following suggestions for consumers as well as financial institutions to be step ahead of cyber criminals and to prevent and respond to computer and network security breaches:
Recommendations for Consumers:
* Don’t share your card data or password with any one
* Once in six months change your passwords
* Do not let your debit or credit card out of sight while making payments ask for the terminal to be brought to you.
* Be alert while transacting so that any unusual activity or device can be identified.
* Don’t give your account number to anyone on the phone unless you’ve made the call to a company you know to be reputable. If you’ve never done business with them before, do an online search first for reviews or complaints.
* Carry your cards separately from your wallet. It can minimise your losses if someone steals your wallet or purse.
* Carry only the card you need for that outing.
* During a transaction, keep your eye on your card. Make sure you get it back before you walk away.
* Sign your new cards as soon as they arrive.
* Never put your card number on a postcard or on the outside of an envelope.
Recommendation for financial institutions:
To have a very secure payment system financial institutions have to look into the following:
* Establish Network Access Controls: The network controls can either be hardware or software based and are implemented in hierarchical structure to reflect the network organization. The function of the network control is to detect any unauthorized access to prevent network security from being breached and finally to respond to a breach – thus the three categories of detect, prevent and respond.
* Risk Assessment: The risk for an organisation could range from natural disaster to an attack by a hacker. It is imperative to assess the types of risks to the network as we as the cost of recovering from attacks for all the resources that have been compromised.
* Listing Network Resources: Mission critical network resources and components of any enterprise network needs to be prioritised and given controlled access as it carries sensitive corporate data.
* Secure Data Centers: Where servers are well protected physically and through tight firewalls
* Personnel Verification: Apply stringent credential checks of e accessing the switches including biometric authentication, iris scan, camera etc.
* Audits: Mandate regular audits through internal teams and external professional agencies