Surakshit Banking
SURAKSHIT BANKING – SURAKSHIT BANKING INITIATIVE BY TBMC BANK
- JE SAAVDHAN, AEJ SURAKSHIT
Security is crucial, especially when it comes to financial transactions where it is vital to guard against any exploitation. Since your data and digital safety is our top priority, we are committed to secure the same as also encourage you to be aware and alert and have a secure and safe mobile banking experience. With this endeavour of having a dedicated web page, we have a focused approach to make the larger audience aware about increasingly sophisticated and malicious techniques being attempted by attackers / fraudsters and top security preventive measures. We believe your support in being aware will also serve as mutual harmony and motivation towards creating and sustaining a safe and secured ecosystem.
SAFETY PRECAUTIONS
Here, at The Banaskantha Mercantile Co Op Bank Ltd, we strive to safeguard and enhance your online mobile banking experience with us. These safety precautions will help you in staying Surakshit and secure you from potential attacks.
EMAIL PRECAUTIONS
Your email ID is your identity and address on the Internet. It must be protected
- Be cautious while disclosing your email on websites, any social media platforms.
- If you receive any spam email, do not respond such email without further verification or clarification from respective sender.
- Never click on links, download files, or open attachments in emails that are sent from unknown senders.
- Change your password periodically.
PASSWORD PRECAUTIONS
- Make password at least 8 characters long. Include at least one capital letter, one numeral (0-9) and one special character (\,@,#,%,$,^).
- Do not share your passwords with anyone.
- Password should not contain all or a part of the user ID.
- Password should not contain any space.
- Ensure that no one is looking over your shoulder when you are entering a password.
- Change your password immediately if you suspect someone might know it.
- Do not write passwords anywhere.
- Change password regularly and be cautious on repeating the previous password.
- Use different passwords for business and personal use.
- Longer passwords are better and recommended.
ATM BANKING PRECAUTIONS
Some security measures of ATM banking are as follows:
- Register your mobile number with the Bank to get alerts of transactions.
- Beware of “shoulder surfing” while transacting anything inside the ATM. Shoulder surfing is a mode of target which attackers use by just standing near you and noticing the PIN entered for the card.
- Avoid engaging in any kind of conversations with strangers, near and inside the ATM. Do not accept assistance or allow anyone to interfere with your transaction.
- Do not perform any transaction if you find anything unusual in the ATM.
- Transaction slip, if printed, should not be disclosed to anyone.
- After you deposit a cash in the ATM Recycler Machines (where available), check the credit entry in your account after a couple of days. Report to the Bank if there is any discrepancy.
- Do not forget any valuable like card, passbook, mobile etc. in the ATM.
- Change your Card PIN the first time you use it.
- Memorize your PIN and do not write it anywhere.
- Do not share your PIN or card with anyone else.
MOBILE DEVICE PRECAUTIONS
- Password-protect your mobile device to protect against unauthorized access. Set up a Pin/password/pattern that is difficult to crack. Set biometric lock in your smart phones.
- Register/ update your mobile number and e-mail ID for alerts to keep track of your banking transactions.
- Do not click any URL in message that you are not sure about.
- Install an effective mobile anti-malware/anti-virus software on your mobile device and keep it updated.
- Keep your mobile device's OS and applications, including the browser, updated with the latest security patches and upgrades.
- Never leave your mobile device unattended.
- Do not use unsecured Wi-Fi, public or shared networks.
TYPES OF ATTACKS
PHISHING
Phishing is a type of attack which attempts to steal sensitive information like user login credentials, credit card number, etc. either through an email. It occurs when an attacker is masquerading as a trustworthy entity in electronic communication. The emails may ask the recipient to click a link and provide confidential information like account number, username and transaction password, mobile number, address, debit card/ credit card number, CVV, PAN, date of birth, mother’s maiden name, passport number, etc.
Modus operandi of email phishing
An attacker creates a fake email ID which looks like the original one, but there is always some difference.
For example, the attacker might create an email ID as ‘user@bmcbank.com’ instead of ‘user@bmcbbank.com’.
At first glance, both the email IDs would appear genuine, as there is only a slight spelling mistake but if the victim is in a hurry, he/she might end up interacting with the spoofed website and share confidential data.
Security practices:
- Be cautious while clicking on links, downloading files, or opening attachments in emails, especially received from unknown senders/sources.
- Be cautious while providing your personal details on any links.
- Carefully observe the email ID before sharing any data.
- As a best practice, do not share any confidential data on websites not starting with https:// (where s stands for secured).
VISHING AND SMSHING
Vishing is a combination of “voice” and “phishing”. phishing involves the use of emails to trick a target into providing the target’s personal details; vishing involves voice or telephone services. A typical vishing call involves an imposter, posing as an official from the bank or another organization asking for your personal details. These attackers could offer creative reasons to fetch information from a target.
SIM SWAP ATTACK
As most of the account details are connected to an individuals’ mobile number, the attacker tries to gain access to the SIM card or obtain a duplicate SIM card for carrying out transactions on such duplicate SIM. Using the SIM swap technique, the attacker gathers personal information by practices such as phishing, vishing, smishing, and more, and uses the same to get a new sim card issued in the customers’ name. Post which, the attacker gets all the requisite information using this sim card, including OTPs, which they use to conduct fraudulent transactions from the customers’ bank accounts.
MONEY MULE
Money Mule is a term used to describe a victim who is duped by fraudsters into laundering stolen/illegal money via the victim’s bank account.
JUICE JACKING
Juice jacking is a type of attack involving a charging port from where data is stolen from the connected device; there are crawlers that can search a phone for personally identifiable information (PII), account credentials, banking-related or credit card data. These crawlers can copy all information to attackers’ own devices.
ATM CARD SKIMMING
In this type of attack, the attacker targets ATM machines and places skimming devices which are used to steal data from ATM / Debit / Credit cards.
SCAM THROUGH QR (QUICK RESPONSE) CODE
A QR code (Quick Response Code) consists of several black squares and dots which represent certain digital information. When a smart device scans this code, it translates that information into something that can be easily understood by the device. Fraudsters often contact customers under various pretext and trick them into scanning QR codes using payment apps. This allows the fraudsters to withdraw money from customer’s account.
SCAM THROUGH SEARCH ENGINES
If an individual uses a search engine for obtaining contact details of bank, financial institutions, etc., he/she may end up contacting unknown / unverified contact numbers displayed on the search engine. These contact details could be camouflaged by fraudsters to attract their victims towards them. Once the individual calls them, the imposters to convince to give their card details for verification. Assuming this contact to be genuine, people compromise all their secure details & thus fall prey to frauds.
