Few Golden Rules for safe Digital Transactions

With demonetization and the predominant shift towards digital transactions, people are likely to be FORCED to move online for many e-transactions. According to RBI, the percentage of Internet Banking transactions in banks rose from 75% in 2014-15 to over 85% in 2015-16. An article in the Times of India dated 16th January 2016 states that India is ready for a 4-time jump in digital payments. With the economy moving to cashless, people are increasingly exploring payment alternatives such as UPI, e-wallets, and USSD based mobile banking through different platforms, which are directly or indirectly linked to the user’s bank account.

Many people find this shift extremely convenient and fast. However, while technology is a boon that makes things easy, it can also be a bane and cause financial losses if one does not follow certain etiquette and basic precautions. Some of the key steps that one should take to ensure that one’s funds remain safe and secure are

1.Use strong passwords / PINs and change them frequently: An easily guessable password or a PIN can be easily exploited and misused to cause great financial loss. One should avoid using one’s personal information like name, date of birth, wedding anniversary, etc. as passwords / PINs.

Most common doubt in people’s mind is – why change passwords if they are strong? The answer to this lies in the password cracking softwares that can crack any password, irrespective of its length/strength. The longer/stronger the password, the longer is the time taken to crack. Consider a case where a strong password is cracked after about 3 months – the hacker
cannot exploit this information if we have already changed our password within 3 months!!! Another important point – avoid sharing or writing down the password, unless it’s in a secure location.

2.Be careful where you swipe: Devices like skimmers on bugged ATMs and POS (Point-Of-Sale) terminals can steal the Credit/Debit card data. Once duplicated, they can be used to carry out illegal transactions. The card-holder seldom notices this breach and realises it only after fraudulent transactions take place.

Use the latest chipped cards, and that too, only on secure ATMs and shopping outlets. In case there is an emergency and one is forced to use the card on a “suspicious” ATM, be sure to change the PIN at the earliest opportune moment from a safe ATM elsewhere. So even if our PIN has been compromised, we will remain protected if the fraudster makes an attempt after the PIN has changed.

3.Activate two-factor authentication: RBI has mandated the use of two-factor authentication, whereby a 3-D secure methodology using our mobile phone is necessary for authentication. Once activated, the user receives an SMS containing the OTP (One Time Password) that needs to be keyed in to complete the e-transaction.

There are cases where fraudsters call prospective victims prior to attempting fraudulent e-transactions and ask them to share the OTP that they will be receiving shortly. They may state that it is required to verify the mobile number linked to the card, or to ensure that the card remains active or state other similar fables. One must be alert and vigilant and not reveal the OTP to anybody.

4.Protect your Desktop / laptop / mobile / device from malware: Ensure that the latest stable software, including Anti-Virus, is installed on your device. Before clicking on any link that pops up, make sure it is an authentic one. Be careful about the websites you visit and the files / applications that you download and install. As for installing e-wallets, go to the app store, check its reviews and ratings, and be assured that it’s a genuine application before deciding to
download one. Do not get carried away by any offers and discounts being provided.

If you are forced to access internet banking / e-transactions from a public computer, use the virtual keyboard in order to thwart key-loggers (malware that can record keyboard inputs that include user-ids and passwords). Thereafter, change the used application password from your personal / safe device at the earliest opportunity.

5.Use passwords to protect your device: Many times, especially in the case of smart phones, e-transaction and OTP receipt happens on the same device. Once a payment has been completed, it cannot be reversed. If one leaves their device / phone unlocked with a loaded e-wallet and it lands in the wrong hands, one may incur a financial loss. Password protection with
biometrics (wherever possible) must be enabled to prevent misuse of the device.

6.Wipe data if phone gets stolen / cannot be traced: With the heavy use of phones for e-transactions, losing a phone is like losing not only your wallet, but significant assets whose value cannot be estimated. If your device gets stolen, the best way to prevent misuse is to remotely wipe the data on the phone. It’s also important to maintain a regular backup of
the data, to facilitate easy restoration of the same on the new device.

7.Physical documents disposal: Many a time, we ignore the significance and extent of the information stored on physical documents like bank statements, credit card bills, etc. and dispose the old ones without shredding. If fraudsters gain access to such documents, they can use the information stored therein for social engineering and other exploits.