If your mobile phone has been off the network for a prolonged period, it might not be a bad idea to check your bank account.
Armed with duplicate SIM cards, fraudsters today are getting banks to send one-time passwords to customers’ registered mobile numbers. Thereafter they use the passwords to access bank accounts online.
One individual recently lost over Rs 2.5 lakh in this manner and was shocked when his bank told him that it had even sent alerts on the transactions to the registered number.
An investigation revealed that all the transactions were handled through a duplicate SIM card, obtained illegally.
Rising incidence
The spurt in mobile banking and internet banking transactions has led to “innovative” frauds in cyberspace, as evident from data with the Reserve Bank of India (RBI) and banking ombudsmen.
Addressing newspersons here on Wednesday, N. Krishna Mohan, Chief General Manager of the RBI and Banking Ombudsman, Andhra Pradesh, said: “Instances of fraudsters intercepting one-time passwords… to gain illegal access to bank accounts have been reported and this is an area of concern.’’
“The flouting of know-your-customer (KYC) norms by telecom operators needs to be prevented. There could be scope for collaboration between us and the Telecom Regulatory Authority of India,’’ he said.
Telecom service providers, however, insist that they are following norms, including KYC rules, while issuing SIM cards and duplicates.
“We comply with the guidelines issued by DoT fully. Any customer who doesn’t meet the basic mandate is not issued a SIM,” said Satish Kannan, Circle Business Head (Andhra Pradesh) of Uninor.
SHOULDER-SURFING
Right from cloning debit/credit cards to shoulder surfing in ATMs, where a bystander surreptitiously notes PIN numbers, there are a variety of ways in which data is being acquired by fraudsters.
Data is also stolen online. “Viruses at the back-end go undetected and some transactions carried out from our homes may not be secure,’’ says a bank official.
Customers, naturally, are a worried lot.
“I lost Rs 23,000 from my account with a large, tech-savvy private bank two months back. I am still struggling to get my money back,’’ said Sudhakar Kattimani, a railway officer in Bangalore, speaking to Business Line . “Can’t banks be technologically fool-proof,’’ he asked.
Hopefully, things will improve with the RBI requiring a second level of authentication (double PIN or password) for card-based transactions in future. The new rule takes effect on November 1.
(With inputs from K V Kurmanath)