Wednesday, January 25, 2017

Security Concerns - Cashless Transactions

This is a part of the talk 'Cyber law and Security Concerns' delivered on 18th January 2017 at the SGT University, Gurugaon. It explains safeguards to be taken in order to avoid cyber frauds.


With emphasis on cashless economy and online transactions, there is greater risk for cyber frauds. Here are the precautions that one should take.

Use Credit Card – Don't Swipe But Use PIN
It is better to use credit card than to use debit card. If the money is taken from debit card your money is gone but from credit card one can argue with the company or pay in monthly installment. Fix its limits according to your need.

Skimmer is a small device for surreptitiously recording information on the magnetic stripe of a credit card. A thief has to just swipe it on the same. A skimmer can be hand-held or installed where you would expect a legitimate card reader, such as an ATM machine or a gas pump. The information so obtained can be used on a fake card. 

Now smart credit cards have come with a chip. It requires personal identification number (PIN) to be punched in. So do don't swipe the card or don't use the stripe but use PIN after inserting the card. However, PIN can be observed and information on the magnetic strie can be taken by skimmer. So keep an eye on the person you are paying that he does not take your card  out of sight and ensure that he has nothing in his hands. 

Banks and credit card companies generally have very active fraud detection policies and will immediately reach out to you, usually over mobile phones or SMS, if they notice something suspicious. Responding quickly can mean stopping attacks before they can affect you, so keep your mobiles handy. 

Don't Store Card Details On Websites
Many websites ask you to store your credit card details for future use. Don't do it. In case of data security breach, they are liable to be used by fraudsters. 

Check Credit Card And Bank Statements
Impact of identity theft and online crimes can be reduced if you can find it out at the earliest after your data is stolen or when the first use of your information is attempted. The easiest way to do it is by regularly checking credit card and bank statements as well as for anything out of the ordinary. 
Justice Yatindra Singh delivering the talk

Use secure  and stay out of bad websites
When a computer used online, it sends and receives data. In an unsecured website, it is normally in plain text, meaning anyone would be able to read it or sniff it. The solution to this problem is to encrypt the data for transmission. Secure Sockets Layer (SSL) was created for this very purpose. 

By using a complex system of key exchanges between your browser and the server you are communicating with, SSL ensures that this exchange of data is encrypted, thus making it secure. Such websites are shown as https rather than http. 's' is for secure. 

The SSL certificate is also issued by the authorised certifying authorities. A website may show dummy certificate that it is secure but your browser will indicate that identity of the website can not be verified and connection is untrusted.   So it is important to access secure websites when transacting with sensitive data.

Many places offer free Wi-Fi. They are not secure. Don't use sensitive data when you are using such WI-Fi. 

Don't go to hacker website or adult content website.

Free Online Offers Are Frauds 
The old saying  that there is no free lunch, is still true. Here are some examples:
  • If you receive an an email  that you have won a lottery or a prize or to help someone in exchange of share in a bounty then don't respond to it. They are fraud. 
  • Many freebies like free screen savers, or smileys, or secret investment tricks are often bundled with spyware or adware (See End note-1). They track your behaviour and report to the website on whose behalf they are installed.


Phony Emails
Don't respond to phony emails. Following are some indication of such emails:
  • Misspellings, poor grammar, odd phrasings, Web site addresses with strange extensions, Web site addresses that are entirely numbers where there are normally words, and anything else out of the ordinary are indications of fraudulent emails. Don't click on the links in these messages as they are likely to take you to a fraudulent, malicious Web sites.
  • Sometimes emails are received with an interesting business proposition or to help someone to take some money out of bank/ country for a cut in the same. Don't be tempted. 
  • Sometimes emails are received from your relative or friend that he is in trouble and requires some money and the same may be paid in the account mentioned therein. Don''t commit the mistake of depositing money. It is fraud; it means that email id has been compromised. 
  • Some emails are received mentioning 'Your credit card information has expired. Update your information on the link given otherwise your account will be closed' or 'Someone has accessed your account. We've locked your account. Please click here to access your account' or some similar excuse to to get confidential information  to keep the accounts running. Don't take the bait. This is called Physhing (See  End note-2)
  • Be careful while opening attachment with an email, especially by when it is send by someone that you don't know. Most of the viruses come via this method.  


Protect Personal Information
If you purchase goods or pay for services then you have to divulge you personal information like address, email or mobile number to handle billing and shipping of purchased goods or receive online receipts. But otherwise do not share or divulge personal information. It is likely to be misused. 

Strong  Password
Keep your password strong They should be at least of eight characters and should be combination of numbers, letters and symbols and should not be  related to you. Mix letters with upper and lower case.

Keep It Safe
Don't tell your passwords, PIN numbers credit card details to others. Use them on your personal computers. Computer of other person may be infected and may make you liable to cyber attack.

Different Website - Different Passwords
One password for different website is like one key for different locks in the house except it is easier to find out the key (password) on the Internet. Use different passwords for different website.

Be Circumspect In Returning Calls
Often your mobile will give a short ring and stop. Many of these calls are from outside India. Don't call back unless you know the number/ person. In case yo return the call then your sim may be cloned and fraudulently used. In case banking transactions are being done with mobile then these details along with card number may also be stolen and used fraudulently.  

So take care, act safely, and avoid complications as well as frustration.

End note-1: Spyware and Adware are often used together and there is a thin line of difference between the two. They are often referred to the programmes that get installed on your computer without or with your permission (perhaps granted unwittingly). 
  • Spyware  installs itself surreptitiously and is difficult to remove without assistance; 
  • Adware generally comes with an uninstaller, and can be easily removed from a system. 

These programmes can drain your computer’s resources, slow your Internet connection, spy on your surfing, and even forcibly redirect your Web browser.  

End note-2: Phishing is a fraudulent way of getting confidential information. In this case, victims  usually receive official-looking emails and are persuaded to click on a link in the email. This link directs them to a doctored version of an organization’s Website. In case one fills up his confidential information then that is likely to be used in the fraudulent way.

 #YatindraSingh, Yatindra SinghYatindra Singh
#CyberFrauds

No comments:

Post a Comment

OLD IS GOLD

This post talks about a very old but still relevant advice to young lawyers. It is contained in 1875 Tagore Law Lectures and was always give...