Convenience comes at a price. Although online banking has made our trips to the bank infrequent, it has put our money and data at a huge risk. More than 25,800 fraud cases related to credit/ debit cards and Internet banking were reported in 2017 (up to December 21), according to the Reserve Bank of India. With the mushrooming of payments apps, users are increasingly becoming vulnerable to phishing and malware attacks.
Shocking as it is, not even the established banks are insulated. Quick Heal Security Labs detected an Android malware that has been targeting over 232 banking apps including those of SBI, HDFC Bank and ICICI Bank. "Most consumers are confident that they're safe online, but hackers have proven otherwise," says Ritesh Chopra, Country Manager, Consumer Business Unit, Symantec.
Although not every app or platform is being attacked, being cautious never harmed anyone. Here's what you can do to safeguard against online frauds.
To start with, create a barrier by password-protecting all the devices - laptops, tablets, PCs and smartphones - that you may or may not use to access bank websites or payment apps. Set a daily transaction limit and turn on the two-factor authentication system. This two-step verification process requires you to enter additional information such as a verification code, a special pin or numbers from the back of your card. Sign up for log-in notifications wherever available and always log out of the session after transacting. Changing account passwords regularly is a good practice.
The number of users opting for online banking is expected to double - to 150 million - by 2020, according to a report by Boston Consulting Group. This is thanks to the rise of smartphones and payments apps promising us better deals and more handy ways to transact. Payment-related apps present an amplified risk of frauds and need to be dealt with more cautiously.
Incidence of hacking and malware is very high on the Android mobile platform; whereas on the iOS operating system, it is relatively rare. Even though app developers in the payments space are deploying the best security measures available, there are numerous third-party apps that infiltrate your mobile to access critical information.
"Mobile banking apps do not adequately shield their apps to make them tamper-proof. App shielding includes code obfuscation to prevent reverse-engineering, and anti-tampering mechanisms such as certificate pinning and debug detection. Currently, apps implement platform-specific best practices, but they are insufficient to protect against attacks across the device, network and app tiers," explains Manjunath Bhat, Research Director, Gartner.
In the maze of similar looking apps published on app stores, knowing the authentic ones is critical. Steer clear of counterfeit apps by checking the developer/publisher name. Be cautious about the permissions an app seeks at the time of installation.
"Connected devices (smartphones) are at an increased exposure to cyber risks, which gets further accentuated by multiple mobile apps. The risk increases significantly with the apps, since they get access to lot of information from the phone such as access to the phone directory, messages, pictures, etc. Some of these apps have the ability to even remotely share this information," says Atul Gupta, Partner and Head - IT Advisory (Risk Consulting), KPMG in India.
When you log in to a payments app, do not auto-save any information, be it the log-in credentials or the card details. Apart from password-protecting these apps, it is advisable to update the apps and the device's operating system when available as the updates often include security patches against prevailing attacks.