Net Profit or Loss

They make you click and pay…through your nose. Cyber scamsters use different tactics to trap victims.

By Sudhir Gore        Print Edition: April 19, 2007

Harshvardhan Singh, 30, is sold on the convenience of his credit card. The Indore-based assistant sales manager with Jet Airways travels far and wide and uses plastic for almost every expense he incurs. But when he was slapped a credit card bill of Rs 46,000, Singh sensed something was wrong. “On enquiring I was told that the amount was a net transaction conducted to download movies and for shopping in Hong Kong,” he says.

Recently, Kingfisher Airlines officials discovered to their horror that Rs 15 crore worth of tickets bought on the Net and on phone using credit cards had not been authorised by the cardholders. A group of scamsters had obtained credit card numbers and their customer verification codes and used them to buy thousands of air tickets. These tickets were then sold at attractive discounts to unsuspecting travellers. By the time the card holders got their credit card bills and raised an alarm, the scamsters had already pocketed over Rs 15 crore and fled.

 PREVENTION IS BETTER

The world can’t stop transacting online because of a few bad men. Here’s how you can protect yourself

 -Enter the URL address manually instead of clicking on links. Or phone the company for confirmation.

-Ensure that the website you’re accessing is secure before submitting sensitive information such as credit card numbers.

-Clicking on the padlock icon at the bottom of the screen displays a digital security certificate.

-Don’t open attachments of suspicious e-mail messages.These can execute malware programs to steal personal information.

-Download fake website detectors. SpoofStick, which helps detect spoofed websites, is available at http://www.corestreet.com/spoofstick/

-Use anti-phishing software that can help detect malware programs (antivirus), filter spam (spam filters), and ensure secure Internet usage (firewalls).

-Most Indian companies do not ask for web-based authentication. However, you should use the Net only if your credit card company has a web-based authentication.
-Avoid conducting online transactions on public computers in cybercafés. Ensure that you log yourself out before you leave.

Financial frauds on the Net are burgeoning. The convenience of click and pay is turning into a nightmare for cardholders and card companies alike. According to figures from the National Crime Records Bureau, over three-fourth of the 302 cyber crimes registered across the country in 2005 were financial frauds and identity thefts.

Cyber scamsters use different tactics to trap victims. The most common of these is phishing (see box Cipher Code). In 2003, thousands of eBay customers in the US received e-mails supposedly from the company.

 

The e-mail claimed that the customers’ accounts would be suspended unless they clicked on the provided link and updated the credit card information that the genuine eBay already had. The link took the customer to a bogus clone of the eBay site and tricked many into parting with credit card details to update their accounts. Millions of dollars were pilfered before the scam was discovered.

Then there is the more dangerous and difficult to detect pharming technique. If phishing is like a man trying to lure individuals with bait, pharming is like a trawler with a net. There is no escaping it. Pharming hijacks a legitimate site and inserts links that redirect users to a malicious site to obtain information on the card and its holder.

 Is there no recourse for the victims of this cyber menace? Of course, there is. Singh was not left to fend for himself. His passport and travel documents revealed that he had visited Hong Kong about two years ago. His bank verified this and figured out that his credit card was duplicated much before it was actually misused.

Says Sachin Khandelwal, head of Cards Product Group at ICICI Bank: “If it is found that the card was misused by someone else, the cardholder is not imposed any liability and the charge is reversed. The customer is not imposed any liability because it is the merchant establishment's responsibility.”

Not everyone is so lucky though. Paramjeet Singh Bhatia, also from Indore, is still fighting a legal battle against HDFC Bank for an unpaid bill of Rs 26,400. Bhatia says he never made the Net-based transaction. “The bank tried to settle the case after I moved the district consumer court,” he says.

You can protect yourself against cyber frauds by taking some simple precautions (read box: Preventionis Better). Says T.R. Ramachandran, business manager, cards, Citibank: “It is advisable to visit only secure and safe websites for Net transactions.”

Card companies can help by incorporating some security features in their products. For instance, some credit cards are tailored to tackle online security threats and are secure for online payments. For instance, ICICI Bank offers its customers extra protection of 3D Secure program to carry out secure transactions. 3D Secure is promoted by Visa and Mastercard for secure online transactions.

 Cipher Code

 Two most common tactics adopted by cyber scamsters to cheat you

P H I S H I N G
Many ICICI Bank customers fell for it a few years ago. Scammers copy the ‘look and feel’ of a reputed establishment’s website as accurately as possible, building a replica site as bait to reel in the targeted company’s customers.

How it works
A phisher sends out e-mails to lure unsuspecting victims. Little details may be changed–like a missing ‘i’ in the http://www.icicbank.com/ shown on your address bar, or there may be a substitution of the letter ‘l’ with the number ‘1’ as in http://www.paypa1.com/. A more sophisticated version involves redirecting victims through a masked address. The fraudster does some clever concealed coding to redirect traffic from a genuine link.

P H A R M I N G
Pharming is more sophisticated fraud and difficult to detect. Unlike phishing, which mimics well-known websites, pharming hijacks the targeted site altogether.The only tip off might be that your bank or credit card issuer is suddenly e-mailing you to reconfirm personal details and change your passwords and such details.

How it works
In a typical case of pharming, either the victim’s system or the DNS server may be compromised to re-direct traffic to a malicious site.Through ‘DNS Poisoning’ or ‘URL Hijacking’, even correctly-entered URLs can be diverted to a malicious site somewhere else in an attempt to extract sensitive personal data.

Also, just like an ISD or STD lock on your phone, the cardholder should have the option to enable or disable the facility of online transaction on his credit card. One major security hazard is that the customer verification number, which authenticates a Net transaction, is printed on the back side of a credit card. Stealing it is very simple. Instead, this number should be sent to the cardholder separately just like his ATM password.

Besides, basic details of every online card transaction should be immediately communicated to the cardholder through SMS or e-mail. Cardholders could be given the option wherein every e-transaction should be confirmed through telephone before clearance. Many banks already offer such a facility where any transaction beyond a specified value is confirmed with the cardholder beforehand.

Says Pavan Duggal, Supreme Court advocate and cyber law specialist: “The Consumer Protection Act, 1986 needs to be amended to cover e-commerce.” Also, we need a regulatory body to certify e-trading websites as authentic and secure for consumers.

Contrary to popular perception, Net-based usage of a credit card is safer than physical swiping. However, the horror stories of victims of frauds are acting as a damper. As e-commerce opens up and online transactions become more common, it will be in the interest of card companies to introduce such safety features in their cards. A few bad apples should not hold back an idea that offers convenience and safety for millions of users.

Youtube
  • Print

  • COMMENT
BT-Story-Page-B.gif
A    A   A
close