Author: Anil Roy, Partner, Forensic and Investigative Services
“Indians will use digital instruments to make payments worth US$ 500 bn by 2020, contributing to 15% of the country’s GDP”, according to a study by Google and BCG.
Connectivity and technology has eased the burden of daily chores. Gone are the days of rushing to banks before 4 PM in the sultry afternoons or standing in long lines to deposit cheques and make withdrawals. Now it’s time to make way for the cashless economy as we move towards a cashless society. This move brings with it a host of opportunities for cybercriminals.
The latest trend to hit the block is Visa payWave, a form of contactless card payment which is now popular in the U.S. and the Europe. It is gradually gaining popularity in India too. Contactless systems use radio-frequency identification (RFID) or near field communication (NFC) to make secure payments to a compatible card reader. Fraudsters are able to get hold of card readers and scan through small value payments through a person’s wallet.
E-wallets eliminate the monotony of constantly entering card details to make purchases online. Paytm, MobiKwik and Ola Money are companies that store credit card details to make everyday transactions such as paying for services and buying essentials extremely simple and easy. There is no doubt that with your details in the hand of another company, it becomes a potential avenue for cybercriminals to target.
Your personal data and documents- name, address, date of birth, credit card numbers, bank details etc. can be stolen and used to create a fictitious identity. This identity can be used to apply for credit cards, bank loans and online transactions
Phishing is one of the most common methods that cyber criminals use. In 2016, corporate email spoofing has emerged as India’s latest trend in payment fraud. MDs of top MNCs are being targeted via emails as cybercriminals spoof an exact email address and draft a fictitious email to a CFO requesting for money to be transferred into their account. CFOs unsuspectingly transfer funds to the fraudster’s account assuming it is a genuine request from such a senior level manager and thus, the scam is completed. The only way to realise that the spoof email is a fake is by going through the full-header or logs of the suspected email address.
This is most commonly known as an advance-fee scam or some of its variations include the black money scam and Spanish Prisoner scam. Fraudulent emails, letters and phone calls are sent to people claiming they are being awarded some prize money or a share in some profitable business. However, victims are required to pay a fee to receive their share, which of course is never delivered.
Hackers duplicate popular website pages and submit them to search engines to try to gain revenue through the number of clicks they receive. These duplicate websites may contain malware which attempts to steal private information.
With today’s ever evolving payment methods, one needs to be aware of the red flags. However, the sheer convenience modern payment methods offer in both transacting and keeping track of finances means a cashless society is definitely the way to go. So simply swipe.
With contributions from Adhiraj Chand and Karan Soni, Grant Thornton.