Author: Anil Roy, Partner, Forensic and Investigative Services
“Indians will use digital instruments to make payments worth US$ 500 bn by 2020, contributing to 15% of the country’s GDP”, according to a study by Google and BCG.
Connectivity and technology has eased the burden of daily chores. Gone are the days of rushing to banks before 4 PM in the sultry afternoons or standing in long lines to deposit cheques and make withdrawals. Now it’s time to make way for the cashless economy as we move towards a cashless society. This move brings with it a host of opportunities for cybercriminals.
Some of the upcoming trends
The latest trend to hit the block is Visa payWave, a form of contactless card payment which is now popular in the U.S. and the Europe. It is gradually gaining popularity in India too. Contactless systems use radio-frequency identification (RFID) or near field communication (NFC) to make secure payments to a compatible card reader. Fraudsters are able to get hold of card readers and scan through small value payments through a person’s wallet.
E-wallets eliminate the monotony of constantly entering card details to make purchases online. Paytm, MobiKwik and Ola Money are companies that store credit card details to make everyday transactions such as paying for services and buying essentials extremely simple and easy. There is no doubt that with your details in the hand of another company, it becomes a potential avenue for cybercriminals to target.
Current pitfalls and red flags
Your personal data and documents- name, address, date of birth, credit card numbers, bank details etc. can be stolen and used to create a fictitious identity. This identity can be used to apply for credit cards, bank loans and online transactions
Corporate email spoofing
Phishing is one of the most common methods that cyber criminals use. In 2016, corporate email spoofing has emerged as India’s latest trend in payment fraud. MDs of top MNCs are being targeted via emails as cybercriminals spoof an exact email address and draft a fictitious email to a CFO requesting for money to be transferred into their account. CFOs unsuspectingly transfer funds to the fraudster’s account assuming it is a genuine request from such a senior level manager and thus, the scam is completed. The only way to realise that the spoof email is a fake is by going through the full-header or logs of the suspected email address.
This is most commonly known as an advance-fee scam or some of its variations include the black money scam and Spanish Prisoner scam. Fraudulent emails, letters and phone calls are sent to people claiming they are being awarded some prize money or a share in some profitable business. However, victims are required to pay a fee to receive their share, which of course is never delivered.
Hackers duplicate popular website pages and submit them to search engines to try to gain revenue through the number of clicks they receive. These duplicate websites may contain malware which attempts to steal private information.
What can be done to mitigate the risk?
- Always destroy your old cards and never give the last four digits of your card and the CVV number, to anyone
- Businesses must make sure their systems and services are PCI-compliant (meeting payment card industry’s security standards for e-commerce transactions).
- Protect your electronic devices with effective security and firewall packages.
- Always check the senders email address; if it does not smell right do not entertain or provide any sensitive information – financial or personal.
- Always check the domain name of the websites you visit, they will start with http:// or https://. Https:// “is a protocol for secure communication over a computer network. The main motivation for HTTPS is authentication of the visited website and protection of the privacy and integrity of the exchanged data”.
With today’s ever evolving payment methods, one needs to be aware of the red flags. However, the sheer convenience modern payment methods offer in both transacting and keeping track of finances means a cashless society is definitely the way to go. So simply swipe.
With contributions from Adhiraj Chand and Karan Soni, Grant Thornton.