Fraudsters evolve new methods says, Cyber Crime reports

MUMBAI: Cyber crimes on debit or credit card usage have more than doubled as fraudsters evolve new cloning methods to stay ahead of banks which are improving security features with chip and pin cards, according to preliminary industry data. 

The number of such crimes has increased by about 125% since a year ago, a senior official from the National Payments Corporation or NPCI, a settlement platform for e-payments, told ET on condition of anonymity. 

Every month there are up to 50 cases of travelers who have used their cards in smaller towns and when they leave it gets swiped again even though they are carrying their original card, according to data provided by cyber crime experts. 

"The rate of cyber crime on debit/credit card usage is tremendously rising at the national level," said Rakshit Tandon, Director - A&R Info Security Solutions & Advisor- Cyber Crime Unit, Uttar Pradesh Police, Agra. "Awareness about security measures is abysmally low from both customers and banks. People are falling victim either of cloning or identify theft." 

On an average there are about between 40 and 50 cases compared with between 10 and 12 cases Tandon had to deal with every month two years ago. 

It was not a joke played out on April 1, when Delhi's Santosh Pandey had read six cash withdrawal texts on his mobile phone in the morning wiping out Rs 80,000 in just five-ten minutes during midnight from Navi Mumbai ATMs, the place he has not visited even once in life. 

The country's largest lender, the State Bank of India BSE -0.73 %, will shortly make two security mechanisms fully operational: a one-time password or OTP and SMS card block facility with a brief narration. Besides, SBIBSE -0.73 % is set to run a media campaign on do's and don'ts for a customer to protect the person from any cyber attacks. 

"We have been running extensive campaigns to create awareness among customers and will pace it up. We are compliant to all RBI guidelines in this regard," said SBI's Pulak Sinha, general manager (payment solutions). The bank keeps on receiving complaints of debit card cloning, he said. 

NPCI runs a system called Fraud Monitoring Solutions where 45 scenarios have been fed to detect any possible manipulation. "It will decline transactions in such scenarios. Cloning related frauds are on the rise," said the NPCI official on condition of anonymity. But this will not trace transactions where debit cards are used within the parent bank's ATM network. 

Most of us are using debit cards encrypted with black magnetic strip on the flip side, which can easily be cloned unlike a chip-enabled card. "The entire industry hardly has one or two percent cards with chip and pin. This will not expand unless it is mandated by the regulator," said a head of a public sector bank. 

Here's how some ploys work: 

A cyber swindler typically uses skimmers, a device to take image of your cards. There are several innovative ways to use such tool. This mostly happens with travelers. 

For example, a customer uses card to pay her bills at restaurants, bars, hotels and malls. Now, a person with malicious intentions, will drop her card deliberately and bent to pick it up when the skimmer planted on his shirt pocket will take images within fraction of seconds. The same image is transferred to personal computer and then, given to manufacturers to get a duplicate card. 

For password, fraudsters take the help of "shoulder surfing", where one can trace password closely observing finger movements standing just behind user's shoulder. 

Similarly, a customer leaves potential space for skimmers when he gives his card to a third party at a petrol pump to pay bills. 

The most latest con game is that some glue is put below the key pad at ATMs so that the circuit does not function properly even if you press button but the ATM can read your card data once it gets swiped in the machine. Later, when you exit from ATM terminal, the prowler will immediately enter the same and remove the glue and will receive the desire access but for only one time. 

Con men can also get your card data cloned from the ATM slips, which almost every user drops at dustbin without destroying it completely.

To learn about Identity Theft visit www.cibilconsultants.com
Source: Secondary

Study says, Effective coordination is the key to contain cyber attacks.

PUNE: Better communication and information about cyber security, right investment in skilled personnel and enabling technologies together with adoption of security measures will minimize the risk of current and emerging cyber threats, says a Websense - Ponemon Institute US report. 

The report: "Exposing the Cyber security Cracks: Roadblocks, Refresh and Raising the Human Security IQ," has focused on challenges IT executives face in dealing with cyber risks, amid communication issues between IT security professionals and executives, a desire to overhaul current security systems and limited security knowledge among executives and employees. 

The findings assume importance in the wake of rise in data thefts and the eventual financial losses suffered by customers of different business organizations such as banks that are encouraging use of IT and mobile technology driven services. 

Based on a survey of nearly 5,000 global IT security professionals (including 545 in India), the report reveals a knowledge and resource gap in the enterprise - leading to an increased level of vulnerability and risk of data security breaches. 

Web sense, Inc. is engaged in protecting organizations from cyber attacks and data theft while Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. 

Globally, 29% of respondents would do a complete overhaul of their current enterprise security system if they had the resources and opportunity, the survey showed. It said nearly half (47%) the respondents felt frequently disappointed with the level of protection a security solution they had procured while only 12% had never been disappointed in their security solutions. 

The report indicated that advanced persistent threats (APTs) and data exfiltration attacks rank among top fears for IT security professionals and 56% believed a data breach would trigger a change of security vendors. Encouragingly, 49% say they are planning to make significant investments and adjustments to their cyber security defenses in the next 12 months. 

Despite these concerns, a high 52% of companies do not provide cyber security education to their employees and less than half (42%) the employees have undergone a cyber threat modelling process in their present role, the report says, adding that of those that did, nearly all, (94%) found it to be important in terms of managing their cyber risk. 

"Advanced persistent threats and data exfiltration attacks rank the top fears for IT security professionals," said Larry Ponemon, chairman and founder of the Ponemon Institute. "These fears manifest because they believe their technology is in need of an overhaul and there is a widening gap in the knowledge and resource sharing among IT security professionals and executive staff. Encouragingly, the survey revealed plans for technology and education investment in place for the future," he added. 

Communication roadblocks are barriers to reducing the risk of a cyber attack, the survey said highlighting that 25% of cyber security teams never speak with their executive team about cyber security. Of those that did, 25% speak once a year and 18% speak twice while only one percent spoke weekly. 

Creating higher awareness among employee about IT threats and investing in training to help them combat such threats however seems to be a low priority for organizations the survey noted. Only 32% of respondents believe their company is investing enough in skilled personnel and technologies to be effective in executing its cyber security objectives or mission. In fact, 45% of companies represented in the research do not provide cyber security education to their employees, the survey revealed. 

Cyber law expert Vaishali Bhagwat told ToI that the human dimension in information security is almost ignored, yet the first to be blamed in case of a security breach incident. "Organisations run security awareness programmes to demonstrate compliance rather than deliver genuine behavior change in end users," Bhagwat said. "Security is never baked in as it is nobody's priority. In a market that is kind to the one who reaches there first, security is bound to go on the back burner unless some sanctions are imposed on organisations that release insecure products," Bhagwat said, adding, "Technology is pushed on to users without giving due consideration to human behavior and no significant efforts are being made to change human behavior so that it readily absorbs new technology to ensure its appropriate use." 

"This Ponemon Institute security survey highlights that a lack of communication, education and inadequate security systems is making it possible for cyber criminals to attack organizations across the globe," said John McCormack, Websense chief executive officer. "It's not surprising that many security professionals are disappointed with the level of protection their current solutions provide, as many still use legacy solutions that cannot disrupt the kill chain to prevent data theft." 

To learn about Identity theft visit: www.cibilconsultants.com

Source: Secondary

Protect Your Smartphone From Cyber Criminals

There was a time only when criminals with a face were on the prowl. This class included people who snatched gold chains, picked pockets or stole cars. But with wealth management going online, they have become faceless, at least until they are tracked down. In fact, until a few years ago, tracking these cyber criminal was not so difficult as a hacker could be traced back to his computer. But that is not the case any more.

A report published in the Business Line today said this is due to a software which spoofs IPs and hence cover the hacker’s identify as well as the place of his origin. The attacks by cyber criminals just got more intense as, with increasing popularity of smartphones, the number of viruses and malware that can be used to hack also surged.

“A sample study carried out by our company in eight cities shows that more than one lakh smartphones are subjected to cyber attacks every day in India,”Ritesh Chopra, country sales manager of anti-virus manufacturer Norton, has been quoted as saying in the report.

There are various types of risks. Such attacks not only affects the hardware slowing down the phone, but also your exposes your personal data to the criminals. Many of us store details of our bank accounts and other such personal financial data on our smartphone these days. But unlike PCs and laptops, most of these smartphones don’t have anti-virus software installed. Since many use social media via smartphones, identity theft too becomes an added risk.

So what should you do? One way to deal with this issue is to get rid of the smartphone and use a low-end phone instead. But if that’s not possible, you could take a few steps to extenuate the risk. For instance, don’t have your internet switched on your phone when you are not using it. Also, be cautious while using Wi-Fi and Bluetooth, since these are relatively more vulnerable to such attacks. And finally, you could install antivirus software for your smartphone. 

Learn about identity theft at www.cibilconsultants.com 

Source: Secondary