Fellow connects who feel unsure on the safety of online shopping - this article goes in some detail about dealing with risks associated with Online Shopping & Online Banking. While companies have whole teams to manage risks; us as individuals need to follow some guidelines to minimize our online risks. It goes beyond standard advise posted by banks e.g. for safe banking.
It appears in Consultants Review Magazine's August 2015 issue. CR covers content & interviews covering a range of subject matter experts from HR, IT, Risk Management from both large companies and niche consulting firms.
The download link for this article is:- here
For those interested in visiting CR website; link is here
Alternately it can be viewed below.
PERSPECTIVE provides strategic e-commerce advisory for both startups & large enterprise. We also provide IT consulting. samir@perspective.net.in
Those interested in the text version of the article (if the above images are inadequate) can refer the same below.
Personal Technology Risk Management
By Samir Dahotre, Founder & CEO, PERSPECTIVE Management Consulting (E: samir@perspective.net.in Tel:+917666029701 )
Samir is one of India’s banking technology experts and has over 20 years experience in Technology Consulting & Sales having worked with tech leaders like Infosys, Microsoft & HCL; on technology solutions with all top 20 Indian Banks & the BFSI sector. PERSPECTIVE started 3 years ago provides Strategic Go To Market Services for both Enterprise IT Vendors as well as E-Com start-ups including setting up business strategy & plan, product strategy, IT setup & operational rollout. They also provide IT Consulting to Govt. & Corporates. In Risk Management their work in the banking sector has been appreciated by the banking regulator RBI.
Definition
While large companies have entire teams dedicated to Credit, Operational and Market Risk Management; here are some tips that we as individuals can implement to safeguard our financial assets in a highly internet driven age. The corporate definition of Risk Management is complex and we will not even reproduce it here. However our definition of Personal Technology Risk Management is “The processes individuals can follow to lower their exposure to financial fraud through technology channels as well as social engineered frauds”. This is an attempt to go beyond existing guides like Safe Banking, Identity Theft etc. to cover all possible technology risks.
Where
So where is it we do financial transactions? Online & Offline e.g. at branch. While this topic is vast; lets restrict our discussion to just key risk elements in two main online channels – Online Shopping & Online Banking.
Online Shopping
The huge popularity of online shopping has not seen a corresponding increase in security awareness; consequently frauds on online shopping increase day by day. Here are some guidelines:-
Limit on the Channel: If you use a Credit Card for online shopping go for a lower card limit/ separate card for online shopping. Same applies for net banking; keep your account balance lower or use a separate account (Risk Principle: Minimize the money, minimize the loss, hence minimize the risk). Then weather you follow good security practice or not; your risk is limited and hence you are at ease
3D Secure Code: The big myth buster of online shopping: 3D Secure Code (which is mastercard secure code or verified by visa) is not implemented worldwide including the US. Hence if you are shopping at a US site then only the card number and CVV is needed; which is obtained simply by photocopying your card back in India and producing its clone and selling it to a US person. Crores of rupees are lost online every month for chip based 3D secure cards
Site Trust: The first issue can be is this Online Shopping site trustworthy or not? Hence usually try to do search on a new site you land up on and try and gauge its trust worthiness. If you see enough content about them (especially about their management team); then you can trust them initially. However the show stopper is this: The payment page has to be from a “known and trusted” payment gateway e.g. when you are done with your cart and confirm order; it needs to redirect you to an HTTPS page of the Online Payment Gateway Site e.g. payumoney, billdesk, icicibank etc.... and preferably the page should display the logo of the online store from where you originally were redirected to Payment Gateway. If the payment gateway name seems unfamiliar; search and see for credentials
Discounts/ promos: As in the offline world – the online world is same... you see a shop “UPTO 70% off”; but spend an hour to find this deal and find a jacket you would never ever buy at 70% off! The real discounts will be a measly 10-30%. Hence control impulse buying. Buy only what you need; remember the ecommerce convenience may save you a few hundred rupees on travel cost; but if it results in increasing your monthly “indulgence shopping” limit from Rs. 2000 to Rs. 4000
New Trends: The online world offers some unbelievably great deals e.g. second hand products. Hence here also if you’re buying a cycle you see it, check it, you ride it and then pay for it hence the deal worked; however if it was a mobile it was OK the day you got the device, checked it and paid; but it conked off the next day. Discern what you buy
Banking
The first Risk in Banking and other services like Insurance is that the Sales Team are over aggressive and have huge targets; and promise you a lot of benefits (which when you look back never needed them); hence only choose an additional bank/ card if you really need it.
Social Engineering: This is the most dangerous form of fraud. Someone calls you from ABC bank as a verification exercise and gets all your net banking login details and passwords from you. He then somehow collides with your mobile provider operator staff or agent, obtains your mobile number; gets your SIM card blocked, reissues the SIM card to himself so that he can now get the One Time Password on his phone for funds transfer from your account. For example search “Prof Dhande IIT fraud”. Several examples exist
Branch: Usually considered safe; however here the risks are always there e.g. not understanding the schedule of charges while you sign up that new Credit Card in the branch. Ask direct questions on the charges & get verification via an email
Current Account: Small and new businesses need to carefully examine their monthly bank statement for the charges; you might sometimes be shocked to see an item of extremely high value charge. With regards to online NEFT transfer; it is considered safe as if you do a transfer to a wrong account (mismatch of Account Name & Account No) then the money is automatically remitted back
ATM: Considered very risky especially when using an isolated ATM in your travel in the interiors of the country. They have devices attached which clone card data so ensure your ATM looks “normal”. Search “ATM cloning techniques” especially on video
Card: remember the CVV number on your credit/ debit cards and then blacken it out with a marker. Anyone can use your card with just a photocopy
Chip Based Card: Most credit cards now come with a golden chip (SIM) which is on the front side; where the card is entered in a bottom slot of card reader; you enter the PIN and hence payment is enabled. This is considered safe as the chip is encrypted v/s the earlier magnetic stripe which can be easily cloned. However how many people did you enter the PIN in front of? Your friends? The latest trend in India is that the restaurant staff gets the bill; customer is too lazy to go to Billing counter to enter PIN hence he writes the PIN on the bill gets it swiped and comes back. Now someone in your office finds that bill/ receipt in your wallet; takes your card which is also in your wallet; knows your PIN and now you are done!
Phone Banking: Usually quite safe; but also consider whenever someone calls you from the bank and if they ask for your confidential information it’s a fraud. Ensure the website from where you obtained phone banking is of the bank itself. E.g. abcbank.com might be your bank but www.2abcbank.com might be a fraud site.
Internet Banking: Usually is quite safe if there is double two factor authentications. E.g. for doing a fund transfer you need to enter User ID, login password, transaction password and another factor of authentication like SMS OTP or Grid Value (A number from a table on your debit card); Hence double 2 factor because of transaction password as well as Grid Value. Ensure that your funds are only as much as you need; the excess sweep out into an FD; automatic sweep outs are offered by banks
Mobile Wallet: Mobile wallet is when you load a mobile wallet app in your phone with a pre-decided amount loaded by you or linking your various credit or debit cards to this wallet. Weather your bank or PayTM... load this with minimal money as it is early days for m-wallet
Tap to pay: You go to a Coffee Shop, at billing counter tap your phone to initiate payment from your Mobile Wallet. You will need to enter PIN here... ensure usual safegaurds. Remember its easier to steal a mobile wallet (mobile phone) v/s a thin plastic credit card
Whatsapp: A few stock brokers claim that they have regulatory approval for offering consumers that they can trade shares via whatsapp; if so ask them to show you the regulator approval note
Bank Reputation: If your bank continues to have a top batting average in online fraud (from RBI reports you can check this); then I think its time you changed your star batsman! India already scores very well; we are a top 5 online banking fraud nation globally
Hope this has guided you on some “Personal Technology Risk Management” strategies. Risk Management may not always be some heavy guide book but also some personal processes to ensure your own financial health. Meanwhile; happy banking and happy online shopping!
More blogs to follow: