Latest Posts


Tuesday, June 25, 2013

How to survive fraud attack on your bank accounts

Many bank customers were a bit concerned when they heard that fraudsters cleared off Rs13 lakh a few days ago from 29 Axis BankBSE -1.37 % accounts, including the Mumbai police's salary accounts. In fact, in the past few months there were many instances of ATM, card and online frauds. Naturally, many people are wondering whether they will be the next victims of some fraudsters. 

"Suspicious transactions arise from two aspects — card-present-transactions such as withdrawals from ATM or cards swiped at stores and cardnot-present transactions such as purchases through internet and mail order or over the phone," says VN Kulkarni, chief credit counselor with the Bank of India-backed Abhay Credit Counselling Centre. Scamsters resort to methods like skimming (duplicating the card), phishing (securing sensitive details over email), vishing (getting the details from customers over phone) to compromise your cards. Skimming, or cloning, usually takes place at point-of-sale terminals at shopping outlets and in case of phishing, customers are duped into revealing their confidential information over e-mails. 


The first step, of course, is to intimate the bank of the fraud or suspicious transaction at the earliest. "As soon as customers get to know that a fraud has occurred, they should report the matter to the bank quickly — through phone, e-mail or in person and take an acknowledgment from the bank. On its part, the bank should immediately take steps to control the damage inflicted by the fraud and also ensure that no further harm is done to customers' interests. An investigation should immediately be conducted by an appropriate authority of the bank, independent of its IT department. If the bank is unable to prove that the customer is specifically responsible for the fraud by compromising his password or in any other manner, it should compensate the customer adequately and fairly," says AC Mahajan, chairman, the Banking Codes and Standards Board of India (BCSBI). "The onus is on the bank to prove that the customer is at fault — only then can the customer be held responsible. The BCSBI code is silent on IT frauds at present, but the code is under revision and the matter has already been taken up for discussion by the committee appointed to recommend revisions to the code," adds Mahajan. 
Also, many people don't go through their bank account or credit card statements on a regular basis. "The first step one should take is that periodically keep track of your account by going through the statement of account and if any suspicious transaction is detected, bring it to the notice of the bank in writing so that immediate action can be taken. If there is a delay it may be difficult to go through the records for the banker as well," says Kulkarni. Don't forget to link your mobile number to your bank account and card. You get an alert as soon as your card is swiped or withdrawal is made, helping you take immediate action if you have not carried out the transaction. "The very first thing if someone comes around suspicious transaction is to report the matter to the bank or the lender. There are many incidents where credit card/debit card has been used abroad by compromising data. Once the bank is informed by the customer, it will hot-list the card, and after the necessary due diligence, the card is frozen to ensure no further damage is done," advises Rajiv Raj, co-founder of, a credit counselling firm. It would be a good idea to save your bank's phone-banking numbers in your cell phone and mailbox. Also, remember, your debit and credit cards, too, contain customer service numbers, which can be dialed in such situations. 

All bank websites have to put up a detailed grievance redressal policy and you need to follow the sequence laid out. After informing the bank over the phone, you need to follow it up with a written complaint. If there is no satisfactory response from the bank, knock on the nodal officer's doors. If after 30 days, the nodal officer, too, fails to respond, you can file your complaint with the Banking Ombudsman (BO). "If the customer is dissatisfied with the bank's investigation, the best course of action is to approach the Banking Ombudsman 30 days after filing the complaint with the bank. The Banking Ombudsman will take views of both the parties into account and deliver a verdict in 60 days or earlier," advises Mahajan. If the BO, too, does not rule in your favour, don't assume it is the end of road for you. "Of late, there are cases where the BO has closed cases under clause 13(a) or 13(c), stating that the case needs elaborate evidence. In such an event, the next option will be to approach the consumer court," suggests Kulkarni. Before going to court, you can also write to the deputy RBI governor seeking redressal. 


If your bank rejects your complaint and the Ombudsman offers no solace either, you need to start working towards approaching the courts. You will have to file an FIR (first information report) and approach the cyber cell with your complaint. Your course of action and documentary evidence to be collected will depend on the kind of fraudulent transaction that has been carried out. "If it is an ATM transaction, then call for certain documents such as EJ/JP Log, Switch Report, End of Day Report and Cash Reconciliation/Verification Report. ATM camera or CCTV recordings, wherever available, will serve as proofs, too. If your bank is a public sector lender and hesitates or even refuses to provide you these documents, you can use the Right to Information Act, 2005, to get the information or documents that you need," suggests Kulkarni. Since RTI is not applicable to private banks, you will have to rely on the Ombudsman's office, which is a public institution and hence bound by the RTI Act. You can file an application seeking documents or recordings that the private bank would have submitted to the Ombudsman. "On receipt of documents examine them minutely to find any details that can prove the transaction to be failed or even with a doubtful success. In case the transactions have been done through a cloned card, Visa and MasterCard have laid down some norms to be followed in case of card-presenttransactions. For instance, use the BIN check -- the first four digits of the credit card are called Bank Identification Number. One can determine through these numbers whether the card holder and the issuing bank are located in the same country," informs Kulkarni. These aspects can be used as evidence in the court as well as during a hearing at the Ombudsman's office.

However, to ensure that your case against your bank or card issuer is strong, at your end you need to exercise caution at every step while executing a transaction using your card at shopping outlets, ATMs or online. "At their end, customers should not respond to emails seeking sensitive information like User ID, card number of passwords. Remember, there are no free lunches, so it is best to ignore fraudulent emails with seemingly-lucrative offers. They should not even attempt to make enquiries. There is no need to be inquisitive in such cases," says Mahajan. 

This apart, to eliminate the risk of cloning, don't let the card to be swiped away from your eyes. Such frauds can be minimised to a great extent from July, when RBI's new rules on alternate payment transactions come into effect. Among other things, the banking regulator has asked banks to move to chip cards, instead of the magnetic stripe cards that are in use currently. 

Like in case of online transactions, where the user has to key in an additional password/confidential information to verify her identity, offline card transactions, too, will have to follow suit from July. "Some of the private and foreign banks have already moved to a two-factor authentication system, wherein they send the one-time password (OTP) to the registered mobile number. Some banks have also started issuing chip and PIN-based cards to all customers with high-value transactions apart from the ones who carry out international transactions," says Raj of 

As mentioned earlier, you need to be wary of fraudulent e-mails posing as genuine ones from your banks. The objective is to trick you into revealing sensitive information like card number, user ID and passwords. 

As a rule, never disclose any personal information, including your birth date and security answers, over emails or phones. 

No bank would ask the user to reveal such information for any purpose. Similarly, make sure you are using a secure website -- your URL should start with 'https'://rather than 'http'://. "Don't disclose your card verification number (CVV/CVC/CID), which is printed on the back of your card. The better option is to note it down in a confidential manner and smudge the figure on your card, so that it will not be known when you use your card in a restaurant or shop," recommends Kulkarni. This apart, buy an anti-virus software programme for your computer to safeguard transactions made at home.

No comments:

Post a Comment