Bad password habits make people at risk of financial frauds: Report – Times of India
The Reserve Bank of India (RBI) report for April – September 2022 reported 5406 instances of financial frauds vis-a-vis 4069 in the same period, a year ago. In terms of frauds, the modus operandi shifted to card or internet-based transactions, the RBI says. Though, the number is likely to be significantly higher than the RBI reported number as most victims of online identity thefts or other banking and financial frauds don’t report or are not taken seriously enough by police to register and take action as in case of laptop or mobile phone thefts, which can pose major risks to the owners due to the habit of storing passwords on these devices.
Despite some efforts by the Reserve Bank of India (RBI) to promote risk awareness among people through digital financial literacy, a large majority lacks the knowledge of how to store sensitive financial data safely, reveals a recent survey by LocalCircles. There are many ways in which identity thefts occur. Some of the most common are when credit card or debit card skimming happens when criminals replace card readers with a counterfeit device at cash counters or other point-of-sale systems, such as in grocery stores, gas stations, or ATMs. This device captures data contained in the magnetic strip of credit cards and debit cards and passes it to the skimmer. Sometimes, a small camera is set up to capture entries like ZIP codes and ATM PINs. Various other avenues including WhatsApp and other social media platforms, SMS, Phone calls, etc., are also known to be vulnerable to scams. For instance, redeeming expiring reward points or cashback offers many shared credentials or OTP codes, making them targets of scams. Once the hackers get the login credentials, they are able to use them on other websites. The situation becomes worse if you are in the habit of using the same credentials/ passwords across multiple websites.
Some people use easy-to-remember passwords, while others have one complex password for all their accounts. Neither option is recommended since it becomes easy for identity thieves and other criminals to steal your credentials. Some service providers recommend using a password manager software that helps users create strong passwords, store them in a digital vault protected by a single master password, and then retrieve them as needed when logging into accounts. This option may not be feasible or attractive for a large majority as it involves payment of monthly fees.
Where do you store your important passwords (ATM, debit/credit card, bank account)
One of the devices that is common with every individual these days is the mobile phone and hence by default people tend to store their sensitive financial information like pins and passwords on their phone. To the first question in the survey “Where do you store your important passwords (ATM, Debit Card, Credit Card, bank account, App/ Play stores, others)?”, 24% of the respondents shared that mobile phone has been their preferred choice whether as notes, in the contact list, in password app or another place in the device. Out of 11,236 respondents to the survey question, 8% indicated mobile phone notes; 9% in the mobile contact list; 2% in the password app on the phone; and 5% on other apps or places in the mobile phone. Of the remainder, only 14% stated that they “have them memorized” while 18% have such details stored “on my computer/laptop” and 39% have such important personal data stored in “another place/ way”. In addition, 2% of respondents keep such information in their wallet/ purse and another 3% gave no clear response. The response shows that nearly 4 out of 10 individuals are not taking any risk by storing banking/ debit or credit card details on devices that can be stolen and hacked. Overall, 17% of those surveyed like to store sensitive financial information in the mobile contact list or mobile notes. This is extremely concerning because many apps these days seek access to contact lists. The mobile notes are also not secure and do not have a password on them to secure them making users vulnerable.
In comparison, the LocalCircles survey in 2021 had revealed that 11% of citizens store their credentials or sensitive financial passwords and other information in mobile contact list or notes. Despite rising data theft and financial frauds, the new survey reveals that there has been a rise in people who use their mobile phones to store sensitive financial information with 17% of those surveyed admitting to doing so.
Who all have access to your ATM, debit/credit card(s) pin
To the question “Who all have access to your ATM, Debit card(s), Credit card(s) numbers and pin other than you ”24% out of 10,962 respondents indicated one or more “of my close family members”; 6% indicated one or more “of my domestic or office staff”. Of the remaining, 67% revealed that they have not shared such details with anyone while 3% respondents gave no clear response. The responses show that despite the risk, 30% people still trust close family members and staff with important details to enable them to withdraw money from their bank or use it with a debit or credit card. Despite all efforts to raise awareness among people, the new survey reveals that those sharing such vital details with others – family members, staff or friends is not reducing.
This is of importance because anytime one shares their sensitive financial details with others, they have added risk based on how their contact stores this information. Proof of identity shared in various places: 88% respondents indicated Aadhar card, 58% PAN card, 47% driving license, 42% passport, 35% voter ID card
Sharing identity proof carelessly
Though there is much talk about protecting data security and less paperwork and more governance, the fact is that for most government services like vehicle registration or private services like a hotel check in, one has to share a copy of their identity with the officer or customer service agent. This adds a new dependency as many times such information is shared on personal WhatsApp or email address of employees or in paper format making it vulnerable to misuse and theft.
Focusing on this issue, the survey sought to know “what are all the identities that you have submitted a photocopy/printout/digital version of for various applications, proofs, hotels, other bookings, etc., in the last 5 years” to which most of 10,650 respondents selected more than one options. The largest chunk of 88% respondents indicated Aadhar card, 58% PAN card, 47% driving license, 42% passport, 35% voter ID card, and 9% other ID. In effect, as the survey reveals citizens are expected to give digital and/ or paper proof of their ID at several places. In some cases, more than one ID is expected to be given. With such a trail of ID proofs, the vulnerability of citizens is a serious issue particularly in the event of data theft.
The survey to gauge the magnitude of financial fraud conducted in June 2022 found that 42% citizens surveyed had faced some type of financial fraud in the three year period of June 2019 – June 2022. The survey also found that 74% of them failed to get their money back. Recently, the Cyberabad police arrested a man in Haryana for selling identities and personal data of 66.9 crore Indians which included data from major platforms, edtech apps and even data of defense personnel. When such information is combined with sensitive financial passwords easily available in mobile contact lists and mobile notes, it is only a matter of time before
one is subject to financial fraud.
Many apps including payment and social media apps require such mobile contact lists to be shared with them and several of them have reported data breaches in the last 3 years. With the survey finding that 17% Indians are currently storing sensitive financial information in contact lists or notes on their mobile, 30% of them sharing them with their family members, staff, others and people having to commonly give copies of their Aadhaar and Pan Card to Government and private entities and individuals, it is only a matter of time before such fraud impacts each one of us. The need of the hour here is for regulators and ministries like consumer affairs, Information Technology and Finance to take this issue up in Mission Mode.
Despite some efforts by the Reserve Bank of India (RBI) to promote risk awareness among people through digital financial literacy, a large majority lacks the knowledge of how to store sensitive financial data safely, reveals a recent survey by LocalCircles. There are many ways in which identity thefts occur. Some of the most common are when credit card or debit card skimming happens when criminals replace card readers with a counterfeit device at cash counters or other point-of-sale systems, such as in grocery stores, gas stations, or ATMs. This device captures data contained in the magnetic strip of credit cards and debit cards and passes it to the skimmer. Sometimes, a small camera is set up to capture entries like ZIP codes and ATM PINs. Various other avenues including WhatsApp and other social media platforms, SMS, Phone calls, etc., are also known to be vulnerable to scams. For instance, redeeming expiring reward points or cashback offers many shared credentials or OTP codes, making them targets of scams. Once the hackers get the login credentials, they are able to use them on other websites. The situation becomes worse if you are in the habit of using the same credentials/ passwords across multiple websites.
Some people use easy-to-remember passwords, while others have one complex password for all their accounts. Neither option is recommended since it becomes easy for identity thieves and other criminals to steal your credentials. Some service providers recommend using a password manager software that helps users create strong passwords, store them in a digital vault protected by a single master password, and then retrieve them as needed when logging into accounts. This option may not be feasible or attractive for a large majority as it involves payment of monthly fees.
Where do you store your important passwords (ATM, debit/credit card, bank account)
One of the devices that is common with every individual these days is the mobile phone and hence by default people tend to store their sensitive financial information like pins and passwords on their phone. To the first question in the survey “Where do you store your important passwords (ATM, Debit Card, Credit Card, bank account, App/ Play stores, others)?”, 24% of the respondents shared that mobile phone has been their preferred choice whether as notes, in the contact list, in password app or another place in the device. Out of 11,236 respondents to the survey question, 8% indicated mobile phone notes; 9% in the mobile contact list; 2% in the password app on the phone; and 5% on other apps or places in the mobile phone. Of the remainder, only 14% stated that they “have them memorized” while 18% have such details stored “on my computer/laptop” and 39% have such important personal data stored in “another place/ way”. In addition, 2% of respondents keep such information in their wallet/ purse and another 3% gave no clear response. The response shows that nearly 4 out of 10 individuals are not taking any risk by storing banking/ debit or credit card details on devices that can be stolen and hacked. Overall, 17% of those surveyed like to store sensitive financial information in the mobile contact list or mobile notes. This is extremely concerning because many apps these days seek access to contact lists. The mobile notes are also not secure and do not have a password on them to secure them making users vulnerable.
In comparison, the LocalCircles survey in 2021 had revealed that 11% of citizens store their credentials or sensitive financial passwords and other information in mobile contact list or notes. Despite rising data theft and financial frauds, the new survey reveals that there has been a rise in people who use their mobile phones to store sensitive financial information with 17% of those surveyed admitting to doing so.
Who all have access to your ATM, debit/credit card(s) pin
To the question “Who all have access to your ATM, Debit card(s), Credit card(s) numbers and pin other than you ”24% out of 10,962 respondents indicated one or more “of my close family members”; 6% indicated one or more “of my domestic or office staff”. Of the remaining, 67% revealed that they have not shared such details with anyone while 3% respondents gave no clear response. The responses show that despite the risk, 30% people still trust close family members and staff with important details to enable them to withdraw money from their bank or use it with a debit or credit card. Despite all efforts to raise awareness among people, the new survey reveals that those sharing such vital details with others – family members, staff or friends is not reducing.
This is of importance because anytime one shares their sensitive financial details with others, they have added risk based on how their contact stores this information. Proof of identity shared in various places: 88% respondents indicated Aadhar card, 58% PAN card, 47% driving license, 42% passport, 35% voter ID card
Sharing identity proof carelessly
Though there is much talk about protecting data security and less paperwork and more governance, the fact is that for most government services like vehicle registration or private services like a hotel check in, one has to share a copy of their identity with the officer or customer service agent. This adds a new dependency as many times such information is shared on personal WhatsApp or email address of employees or in paper format making it vulnerable to misuse and theft.
Focusing on this issue, the survey sought to know “what are all the identities that you have submitted a photocopy/printout/digital version of for various applications, proofs, hotels, other bookings, etc., in the last 5 years” to which most of 10,650 respondents selected more than one options. The largest chunk of 88% respondents indicated Aadhar card, 58% PAN card, 47% driving license, 42% passport, 35% voter ID card, and 9% other ID. In effect, as the survey reveals citizens are expected to give digital and/ or paper proof of their ID at several places. In some cases, more than one ID is expected to be given. With such a trail of ID proofs, the vulnerability of citizens is a serious issue particularly in the event of data theft.
The survey to gauge the magnitude of financial fraud conducted in June 2022 found that 42% citizens surveyed had faced some type of financial fraud in the three year period of June 2019 – June 2022. The survey also found that 74% of them failed to get their money back. Recently, the Cyberabad police arrested a man in Haryana for selling identities and personal data of 66.9 crore Indians which included data from major platforms, edtech apps and even data of defense personnel. When such information is combined with sensitive financial passwords easily available in mobile contact lists and mobile notes, it is only a matter of time before
one is subject to financial fraud.
Many apps including payment and social media apps require such mobile contact lists to be shared with them and several of them have reported data breaches in the last 3 years. With the survey finding that 17% Indians are currently storing sensitive financial information in contact lists or notes on their mobile, 30% of them sharing them with their family members, staff, others and people having to commonly give copies of their Aadhaar and Pan Card to Government and private entities and individuals, it is only a matter of time before such fraud impacts each one of us. The need of the hour here is for regulators and ministries like consumer affairs, Information Technology and Finance to take this issue up in Mission Mode.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.