Digital Cashless Transactions – How to Keep Your Money Safe
Sudden demonetization and then continuous push for cashless economy. The war on black money and corruption is gaining pace. And good thing, except for the elite class of black money hoarders (including politicians and businessmen alike) and a few outdate people who do not like change, people are embracing the idea gradually. But there is a saying (which, incidentally is an eternal truth as well), “after every bright morning, follows a dark night”. On one hand when cashless economy will benefit us in multiple ways, on the other hand cyber financial crimes will increase.
It is not that cyber financial crime is not present now. The truth is that India majorly being a cash-based economy, the chances of digital crime were low. With increase in digital transactions, cyber criminals will enter their dream time – their hay day. More and more technologically challenged people will become their victims.
The major problem…
It is not that all people are technologically challenged. The problem is that many of them take it way too lightly and do not care to take precautions. They think they have IQ high enough to beat every criminal mastermind is a duel of wits and presence of mind. The horrendous truth is that those who are over smart are the ones who lose most at the hands of those criminals. Of course, we cannot ignore the naïve people who think that anything digital is as difficult as sending a satellite to Jupiter. Come on, not everything digital is rocket science. Almost everything today has boiled down to a few clicks.
The big question…
How to keep money safe during digital transactions?
In case you are wondering how you can avoid your money being stolen during digital transactions, read this article carefully. You will know simple tips and tricks that will help you keep your money safe.
Before we begin, let us take a look at some of the channels of cyber financial crime that are usually used for duping people and stealing their money. Here is the list:
| Channel | Explanation |
| Fake calls or Vishing | Some criminals will get your phone number and banking details (such as the bank where you have your account) and call you. They will behave like they are personnel from the bank and only making some calls for verification. They will gradually take out all information, including debit card details and then use the same to take away your money. |
| Phishing | This is one of the classic methods used by criminals. They send fake emails which will extract out your financial data and rob your bank account. |
| Skimming | Some criminals will tamper with ATM or POS machines (usually in case of POS machines, the merchants are involved). When you swipe your card, the details of the card will be extracted by the tampered machine and will be used later. |
| Cloning | Some criminals will simply clone the data on the card on to a different card. This technique also involves tampering with the card swiping machines. |
| Spyware / Malware | There are several computer programs which are installed on your local hard drive from the websites you visit. These programs are designed to take away your sensitive information when you use your financial information online (for example on ecommerce website or when you use your internet banking). These programs then send away the information to the criminals who circulate such information in the first place through software. |
Now that we have taken a look at how information can be stolen from people and used for financial crimes over the internet, let us take a look at how we can keep our money safe while using digital transactions.
Things to do with your bank
GET ALERTS
The first thing you need to do is to divert your attention to your bank accounts. Did you know that RBI or Reserve Bank of India has given a mandate that every bank should send SMS and / or email notifications to account holders whenever you carry out a card transaction or internet banking?
Make use of this.
Do the following things to be sure that you receive alter for every transaction that is taking place through your card or your net banking account:
- Register your mobile number with your bank and turn on the mobile banking feature.
- Register your email ID with your bank.
Once you do that, you will start receiving notifications after the services have been activate from your bank’s end. So, every time you carry out the below mentioned activities, you will receive notifications:
- Withdraw money from ATM using your debit card.
- Use net banking for online payments.
- Use your debit card for making payments at POS or on ecommerce websites.
In case you did not carry out any of the aforementioned activities and yet you received a notification for such transactions, you can immediately have it investigated.
SET LIMITS
Did you know that your bank actually allows you to set limits on your debit cards? You have, say INR 2 lakhs in your bank account. This amount will be available through your debit card. However, you can actually set limits on your debit card. What does that mean? It simply means that you can actually set how much amount the debit card will allow you to use at various places.
You can actually set limit for:
- Transactions on ecommerce website.
- Transactions at POS or Point of Sale machines.
- ATM withdrawals.
Once you set a limit, you cannot use your card for any amount above the set limit. For example, if you set a limit of say, INR 3,000 for online transactions (that is transaction on ecommerce websites), you cannot make a purchase of anything that costs even INR 3,000.50. You will have to make sure that the product you are purchasing cost either exactly INR 3,000 or less than that.
Similarly, you can set limit to the amount of money that can be withdrawn from ATMs using the debit card.
Setting limits will ensure that even if your card is going into wrong hands, you can limit the losses because of the limits you have set.
PRIMARY AND SECONDARY DEBIT CARDS
Hold on. You are correct. There is no such thing called primary debit card and secondary credit card. At least no bank will issue anything like that. What we mean is:
- Create two bank accounts. Say, one with SBI and the other with ICICI. Ensure that you get debit cards from both banks.
- Now choose the bank where you want to stash all your money. Call this the primary bank account. The card corresponding to this account will then become your primary debit card. The other bank will be the secondary bank account and hence, the corresponding card will be your secondary debit card. Say, SBI is primary and ICICI is secondary.
Now that you have nicely identified your primary and secondary accounts and hence, debit cards, follow this:
- Put all your money in SBI (that is primary account). Keep your SBI card at home. Do not carry it with you. Do not use it for any digital transaction. Do not use it for withdrawing money from ATMs.
- Transfer some money from SBI to ICICI (that is to your secondary account). Make sure that you transfer only a small amount. Use the debit card of your secondary account everywhere.
This way, even if your card information is stolen or you lose your card, you will lose only a small amount of money and not your entire money. This is a very effective strategy of keeping your money safe.
SECURITY QUESTIONS
When you are applying for a bank account, you will be asked to input some details as security. These security questions usually ask things like your first pet’s name, your first math teacher, your grandfather’s name, your place of birth etc. These are very common questions.
Did you ever notice that you actually end up sharing these details on your social media profiles like Facebook? Cyber criminals can actually skim for those data from your social media account and use them to bypass security measures you set on your banking profile. NEVER EVER share such information on social media platforms. If you have already done so, remove such information or at least make them private and prevent them from being exposed to the world.
Also, Facebook and other social media platforms are basically anti-social (not literally, but think of it with a twist). You don’t really socialize. You never meet with people physically, you get more and more absorbed into your computer or phone and you almost forget everyone in your surroundings! You disconnect with real world. You disconnect with people who matter most in your life. On one hand, you disconnect and on other hand you become easy prey of cyber criminals because you keep on sharing information on such sites and guess what? The information that you think is simple may actually turn out to be vital.
Go for Credit Cards
While you may be really against credit cards, there are some really good benefits. Did you know that in case of credit cards, if you think that a fraud transaction has taken place, you can immediately call the issuer bank of the card and ask to delay the payments. The bank will do so and may even immediately revert the payment. This happens because in case of credit cards, the liability stays with the banks. This will not happen in case of debit cards. Once a transaction goes through using a debit card, you will lose your money. You may ask for an investigation from your bank. The bank will then take its own sweet time to investigate and eventually say that they cannot do anything. Why do they say so?
The OTP culprit…
You must have noticed that any online transaction that you are making will require you to keep in a One Time Password that the bank sends to your mobile phone. If the transaction is taking place, it simply means that you have authorized the transaction with the OTP.
If you walk up to the bank and state that you didn’t give the OTP intentionally and that you were either tricked by someone or someone simply took your phone and took the OTP, the bank won’t listen. Banks always give you continuous alerts and messages that you should not share your OTP with anyone else. You should keep it safe and you should keep your mobile safe. The onus lies on you and not on the bank. So, if the bank Is declining, it has every right to do so.
What if you are not eligible for credit cards?
This is a possibility. You may not have a proper credit score and maybe you do not have enough salary to get a credit card. In that case, you can do something. You can create a fixed deposit and then take a credit card against the same.
Once you get a credit card, you can use it and immediately pay off the bank using your net banking account or you debit card.
Switch to chip-based cards
There are two types of cards. EMV Chip Cards and Magnetic Stripe Cards.
EMV Chip Cards are basically Europay Cards, Master Cards or Visa Cards (EMV) that have a chip installed on the card. The chip contains all data.
Magnetic Stripe Cards are those cards which have a magnetic strip on the back. Your information is loaded on the magnetic strip of the card.
Chip-based cards are way safer that magnetic chip cards. Let us take a quick comparative look at the two types of cards in a tabular format:
| EMV Chip Cards | Magnetic Stripe Cards |
| The card needs to be inserted into the terminal. The chip on the card should enter the terminal. The terminal will read information from the chip. The card should stay inserted into the terminal unless a prompt is shown on the terminal to remove the card. | The card must be swiped at the terminal. The magnetic strip is actually swiped so that the information can be read. Once swiped, the card has to be removed. |
| The terminal will read all information from the chip installed on the card. During this, the terminal will give various on-screen instructions to carry out any transaction. This will include keying in the PIN. | Once the card is removed, the terminal processes the transaction and the customer is required to key in the PIN. |
| Only after the entire transaction has been completed and the receipt has been provided, the terminal will ask to remove the card. | Once the PIN is received, the transaction is completed and then the receipt is provided. |
Did you know that EMV Chip Cards also have a magnetic stripe? Only and only if the chip cannot be read due to any kind of technical glitch, the magnetic stripe should be used. This instruction has been given to all merchants who are using the POS terminal. In case a merchant doesn’t do that, you can politely ask the merchant to use the chip and not the stripe. If the merchant denies, politely refuse the transaction.
Why should you do that?
Did you know that magnetic stripes are very easy to copy? Duplicating magnetic stripe-based cards is rampant and many people have actually lost their money because of this. Chip-based cards on the other hand are way too difficult to duplicate.
Did you know about RBI mandate?
RBI has given a mandate that all magnetic stripe-based cards should be removed out of circulation and be replaced by chip-based cards by end of September 30, 2017. In case you have not received such a card by now, wait till the September 30, 2017 and then ask you bank to issue such card to you. If the bank denies, you can complain against the bank.
Things to remember while using cards
When you are using debit cards, remember the following:
- If you are swiping your card at some shop or restaurant, never ever let the waiters to take your card away for swiping. Instead, ask the waiter to bring the POS machine to you and have the card swiped in front of you. Alternately, you go up to the POS machine and have the card swiped in front of you.
- When you swipe your card for making a payment, never ever key in the PIN openly. Hide the machine from sight of the person at desk or other people in front of you and key in the PIN.
- When using the keypad, make sure that your all four fingers of both hands are open and you are placing them as if you are playing a piano and then key in the numbers. Never ever make a fist and then take out your index finger to key in the PIN. When you make a fist and take out your index finger, the keys you are pressing can be easily identified and memorized. With all fingers open, it really becomes difficult to understand which key you are pressing.
Things to take care of at ATMs
When you go to ATMs to withdraw cash, remember and follow the things mentioned below in the table.
| Things to do | Explanation |
| Check the machine | Take your time and check the machine to see if any skimmers have been installed or not. |
| Check for cameras | Check properly if any additional cameras have been installed somewhere which are positioned in such a way that they can record the keys that you are pressing. The machine itself will have a camera on top but that is meant for recording your face and is directed at your face and not at the keypad. |
| Tear the receipt | First thing first, skip the receipt part and go for SMS notifications. This will save trees and save the environment. In case you are taking a receipt from the ATM, tear off the receipt properly into tiny pieces if you want to throw it away right there. It is possible for criminals to take the receipt and get your account number despite the fact that the whole account number or the card number is not printed but only the last four digits. It becomes easy for the criminals to find the other digits using algorithms if they get the last four digits. At least the algorithms don’t need to work with the last four digits. |
| Don’t display money | Once you withdraw money from ATM, count it while facing the machine and then simply put it in your pocket or purse and then turn around and leave the ATM. Never display the money to others. Never count the money when you get out of the ATM. You may be robbed or money may be snatched away from thieves if you keep dangling the money in front of them. |
| Avoid white label ATMs | White label ATMs are those ATMs which are not issued by any bank. They are issued by private organizations and they dispense money for all bank cards. The problem with these machines is that they are not monitored by banks and in case of disputes, neither the bank and nor the private company will take ownership and you will lose your money. They are mostly targeted by criminals for skimming. Avoid them as much as possible. Of late, banks started circulating notices that one should use ATM of their respective banks and avoid ATMs of other banks and white label ATMs. Follow this if you want to stay safe. |
Phones and computers are worst enemies
Pal, when it comes to cashless transaction, phones and computers are definitely your best friends but also remember that they are your worst enemies as well. How come? Allow us to explain.
Phones
It is highly likely that you are using a smart phone for your mobile banking and you are using mobile wallets like Paytm or Freecharge or MobiKwik etc. That’s good. But… we often make these mistakes:
- We install various apps on our mobile which have ads in them. These apps can install spyware, malware and other data stealing codes and scripts on our phone. They can easily steal information from our banking apps or mobile wallets and use the. DO NOT INSTALL APPS WHICH YOU DON’T NEED OR ASK FOR TOO MANY PERMISSIONS OR HAVE TOO MANY ADS.
- Most of us do not install antivirus on our phones and even if we do, we use some free version which comes with ads or if they do not have ads, they do not provide full protection. SPEND MONEY AND GET A PROPER ANTIVIRUS FROM A REPUTED ANTIVIRUS COMPANY LIKE KASPERSKY OR ESET OR AVAST OR AVG ETC.
- Don’t root your phone. Rooting phone has become more of a style nowadays. Most of us don’t even know what to do after rooting a phone or even worse, we don’t even know what can be done with a rooted phone apart from removing system apps. Rooted phones are vulnerable and they can be easily attacked by hackers. DO NOT ROOT YOUR PHONE UNLESS YOU ARE A DEVELOPER AND YOU KNOW WHAT KIND OF SECURITY ISSUES YOU WILL FACE AND HOW TO MITIGATE THOSE ISSUES.
Computers
- Same again, install a proper antivirus. Keep your antivirus definitions updated. DO NOT USE CRACKED VERSIONS OF ANTIVIRUS.
- Regularly scan your computer for spyware, malware, adware and viruses.
- Make sure that the antivirus you are using has protection against keylogger scripts, phishing and spam.
- If you are using internet banking, make sure that that you are using incognito mode of your browser. All browser extensions are disabled in incognito mode and hence, if there are any extensions which are capable of stealing sensitive information, you will stay protected.
- IF YOU KNOW HOW TO HANDLE LINUX, try to dual boot your computer and have linux installed. Spyware, malware, virus, adware etc. do not work on linux operating systems. They infect Windows based computers and Mac computers.
- When using ecommerce website, make sure that the url of the website reads HTTPS and not HTTP. HTTPS means an encryption protocol where in your sensitive data is sent over the internet using secure encryption that cannot be broken. 128-bit SSL encryption is the most popular encryption method but you can also get 256-bit encryption on several websites.
- Use on-screen keyboards to enter password and user ID for net banking or logging in to websites where financial data will be entered. On-screen keyboards are extremely effective in preventing data theft caused by key logger scripts that often get installed on computers.
- Avoid going to websites which are loaded with too many ads or to websites which Google Chrome browser says / marks as unsafe. Did you know that Google Chrome is one of the best methods of finding out whether a website is safe to visit or not? If the browser detects any kind of malware or other harmful scripts or software on a website, it will prevent you from entering the website. If you choosing to enter the website, you need to do so at your own risk and then if you get into trouble, don’t blame Google that you were not warned.
Golden rules for passwords
Here are some golden rules when it comes to using passwords and pins for digital transactions or online transactions. Follow them properly and you should be safe:
- If you are using Net Banking, make sure that you change the password frequently. When we say frequently, you should ideally change it once every three months. You can do that more frequently if you want to.
- Never keep the passwords digitally stored on your computer. Passwords for sensitive websites like net banking, ecommerce website etc. should be kept written in a diary or a copy. We literally mean the old fashioned, pen and paper. That cannot be hacked!
- Never use passwords that are easy to guess. Use passwords that have combination of letters, digits and special characters. Such passwords are very difficult to guess and crack using password cracking software.
- If you are using a comparatively easy password and you are using a hint to remember it yourself, make sure that you are not making the hint too obvious for others to guess.
- In case of PINs, make sure that you are changing your ATM PIN once every 3 months.
- For OTP, make sure that the message sent by bank or the ecommerce website or mobile wallets cannot be read on locked screen. This will simply defeat the whole purpose of OTP.
- NEVER EVER SHARE YOUR PIN AND PASSWORD WITH ANYONE. TRY TO AVOID SHARING SUCH INFORMATION OVER EMAIL OR SMS WITH THE PEOPLE YOU TRUST (SUCH AS YOUR SPOUSE).
- If you have used a password for your bank, never use it anywhere else. Many people actually keep using the same password everywhere. This is not a good idea. Especially, your internet banking password should be totally different from any other password you provide anywhere else.
- If you are tech savvy, make use of a proper password manager for storing all your passwords and then lock the password manager using a master password and memorize the master password. Never store the master password.
A few things that you should not do
Okay, we often tend to do things that we should never do. We do those things out of trust and blind faith. In terms of finance, don’t even trust your own shadow. So, here is a list of things that YOU SHOULD NOT DO AT ANY COST:
- Share your passwords and PINs.
- Do not give your email id and phone number to every goddamn website that you come across. Websites will collect such information and sell them off to advertising companies. Those companies will then start spamming you with loads of adverts. Worst nightmare? If one of those companies turn out to be specialists in scamming.
- Don’t fall for offers that sound too good to be true. For example, ‘You are the lucky 1000th visitor of this website. Enter your details and get an iPad’. Go to a different computer and visit the same website and still then you will be the lucky 1000th Basically, anyone who visits the website always ends up becoming the lucky fellow.
- When you visit a shopping mall like Reliance Fresh or Big Bazar, you will be asked to share your phone number when you checkout. Do not do that. As said before, those details are sold off and if such information ends up with a scamming company… “may your GOD help you”.
- Remember, no bank will call you and ask for verification over phone. If a bank needs to verify something, a notice will be sent to you where you will be asked to provide documents like KYC documents. If you are receiving phone calls where you are asked to verify your details over phone, remember it is a scam and some criminal is doing that. Do not trust and never give away any details no matter how genuine they sound.
- Avoid sharing your important details like date of birth, your email id, your phone number etc. on social media websites such as Facebook. Even Facebook sells off data and there is no scarcity of criminals combing through Facebook to get hold of such details. Try to ditch Facebook if you can.
TrueCaller can be really dangerous
Those of us who use smartphone must have heard of the app named TrueCaller. This app allows you to identify the caller by showing the name of the owner of the number that is calling your phone. TrueCaller is world’s largest community of verified mobile phones. It maintains a global directory. However, in order for TrueCaller to work, one needs a high speed internet connection or a minimum of 3G connection. Once a call comes it, TrueCaller will quickly connect to its database, look for the name of the caller and show it back on screen. The problem is that sometimes, the data shown is not accurate.
There is one problem with TrueCaller. It will take control of your phone contacts book and will ask for several other permissions. The app is intrusive and will play with your privacy. The problem it is that will derive almost all possible data from your phone like your email ID, your Facebook account ID, your Twitter ID and more.
You can simply get the details of a person by searching with a number. It works very much like that of reverse phone look up. This is intrusive, isn’t it?
How can TrueCaller relate to digital transactions? We thought you would never ask! We are glad you did! Here is what can happen:
- A criminal gets hold of a phone number.
- He or she searches the number of TrueCaller to get a name and location.
- He uses the name and location to do a quick Google search. If the person (on whom the search is conducted) has online presence like on Facebook, Google search will show.
- From Google search, the criminal can get hold of information like Date of Birth, PAN details and more.
- Using this information, the criminal can then get a duplicate SIM and use the SIM to reset mail passwords. Once the criminal has access to emails, a world of opportunities can open for the criminal and a host of problems come in for the victim.
So, while TrueCaller is actually good for identifying unknown numbers and block unwanted calls and spammers, it also exposes your data to the world. So, TrueCaller can be really dangerous.
If you do not want these problems, you can simply go to TrueCaller’s website and then truecaller.com to unlist your own phone number. However, in order to unlist, you need to have registered account with TrueCaller. Remember that you can unlist anyone else’s number. You have to unlist your own number.
You may ask…
‘I never used TrueCaller, how can my details be there?’
Good question. But… you know what, you really don’t need to have TrueCaller installed on your phone to have your information up there. In case your friends have TrueCaller and they all have your phone number saved. In such a case, TrueCaller will take your details from the phone books of your friends because TrueCaller needs access to contacts while installing! See, isn’t that intrusion on your privacy?
Conclusion
Everything in this world has a good and a bad side. It will depend on you whether you end up on the good side of the fence or on the ugly and bad side. Digital world is risky and at the same time, it is wonderful, fast and reliable too! No matter whether you are opting for online transactions or offline transaction or going totally cashless, you will always be at a risk if you are not taking precautionary measures to prevent someone from committing financial fraud with you. Follow the instructions that are given by you to your bank. Do not think that you are immune to cybercrimes.
It is internet that we are talking about. Anything can happen at any given time within a blink of an eye. You won’t even realize that you have become a victim of online financial fraud and by the time you realize so, you may be a poor, really poor person by then. So, play safe! Try to follow all tips mentioned so far and you should be safe and protected.
Online safety is not rocket science. You can keep yourself safe with simple tricks and tips but for that, you will have to follow such tricks and tips. In case you choose to ignore what has been mentioned here on this article, it is your choice. We will only wish you good luck with your online endeavours.
Go cashless but play safe. After all, it is your money and you take the responsibility of saving it from unwanted crooks and cyber criminals. They will take it the very moment they get a chance.
Other Articles