Personal details provided to the bank as part of CKYC) norm is no more secure In a bank, Just Rs 167lakh was stolen from a Mumbai company's bank account after fraudsters hacked into the bank's server and tampered with the information submitted under KYC guidelines The pranksters replaced the victim's mobile number in the database with their Own so that fund transfer alerts were sent to them. They then transferred money to seven different accounts across India. The money was subsequently withdrawn from these accounts and the account holders paid a commission this is the first time that
Prashant Mali, a lawyer and expert in cyber law, who is assisting the fraud victim, claimed that fraudsters had tampered with KYC information and stolen money. Mali claims that the crooks initially acquired the net banking login and password of Mumbai-based Rationales, in all likelihood from legally available bank databases.
They then turned to hacking the bank's KYC database and changing the mobile number provided by the company's proprietor Ashish Goradia. Investigatory traced the IP addresses of the computers from which hacking Was committed to Nigeria and the United Kingdom After substituting Goradia's mobile number with theirs, the fraudsters obtained a one-time password to carry out a transaction Pounds were transferred out in the first week of May Goradia learned about the fraud later in May when he visited the Juhu branch of the bank "We were startled because the number we gave the bank worked. The bank should be held responsible for the breach," he told TOL "Many more clients of the nationalized bank may have been defrauded with similar modus Operandi The Reserve The Bank of India should carefully consider the
bank's lapses said Mail They have Judged a complaint with the police and approached the adjudicating authority for a refund of losses and compensation.
What online fraud says about bank security
A malware attack on the bank's networks allowed a concerted digital fraud involving thousands of online transactions, which cost the Pune-based Cosmos Bank Rs 94 crore. An examination of the fraud's methods and the issues it raises regarding security measures
What the software did
The fraud began with a malware attack
Malware is malicious software that is typically sent to a target as a link and, when clicked, can install scripts and executable codes. Typically, it is prevented by employing anti-malware and antivirus software, and firewalls. In this case, the malware compromised a digital system responsible for setting cash dispensation requests raised at AIMs. A request is sent to the bank's core banking system (CBS) as soon as a card is swiped. If there is enough money in the account, CBS will allow the transaction. In this case, the malware created a proxy system that bypassed the CRS and approved a series of 14,800 fraudulent transactions to withdraw Rs 80.5 crore and Rs 78 crore12,000 transactions in 28 different nations, with the remainder in India. Another Rs 135 crore was transferred to a Hong Kong-based entity using a facility called Society for Worldwide Interbank Telecommunications (SWIFT)
The ATM transfers
Although a senior source at the National Payment Corporation of India (NPTI) stated that this is not clear at this time, it is believed that these were carried out using cloned cards. done debit and credit cards have been used in several cybercrimes. The fraudster collects the card details (these are sometimes even sold over the dark net, a network with restricted access) and uses a machine to copy these on dummies, or blank plastic cards
The timing
At the same time that the FBI published a warning about an "ATM cash-out attack" where criminals could hack a bank or payment processors, the attack on Cosmos happened. and use cloned cards at cash machines across the world to withdraw money. These attacks normally take place over the weekend, and Cosmos was attacked on Saturday
Customers' money
RBI guidelines say that if banks are at fault, they are liable to pay customers" However, there is also the issue of inconvenience for account-holders Account-hold-ears at Cosmos Bank could not carry out the Internet and mobile banking which were suspended in the aftermath of the attack. Banks form a part of the 'critical infrastructure and one would be skeptical about opening an account at a bank where security has been compromised," Bhatia said.
Image copyright-Google.com
0 Comments