Wednesday, November 9, 2016

How to Prevent Skimming and Phishing

How to Prevent Skimming and Phishing


Fraudsters now appear to have switched their attention to those using on-line banking services. The theft of bank details online, is on the increase. With the ATMs of numerous banks being compromised by fraudulent activities and the phishing for information via email accounts.

03-03-2013 09-14-50

Image Courtesy:SBT

Skimming is the illegal copying of information from the magnetic strip of a credit card.The skimmer is a small device that scans a credit card and stores the information contained in the magnetic strip.PoS (Point of Sale) machines at  where skimming is mostly  happen. Skimming can take place during a legitimate transaction at a business.It can occur easily in a restaurant ot textile shop  because your card is taken away when the bill is being settled .A person  have skimmed your card, can create a fake or ‘cloned’ card with your details on it.

03-03-2013 08-48-4003-03-2013 08-49-58

Protect yourself from card skimming

  • Before swiping your debit card, give a small tug on the card swiper. If there is any movement or the device comes off, dont use that ATM -- it could be a sign a thief has inserted a skimmer.
  • You may be able to keep the thief from seeing your PIN by covering the keyboard with your free hand and blocking the view of a camera.
  • Check your account statement regularly for suspicious charges or withdrawals.
  • Cover your hand while entering your PIN number, so that if criminals have installed a surveillance camera, they won’t be able to see your secret code.
  • If you think your card has been part of a skimming scam, contact your financial institution immediately.
  • Keep your credit card and ATM cards safe. Do not share your personal identity number (PIN) with anyone. Do not keep any written copy of your PIN with the card.
  • Check your bank account and credit card statements when you get them. If you see a transaction you cannot explain, report it to your credit union or bank.
  • Choose passwords that would be difficult for anyone else to guess.

Read:How does ATM skimming work?

Phishing (also known as "carding" or "spoofing") refers to emails or SMSs that trick people into giving out their personal and banking information.A common phishing scam starts official-looking e-mail from a business. The   e-mail looks in every respect like one from a trusted source, such as a bank .

03-03-2013 08-17-44

The email will contain a link that directs the users Web browser to a Web site that, to all intents and purposes, appears authentic. Once youre on the fake site, youre invited to enter your logon name, password and credit card number - thats all they need to hijack your account.

Sample Phishing email text is reproduced below:

Dear valued SBI Net banking Customer,
SBI’s Internet Banking, is hereby announcing the New Security Upgrade. We have upgraded our new SS: servers to serve our customers for a better and secure banking service, against any fraudulent activities. Due to this recent upgrade, you are requested to update your account information by following the reference below.
Reference*
Regards
Customers Service
State Bank Of India

03-03-2013 08-41-48

Protect yourself from Phishing

  • Consider all email requests for personal or payment information to be suspicious
  • Be cautious about clicking on links in unsolicited email that you receive
  • Check the legitimacy of any email requesting your personal or payment information by looking upon companys phone number separately and calling to verify the request .
  • Watch the typos and bad grammar.Those are warning signals that an email may be fraudulent
  • Use spam blockers and keep your Antivirus software up to date
  • Access your bank website only by typing the URL in the address bar of your browser
  • Scan your computer regularly with Antivirus to ensure that the system is Virus/Trojan free.
  • Change your Internet Banking password at periodical intervals.
  • Always check the last log-in date and time in the post login page.
  • Avoid accessing Internet banking accounts from cyber cafes or shared PCs.
  • If you think the URL is legitimate and you click on the link, you can still check that its a trusted website and business. Modern browsers like Safari 5, Firefox 7, Google Chrome, and Internet Explorer 10 display the company name in green if the site has been issued an Extended Validation (EV) Certificate and is a legitimate website/business.

Extended Validation Secure Sockets Layer (SSL) Certificates are special SSL Certificates that work with high security Web browsers to clearly identify a Web sites organizational identity. Extended Validation (EV) helps you make sure a Web site is genuine and verified.

03-03-2013 08-55-19

For example, if you use Microsoft® Internet Explorer 7 to go to a Web site secured with an SSL Certificate that meets the Extended Validation Standard, IE7 will cause the URL address bar to turn green. A display next to the green bar will alternatively (toggle) display the organization name listed in the certificate and the Certificate Authority (VeriSign, for example).


Read : How Does Phishing Work?

To  prevent Skimming and Phishing , most of the Banks in India have started issuing chip-based EMV.EMV stands for Europay, MasterCard, Visa and  is the international standard for chip based payment cards to ensure the highest security level for Credit Card transactions.

With the EMV chip technology, all the data that was stored on the magnetic strip will be additionally embedded     on the chip. . A Credit Card with a chip is more secure and reliable than the one with just the magnetic stripe on the reverse of the card, as it is difficult to  copy customer details from an embedded chip. This safeguards the Credit Card from skimming frauds.

 
The biggest benefit of EMV is the reduction in card fraud resulting from counterfeit, lost and stolen cards.EMV chip payment cards can use their card on any EMV-compatible payment terminal. EMV technology supports enhanced cardholder verification methods and, unlike magnetic stripe cards, EMV payment cards can also be used to secure online payment transactions.

EMV supports four cardholder verification methods (CVM): offline PIN, online PIN, signature, or no cardholder verification method (CVM). So it ensures that the person attempting to make the transaction is the person to whom the card belongs.

EMV cards store payment information in a secure chip rather than on a magnetic stripe and the personalization of EMV cards is done using issuer-specific keys. Unlike a magnetic stripe card, it is virtually impossible to create a counterfeit EMV card that can be used to conduct a EMV payment transaction successfully.

To know more about EMV cards All About EMV Cards

In view of the rampant rise in credit card frauds, Reserve Bank of India  recently  issued guidelines for card issuers to only issue cards with an embedded chip and a compulsory pin (like that used for ATM transactions) from July 2013.


Available link for download