Know about Card Skimming and how to protect your card

Of late there are many reports about frauds related to  Credit/Debit/ATM cards. In many instances it is reported that the card details were obtained by the  fraudsters  using a technique called "Skimming". 

In this article, the modus operandi of skimming and the precautionary steps to be taken by the card holders are given for the benefit of card users.

What is Card Skimming?

Skimming is the unauthorised copying of information stored on the magnetic strip of a credit/debit/atm card.  It is typically an "inside job" by a dishonest employee of a legitimate merchant. The dishonest employee usually procures a victim's  card number using basic methods such as photocopying receipts or more advanced methods such as using a small electronic device (skimmer) to swipe and store hundreds of victims’ credit card numbers. 

The employee  sells the information through a contact or on the Internet, at which point counterfeit cards with your details on it are made. The criminals go on a shopping spree with a copy of the credit or debit card, and cardholders are unaware of the fraud until a statement arrives with purchases they did not make. 

Skimming of ATM cards:

Instances of skimming have been reported where the perpetrator has put a device over the card slot of an ATM (automated teller machine), which reads the magnetic strip as the user unknowingly passes their card through it. 

These devices are often used in conjunction with a miniature camera (inconspicuously attached to the ATM) to read the user's PIN at the same time. This method is being used very frequently in many parts of the world, including South America, e.g. in Argentina and Europe, e.g. in the Netherlands 

Another technique used is a keypad overlay that matches up with the buttons of the legitimate keypad below it and presses them when operated, but records or transmits the keylog of the PIN entered by wireless. 

The device or group of devices illicitly installed on an ATM are also colloquially known as a "skimmer". Recently-made ATMs now often run a picture of what the slot and keypad are supposed to look like as a background, so that consumers can identify foreign devices attached. (Source:http://en.wikipedia.org/wiki/Credit_card_fraud).

Preventive steps to avoid fraud by skimming:

• If you are in a restaurant or in a shop and the assistant wants to swipe your card out of your sight, or in a second machine, you should ask for your card back straight away and either pay with a cheque or cash, or not make the purchase.
• Keep your credit card and ATM cards safe. Do not share your personal identity number (PIN) with anyone. Do not keep any written copy of your PIN with the card.
• Check your bank account and credit card statements when you get them. If you see a transaction you cannot explain, report it to your  bank.
• Choose passwords that would be difficult for anyone else to guess and keep your password secret.
• If you are using an ATM, take the time to check that there is nothing suspicious about the machine like an unusual gadget or camera .If the ATM looks suspicious, do not use it and alert the bank which owns the ATM.

       FINALLY  HOPE THAT ALL WILL AGREE THAT PREVENTION IS BETTER THAN CURE!           

Stay safe Online

When dealing with cyber crime, an ounce of prevention is truly worth a pound of cure. Cyber crime in its many forms (e.g., online identity theft, financial fraud, stalking, bullying, hacking, email spoofing, information piracy and forgery and intellectual property crime) can, at best, wreak havoc in victims’ lives through major inconvenience and annoyance. At worst, cyber crime can lead to financial ruin and potentially threaten a victim’s reputation and personal safety.

It’s always wise to do as much as possible to prevent cyber crime by following the Online Safety Basic steps given below:

ONLINE SAFETY BASICS

Spam and Phishing

Cyber criminals have become quite savvy in their attempts to lure people in and get you to click on a link or open an attachment.

Malicious Email

A malicious email can look just like it comes from a financial institution, an e-commerce site, a government agency or any other service or business.

It often urges you to act quickly, because your account has been compromised, your order cannot be fulfilled or there is another urgent matter to address.

If you are unsure whether an email request is legitimate, try to verify it with these steps:

• Contact the company directly – using information provided on an account statement, on the company’s official website or on the back of a credit card.
• Search for the company online – but not with information provided in the email.

Spam

Spam is the electronic equivalent of junk mail. The term refers to unsolicited, bulk – and often unwanted – email. Here are ways to reduce spam:

• Enable filters on your email programs: Most internet service providers (ISPs) and email providers offer spam filters; however, depending on the level you set, you may end up blocking emails you want. It’s a good idea to occasionally check your junk folder to ensure the filters are working properly.
• Report spam: Most email clients offer ways to mark an email as spam or report instances of spam. Reporting spam will also help to prevent the messages from being directly delivered to your inbox.
• Own your online presence: Consider hiding your email address from online profiles and social networking sites or only allowing certain people to view your personal information. 

Phishing

Phishing attacks use email or malicious websites (clicking on a link) to collect personal and financial information or infect your machine with malware and viruses.

Spear Phishing

Spear phishing involves highly specialized attacks against specific targets or small groups of targets to collect information or gain access to systems. For example, a cyber criminal may launch a spear phishing attack against a business to gain credentials to access a list of customers. From that attack, they may launch a phishing attack against the customers of the business. Since they have gained access to the network, the email they send may look even more authentic and because the recipient is already customer of the business, the email may more easily make it through filters and the recipient maybe more likely to open the email.

The cyber criminal can use even more devious social engineering efforts such as indicating there is an important technical update or new lower pricing to lure people.

Spam & Phishing on Social Networks

Spam, phishing and other scams aren’t limited to just email. They’re also prevalent on social networking sites. The same rules apply on social networks: When in doubt, throw it out. This rule applies to links in online ads, status updates, tweets and other posts. 

Tips for Avoiding Being a Victim

• Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email.
• Before sending or entering sensitive information online, check the security of the website.
• Pay attention to the website’s URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
• If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email. Check out the Anti-Phishing Working Group (APWG) to learn about known phishing attacks and/or report phishing.
• Keep a clean machine. Keep all software on internet-connected devices – including PCs, smartphones and tablets – up to date to reduce risk of infection from malware.

What to Do if You Are a Victim

• Report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
• If you believe your financial accounts may be compromised, contact your financial institution immediately and close the account(s).
• Watch for any unauthorized charges to your account.
• Consider reporting the attack to your local police department, and file a report with the Federal Trade Commission or the Internet Crime Complaint Center.
• Protect Yourself With These STOP. THINK. CONNECT.™ Tips
• When in doubt, throw it out: Links in email, tweets, posts and online advertising are often how cyber criminals try to compromise your information. If it looks suspicious, even if you know the source, it’s best to delete or – if appropriate – mark it as junk.
• Think before you act: Be wary of communications that implores you to act immediately, offers something that sounds too good to be true or asks for personal information.
• Make your passphrase a sentence: A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!
• Unique account, unique passphrase: Having separate passphrases for every account helps to thwart cyber criminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passphrases.
• Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passphrases are not enough to protect key accounts like email, banking and social media. 
• Malware and Botnets
• Viruses
• Viruses are harmful programs that can be transmitted to computers and other connected devices in a number of ways. Although viruses differ in many ways, all are designed to spread themselves from one device to another and cause havoc. Most commonly, viruses are designed to give the criminals who create them some sort of access to the infected devices.
• Spyware
• The terms “spyware” and “adware” apply to several different technologies. The two important things to know about them are that:
• They can download themselves onto your device without your permission (typically when you visit an unsafe website or via an attachment).
• They can make your computer do things you don’t want it to do, such as as opening an advertisement you didn’t want to see. In the worst cases, spyware can track your online movements, steal your passphrases and/or compromise your accounts.
• Botnets
• Botnets are networks of computers infected by malware (such as computer viruses, key loggers and other malicious software) and controlled remotely by criminals, usually for financial gain or to launch attacks on websites or networks.
• 
• If your computer is infected with this malware and part of a botnet, it communicates and receives instructions about what it’s supposed to do from “command and control” computers located anywhere around the globe. What your computer does depends on what the cyber criminals are trying to accomplish.
• Many botnets are designed to harvest data, such as passphrases, Social Security numbers, credit card numbers, addresses, telephone numbers and other personal information. The data is then used for nefarious purposes, such as identity theft, credit card fraud, spamming (sending junk email), website attacks and malware distribution.
• Ransomware
• Ransomware is a type of malware that accesses a victim’s files, locks and encrypts them and then demands the victim to pay a ransom to get them back. Cyber criminals use these attacks to try to get users to click on attachments or links that appear legitimate but actually contain malicious code. Ransomware is like the “digital kidnapping” of valuable data – from personal photos and memories to client information, financial records and intellectual property. Any individual or organization could be a potential ransomware target.
• Protect Yourself With These STOP. THINK. CONNECT.™ Tips:
• Keep security software current: Having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats.
• When in doubt, throw it out: Links in email, social media posts and online advertising are often how cyber criminals try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.
• Protect all devices that connect to the internet: Along with computers, smartphones, gaming systems and other web-enabled devices also need protection from viruses and malware.
• Plug & scan: USBs and other external devices can be infected by viruses and malware. Use your security software to scan them.
• 
  
• SOURCE AND FOR OTHER GUIDELINES FOR ONLINE SAFETY:
• https://staysafeonline.org/stay-safe-online/online-safety-basics/
• 
  

10 Things To Remember on new debit card PIN rule

  Payment through cards has become increasingly popular in India. To maintain security and keep up with the changing times, the Reserve Bank of India has mandated debit card holders to punch in their PIN numbers during every transaction from December 1.

Here are some things you need to know about debit card usage:

1) The RBI rule was first enforced in June 2013 to act as an additional layer of security in transactions. However, banks had requested for some time to update the back-end infrastructure. The RBI had then extended the deadline to November 30.

2) As part of the rule, customers will now to have punch in the PIN number after the card has been swiped or inserted in the small point-of-sales (PoS) terminal. This is the small machine that shops and merchants use for the payment. Once the PIN has been entered, you will get the transaction charge slip, which has to be signed.

3) If the PoS terminal is not updated to ask for PIN, and the transaction proceeds without it, then the bank will decline the transaction.

4) The PIN being used here is the same that a customer uses at an ATM or Automated Teller Machine to withdraw money. Do not get confused with the ‘transaction password’ used for online banking.

5) You will get only three chances at punching the right PIN number. After that, your transaction will automatically be cancelled. If you manage to remember your PIN number after three attempts, you can still use your debit card. However, the transaction will have to be started all over again from scratch.

6) If you have forgotten your PIN number, call your bank to order for a duplicate PIN number. You will, however, have to verify your personal details like address, email id, date of birth, etc., for security purposes. This will be posted to your address within 7-10 working days.

7) This rule is mainly for debit cards being used for physical transactions only. There is no change in the way internet transactions are undertaken. The rules for credit cards too remain unchanged.

8) This is part of the measures undertaken to deal with frauds and security breaches. Other measures include addition of an Europay, MasterCard or Visa chip on the card, establishment of real-time fraud monitoring system, limit on transactions, immediate notifications, etc.

9) There are over 36 crore debit cards being used in India to conduct as many as 5.54 crore merchandise transactions per month amounting to Rs 8,017.86 crore. There are as many as 52 crore transactions being conducted using ATMs in a month, as per the latest RBI data.

10) In contrast, there are 1.8 million credit cards in use. The total number of transactions being conducted at PoS counters too is less at 4.14 crore. However, the total value of transactions is higher than that for debit cards at Rs 10,748 crore.

Source: Simplus Information Services | Yahoo Finance India

New Norms for Credit Cards :Reserve Bank of India

All new debit and credit cards to be issued only for domestic usage unless international use is specifically sought by the customer.

Reserve Bank of India (RBI) vide Circular dated 28.02.2013 on “Security and Risk Mitigation Measures for Electronic Payment Transactions” has directed banks to put in place the following safety measures for Credit and Debit Card Transactions :

• All new debit and credit cards to be issued only for domestic usage unless international use is specifically sought by the customer. Such cards enabling international usage will have to be essentially EMV Chip and Pin enabled. (By June 30, 2013).

                                   Sample of EMV Chip and PIN enabled card

• Issuing banks should convert all existing Magstripe cards to EMV Chip card for all customers who have used their cards internationally at least once (for/through e-commerce/ATM/POS) (By June 30, 2013).

Backside of Existing Megastrip card(Sample)

• All the active Magstripe international cards issued by banks should have threshold limit for international usage. The threshold should be determined by the banks based on the risk profile of the customer and accepted by the customer (By June 30,2013).

• Banks should ensure that the terminals installed at the merchants for capturing card payments (including the double swipe terminals used) should be certified for PCI-DSS (Payment Card Industry – Data Security Standards) and PA-DSS (Payment Applications – Data Security Standards) (By June 30,2013).

• Bank should frame rules based on the transaction pattern of the usage of cards by the customers in coordination with the authorized card payment networks for arresting fraud (By June 30, 2013).

• Banks should ensure that all acquiring infrastructure that is currently operational on IP (internet protocol) based solutions are mandatorily made to go through PCI-DSS and PA-DSS certification. This should include acquirers, processors/aggregators and large merchants (By June 30, 2013).

• Banks should move towards real time fraud monitoring system at the earliest.

• Banks should provide easier methods (like SMS) for the customer to block his card and get a confirmation to that effect after blocking the card.

• Banks should move towards a system that facilitates implementation of additional facilitates implementation of additional factor of authentication for cards issued in India and used internationally (transactions acquired by banks located abroad).

After discussions with Banks, the RBI had issued the above guidelines vide Circular dated 28.02.2013 on “Security and Risk Mitigation Measures for Electronic Payment Transactions”.

Tips for Safe usage of Internet

Internet has already become an essential part of our lives.We access our banking records, credit card statements,  and other highly sensitive personal information through Internet. 

With all the benefits the Internet offers us, there are also many devastating threats in using Internet. 

The tips given below  offer you basic information on how you can be safe on Internet and enjoy Safe surfing through it. 

1. Don't login on third party applications which require your email login details.
2. Don't access your account through any email link as it can be risky. If the email turns out to be fraudulent then cyber criminal will have access to your account information.
3. Don't have single password or PINs for accessing all your online accounts, this can again lead to identity theft.
4. Don't use unsafe site that does not come with term ‘https‘. The “S” stands for secure and you should always make note of it before accessing any site.
5. Don't click on pop-ups that says “Your Pc is Insecure”, such links can have malware automatically downloaded to your PC.
6. Don't download free stuffs such as screen saver and those stupid smiley faces. Such things are very dangerous to your PC and you will soon notice it has turned slow then earlier. Sites like download.com are safe to use.
7. Be careful with  phishing mails, they may create a sense of urgency as “Your Account is in Risk” or an “Unauthorized transaction has taken place” so send your account details. Remember any bank will not ask your account detail via mail.
8. Make sure you always have updated antivirus software in place.
9. Always check with your bank if they have any additional security for your online transactions, such as IPIN’s or Zero liability card.
10. Always have your CC details save in real world. Do not share it with anybody via sending mails or over even on telephone.
11. Never forget to delete the system’s cache, passwords or history, it could easily lead to identity theft and stolen bank and email information.
12. You have won a lottery and or an IPod are the common terms used by spammers to trap you, avoid falling to such traps.
13. Always blacklist the spammers you come across in mails without just deleting the spam mails.
Don’t ever click on the Close window without logging of your account especially if you are at cybercafé for accessing Internet then you are more at risk.
14. Always have a back up for your emails just as how you keep a hard copy of your important docs and other things.
15. Avoid believing in those brainless “Microsoft Is Sharing Its Fortune” kind of mail, they are just spammers requiring your details to trouble you more.
16. Always have a habit of not clicking on phishing email, the goal of phisher is to fool you for entering your details into something that actually appears to be safe and secure, but in reality is just a fake site set up by the scammer.
17. Avoid giving your full name, home address, phone number, Social Security number, passwords, names of family members, credit card numbers online. Best is to remain anonymous and enjoy surfing
18. Never forget to scan the attachment you receive in your mail box. Virus attacks are mostly through such attachments.
19. Social networking sites like Face book, Orkut etc are something we cannot avoid these days, yet it is always secure to follow known person on Twitter or to add on Facebook. Don’t forget to do security check if you tend to add unknown person.

IMPORTANCE OF STRONG PASSWORDS

This article on Password is re-posted with some revisions. 

Wikipedia's definition of a password as below:

"A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource (example: an access code is a type of password). The password must be kept secret from those not allowed access."

Passwords ensure the security and confidentiality of data that is stored on various workstations and servers

Passwords are one of the important things for any system. It will help you to maintain your identity so that others will not be able to view your account. You need to have a good password otherwise your password is likely to be hacked by others. Once they are successful in hacking your password they easily view your account. 


Generally, a password is made of many characters or digits and will not use any special character or a white space in between. In some systems passwords are case sensitive. Here you need to be extremely careful and remember to type the correct password accordingly. This is because some of the system will have some restriction and if you are mistyping the password repeatedly it is likely that your account will be denied access and you need to then go through the procedure that is in place in the system.

If you are going to choose a password which is not good then it means that your security of your account is not very good and there is always a fear that your account is going to be hacked and they will be able to access all the information that you have in your account. 


This is why it is stressed that the password that you choose should be good and a strong one. You need to realize the importance of having a strong password. 


Remember the password that you choose is only going to protect all the information that you have in your account. Keep this in your mind when you are selecting the password.

DOS AND DONTS FOR PASSWORD

DOs

• Use a password with mixed-case alphabets and special characters.
• Change the password after initial log on without fail
• change your password regularly
• Use Passwords difficult to guess.use a password with 8 or more characters. More is better.
• Store passwords in sealed envelopes and handover to the officer-in-charge wherever required.
• Maintain secrecy of password
• Your passwords should be as unique as you are.
•  create different passwords for different accounts and applications.

DON’Ts

• For Password do not use related words like your user-ID, your first or last name, Spouse’s/ family member’s names, date of birth , vehicle numbers, telephone numbers, the brand of your vehicle, the name of the street you live on, 123123, etc.
• Do not allow tracking of password while typing the password on keyboard.
• Do not write Passwords on the desk/keyboard etc to remember /preserve
• Do not lend Passwords/reveal passwords to others
• Do not reset passwords without the user’s acknowledgement in the register maintained.
• Do not pronounce the letters loudly while keying in the password
• DON'T choose your username as your password.
• DON’T Provide your password—or any of your sensitive or confidential information—over e-mail or instant message. 

Now watch this interesting video on "How to choose a Strong Password":

                DON'T FORGET TO FOLLOW THE FOLLOWING SIMPLE RULES

Tips for Safe Use of Automatic Teller Machines(ATMs)

About Automatic Teller Machines(ATMs)

An Automated Teller Machine (ATM), also known as a Cash Point (which is a trademark of Lloyds TSB), Cash Machine or sometimes a Hole in the Wall in British English, is a computerised telecommunications device that provides the clients of a financial institution with access to financial transactions in a public space without the need for a cashier, human clerk or bank teller. ATMs are known by various other names including ATM Machine, automatic banking machine, and various regional variants derived from trademarks on ATM systems held by particular banks.

Invented by IBM, the first ATM was introduced in December 1972 at Lloyds Bank in the UK. However, there is a plaque on Barclays Bank in Enfield Town, north London stating that the first ATM (in the world) was installed there on the 27th June 1967. 

On most modern ATMs, the customer is identified by inserting a plastic ATM card with a magnetic stripe or a plastic smart card with a chip, that contains a unique card number and some security information such as an expiration date or CVVC (CVV). 

Authentication is provided by the customer entering a personal identification number (PIN).

Using an ATM, customers can access their bank accounts in order to make cash withdrawals, credit card cash advances, and check their account balances as well as purchase prepaid cellphone credit. If the currency being withdrawn from the ATM is different from that which the bank account is denominated in (e.g.: Withdrawing Japanese Yen from a bank account containing US Dollars), the money will be converted at a wholesale exchange rate. Thus, ATMs often provide the best possible exchange rate for foreign travelers and are heavily used for this purpose as well.

Source:http://en.wikipedia.org/wiki/Automated_teller_machine)


Whereas there are many advantages in the usage of  Automatic Teller Machines, the users should take enough precautions in the safe keeping  of the ATM cards provided to them and also to take precautions while doing transactions in  ATMs.

Tips for Safe Use of  Automatic Teller Machines(ATMs)

KEEP ATM CARD SAFE AND SECURE

i) Your card is very important and must be kept safely.

ii) Do not not keep your ATM card near any magnet or magnetic gadget like television set, magnetic compass, purse or wallet having magnetic locking arrangements as magnetic field may erase all data stored in the magnetic strip of your ATM card.

iii) Store your ATM card in a secure place where you will immediately know if it is missing.

iv) Store the ATM card carefully so that the magnetic stripe does not get damaged.
v) Never leave your Card unattended at places like your car, in a hotel room, workplace or at the bar and restaurant you visit
vi)DO NOT bend the card.
vii)DO NOT place two cards with magnetic stripes together.
viii)Cancel unused cards and shred blocked cards.

ix)Immediately report any stolen or lost ATM card to the proper authorities

                                          Security of ATM  PIN

• Your ATM PIN must be kept very secret since ATM card  can be misused by a person if he/she steals both the ATM card and the ATM PIN together.
• Change your PIN frequently; do not write it a piece of paper  or on the face/back of the ATM card but memorise it.
• Select a PIN that must be difficult to guess; avoid household numbers such as house number, car number, birthday etc.
• Never disclose your PIN to anyone including members of your family or relatives; if it gets divulged for some reason, change it immediately.
• Do not  keep pin and card together under any circumstances.

Precautions to be taken while doing transaction with the card

• Avoid using ATMs in remote / unprotected areas and avoid ATMs adjacent to obvious hiding places.
• If you want us to alert you whenever a transaction takes place on your account / Credit Card, you can register for the Bank's SMS Service by registering your Mobile number.

• Shield the screen and keyboard so anyone waiting to use the ATM cannot see you enter your PIN or transaction amount.
• Be careful when people you do not know offer to help you at an ATM.
• If you notice anything suspicious at the ATM you want to use e.g. tampering with the card slot / numbers pad or any suspicious activity around the ATM area, do not use the ATM and report your concern to the Bank immediately.
• Do not force your card into the card slot or if you feel that the ATM machine is not working properly for any reason, press the “Cancel” key, take your card and report it to the Bank. 
• If your card gets lost, captured or stuck in the ATM, report it to the Bank to block your card immediately.
• Make sure you get the card back after every transaction & only use it at ATMs /Point of Sale (POS) machines in reputed public locations / locations known to you.

• When using a drive in ATM, keep doors locked and passenger side and rear windows up.
• While using your card at a POS, ensure  that the merchant swipes the card in your presence.
• Check your account balances and statements regularly to ensure your accounts have not been accessed by anyone else and to identify any unusual transaction(s).