1 Technical and Commercial Aspects K.RAMAKRISHNA DGM, SRLDC DGM, SRLDC.
Presented by Babu.V Ex-DGM IT, Bank of India (Certified Information systems Banker) 1.
-
Upload
shannon-holmes -
Category
Documents
-
view
217 -
download
0
Transcript of Presented by Babu.V Ex-DGM IT, Bank of India (Certified Information systems Banker) 1.
Presented by Babu.V
Ex-DGM IT, Bank of India(Certified Information systems
Banker)
1
Payment solutions and systems in India Delivery channels :
- ATMs- Debit cards - POS- Mobile banking - IMPS- Internet banking - e -commerce- Credit cards - Prepaid instruments.
2
ATMsMost familiar Payment channel is ATMThe customer identification Magnetic /Chip based cards. Payment solutions and systems act 2007ATM Network groups
-NPCI- NFS network-Cashtree ATM network –Winded up in
2014.-BANCS – Co- operative banks network .-Cashnet
RBI guidelines for the network/ vendors/settlement banks
3
ContinuedOn site /off site - On line /off line Owned /Outsourced /White label ATMsATM switch: Owned / Outsourced switch Cash loading- Front/ back loading Networking – Lan /ISDN/MPLS /Vsat ATM / Cash dispenser /Kiosk Alternative usesDeposit of cash, Paying utilities, like phone
bills, credit card , taxes, etc.) Bank mini statements, e commerce for Purchasing ,transfer of funds
4
securityATM Security has several dimensions. Physical;
- Security guards ,cameras ,etc biometric devices,.- Secured doors card operated , convex mirrors ,dye
markers .Transactional secrecy and integrity
-Encryption of information.- Sensitive data in ATM transactions -Triple DES /
- - Message authentication code (MAC) is also be used to
ensure messages have not been tampered.Cash security;
- Insurance of ATMs and cash in the ATM/in transit. Man in the middle attack
- Attaching fake keypads / card readers/skimming devices .- Phishing scam
-Keystroke logging. 5
Continued Physical cash and cash balancing
-The cash balancing, Electronic journal,-Reconciliation/ Surprise cash checking etc
Access controls-Access controls consists of two items in ATMs. ATM
maintenance and for cash replenishment.
Skimming , Phishing : Debit and credit card scam.Cards /Pin mailer /delivery – frauds Ready kit/Insta cardDestruction of ATM cardsThird party SLAAudit functions:
6
To survive …..We have to be a step aheadOf the Hackers.
7
Internet fraudPhishy emails
-Sender asking confirmation about your account details
-Lottery schemes.
Links within e-mails-Fraudsters use these links to lure people to phony web sites-To check whether the message is genuine.
Pharming -Online ID theft. A virus or malicious program is secretly planted in the computer.
Public PCs-Don’t do any financial transactions in public PCs( Cyber
café,) keystroke logger.-Anti virus software /Firewall protection and UPDATE it
always.8
Contd ….
Password:-Never respond to any mails / phone calls asking
your password, pin etc-Dual authentication/ OTP.-Sensitive information given in error what to do?
Shortcuts to your Banks website:-Always verify the site before accessing it.-Type the URL address manually.- Make sure your URL begins with ‘https”- Never enter your personal information in a pop up screen
Opening of E- mail attachments 9
Continued
Protect your computers:-Spam filter- helps to reduce the number if phishing e mails-Anti virus – scans all incoming messages for troublesome files -Anti spyware – looks for programs that have been installed and track your online activities without your knowledge and protect you against pharming -Firewalls- Prevent hackers and unauthorized communications from entering your computer
Phishing can also happen through phone
- Verify the persons identity before passing on information about you and your accounts 10
Cyber crimes in cards products
11
Card ProductsWhy credit Card products affected most?
- Easy of operations.- Transactions done through internet .- Phishing scam.
Reasons: -Weakness in internal control leads to
unauthorized /manipulated inputs ( changing names, address ,due date, transfer of funds etc)
-Security needs to be tightened as per IISC policy
12
Frauds in POS
POS- Point of sale terminals are installed at shopping centers, malls etc .
Fraud is committed by getting the relevant information on the cards and the CVV code .
POS machines are handled by Humans and their involvement is more in these sorts of frauds .
Opt for additional pass word while using the credit cad or debit card in POS,.
13
Risk in Multi channels1.Virus attacks: Entry of Virus is generally
through CDs, Thump drives, Internet Intranet, Networks
2. Bugs: Bugs are different from Virus.3.Natural calamities,4.Human Errors:
Accidental /Intentional deletion of data, Improper shut downs, spillage of water/drinks etc on the key board in the system.
14
Contd …..Hacking: Hacker is a person who knows programmable
language and how they work. Skimming: Capturing personal account information from
the credit card Trojan :Is designed to steal the passwords and send your
confidential data.Malware: It is a program which hides malicious codes
behind an innocent document and can collect usernames/passwords etc of mail accounts
o E-mail spoofing: Forging an e-mail header to make it appear as if it came from somewhere or some one other than the actual source.
15
Debit cards Debit-card theft entails stealing and marrying up two sets of
details: data /PIN
Skimming how it works : Near -invisible pinhole cameras in and around the ATM booths, plastic overlays over the machine's card-reader, containing reading equipment that would relay the data to a remote storage device.
Social engineering techniques
16
Cyber crimes -Case Studies .
(used only for presentations /teaching purpose )
17
Email messages –case studies You are receiving this message because you are
using ………………Software and your e-mail address has been subscribed to the same……….. And wants to update mailing list. It is urgent to down load and install the update as soon as possible in order to decrease the number of successful attacks that occur each day.
Lottery scams are one of the fastest growing areas of cyber-crime, according to research 62 percent of spam emails are lottery scams.
18
Internal risk – Data Loss Employees have a careless and even negligent attitude to
corporate data and infrastructure like laptop/pen drive etc .Disgruntled employees:One IT administrator gained access to the system due to
his through knowledge of the computers and deleted all the payroll and personal files from the computer system and cleared the disk of all the data.Lessons:a) The ID/PW of all the employees who have left the Institution should be deleted and if on long leave disable it.b)In an e-scenario too much trust computer trained persons should be avoided. P lease keep an eye what they are doing.
19
ATM- Frauds
ATM s-Security guard was tied up and gagged.Cash operating agencies: Digital codes .Plastic money frauds :
- Police people lack expertise to tackle complicated cases.
Modus operandi:-Fraud usually takes place within 24 hours of card theft-Cards are re-embossed or re –encoded or reproduced on white plastic -Skimming: Duplication of full magnetic strip data-Cards siphoned off in transit
20
Some take away points
Memorize Pin numbers, passwords and do not write them down. Remember the CVV number of the credit card.
Cancel all unused credit cards that you do not use.Never give personal information of any kind –over the
telephone or online unless you initiate the contact, especially tele- marketers.
Scrutinize the credit card statement every month and check to see if there is anything that you do not recognize and verify the same
When you pay the bills don’t put them in un authorized drop boxes.
Destroy any unwanted papers with the account number like credit card statement cancelled cheques etc.
21
Continued
Online banking service is there to make life easier for you. All one needs to do is follow the precautionary steps strictly to guard against the security risks.
It is advisable to spare some time to go through the safety instructions /user guidelines given by the Bank.
22