Presented by Babu.V

Ex-DGM IT, Bank of India(Certified Information systems

Banker)

1

Payment solutions and systems in India Delivery channels :

- ATMs- Debit cards - POS- Mobile banking - IMPS- Internet banking - e -commerce- Credit cards - Prepaid instruments.

2

ATMsMost familiar Payment channel is ATMThe customer identification Magnetic /Chip based cards. Payment solutions and systems act 2007ATM Network groups

-NPCI- NFS network-Cashtree ATM network –Winded up in

2014.-BANCS – Co- operative banks network .-Cashnet

RBI guidelines for the network/ vendors/settlement banks

3

ContinuedOn site /off site - On line /off line Owned /Outsourced /White label ATMsATM switch: Owned / Outsourced switch Cash loading- Front/ back loading Networking – Lan /ISDN/MPLS /Vsat ATM / Cash dispenser /Kiosk Alternative usesDeposit of cash, Paying utilities, like phone

bills, credit card , taxes, etc.) Bank mini statements, e commerce for Purchasing ,transfer of funds

4

securityATM Security has several dimensions. Physical;

- Security guards ,cameras ,etc biometric devices,.- Secured doors card operated , convex mirrors ,dye

markers .Transactional secrecy and integrity

-Encryption of information.- Sensitive data in ATM transactions -Triple DES /

- - Message authentication code (MAC) is also be used to

ensure messages have not been tampered.Cash security;

- Insurance of ATMs and cash in the ATM/in transit. Man in the middle attack

- Attaching fake keypads / card readers/skimming devices .- Phishing scam

-Keystroke logging. 5

Continued Physical cash and cash balancing

-The cash balancing, Electronic journal,-Reconciliation/ Surprise cash checking etc

Access controls-Access controls consists of two items in ATMs. ATM

maintenance and for cash replenishment.

Skimming , Phishing : Debit and credit card scam.Cards /Pin mailer /delivery – frauds Ready kit/Insta cardDestruction of ATM cardsThird party SLAAudit functions:

6

To survive …..We have to be a step aheadOf the Hackers.

7

Internet fraudPhishy emails

-Sender asking confirmation about your account details

-Lottery schemes.

Links within e-mails-Fraudsters use these links to lure people to phony web sites-To check whether the message is genuine.

Pharming -Online ID theft. A virus or malicious program is secretly planted in the computer.

Public PCs-Don’t do any financial transactions in public PCs( Cyber

café,) keystroke logger.-Anti virus software /Firewall protection and UPDATE it

always.8

Contd ….

Password:-Never respond to any mails / phone calls asking

your password, pin etc-Dual authentication/ OTP.-Sensitive information given in error what to do?

Shortcuts to your Banks website:-Always verify the site before accessing it.-Type the URL address manually.- Make sure your URL begins with ‘https”- Never enter your personal information in a pop up screen

Opening of E- mail attachments 9

Continued

Protect your computers:-Spam filter- helps to reduce the number if phishing e mails-Anti virus – scans all incoming messages for troublesome files -Anti spyware – looks for programs that have been installed and track your online activities without your knowledge and protect you against pharming -Firewalls- Prevent hackers and unauthorized communications from entering your computer

Phishing can also happen through phone

- Verify the persons identity before passing on information about you and your accounts 10

Cyber crimes in cards products

11

Card ProductsWhy credit Card products affected most?

- Easy of operations.- Transactions done through internet .- Phishing scam.

Reasons: -Weakness in internal control leads to

unauthorized /manipulated inputs ( changing names, address ,due date, transfer of funds etc)

-Security needs to be tightened as per IISC policy

12

Frauds in POS

POS- Point of sale terminals are installed at shopping centers, malls etc .

Fraud is committed by getting the relevant information on the cards and the CVV code .

POS machines are handled by Humans and their involvement is more in these sorts of frauds .

Opt for additional pass word while using the credit cad or debit card in POS,.

13

Risk in Multi channels1.Virus attacks: Entry of Virus is generally

through CDs, Thump drives, Internet Intranet, Networks

2. Bugs: Bugs are different from Virus.3.Natural calamities,4.Human Errors:

Accidental /Intentional deletion of data, Improper shut downs, spillage of water/drinks etc on the key board in the system.

14

Contd …..Hacking: Hacker is a person who knows programmable

language and how they work. Skimming: Capturing personal account information from

the credit card Trojan :Is designed to steal the passwords and send your

confidential data.Malware: It is a program which hides malicious codes

behind an innocent document and can collect usernames/passwords etc of mail accounts

o E-mail spoofing: Forging an e-mail header to make it appear as if it came from somewhere or some one other than the actual source.

15

Debit cards Debit-card theft entails stealing and marrying up two sets of

details: data /PIN

Skimming how it works : Near -invisible pinhole cameras in and around the ATM booths, plastic overlays over the machine's card-reader, containing reading equipment that would relay the data to a remote storage device.

Social engineering techniques

16

Cyber crimes -Case Studies .

(used only for presentations /teaching purpose )

17

Email messages –case studies You are receiving this message because you are

using ………………Software and your e-mail address has been subscribed to the same……….. And wants to update mailing list. It is urgent to down load and install the update as soon as possible in order to decrease the number of successful attacks that occur each day.

Lottery scams are one of the fastest growing areas of cyber-crime, according to research 62 percent of spam emails are lottery scams. 

18

Internal risk – Data Loss Employees have a careless and even negligent attitude to

corporate data and infrastructure like laptop/pen drive etc .Disgruntled employees:One IT administrator gained access to the system due to

his through knowledge of the computers and deleted all the payroll and personal files from the computer system and cleared the disk of all the data.Lessons:a) The ID/PW of all the employees who have left the Institution should be deleted and if on long leave disable it.b)In an e-scenario too much trust computer trained persons should be avoided. P lease keep an eye what they are doing.

19

ATM- Frauds

ATM s-Security guard was tied up and gagged.Cash operating agencies: Digital codes .Plastic money frauds :

- Police people lack expertise to tackle complicated cases.

Modus operandi:-Fraud usually takes place within 24 hours of card theft-Cards are re-embossed or re –encoded or reproduced on white plastic -Skimming: Duplication of full magnetic strip data-Cards siphoned off in transit

20

Some take away points

Memorize Pin numbers, passwords and do not write them down. Remember the CVV number of the credit card.

Cancel all unused credit cards that you do not use.Never give personal information of any kind –over the

telephone or online unless you initiate the contact, especially tele- marketers.

Scrutinize the credit card statement every month and check to see if there is anything that you do not recognize and verify the same

When you pay the bills don’t put them in un authorized drop boxes.

Destroy any unwanted papers with the account number like credit card statement cancelled cheques etc.

21

Continued

Online banking service is there to make life easier for you. All one needs to do is follow the precautionary steps strictly to guard against the security risks.

It is advisable to spare some time to go through the safety instructions /user guidelines given by the Bank.

22

Questions please ?

Babu.V(ex -DGM IT -Bank of India )

Consultant- BFSIbabven@gmail.comMob: 09820608700

23