Keeping digital wallets safe: Staying vigilant is key as cyber theft risks rise
Innovations in India’s fintech landscape are changing the way its population manages their finances. Post demonetization, the economy has seen a rapid increase in the number of digital transactions with almost 11.8 billion such transactions being conducted by Q2FY19, as per latest data from the Reserve Bank of India (RBI) and National Payments Corporation of India (NPCI).
This high adoption rate is fuelled by the ease and convenience of digital payment solutions, availability of cheaper internet schemes and the ever-expanding smartphone market. While digital payment solutions are making pockets lighter, literally, there is an increased burden to safeguard users from malicious actors in cyberspace. As India moves towards a cashless economy, there is a heightened need to secure one’s digital wallets and mobile banking applications.
Digital payments and peer-to-peer lending apps have revolutionised the way we move money, making it simpler, easier and faster than ever! While on the surface, digital money transfers may seem convenient, they are vulnerable to multiple cybersecurity risks. A digital wallet requires the user to link their bank account details to the app to transfer money based on user’s needs, which means sensitive information is now floating in the worldwide web.
Mobile phone theft is basic and perhaps the easiest way to steal someone’s personal data. Once in the hands of a cybercrook, the unsecured device becomes the pathway to carry out online financial frauds or steal someone’s identity. It is therefore advisable to secure your phone with a complex password and installing a device security software with a phone finder feature. Using the phone finder feature, not only can you trace the handset but remotely erase the data on the phone by resetting the device to factory settings.
With companies and government encouraging consumers to route their payments via mobile wallets, users are increasingly connecting their phones to unsecured public WiFi networks, to access multiple utility apps, including their digital wallets. Many of us download apps from reference links sent by other users of the apps. These links can be manipulated by the attacker and be used to perpetrate phishing attacks to gain access to the user’s bank details and other personal information linked to the account.
A phishing attack is easily identifiable – the cybercriminal could move a letter or two around in the URL and create a bogus link almost identical to the genuine one. Once clicked, it results in the installation of a malware which then runs in the app’s background. Such attacks can be easily dodged by keeping a vigilant eye on the links or attachments sent to the user. Do not click or open them if you suspect malicious activities; what good is a 100-rupee cashback if it puts your bank balance in jeopardy!
As per a recent report, a 77 percent increase in banking Trojans were noted and it was also predicted that this type of exploitation would continue to grow. Unfortunately, that prediction has come true. Cybercriminals are finding new ways to bypass Google security. Their success in getting onto mobile devices means they will also explore adding additional forms of revenue like ransomware, ad click fraud, and acting as a download conduit for other types of malware. Beware of fake apps on app stores; many times, cybercriminals leverage the laxity in the hosting policies of the app store and publish bogus apps which look like the actual apps. These apps are used to harvest bank details of the user by installing malware that will monitor keystrokes or exfiltrate data using command-and-control connection signal from the attacker.
While one could say the onus lies on the financial service providers to protect customer data, safeguarding confidential information online is equally the responsibility of the user. Luckily, some simple steps can go a long way in protecting your financial information from getting breached online.
- Be sure to go through your monthly credit reports for any suspicious transactions. Often the cybercrooks steal money in multiple small transactions and the user notices it only when his bank balance reduces drastically over time.
- Use two-factor authentication for all your online accounts and sign up to receive SMS alerts or email notifications to detect any unusual activity on your account. Many companies offer this service free of cost.
- While registering for any financial service or apps, make it a point to read the customer reviews to gauge the authenticity and look for policies around customer data safety.
- Most importantly Stop, Think and Connect – Do not blindly click on e-mails or links.
- Ensure you have the appropriate security software on your devices to help you stay safe.
- It’s a combination of common sense and using the right tools that can give you a safe experience online.
Remember, if 2018 was the year of mobile malware, 2019 is the year of everywhere malware. With smart devices becoming keys to our digital lives, entrusted with a treasure trove of personal data, we must realise the importance of securing them in this connected environment. Only then will we be able to tackle this insidious threat and protect ourselves at every point of our increasingly digital life.
The author is the Vice President of Engineering and Managing Director of McAfee India