The casual dumping of a mobile number linked to one’s bank account could prove quite costly going by the experience of a housewife at Kollam recently.
She had a rude surprise when her bank account was wiped clean of nearly ₹8 lakh. It emerged that a mobile number linked to her account that she had not used for months enabled the fraudsters to get access to her money. The number was automatically reassigned to a new user who reset the password using the One Time Password (OTP) that the bank send to her number.
“Numbers either not recharged after the validity period or unused for 3 to 6 months get recalled into the number pool and will be reassigned to new users in due course. Else, the previous user should have availed of the ‘safe custody’ provision whereby she can retain the number for longer durations even if unused for prolonger periods,” said an executive associated with a telecom service provider.
The problem, it seems, is that a majority of the banking customers hardly seem to be aware of such a vulnerability. While the Reserve Bank of India had as recently as January 28 issued a fresh set of guidelines warning customers against various kinds of online frauds, this particular vulnerability was missing from them.
“The problem is that our people, especially older generation customers, are not digitally cultured enough. While customers can opt for multiple authentication, all the related credentials are send to the mobile number. Some banks even empower customers to effect a change in account-linked mobile number but then again the credentials are send to the old number leaving the arrangement redundant,” said Nandakishore Harikumar, a cyber security expert.
“With the ever-changing technology and concomitant modifications in processes and procedures, fraudsters are also devising newer avenue of frauds.”
“It is therefore high time that all stakeholders, including banks, fin techs and other financial service providers and telecom companies effectively coordinated and put in place a structured system for preserving the sanctity of transactions. Customers should also be periodically made aware of the vulnerabilities and implications of new technology changes,” said K.S Krishna, joint secretary, All India Bank Employees’ Association.
