India has not been having a particularly great run where the safety of its PoS (Point Of Sale) systems is concerned. With a large part of the country already wary of using plastic to shop, the recent incidents of data breach and unauthorized transactions from accounts of clueless customers is really not helping any. The Indian Computer emergency Response Team (CERT-In) has now issued an advisory that outlines the security of PoS (Point of Sale) systems.
So imagine this: You are sitting quietly, binge watching your favorite series on Netflix. Suddenly, your phone beeps and you are informed that a certain amount of money has been debited to your account. You ignore it once perhaps, imagining it to be some technical error on part of the bank that will soon be corrected. However, the phone beeps again and again and you watch aghast, as all of your hard-earned money trickles out in front of your eyes.
Sure, you can try to call the bank and get the card blocked. However, chances are that by the time you get the already overworked crowd to pick up your call and respond — a significant portion of your money will already be away. You may be thinking, pooh, this kind of stuff only happens in the news — it can’t happen with me. Well, yours truly can attest to the effectiveness of these attacks — having only recently been the victim of one.
And the worst part is, that it may have happened without any fault of your own. India recently played host to its largest ever data breach, where as many as 3.2 million debit cards were compromised, thanks to an unknown malicious virus. The attacks that saw this many cards practically stolen, predictably took place through ATMs and point of sale (PoS) machines.
Just in case you are wondering, PoS machines are those used by retailers and shopkeepers to facilitate shopping through credit and debit cards. Considering that over 3.2 million debit card details have been compromised, it might be a good idea to pay, CERT-In’s PoS safety guidelines some attention.
In case you are unaware of it, the CERT-In is a Government organization under the awning of the Electronics and IT Ministry. The primary motive of the organization is to correct cyber security threats like hacking and phishing and otherwise make India’s Internet, a safe place to hang around. Considering the magnitude of the attacks that have recently been happening pan-country, the organization is probably on its toes at the moment.
The guidelines issued by CERT-In also included information about “Skimming”, which is what may have been used to capture credit-debit information and then deploy it without the user’s consent.
Skimming is an electronic method of capturing a victim’s personal information used by identity thieves. The skimmer is a small device that scans a credit/debit card and stores the information contained in the magnetic strip. Skimming can take place during a legitimate transaction at a business.
To ensure that a business or its customers do no fall prey to this, here is what CERT-In recommends:
- Organizations and service providers are advised to keep all systems updated.
- Antivirus, Internet restrictions and disallowing remote access are highly recommended.
- Encrypted transmission of card holder data across open, public network.
- Retail merchants are advised to use strong passwords, and secure Wi-Fi and Internet networks.
As a customer, you would be well advised to make sure that any transactions performed by you take place at reputed places that don’t have an overtly shady reputation. Also, try and get One Time Password (OTP) enabled on your card — if it already isn’t. Having an OTP in places gives you another line of defense against unscrupulous elements and makes it very hard for money to be stolen from you — unless the person with your card details somehow gains access to your phone as well.
Well, that is all we can do from our end. However, banks really need to come forward and own their responsibility. After all, between Demonetization and these unsolicited attacks on bank accounts — where exactly are we supposed to keep our money?