Hindustan Times (Lucknow)

Cyber thugs cash in on ‘loopholes’ in duplicate debit card process

RECENT INCIDENTS Fraudsters used duplicate cards to withdraw `17.5 lakh from four accounts. They also managed to divert customers’ SMS alerts

- HT Correspond­ent lkoreporte­rsdesk@hindustant­imes.com

Banks often say that customers become vulnerable to cyber crime due to negligence, but a recent trend shows that customers can also be at a loss due to lapses in the banking process.

In the past few months, cyber thugs withdrew over `17.5 lakh from the accounts of at least four people from Kanpur. The fraudsters managed to get duplicate debit cards issued and also managed to divert the customers’ SMS alerts.

“All four cases were reported from a private bank between April and June this year. The probe revealed that a woman employee of the bank, Jyoti Satyam and her male friend Dheeraj Nigam committed the fraud taking advantage of major lapses in the banking process,” said Triveni Singh, ASP, UP Special Task Force.

He said Nigam was arrested from Kanpur on Thursday while efforts were on to track Jyoti.

“The fraudsters used loopholes in the bank’s process of issuing duplicate debit card, its delivery to the customers’ address and changing mobile number for SMS alert service,” the ASP said.

He explained that the woman shared the basic details of customers (name, address, mother’s name, account number, mobile number, date of birth and mobile number) with her friend.

“The woman’s male friend used to call up the bank’s call centre placing request for issuance of duplicate debit card. The process included entering the four-digit PIN of the debit card for verificati­on,” he explained.

The direction to enter PIN is made twice, but when this number is not entered one gets another way out to continue the process – by entering the nine-digit reference number,” he added.

He said, “No authorisat­ion of the reference number is a major lapse in the bank process. The process continues further if one enters any nine digits (for example 123456789 or 111111111) as reference number and the request for issuing duplicate debit card gets placed.”

After this, the fraudster called up the call centre again after 2-3 days and complained of nondeliver­y of the duplicate card on his address, said Singh. He somehow managed to get the details of the courier agency through which the duplicate card was being dispatched. Once this was done, the fraudster used to get the courier boy’s contact number from its agency office.

Consequent­ly, the fraudster managed to get the debit card delivery from the courier boy posing urgency or some other reason, he said.

The ASP said the third lapse was highlighte­d when the fraudster used the duplicate card to withdraw money from the customer’s account.

“The user gets the option of changing mobile number for SMS alert before the transactio­n and the fraudster changes it with another number. Now, the customer will not even get the SMS alert on his number when the transactio­n would be done,” he stated.

Singh said the bank refunded the lost amount to one customer when it was confirmed during probe that the fraud took place due to security lapses in the entire process. But three others were still waiting for their claims.

“We are cross-checking whether other banks also have similar security lapses and would formally write to the banks to plug the loopholes, as it makes the customers more vulnerable to fraudsters,” he added.

Newspapers in English

Newspapers from India