Digital Payments? Sure, but what if somebody hacks your email account, gets your Aadhaar number, steals your identity, empties your bank account, and you don’t realize until you see a charge for a flight first-class to the French Riviera?
Digital transactions involve some risk — we’re not going to deny that — however, the risk is much lower than with cash transactions because once cash is gone, is gone forever, whereas with digital payments there’s always a chance to get your funds back.
Here at ePaisa, we want you to embrace the digital revolution without fear. Follow these common sense guidelines to protect your identity, minimize the risk of using and accepting digital payments, and maximize your efficiency — fewer trips to the bank mean more time for yourself!
Protect yourself from phishing scams
Phishing refers to hackers’ attempts to steal your data by pretending to be someone they’re not — like that Nigerian prince claiming to have £600 million that he’s willing to share with you. The best way to avoid becoming a victim of phishing is to always operate with a high degree of suspicion. Never provide sensitive information to strangers, either via email, phone, SMS or a chat box, especially login credentials. Beware that phishers will try to scare you. They’ll make up weird stories saying that your account has been compromised or and that they need to confirm your identity. They may send you a mysterious link accompanied by an enticing message: “Check this out!” Do not click suspicious links or open suspicious attachments. Some will take you to a fake website; some install malware that can grant hackers unauthorized access to your computer.
Recognizing fake emails and websites
Criminals tend to be sloppy. Either the signature looks wrong, the colours are off, the email isn’t addressed to you but to a “dear friend,” or the sender’s email address domain doesn’t match that of the alleged sender. Most companies invest a long time in their communications efforts trying to make every message look good, so a good rule of thumb is that if an email or a website doesn’t look professional, it probably isn’t real.
For instance, see this email I got from “PayPal” below. It calls me “Dear Customer.” Why? PayPal knows my name! Then, when I check on the sender’s email address, I see that it comes from firstname.lastname@example.org instead of a PayPal domain.
Never click on any link from a site that looks suspicious. You may be curious to see where it takes you, but it could also execute malicious code on your computer. If you’re not sure about a link, one easy way to check is to hover the mouse cursor over one — without clicking — and read the URL on the status bar at the bottom of your browser. The fake PayPal email showed me this:
Chrome shows the status bar automatically. In Safari you need to turn on the Status bar by going to View > Show Status Bar. Try it on this one: is this a legitimate ePaisa link? Another way is to check for an s within the URL. An s in “https:” means that the address is secure.
Now, what if you were visiting one of those—ahem—sites that Nani warned you not ever to visit, and a warning from the FBI popped up demanding you to pay a ransom to unlock your computer? Fake. Some specific websites are illegal in this country and should you arrive to any of them by accident, a warning from the Indian government should pop up, telling you that “This URL has been blocked under the instructions of the Competent Government Authority or in compliance with the orders of a Court of competent jurisdiction…” but demand from you no money. Thus, should you get a ransom demand on your browser, do not even think to pay: it’s as fake as the compliments I give to my in-laws. Those ransom demands come not from the FBI but a malicious virus from the “ransomware” category. Close your browser and using another computer search for instructions on how to get rid of the virus. Here’s a good place to start. <– don’t forget to hover over the link first!
Recognizing fake phone calls
You provided your bank with all your pertinent information when you opened your account. They shouldn’t have to call you to confirm anything. If they call you for any other reason, banks have ways to verify your identity without asking again for all of your personal information. Maybe there’s a security question? If you don’t feel comfortable with a call demanding for sensitive information simply hang up and call directly to your bank number — do not redial the number that just called you; look for the one they have on their website or in your bank statements. Do not be afraid of offending the caller either. An honest caller would understand your concerns and encourage you to take precautions.
Prevent Credit Card Fraud
You wouldn’t leave cash lying around so why would you do so with your credit card information? Do not share your credit card number via email, and only type it in on secure websites — check for that s on the “https:” URL prefix.
If you lose your credit card, report it as lost immediately. If you suspect you only misplaced it, call your bank and ask them to block it temporarily until you can find it, then call again to unblock it once you find it. And remember to use strong passwords. Check your statements often and question every little suspicious charge. Criminals often start with small charges to test the validity of a card then attempt a larger charge.
As a vendor, the best way to protect yourself and your customers is by not storing credit card information. Get a point of sale that encrypts information the moment you slide or insert a card in a reader, like ePaisa, and if you accept payments online, make sure your credit card processor encrypts the information too. If you rely on paper forms, destroy them after using them or store them in a safe place just like you would cash. Sometimes you may need to request customers to send a photo of their credit card for identification purposes, to make they claim they are and not trying to book something with a stolen credit card. Ask them to cover the first three series of digits, so only the last four digits are visible.
The good news? Most banks will block suspicious transactions based on your paying history. And no, humans are not spying on what you buy, a computer algorithm is, with no other interest than to protect you. Humans only get involved when the algorithm detects something out of place. Furthermore, most banks offer identity theft protection for their credit cards users as long as the disputed charges are reported timely. That makes credit and debit cards a very secure method of payment. Better than cash, because, again, once a bill is gone, it’s gone and it won’t return!
Prevent Mobile Wallet Fraud
Wallets are connected to your phone and a bank account. Thus, you should protect your phone first, then all the advice discussed above applies: do not share your password, beware of suspicious emails and calls, and check your bank statements regularly.
How to protect your phone? Keep it close to you at all times — needless advice if you’re a millennial — and make sure you password protect it. A code such as 123456 is easy to remember, yet the first combination a thief will try. Use a number that is meaningful to you and no one else. If you write it down on a post-it, don’t stick the post-it on the back of your phone.
One of the risks of leaving your phone unprotected is that apps that store passwords, like Apple Keychain, will automatically enter your credentials across devices. That is quite useful when only you have access to your mobile devices, but if someone else does too, it becomes risky. Never leave your phone unprotected and enable two-factor authentication when available for those rare occasions in which you need to check your mail from a public computer.
Do you use UPI? Using your virtual address to pay is pretty safe, but even safer is to use UPI – Scan to Pay, which gives all the control to the customer. Merchants generate a QR code that customers scan and approve on their smartphones, and merchants receive the funds in their bank accounts without the need of getting any sensitive information from their customers. Could the transaction be intercepted and hacked? Very unlikely. That’s why hackers will try to steal the Customers’ or the merchants’ passwords first. A point-of-sale that follows PCI standards encrypts information, and does not store sensitive data is the way to go. One like ePaisa? You got it!
Of course, hackers could still infiltrate into the banks or mobile wallets sites, but banks are among the safest platforms. Besides, as the Deposit Insurance and Credit Guarantee Corporation states on its site, “all commercial banks including branches of foreign banks functioning in India, local area banks, and regional rural banks are insured by the DICGC” for up to rupees one lakh per depositor. The same applies to all co-operative banks, yet, the DICGC does not ensure primary cooperative societies, so if your deposits are in a cooperative society, find out whether your deposits are protected first.
With Aadhaar pay, you pay with your biometrics: an iris scan or your fingerprint. No need of using cash, which is risky, exchanging sensitive information, as you would with a check, or even using your phone. Is it safe? Aadhaar Pay is probably the safest method of payment because your biometrics are your password, and they cannot be replicated.
Earlier this year, Japan researchers warned about the far-fetched possibility of hackers stealing your fingerprints from a photograph. The article was a cheap attempt to promote a product to cover your fingertips to prevent identity theft — branded marketing; I can’t even! In theory, stealing fingerprints from a photograph can be done, but so traveling faster than light through wormholes. Stealing your fingerprints would require a super high-resolution camera, amazing light conditions, the like that require you to rent state-of-the-art equipment and a production assistant holding a light reflector, and quite a sophisticated algorithm to extract the information from the image. The claim remains, thus, unproven. Besides, with Aadhaar Pay, thieves would need to know your Aadhaar number and the name of your bank before they can steal a paise from your account.
Although cybercrime has more than doubled recently — a 173% increase between 2013 and 2015, according to this study — fraud is still rare among the millions of transactions made every day: on average, less than 1.5% percent of all transactions are fraudulent. Be safe, but don’t be scared. You wouldn’t ride a car without wearing a seatbelt, so don’t be sloppy with your passwords. The best protection? Monitor your accounts. Go online and check your personal balances at least once a week.