CARD FRAUDS- ISSUES, CHALLENGES & SAFETY MEASURES

P.SUNEELA BHARATHI
Associate: Professor
MBA- Dept.
VIDYA JYOTHI INSTITUTE OF TECHNOLOGY
Aziz Nagar, HYDERABAD.

India is dreaming to transform into a complete cashless economy i.e; digitalization of financial
transactions. In connection with this GOI has initiated a flagship program named DIGITAL
INDIA. Despite the rising usage of digital payments, the security still remains a question mark.
Online payment frauds are increasing with the increasing adoption of digital transactions in
India. “Our employees do not ask for sensitive data, Never reveal details like your OTP to an
unknown person”-frequently banks are sending this type of messages to its customers. This
shows the intensity of online frauds in India. 1 out of 4 customers are victims of these frauds.
According to a consumer survey in 2016 India ranks 5th position in terms of card fraud rates
behind Mexico, Brazil, United States and Australia. Ravi shanker Prasad, the minister of
Information Technology, said that there were over 25800 cases of digital frauds in India resulting
to a theft of 1.8 crores rupees. In 2017-18 a total of 911 frauds amounting to 65.26 crores of
rupees were committed using debit and credit cards by fraudsters.

This paper is an attempt to bring these fraud issues into light, highlights the challenges faced by
banks, financial institutions, GOI and suggest the safety measures that might help customer
falling prey in fraudulent cases.

Key Words:-debit card, credit card, online banking frauds, preventive measures

INTRODUCTION

The financial system of a country facilitates economic development through wealth creation by
linking savings with investments that aids development of both the parties. It accelerates the rate
and volume of savings by providing financial instruments, institutional arrangements like
establishment of banks and other financial institutions, enables corporate customers to get
required financial support and leads to growth in national output. Bank’s have become an
integral part of a financial activity and performs functions ranging from conventional services
like accepting deposits, providing loans, helping in investments to revolutionary, convenient and
innovative services like mobile banking, net banking, wallet banking , debit and credit cards,
RTGS (Real Time Gross Settlement), NEFT (National Electronic Fund Transfer), IMPS
(Immediate Payment System) and so on. Digital banking or Online banking or Internet banking
was first introduced by ICICI in the year 1996 in India. Subsequently followed by other banks It
has improved the accessibility of customer to his/her account 24/7 via a device through internet
connectivity saving the time and cost. It has made bill payments easily and quickly. User friendly
procedures in online banking has increased the number of banking customers and for banks also
it has become easy to keep and maintain records eliminating human errors.With the advent of
technology, easy access to smart phones, user friendly banking apps, cheap availability to
internet, banks have started to provide all sorts of banking services resulting in paperless
transactions. Armed with technological up gradation like artificial intelligence, chatbots, banks
are providing digital solutions for fundamental bank functions like money withdrawals, bills
payments, money transfers. Banks have undergone a paradigm shift in the way they are
providing services to its customers. Propelled by raising competition from foreign and private
banks, computerization and digitalization made Indian banking system to raise its bar in
providing world class banking experience.

Source: ICMAI, Jan 2017.

The top most agenda of banks in India is digitalization. GOI is promoting digitalization through
two of its significant payment domains - UPI (unified payments interface) and BHIM (Bharat
interface for money).

After demonetization India paced to move towards a cashless economy. By July 2019 840.6
million debit cards and 50.3 million credit cards were in operation. The number of transactions
using credit cards at POS terminals (or swipe machines) grew by 23% year-after-year, while itis
increased by 14.6% for debit cards for the 12-month period from June 2018 to July 2019. In July
2019, the total number of POS transactions through credit cards was 178.4 million, while the
figure for debit cards was 420.8 million. Total amount transacted through credit cards at POS
terminals was Rs 59,616 crore in July 2019, increased by 24.8% in the 12-month period ending
July 2019. The amount transacted using POS terminals through debit cards went up by 20.3%
during the same phase. In July 2019, Rs 58,102 crore was transacted through debit cards at POS
terminals. The total amount transacted through credit cards at POS terminals grew by Rs 2,713
crore in July 2019, while the amount transacted through debit cards increased by Rs 1,059 crore.
Execution of electronic payment system like NEFT (National Electronic Fund Transfer), ECS
(Electronic Clearing Service), RTGS (Real Time Gross Settlement), Cheque Truncation System,
Mobile banking system, Debit cards, Credit Cards, Prepaid cards have gained tremendous
acceptance in Indian banking sector.

Payment System Indicators – Annual Turnover

Item Volume (million) Value (₹ billion)

2016-17 2017-18 2018-19 2016-17 2017-18 2018-19

RTGS 107.8 124.4 136.6 981,904 1,167,125 1,356,882

CBLO 0.2 0.2 0.1 229,528 283,308 181,405
CTS 1,111.9 1,138.00 1,111.7 74,035 79,451 81,536
NEFT 1,622.1 1,946.4 2,318.9 120,040 172,229 227,936
IMPS 506.7 1,009.8 1,752.9 4,116 8,925 15,903
UPI 17.9 915.2 5,353.4 69 1,098 8,770
Credit
1,087.1 1,405.2 1,762.6 3,284 4,590 6,033
Cards
Debit
2,399.3 3,343.4 4,414.3 3,299 4,601 5,935
Cards
Total 6853 9882.6 16850.5 1416275 1721327 1884400
Source: www.rbi.com

In July 2018 the transaction count of aadhar enabled payment system (AePS) stood at Rs 220.18
million with a transaction value of Rs 9685.35 crores making 6.65 crores Indians use this
platform to avail banking services. These are all incredible landmarks in the digital revolution in
the banking sector. Online banking has changed the visage of banking and brought a
notablerevolution in the banking operations. On the occasion of India’s 73rd independence day
the prime minister shriModiji reemphasized the significance of digital payments and encouraged
everyone to say “yes to digital payments, no to cash” .with the increase in the number of
consumers using digital payment system and digital payment options available, the digital
payment infrastructure needs to grow to fulfill the demands of consumers and merchants.

QR codes once used primarily in logistics industry are now driving the digital payments
revolution.it is believed that Internet of things will govern micro payments by transforming
connected devices into payment channels. For example, smart refrigerators will place the orders
to refill the stock. Similarly, bulbs, switches, etc. self-monitors if it needs repairs or
replacements. Based on the personalized/ previous visit information, using analytics when a
consumer steps into the store, stores will provide customized information, giving hassle free
experience. Once the product is picked up, consumer can walk out of the store as the amount will
be automatically debited from consumers account. UPI is witnessing a enormous growth in the
recent years. Google pay, paytm, phonepe collectively process more than 90% of UPI
transactions.

REVIEW OF LITERATURE:-

1) Yashvi Jain, NamrataTiwari, ShripriyaDubey,Sarika Jain (2019) in their paper has

compared various techniques such as Support Vector Machine (SVM), Artificial Neural
Networks (ANN), Bayesian Network, K- Nearest Neighbour (KNN), Hidden Markov
Model, Fuzzy Logic Based System, Decision Trees etc used in detecting frauds and
concluded that all techniques are not giving same results in all types of environment.

2) Mark Button, Carol McNaughton Nicholls, Jane Kerr, Rachael Owen (2014) explained
the reasons why victims fall prey for online frauds

METHODOLOGY OF THE STUDY:- This is primarily a descriptive paper based on secondary

data collected from official websites, journals, newspapers and various other publications.

OBJECTIVES:-

The main objectives of this research paper are

1) To examine online bank related fraud issues and challenges faced by banking institutions
2) To suggest few safety measures to get rid of fraud related matters.

ANALYSIS:-

The RBI report states that among bank groups, PSBs, or public sector banks which constitute the
largest market share in bank lending, have accounted for the bulk of frauds reported in 2018-19.
It was followed by private sector banks and foreign banks. What's surprising the experts is that
foreign banks managed to buck the trend and recorded a lesser number of fraud cases but the
amount involved rose sharply. Last year, foreign banks recorded 974 cases of fraud and the
amount involved was Rs 2,560.9 million. In 2018-19 foreign banks recorded 762 cases the
amount involved was Rs 9,553 million.
 Source: https://www.indiatoday.in/business/story/rbi-report

There are different ways in which people/ attackers try to fraud people online.

1) Phishing is a type of social engineering attack often used to steal user data, including login
credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity,
dupes a victim into opening an email, instant message, or text message. The recipient is then
tricked into clicking a malicious link, which can lead to the installation of malware, the freezing
of the system as part of a ransomware attack or the revealing of sensitive information.An attack
can have devastating results. For individuals, this includes unauthorized purchases, the stealing
of funds, or identifies theft.

Phishing techniques

Email phishing is a numbers game. An attacker sending out thousands of fraudulent messages
can net significant information and sums of money, even if only a small percentage of recipients
fall for the scam.

Spear phishing targets a specific person or enterprise, as opposed to random application users.
It’s a more in-depth version of phishing that requires special knowledge about an organization,
including its power structure.

Whaling attacks are a type of spear phishing attack that specifically targets senior executives
within an organization, often with the objective of stealing large sums. Those preparing a spear
phishing campaign research their victims in detail to create a more genuine message, as using
information relevant or specific to a target increase the chances of the attack being successful.
Pharming is a type of phishing that depends on DNS cache poisoning to redirect users from a
legitimate site to a fraudulent one, and tricking users into using their login credentials to attempt
to log in to the fraudulent site.

Clone phishing attacks use previously delivered, but legitimate emails that contain either a link
or an attachment. Attackers make a copy -- or clone -- of the legitimate email, replacing one or
more links or attached files with malicious links or malware attachments. Because the message
appears to be a duplicate of the original, legitimate email, victims can often be tricked into
clicking the malicious link or opening the malicious attachment.

Voice phishing, also known as vishing, is a form of phishing that occurs over voice
communications media, including voice over IP (VoIP) or POTS (plain old telephone service). A
typical vishing scam uses speech synthesis software to leave voicemails purporting to notify the
victim of suspicious activity in a bank or credit account, and solicits the victim to respond to a
malicious phone number to verify his identity -- thus compromising the victim's account
credentials.

Steps to prevent phishing

 A spoofed message often contains subtle mistakes that expose its true identity. These can
include spelling mistakes or changes to domain names, Users should also stop and think
about why they’re even receiving such an email.

 Two-factor authentication (2FA) is the most effective method for countering phishing
attacks, as it adds an extra verification layer when logging in to sensitive applications.
 organizations should enforce strict password management policies.

 To be cautious of pop-ups on websites

 To think twice before clicking on links sent via email or other messages. Users
knowledgeable enough to hover over the link to see where it goes can avoid accessing
malicious pages.

 To verify a website’s security by ensuring that the URL begins with “https” and that
there’s a closed lock icon near the address bar

2) Spam can be defined as irrelevant or unsolicited messages sent over the Internet. These are
usually sent to a large number of users for a variety of use cases such as advertising, phishing,
spreading malware, etc.Fake accounts are key to social spamming: To gain credibility, these fake
accounts will try to become ‘friends’ or follow verified accounts, e.g., celebrities and public
figures with the hope that these accounts befriend or follow them back. When genuine accounts
befriend or follow back fake accounts, it legitimizes the account and enables it to carry out spam
activities.Another way for spammers to attack is to hack into and take over a user’s account,
spreading fake messages to the user’s authentic followers.

Clickbaiting and likejacking

Clickbaiting is the act of posting sensationalist headlines to encourage the user to click through
to the content with the aim of generating online advertising revenue. When the user clicks
through to the page, the content usually doesn’t exist or is radically different from what the
headline made it out to be.

Likejacking is the act of tricking users to post a Facebook status update for a certain site without
the user’s prior knowledge or intent. The user may be thinking that they are just visiting a page
but the click can trigger a script in the background to share the link on Facebook.

There are various techniques fraudsters use to steal your card information:

 Skimming: “This technique involves attaching a data skimming device in the card reader
slot to copy information from the magnetic strip when one swipes the card,”
 Card trapping: This is a barb that retains the card when you insert it in the machine and
the card is retrieved later
 Shoulder surfing: If you find friendly bystanders in the room or outside who try to help
you if your card gets stuck or peer over your shoulder, beware. They are there to get you
to reveal your PIN.
 Leaving card/PIN: If you write your PIN on the card and forget it in the ATM kiosk or
the machine, it’s a virtual invite to be scammed.
 Pharming: In this technique, fraudsters reroute you to a fake website that seems similar to
the original. So even as you conduct transactions and make payment via credit or debit
card, the card details can be stolen.
 Keystroke logging: Here, you unintentionally download a software, which allows the
fraudster to trace your key strokes and steal passwords or credit card and Net banking
details.
 Public Wi-Fi: If you are used to carrying out transactions on your smartphone, public Wi-
Fi makes for a good hacking opportunity for thieves to steal your card details.
 Malware: This is a malicious software that can damage computer systems at ATMs or
bank servers and allows fraudsters to access confidential card data.
 Merchant or point-of-sale theft
This is perhaps the simplest and most effective form of stealth, wherein your card is taken
by the salesperson for swiping and the information from the magnetic strip is copied to be
used later for illegal transactions.
 Phishing &vishing
While phishing involves identity theft through spam mails which seem to be from a
genuine source, vishing is essentially the same through a mobile phone using messages or
SMS. These trick you into revealing your password, PIN or account number.
 SIM swipe fraud
Here the fraudster contacts your mobile operator with fake identity proof and gets a
duplicate SIM card. The operator deactivates your original SIM and the thief generates
one-time password (OTP) on the phone to conduct online transactions.
 Unsafe apps
Mobile apps other than those from established stores can gain access to information on
your phone like passwords, etc, and use it for unauthorised transactions.
  Lost or stolen cards, interception
This is the oldest form of theft, wherein transactions are carried out using stolen cards,
those intercepted from mail before they reach the owner from the card issuer, or by
fishing out information like PINs and passwords from trash bins.
 Cards using other documents
This is also an easy form of identity theft, where new cards are made by the fraudster
using personal information that is stolen from application forms or other lost or discarded
documents.

FINDINGS AND SUGGESTIONS:-

 Be extremely wary of emails asking for confidential information—especially of a

financial nature. Financial institutions and other responsible companies do not request
sensitive information via email. If you receive this kind of request, report it to the
company.
 Don't get pressured into providing sensitive information. Phishers like to employ scare
tactics. They may threaten to disable an account or delay services until you update certain
information, but don't be fooled. Instead, contact the merchant directly to confirm the
authenticity of their request.
 Watch out for generic-looking requests for information. Fraudulent emails are often not
personalized. Meanwhile, emails from your bank or ISP often reference your business or
an account you have with them. Again, confirm the authenticity of any suspicious request
before responding.
 Never submit confidential information via forms embedded within email messages.
 If you need to submit corporate credit card numbers or other confidential information
over the Internet, make sure the site is secure. To make sure you're on a secure Web
server, check the beginning of the Web address in your browser's address bar (it should
be "https://" rather than just "http://").
 Regularly check your bank, credit, and debit card statements to ensure that all
transactions are legitimate. If anything is suspicious, contact your bank and all card
issuers.
 If you get an email or pop-up message that asks for personal or financial information, do
not reply. And don’t click on the link in the message, either. Legitimate companies don’t
ask for this information via email. If you are concerned about your account, contact the
organization mentioned in the email using a telephone number you know to be genuine,
or open a new Internet browser session and type in the company’s correct Web address
yourself. In any case, don’t cut and paste the link from the message into your Internet
browser — phishers can make links look like they go to one place, but that actually send
you to a different site.
 Use anti-virus software and a firewall, and keep them up to date. Some phishing emails
contain software that can harm your computer or track your activities on the Internet
without your knowledge.
 A firewall helps make you invisible on the Internet and blocks all communications from
unauthorized sources.
 Don’t email personal or financial information. Email is not a secure method of
transmitting personal information.
  Be cautious about opening any attachment or downloading any files from emails you
receive, regardless of who sent them. These files can contain viruses or other software
that can weaken your computer’s security.

CONCLUSION:-

From April 2017 to December 2017, 23,865 fraud cases related to credit, debit cards and internet
banking were registered, according to Reserve Bank of India (RBI) data. With the increase in the
digital way of life, especially when it comes to financial transactions, the risk of financial frauds
cannot be ignored. While cash and cards are still the preferred way to pay, mobile payments are
rapidly gaining traction. In fact, India is far ahead of the U.S., U.K. and Germany in mobile
payment adoption. Convenience and a user-friendly interface, coupled with rapidly improving,
low cost mobile data connectivity and merchant acceptance, are driving the growth of mobile
payments. Mobile wallets that offer cash back and other incentives, are also spurring adoption

REFERENCES:-

1) Yashvi Jain, NamrataTiwari, ShripriyaDubey, Sarika Jain, (IJRTE) ISSN: 2277-3878,

Volume-7 Issue-5S2, January 2019
2) Mark Button, Carol McNaughton Nicholls, Jane Kerr, Rachael Owen Volume: 47 issue:
3, page(s): 391-408, Dec 2014.
3) https://www.baruch.cuny.edu/bctc/EmailSpammingandEmailSpoofing.htm
4) https://www.imperva.com/learn/application-security/phishing-attack-scam/
5) https://searchsecurity.techtarget.com/definition/phishing
6) https://thenextweb.com/future-of-communications/2015/04/06/5-types-of-social-spam-
and-how-to-prevent-them/
7) https://med.stanford.edu/irt/security/spam.html
8) https://www.indiatoday.in/business/story/rbi-report-economic-situation-grim-banking-
fraud-amount-rises-1593248-2019-08-29
9) https://www.moneycontrol.com/news/trends/current-affairs-trends/indian-banks-lost-rs-
109-75-crore-to-theft-and-online-fraud-in-fy18-2881431.html
10) https://www.business-standard.com/article/pti-stories/with-growing-digital-transactions-
financial-cybercrime-and-identity-theft-in-india-are-increasing-reveals-fis-pace-report-
119041600729_1.html
11) https://economictimes.indiatimes.com/wealth/spend/how-to-avoid-card-
fraud/articleshow/55127030.cms?from=mdr
12) https://www.livemint.com/
13) https://www.nitinbhatia.in/personal-finance/avoid-credit-card-fraud/