19 Mar Online financial transactions security – Joint responsibility between Provider and Users
I came across an article http://www.financialexpress.com/industry/indias-cyber-security-chief-avoids-netbanking-should-you-too-heres-what-he-knows-that-you-didnt/1100875/, where CERT chief raised his concerns about security of online financial transactions. While a reader is tend to think that online financial transactions are not safe, I would like to emphasize that most of the online financial transactions mechanisms/platforms have sufficient safety/security mechanisms in place. The article quotes that the Indian firms recorded 12.4 percentage increase of costs due to data breach. This forces us to think about the reasons for such security breaches.
As the saying goes, a chain is as strong as its weakest link, the safety of any system is no exception. Let us discuss about possible weak links in the security of our financial transaction.
Let me make an analogy here. The law mandates us to use seat belts and helmets while driving four wheelers and riding two wheelers respectively and the manufacturers of vehicles are mandated by the law to provide these security features in their vehicles. If driver is not following the mandate and does not take security measures, the safety mechanisms provided by the vehicles will be weakened.
Similarly, even in financial platform which provides strongest security measures, if the user avoids practising them, then the security of the whole system will be weakened. Isn’t it?
To maintain a robust security system of a platform, there are audits, and standards to be followed for the providers for their products. For the benefits of the users, there are many customer education drives which are intended to train the users to keep their accounts safe and hence to keep the safety of the system intact. There are various certifications like PCIDSS which mandates certain strict password policies along with other mandates. Such strict security measures may be inconvenient like wearing seatbelt and helmets, but are necessary to keep our hard earned money safe.
Here are a few pointers to keep our online transactions safe. Many of them are already known and we might already be practising the same.
- Use the correct website address. Instead of clicking the URL received, type the web address. Be vigilant to check whether the address starts with https.
- The mobile apps should be secured with PIN.
- Keep your Passwords and PIN sufficiently strong and un-guessable.
- Change the passwords and PIN frequently. For example try to change all online accounts password every 60th day, even if it’s not mandated by the platform.
- Memorize the passwords/PIN and do not write them.
- Enable phone screen locking and keep the locking period as less as possible.
- Maintain two separate accounts for your payment needs and savings need, keeping only sufficient balance in your payments account for your payments needs.
- Be careful about the over the head security cameras, while entering PIN or while entering sensitive details of your card.
- Wherever facilitated enable multi factored authentication.
- Do not disclose your password/PIN with anyone, even if it’s claimed that someone from the bank or platform/application.
- Be alert of any message received in your phone on a possible transaction which you have not initiated and report it to the bank immediately even if it’s a very negligible amount.
- Please report the loss of credit/debit cards immediately to bank.
- If the phone which is registered for the transactions with bank/applications is lost, immediately block the number until alternative SIM card is received.
- Update the registered phone numbers with the banks/application on changing phone numbers.
- If the wallet containing the credit/debit card is lost, block the card immediately.
Keep in mind to maintain a fine balance between security and convenience. Drive safe and Transact safe.