Living in the Digital Age is like being Red Riding Hood —-‘Enjoy the lovely forest, but watch out for the big bad wolf!’ Well, Anu was Red Riding Hood last week.
Thieves at our doorstep
That afternoon, a lady from the “Card Company” phoned Anu. Good news, she had been awarded Bonus Points worth Rs.4900, could she validate some details before they accounted it? Now, Anu knew that her debit card had no bonus scheme and she had no credit card either. Anyway as an accountant’s wife, she knew there were no free lunches, ever. By now, the TRUECALLER App in her phone (which my son had thoughtfully installed) indicated an unidentified Uttar Pradesh number.
“What Card?” demanded Anu. The lady at the other end was vague: Master Visa Card, she mumbled. Both? This was suspicious! When Anu stood her ground, she broke into Hindi. So Anu stood her ground, this time in Hindi: “Kaunsa card, hmm?” She immediately passed the phone to her “supervisor” who spoke good English. While the “supervisor” spoke, Anu heard the original lady tell him in sotto voce “ICICI Bank mey yeh number nahi enter ho raha hai!” So, the spammers were Phishing (Vishing, to be exact)— for Anu’s name and/or Bank account!
Anu thwarts them
As Anu contemplated her counter attack, an incoming call cut in. This was from the Bank. Mrs. Anu, are you trying to do a transaction for Rs.4900 through your Debit Card? When Anu said NO, the Bank lady said, we are disabling your Debit Card this minute, because it has been compromised; we will issue a new card within 2 days. Anu broke into a sweat now, but Little Red Riding Hood had vanquished the Big Bad Wolf, with a little help from the Hunter!
Our friendly Banker helps
That evening the Bank Manager came home and I did some CID-style interrogation. He was a nice fellow and he gave us some dope on the modus operandi. Anu never gave financial details to anyone, and the card was safely in her possession; she always transacts through secure payment gateways and uses OTPs. So how could anyone connect her card number to her cell-phone number? The Manager thinks she could have registered her phone number in some retailer’s site (though Anu cannot remember doing so); that site could have been hacked. There are crime syndicates which have a large database of stolen links and their operatives patiently phish till a sucker swallows the bait. The choice of Rs.4900 was significant — because when the transaction exceeds Rs.4999 the retailer would ask for a CVV number, which our thieves cannot produce, since the card is not with them!
I learnt that banks spend more than 25% of their IT budget on Security and Fraud Detection systems. The thieves had hoped to succeed by attempting a transaction below Rs.5000 (flying below the radar range). Banks share ‘suspect’ phone numbers internally, and they have triggers to alert when such a number hits their server. Many banks use specialised Intelligence systems that ‘look’ for abnormal transactions; and there are specialist crews monitoring the systems. Which is why Anu’s Bank acted swiftly. Boy, am I grateful to them!
But who can change Karma?
Before leaving, the Manager offered Anu a free upgrade to their Luxury Debit Card. So what was special? He said, for example madam, it has a Bonus Point Scheme… Ayyo Ramaa, not again!