Wednesday, January 31, 2018

[Cyber-security Awareness Series] The Magic Card


Ramnath was quite happy when he received the “card” from the bank. This was no ordinary “card” given to him. He could withdraw money from his account at any point of time by using this card and could also swipe it at any shop to buy goods for his family. The villagers thought it to be a Magic Card.

You may think as to why would anyone consider a debit card as so special and extraordinary. Well, for Ramnath and other villagers in his village, this was the first time they had seen such a card. The bank had opened a new branch in this remote village and opened a new bank account for every villager under the “Khata Yojna” of the bank. Ramnath was also a beneficiary of this scheme.

The villagers were then encouraged to deposit some amount in their bank accounts. Ramnath decided to put all his savings of Rs. 18000 in his bank account. He had saved this amount over years for the higher education of his only daughter, Kalavati. Kalavati wanted to be a doctor from childhood. She had lost her mother in her early childhood as there was no doctor available in the medical centre in her village.

It was just over a month when Ramnath decided to withdraw a sum of around Rs 1050 for her daughter’s application form. He went to the bank branch around 9am to withdraw the amount. He filled the withdrawal form and submitted it to the cashier. The cashier checked the account and said that the transaction could not be processed due to lack of funds in his account.

Ramnath jokingly told the cashier that he was not withdrawing Rs 1,05,000 from his account. The cashier, however, was in no mood to joke. He told Ramnath that his account balance was just Rs 20 and he should have more funds in his account for the transaction to be completed.

Ramnath felt as if the sky had fallen. He told the cashier to recheck again. The cashier rechecked and asked him to meet the bank manager.

How did 18000 get converted to 20? To understand this mathematics, read on.

The bank manager offered some water to Ramnath as he was feeling dizzy now. His entire savings had been wiped off. The cashier had claimed that just Rs 20 was left in his account. The bank manager opened Ramnath’s account and queried him on his earlier transactions. Ramanth looked confused. “I had not transacted before. This is my second visit to the bank. I deposited Rs18000 last month when I opened my account in the bank. I needed the money for my daughter’s application form, hence I came today for the withdrawal “answered Ramnath.

The bank manager looked confused. He asked him about the “card” which the bank had given him. The bank manager could see transactions done using the debit card. Ramnath replied that he had safely kept the “magic card” under the God’s idol in his home. He had never used it.

The bank manager understood that something was not right. He decided to investigate the matter. He asked Ramnath to come to the bank next day. Ramanth was now quite angry. He asked the bank manager to return his money which he had deposited last month. He claimed that he would come with all the villagers tomorrow to the bank branch.

The news of money missing from the bank spread like wildfire in the village. Multiple villagers came to the bank branch to either check or withdraw their deposited amounts from the branch. Some of them had to leave empty-handed. By evening, the bank manager was the target of every villager.
-----
The bank manager called a meeting with his staff to understand the problem. Nobody could understand as to what would have happened. There was no money withdrawn from the ATM placed outside the bank, yet multiple accounts showed that withdrawals had taken place.
The bank manager shot a mail to the corporate office of his bank. The corporate team responded immediately with details of every transaction taken place for every account holder of that branch.
The bank manager understood as to what had happened, however, he could not understand how.
-----
The next day’s scene at the branch was as if the branch was offering free money to everyone. All villagers had gathered outside the bank branch to withdraw their money. Fearing such a kind of response, the bank manager had called in the police department. Two heavily built policemen had arrived, but clearly, they were no match for the agitated villagers.
The villagers were shouting when the bank manager approached to talk to them. In the midst of this shouting, something caught the bank manager’s ears. A person was shouting that he had got a call from the bank last week asking his card details as his rate of interest needed to be added to his bank account.
The manager asked everyone to be quiet to help understand what kind of call he had received.
---
What & how it happened?

Some of the villagers claimed that they received a call from the bank last week congratulating them on the interest they would be receiving from the bank. But in order to process that interest, the lady (on the call) requested them to share the card details which the bank had provided. The affected villagers were even asked to share the CVV number present at the back of the card.
The affected villagers had happily shared the details since they were convinced that the call came from the bank. On further investigation by the bank, it was found that the bank had employed a vendor to collect the details of the villagers. One of the people employed at the vendor decided to misuse these details and called some of the villagers to extract the card details. This person then used this card online to transfer money to his own account or do shopping on e-commerce websites.

It is imperative for the banks to make its customers aware, especially the uneducated lot, about the do’s and don’ts of banking and information sharing. Social Engineering is one of the most effective mechanisms by which any kind of security can be made futile.

Image Courtesy: Pixabay

No comments: