The OTP frauds and cybercrime in general has been on the rise very recently.
To combat the same, the Home Ministry, SBI Cards and Payment Services Ltd (SBI Card), and telecom operators have joined forces the rise in OTP theft and in general the broader threat of cyber fraud targeting the banking sector.
OTP Fraud – Modus Operandi
As per the International Safety Equipment Association (ISEA), OTP fraud exploits the security feature designed to protect online transactions — One Time Passwords (OTPs).
Below are some of the techniques that these fraudsters employ:
- Impersonation: One of the most common way of OTP fraud is pretending to be company executives or official agents, offering:
- Free gifts, discounts, or special offers
- Easy loan approvals
- KYC updates
- Increased credit limits
- Malware: Sending links laden with malware that, once downloaded, can intercept OTPs.
- Social engineering: Next in line comes the way of convincing people to disclose their OTP under various pretexts, such as confirming the cancellation of an erroneously placed order.
Now, that we have covered, how it is done, lets cover on what could potentially happen when it is done.
Dangers of OTP Fraud
- Financial loss
- Data breaches
- Malware attacks
- Hacking of mobile devices and computers
In order to circumvent such cases, a solution is being developed wherein the discrepancies between a customer’s registered address and the OTP delivery location shall be monitored.
Via this the customer can be notified about the discrepancies between their SIM’s location and the geolocation of OTP delivery.
In cases where the fraudulent activity is suspected, OTPs could be blocked to prevent misuse.
Currently in testing phase, this feature aims to utilise telecom databases to ensure the correct geographical delivery of OTPs. Enhancing the security measures against cyber fraud, the system will compare the geolocation data with the customer’s registered home address.
In order to stave the OTP foe off, you can do the below:
To avoid falling victim to cyber fraud:
- Download apps only from trusted sources like official app stores.
- Verify unexpected calls by contacting your bank directly.
- Stay cautious of unfamiliar messages and emails, avoiding links and attachments.
- Stay informed about cybersecurity threats and your bank’s security guidelines.
- Activate Two-Factor Authentication for added account security.
- Keep banking apps and phone software updated for security.
- Use secure Wi-Fi networks, avoiding public connections for financial transactions.
