BANKING MADE SECURE WITH MONEYCLICK
Our Internet Banking facility MoneyClickTM lets you to manage your finances in the comfort of your home or your office as per your convenience. MoneyClickTM is a Self-Service Channel, which is available 24 hours a day and 365 days a year in an absolutely simple, friendly but secured environment. In MoneyClick, a mere touch of a button or click of a mouse makes you accessible to a host of Banking Services.
This also gives an opportunity for fraudsters to use internet as medium to commit frauds. We would therefore say that the Internet banking channel comes with risks inherent to the Internet arena.
It is important for online users to be aware of such frauds/attacks and protect themselves against them. Smart users world over have found ways to manage these risks. Banks worldwide have moved their customers to the Internet with enormous gains in efficiency and service quality. It is the customer who stands to gain. This is exactly what we want for our customers. To come back to the question of risks, good practice suggests that the users should evaluate risks, appreciate and balance the criticalities and the convenience which Internet banking offers.
Customer’s role in security:
We need your active participation in online security. You have an important role to play, in ensuring that you are careful with your Internet banking User ID and passwords. Please ensure that your computer and software are protected.
Common Attack Methods and Techniques.
1. Phishing 2. Spoofing (E-mail spoofing, Website spoofing) 3. Smishing ()
For better security in conducting banking transactions, customer may adopt the following practices.
- Avoid using key board to enter login details while some one is close by. It is recommended to use virtual keyboard in login page.
- Please log out completely from the account and close the browser after you finish your transaction.
- Karnataka Bank provides two passwords (login and transaction password) for your safety. Maintain distinct passwords for each and keep them changing periodically.
- Maintain login and password confidentiality and avoid writing down in places which are accessible to others.
- Please contact your branch immediately or Call to our Customer Care Centre at 18004251444, if you see any discrepancies in the account statement.
Considering the various risks inherent in transacting over a public network such as the Internet, we employ a range of security features for Online Banking Service:
- Firewall (Virtual electronic fence that prevents unauthorised access to the MoneyClick server)
- 256 bit key length of Verisign Digital Certificate with Secure Socket Layer (SSL) protocol.
- Secured Funds Transfer & Bill Payment
- Two levels of passwords for executing Financial Transactions
Awareness against Phishing:
What is Phishing?
The Criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and Debit card details by masquerading as a trustworthy entity in an electronic communications.
Phishing is a global problem faced by Banks worldwide. It is an attempt to 'fish' for your banking details. Phishing could be an e-mail that appears to be from a known institution like banks / a popular website.
Please note that Banks will never ask for confidential data like login and transaction password, etc.
How does phishing happen?
- Phishers set up a replica page of a known financial institution or a popular shopping website
- Bulk e-mails are sent to users asking for their personal data like account details, passwords etc
- When the user clicks on the link, the replica of the website will open. Or while the user is online, a form will populate through an "in-session pop-up"
- On updation, the data goes to phishers. Post which the user is redirected to the genuine website
Phishers have refined their technology to launch sophisticated attacks and use advanced social engineering techniques [The human side of breaking into a computer system. This situation may happen if an user unknowingly gives away confidential information (eg: passwords and IP address by answering the questions over the phone with someone they do not know or replying to an e-mail message from unknown person/source)] to dupe online banking users.
Phishers use a combination of email phishing, vishing (voice phishing) and smishing (SMS phishing) to get customer details like account no., login ID, login and transaction password, mobile no., address, debit card grid values, CVV no, PAN etc.
The phisher calls phone banking posing as the customer to request for address change. He then reports the loss of the card and requests for a fresh card, which reaches the new address and is misused.
Customers ignore intimations about change in account details.
The phisher collects the 3D Secure password through sophisticated technology and vishing to shop online.
Phishers approach customers at offices / residences to fill survey questionnaires and offer gifts in exchange. These forms contain question on confidential data.
Banks and regulatory bodies like Reserve Bank of India (RBI), Income Tax (I.T) Dept. are publicizing awareness on phishing. Phishers now send emails resembling Yahoo / rediffmail, shopping sites or regulatory bodies, like RBI / I.T. dept., asking for confidential data
Phishers send emails with attachments that carry virus / Trojan. The keyed-in data is captured by the malware and transmitted to phishers.
How to identify a Phishing attempt?
- Unsolicited emails, calls from strangers or websites asking for confidential banking details
- Messages asking for urgent action due to security reasons
- Links received in emails to access known websites
- To check the actual website, roll the cursor over the link or check for https:// where "s" stands for 'secure site'
How to avoid Phishing?
- Do not disclose details like passwords, debit card grid values, etc. to anyone, even if they claim to be bank employees or on emails / links from government bodies like RBI, I.T. Dept., etc
- Type the correct web address (URL) directly in the browser address bar. Do not use links received in emails
- Change your passwords from your own computer, in case you have used a cyber cafe / shared computer
- Every customer should register for SMS alert facility for his/her accounts. In case of any transaction in the account, the customer will get an SMS alert
- PC/Laptop or any other electronic equipment used for online banking should be updated with latest patches of the Operating System. Similarly install effective anti-virus/anti-spyware/personal firewall on your computer/mobile phone and update it regularly
- Do not open email attachments from strangers as they may contain virus / trojan which transmit keyed-in details to phishers
- A click on the padlock icon appearing on the web page will display the digital certificate for genuineness of the website
- Report the incident to the Bank / institution on the number mentioned on the Debit card, bank statement or official website
How to report a phishing attempt?
- Forward the entire original e-mail with its original header information intact to firstname.lastname@example.org.
- Report the incident with caller's no., date and time of call, etc at our Customer Care Centre.
What should you do if you have entered data on a fraudulent link?
- Change the passwords immediately
- Report the incident at our Customer Care Centre.
May occur in different forms but all have a similar result: A user receives an e-mail message that appears to have originated from one source but actually was sent from another source. E-mail spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information such as passwords or account information. Examples of spoofed e-mail that could affect the security of a site includes:
- E-mail claiming to be from a Karnataka Bank System Administrator/DBA and requesting you to change passwords to a specified string and threatening to suspend your account if you do not make the change.
- E-mail claiming to be from a person in authority and requesting you to send a copy of a password file or other sensitive information.
- E-mail claiming to be from Karnataka Bank (with false mail header), requesting you to update your private and confidential information related to your bank account details/personal information.
Please do not disclose any personal confidential information (User ID, Password, Debit card numbers, PIN …etc) to anyone, including Karnataka Bank employees. It is reiterated that Bank will never ask for sensitive personnel information (password, PIN).
If you come across a web site or email which seeks your private & confidential information related to Karnataka Bank, please inform us immediately. You can e-mail us at email@example.com, or call our Customer Care Centre at 18004251444.
Website spoofing is the act of creating a website, as a hoax, with the intention of performing fraud. To make spoof sites seem legitimate, phishers use the names, logos, graphics and even code of the actual website. They can even fake the URL that appears in the address field at the top of your browser window and the Padlock icon that appears at the bottom right corner.
How The Fraudsters Operate?
Fraudsters send e-mails with a link to a spoofed website asking you to update or confirm account related information. This is done with the intention of obtaining sensitive account related information like your Internet Banking User ID, Password, PIN, debit card / bank account number, card verification value (CVV) number, etc.
Tips To Protect Yourself From Spoofed Websites
- 1 Karnataka Bank will never send e-mails that ask for confidential information. If you receive an e-mail requesting your Internet Banking security details like PIN, password or account number, you should not respond.
- 2 Check for the Padlock icon: There is a de facto standard among web browsers to display a Padlock icon somewhere in the window of the browser For example, Microsoft Internet Explorer displays the lock icon at the bottom right of the browser window. Click (or double-click) on it in your web browser to see details of the site's security.
- It is important for you to check to whom this certificate has been issued, because some fraudulent websites may have a padlock icon to imitate the Padlock icon of the browser.
- 3 Check the webpage's URL. When browsing the web, the URLs (web page addresses) begin with the letters "http". However, over a secure connection, the address displayed should begin with "https" - note the "s" at the end.
- If you forget your password
- If you are unable to log in to your Internet Banking account.
- If you notice any suspicious activity on your account.
Please call our Customer Care Centre.
To safeguard your card account:
- Ensure regular updation of the anti-malware and anti-virus application on your computer.
- Do not enter your card details and codes in pop-up windows that may appear for no reason in the midst of your activity on facebook or any other website.
- Log-off from the session immediately.
- Ensure to do your online shopping on known and reputed websites only.
It is a combination of short message service (SMS - also known as text messaging) and phishing (the act of emailing someone with the intent of obtaining personal information that can be used for identity theft).
Messages are being received across the country by cell phone users claiming their accounts are delinquent, need to be updated or even to register for a new program. Links in the message and toll-free telephone numbers are being used.
Points to remember
- Cell phones can get viruses, so never click on links from any unknown person
- Never share financial or personal information by e-mail or text message.
- Tell us about suspicious e-mails that contain our name or logo.
- Check accounts regularly to spot fraud or unauthorised account access.
- Be very sure of the website address. The website address is reflected in the address bar of your Internet browser. This check is recommended every time you access any website from a link given elsewhere. Always type the website address into the address bar or bookmark the websites that you use frequently.
- Never enter, confirm or update your account-related details in a pop-up window.
- If you tend to use your debit cards for online shopping frequently, make sure that you sign up for the Verified by VISA and/or MasterCard Secure Code program(s).
- Confirm that the website is a secure one. Make sure any Internet purchase activity you engage in is secured by encryption to protect your account information. Look for "secure transaction" symbols.
- Shop only from reputed websites.
- Beware of online offers that require you to provide your account details "for verification".