POSTED BY December 26, 2014 COMMENTS (60)ON
The world of banking has evolved too much in last 10 yrs and the way banking happens now is totally different from past. Millions of people across the world still do not take simple precautions while they should ideally take or they are too casual about things and later regret when they lose money in some kind of fraud.
Today I want to talk about simple tips and precautions which you should take in your banking and while transacting with debit and credit cards online. It’s up to you to see which of the suggestions and tips suggested applies to you and how deeper you want to be secured. Here are those tips
1. Scratch your CVV number
It’s one of the most common mistakes almost every credit card and debit card holder does. On the back of your card, there is a 3 digit CVV number, which is very critical information and only you should be aware about it. The first thing you should do after getting the card is that you should memorize and write it down somewhere and then scratch it, so that someone else can’t have a look at it. Note that this step will secure your CVV, but then you have to remember it, you can’t retrieve it back if you forget it yourself!
2. Make sure your internet banking password is very strong
Your password for internet banking is probably the most important thing you have to take care of. Make sure you keep it very strong. Do not use your date of birth, name, etc in password, so that one can’t guess it and it’s only known to you. Make sure you have Capital Letters, Numbers, special characters in the password (anyway it’s mandatory in most of the banks portals).
And if possible keep a long password, which makes it tougher to crack and even if someone is watching your fingers typing movement, it becomes extremely tough for them to remember. It’s a good idea to check your password strength on this password strength calculator
3. Make sure have sms alerts enabled for any amount
Make sure you have SMS alerts for all the debit and credit transactions. A lot of online frauds are series of transactions like buying 10 times on a similar site or couple of recharges to various mobile phones. If you get notifications on your phone even for small amounts, it will help you identify the start of a fraudulent activity.
4. Make sure you buy insurance for your wallet and its contents
Companies like OneAssist and CPPIndia have products like wallet insurance, which will cover you from theft and other frauds which are possible in day to day life. Not just that, they have much more than just insuring your credit and debit cards.
If you have ICICI bank Account, you can upgrade your debit card to RubyX and you will get One Assist complimentary benefits for your wallet insurance. Read more on this topic here
5. Do not save your banking passwords in Phone or Email in plain English
It’s a human tendency to take the shortcut route all the times, but when there is your money involved, it’s better not to ! . Do not store your banking passwords etc (I would say any password) in plain English in your emails or drafts or phone. Always make sure it’s in some format which only you understand, like interchange the alphabets one after another (e.g. – 12A47* becomes 214A*7) , so that you know what is the password, but even if someone gets access to it, has to spend some time to crack it. If you can avoid that also, it’s much better.
The other thing you can do is, you can just store start, middle and end 1-2 characters, because most of the times, we just need the start (most of us have multiple passwords). So if your password is MANISH987_FAKEpassw0rd , then you can store it as MA…98…FA…rd , and that’s all . You will most probably be able to recall it considering you are using it from long time, but someone else will not.
6. Never share your CVV / Expiry date to anyone on Telephone or email ever
Being financial literacy at low levels, millions of people are not aware which information is critical and which is not when it comes to credit cards, debit cards and online banking. Things like CVV , your Expiry dates etc are never ever asked by any bank customer care. They ask things like card number, start date, date of birth etc for verification purpose. But there are scams going on internationally where scamsters pose as actual customer care and in name of verification call, they ask for CVV number and Expiry Date, which is extremely confidential information and no one other than the cardholder should know.
7. Don’t let others punch your PIN at restaurants or Petrol Pump
I have seen tons of people who share their debit card CVV number at hotels while dining or even at petrol pumps just because its shortcut, and in 99% cases, nothing happens too and you are safe. But that 1% case is dangerous where someone looks at your expiry and CVV number, and then do the online transaction without requiring your OTP password (6 digit) on international websites (that last level authentication is just applicable for Indian websites)
I personally think you should punch your PIN yourself and not share it with others. Most of the time some restaurants even carry the EDC machine and bring it to you. If you are sharing your PIN with others and handing over cards at hotels, don’t be surprised if someday you get a sms saying – “You just purchased …. worth $340 at amazon.com” , it happens and very much can happen with you too! . Read the incident below
Four unauthorized transactions happened to my ICICI credit card on 27 Jan 2014 in USA in a Grocery Shop amount $1200 (Rs 70000) approx. The Credit card was with me all the times at Bangalore and I never shared my credit card or personal info to anyone. I was using the ICICI credit card from last 6 years. The transactions happened in night and in the morning I show the sms alerts and called customer care about that. (Source)
8. Have the customer care numbers in your mobile for emergency purpose
You should make sure that you have your credit card company customer care stored in your mobile to inform them as soon as possible in case there is some fraud transaction with your account or card. At times, we come to know about the fraud and we feel that we will inform the customer care as soon we reach home/office. But that can actually turn against you because of delay.
9. While using your ATM card, make sure you block the view of others
Looks are deceptive . You never know who is watching you and your activity and what’s their plan? It’s always a good idea to cover your hand while punching the PIN and make sure no one is looking at you. If its ATM, make sure no one is around you. I know many must be thinking that they should probably skip this point, but only when some fraud happens, you realize how important it is.
It’s like people start wearing helmets only after an accident and buy health insurance only when someone in relatives had paid a big bill at hospital.
10. Avoid ATM transactions very late at night or at lonely places
If possible, it’s better to avoid ATM transactions at lonely places or at nighttime especially after 10-11 pm . If you are using ATM’s at remote locations, you have to be extra cautious. There are numerous cases where someone entered the ATM while someone was using it and they at gunpoint looted them or because it was lonely and dark, someone tried to rob someone coming out of ATM.
11. If you don’t swipe your cards regularly, keep it at home
I do this myself. I generally use only credit card when I am transacting offline, and use credit card only for online transactions, so I don’t not carry my credit card at all (haven’t seen it from last one year actually). So if you do not use it on a very regular basis or only in some pre-know situations , then it’s better to carry them only when you require them. Else just keep it at home.
I know this does not apply for many people, but you can still learn from this point .
12. Do not put much info on Social Media
I have seen numerous cases of people sharing their bank account details, phone number, email id, PAN and even date of birth online one various portals online (even on this blog) especially on consumer complaint websites. Note that you can write your entire story without your critical details too. Never share your personal details with anyone stranger or on public forum
13. Enable Two Factor Authentication for your transactions
Enabling two factor authentications means that you will be asked to enter your transaction password and then either an OTP (which comes on SMS) or your card grid values. So there is security at two levels.
Most of the banks now have this by default, but if your bank has a choice of it, then you should enable it and if your email accounts are too precious, then even they have two factor authentications now (Gmail)
14. Never click on links on email to go to sites
You should never click on the links which come on your email and visit the website of a bank or credit card company. That might be a fraud email, which is taking you to a similar looking website. As far as possible, always make sure you only open the website either by clicking on a pre-stored web address or book marked one by you or type it yourself and always make sure it starts with https://
Below is an example of one such email which was sent by a fraudster on the name of Axis Bank Security update, which was taking the person to some other website on clicking the link mentioned in the email.
You should make sure you do not access your internet banking (and even your important mail accounts) from a public computer or unsecured networks. Places like cyber cafes are a NO NO .. I would even make sure that I do not operate my internet banking from someone else computer too. You never know what kind of softwares are stored on someone computer. There are programs called “Key loggers” which record your which keys are you typing and it keeps a note of it and can later be retrieved.
Even some viruses and Trojans might be stealing your important information on real time and you might be at risk
16. Make sure your computer firewall is turned on and are running antivirus software
A lot of people turn off their firewall to increase the speed of internet . Make sure you avoid keeping it off. The firewall of your computer is extremely important to protect you. Also, make sure you have a good antivirus installed in your computer and keep cleaning it from time to time. You never know what bad thing got installed while you were downloading something over the net (especially when you use torrents)
17. Use Mobile Antivirus in case you access banking from your phone
If you use your mobile frequently to access banking, then it’s a good idea to have even mobile antivirus installed . Most of the troubles come from the least expected people and place.
18. Do not choose to save your passwords in browser when it asks for it
When you login to any website with username and password, browsers often ask you if you want to save the password, so that you it auto populates it next time.
19. Keep your computer OS and browser up-to-date
Its highly recommended that you have an up-to-date browser and Operating system (I hope no one has Windows XP or Vista or old version of IE/Mozilla/Chrome) . There are several security updates which keep coming and many loopholes are detected and fixed from time to time. Almost all the banks suggest it clearly that users should keep their OS and Browsers updated. ICICI bank also mentions it on their security tips webpage ..
20. Use Virtual Keyboard if possible
You must have seen a keyboard kind of interface which can be used while typing password and username, you can use it to make sure you are safe. As I explained before, there are programs like ‘Spy Ware’, which can detect which keys are you hitting and can steal that data. But when you use the virtual keyboard, it can only record which keys you pressed because it’s not happening on your computer, but one the bank server (experts on this topic, please correct me if I am wrong)
You should read more on this topic here
21. Use a separate browser for banking purpose
I think it’s a great idea to use a separate browser itself for banking purpose. Like if you are using Chrome for your other browsing, you can keep Firefox reserved for the banking related activities. I know this might sound like it’s going to extreme level of security, but then it depends on how paranoid you are about this security thing. It’s a personal choice of yours. If you do this, you can choose to disable the cache at all and not save anything in browser at all by default, no plugins , no add ons .. just pure minimal level of browser.
I know that most of the people might be following a lot of things mentioned here. Now it’s time for you to follow the other things mentioned here. Banking is one of the core element of your financial life, which can be considered the central element I would say. It’s extremely important to take care of it with highest level of security.
I would love to hear your comments and any new tips if you want to give from your side?
Here is the list of some of our best content.
2021 © Jagoinvestor.com All Right Reserved
60 replies on this article “21 tips you should follow to secure your banking transactions”
My Debit card CVV was seen by an ICICI bank officer yesterday, when I approached him for help regarding Internet banking .
Can he use the CVV fraudulently ?
I am worried.
Yes, if they have all details they can .. but OTP mechanism is there to save you !
Manish…many of the tips you mentioned are useful and some of them are pure common sense. Nevertheless, it makes sense to reinforce them so that people remember them when doing transactions. I had a point about the authentications- nowdays the banks have moved from 1st level auth (usid/pwd) to 2nd level (OTP) to level 3 (grids). This can really drive you nuts when you want to do a quick transaction and finish it off. I remember a case where I wanted to issue a cheque book from the icici bank site – I was carrying my cell but not my card. The site did not allow me to complete the request because I didnt have the grid – it was just so frustrating! Security is a complicated space and banks need to ensure that customer service is not compromised because of all these verifications that they carry out.
I am facing a situation which has been bothering me for quite some time now. Recently, I received SMS Alerts from a bank stating that certain amount has been deposited/withdrawn from the bank account. Interestingly, I have NO Account with that bank. What shall I do? Can you please advise?
In that case, I think the phone number is wrongly updated with bank. It might happen that by mistake its yours . Is the account also in your name? If yes, better contact the bank
Thanks for the reply. I cant figure out, if it is in my name…Moreover, I just received 3-4 SMS Alerts so far, last one was almost 2-3 months back. I tried contacting the customer care of the concerned bank but to no avail. Is there any way to find out, if someone has fraudulently opened any account in my name? I would appreciate your reply.
Visit the branch now
Some of the tips here are simple, but very effective (and very frustrating for the fraudsters) in protecting your account.
One suggestion for password: Remove the special characters such as @, ! from the password and type in google. Check whether it returns any result. If it does not return any reslut then the password is difficult to crack.. 🙂
Nice 🙂 . How did you come to that conclusion ? What is the logic behind this ?
What Siva probably is trying to suggest is that…if your password is “searchable” on google, then its already there on the internet…its not a secret anymore..!!! and hence not a safe one.
There is one fool proof way to generate a really difficult password, and the best part is, you can ‘recollect’ it very easily (this is not my own technique, saw it on TV) :
Type in any simple sentence, pick up the first letters from each one. Add in a number and probably a special character E.g
My Name is Manish Chauhan and I am an Indian.
Picking the first letters
MNiMCaIaaI <– This is already a difficult password, and if you add in, say, your fav number and a special char, then good luck to the hackers, they would spend a lifetime trying to crack it.
I get it now !
I like to inform about user more on your point,” 20. Use Virtual Keyboard if possible.”
I am a Soft. Engg and also involve into implementation of such virtual keyboard.
Actually, virtual keyboard only provide security against “Key logger” which records the key press. Either you typing the password, or using Virtual keyboard actually works on client side(on your computer) totally. Password and other information travel to bank server when you press submit(or login) button in encrypted format(if it is https page, most bank have).
So, I recommend use virtual keyboard whenever you are using your online banking from unsecure location like internet cafe, friends computer or any office computer. Yes, office computer!! you don’t know most the time IT department in companies have software to track things and your password will be compromised.
Thanks for sharing that Rajiv ! , I didnt knew this 🙂
Very good software. Keepass is available on google play store also for android devices.
Thanks for sharing that !
Two tips which might help others,
1. I use password manager (I use 1password) to generate bank account password, I know only techies will use this, because most are scared of softwares to store their password, personally I believe its safer to use a trustable password manager rather than using weak password, this will also help in filling credit or debit card auto filling during checkouts and also prompt you to change passwords periodically
2. as already mentioned, use a separate browser or incognito mode in chrome without any plugins/extensions installed, I use chrome and allowed 1password to run in incognito mode, this way you can auto fill easily and escape from key loggers too
Those are some good tips Riyaz 🙂 .. thanks for sharing that with us !
Many thanks and also wishing ur team A VERY HAPPY NEW YEAR . Hope that u will continue to EDUCATE us on issues which we think we know more.
some points were really an eyeopening for me.
Sure we will !
I have read your article and noted the contents. It is extremely good and lot of thanks for your information.
All the points are very useful.
I read a small article on Readers Digest magazine about pf amount.From the day on words i am fallowing this site. Thanks a lot for suggesting more useful tips on this site.
And also thanks to Readers Digest magazine .
Welcome Navanees 🙂
https://lastpass.com/ + fingerprint reader
It’s really a very informative article. Thank you.
Great tips!!! I would like to add one particular information: KeyLoggers are on the rise and One more way to protect is to use a keyscrambler software. It is a very effective extra layer of defense to keep your sensitive information safe is through keystroke encryption. One software which is free and effective ( tested against various keyLoggers) is Zemana AntiLogger but if you want a professional paid version…one can get keyscrambler
I use the incognito mode in Chrome for banking purpose. Is it useful, I am not sure, if someone can share their thoughts about it.
Yes, its one of the security measures you can take, but that just makes sure nothing is saved in cache ! .. thats all !
Having a strong password for critical accounts is fine. Equally important is where we store them. I have been using keepass http://keepass.info for this purpose and find it really useful. Just remember one strong master password and store all account passwords inside the keepass. Also everytime we change the password of accounts, ensure to update the same in keepass db as well.Those who are using notepad or excel to maintain passwords, please have a look at it. It even supports key based auth.
Thanks for sharing that Ravi .. it would be very useful resource !
Really good article. Interestingly, I find that I follow all the precautions which I have been doing it for years and it has become my habit now. I follow one more precaution while net banking is that keeping a record of login details in a small pocket note book. I always keep a pocket note book with me where I keep a note of login date, time and my location for every banking site I use. That way I keep a track whether someone else is entering my banking domain or not. During next login I tally the last login date and time shown in banking site wrt my note book. I personally think everyone should follow this practice.
Thats great … thanks for sharing it !
For signing the back of the credit / debit card (point #1), I suggest using a CD marker with a fine tip so that it does not fade away.
In point #7, I understand that the ATM pin provided in restaurants and petrol pumps is different from CVV number. Its still a valuable tip and I’ve seen so many people freely sharing their pin in restaurants. I find it convenient to use a credit card in such situations since there is no need to share any pin. Of course, point #1 has to be taken care.
I liked the idea of scratching the CVV number (point #1) and wondered why I haven’t done it till now even though I never refer to it while doing online transactions. I took action right away but unfortunately the number seems like its etched on the card, so even though I scratched it, someone could still read it if they really wanted to. Still, scratching the pin is a good deterrent.
This article is a good checklist for anyone looking to secure their financial life. Thanks a lot Manish. You rock!
THanks for sharing these points Karthikeyan !
Good Article Manish.
One point I would like to add to this list. Now a days people use Bank’s own applications on phone and unfortunately smart phone is easy target for theft. Most of times patterns or number combinations are visible via fingerprints on phone’s glass. So though it’s very convenient refrain using mobile application, if not necessary.
Thats a good point .. thanks for sharing !
A big thanks for an informative article.
Two basic steps to secure oneself from bank account fraud are
1. Use low limit credit card.
Better still, have two credit cards one with low limit for day to day transactions and one with high limits for exceptional transactions. Keep the second one safe in house until it is required.
2. Keep only required amount in the account.
My monthly expenses are capped and I keep only that amount in savings account an plough back the balance into investment, immediately after receiving salary. This will also save TDS on savings account interest( rather helps better utilization of excess money).
This is working for me for he past few years. Of course I did not loose a card and I have alert SMS on monetary transactions.
I feel the root cause of account fraud is excess money in savings account and high limits of credit card. Once these two are addressed, loss due to the fraud, even if it happens is minimum.
Thanks for a good article and discussion.
Your Point No 1 is really good
Good day! Thanks for sharing such a useful & essential thing for me.
I really liked the 1st point. “Scratch your CVV number” Really Nice & you people only can thing out of the circle. I am scratching my Debit/Credit card CVV number:)
Good……Keep writing the wonderful things!
Just make sure you never forget it 🙂 . You can’t retrieve it back !
Dear Mr. Manish,
A well compiled article for a lay man customer to take care when dealing with financial transactions.
Sr No. 14
pl add that no financial organisation ever asks you to fill your personal data via a link sent in your mail. Any change needs to be done by logging in with your password. Similarly no banks asks your personal details over phone.
Most frauds are happening by these 2 means.
Thanks for sharing those two points . I will add more to those points as suggested by you .. thanks for contribution !
Excellent write up and need of the day Thanks Mr Manish for your valuable tips
Extremely helpful information…small things can make a big difference….
Thanks Rahul .. spread the word !
21 tips you should follow to secure your banking transactions
Thanks Hemanth !
Pls. don’t test out your password at any password strength calculator site. These kinds of sites are often setup by hackers, or in association with hackers for farming passwords from potential victims.
Best way to overcome password brute force crackers is by using hindi / native language words. Of course, you still type them out in english letters, but this way, dictionary attacks (using english words) can be overcome.
Cna you share more on this . Even if we assume they are hackers site, they dont know who is using it and which password is it ?
If they want to, they will still.
The answer to your question is given in many movies! Have you seen Race 2?
No I havent 🙂
Informative and very useful article again from Manish. I am regularly using internet for various transactions and i visit branch very less. I did not take care most of the points while transaction. From now onward i have to take care of the security. Thank you very much for the article.
Thanks Suman .. welcome !