Payment solutions and systems in India
Delivery channels :
– ATMs- Debit cards
– Mobile banking – IMPS
– Internet banking
– e -commerce
– Credit cards
– Prepaid instruments.
Most familiar Payment channel is ATM
The customer identification
Magnetic /Chip based cards.
Payment solutions and systems act 2007
ATM Network groups
-NPCI- NFS network
-Cashtree ATM network –Winded up in 2014.
-BANCS – Co- operative banks network .
RBI guidelines for the network/ vendors/settlement banks On site /off site – On line /off line
Owned /Outsourced /White label ATMs
ATM switch: Owned / Outsourced switch
Cash loading- Front/ back loading
Networking – Lan /ISDN/MPLS /Vsat
ATM / Cash dispenser /Kiosk
Deposit of cash, Paying utilities, like phone bills, credit card , taxes, etc.) Bank mini statements, e commerce for Purchasing ,transfer of funds
ATM Security has several dimensions.
– Security guards ,cameras ,etc biometric devices,.
– Secured doors card operated , convex mirrors ,dye markers .
Transactional secrecy and integrity
-Encryption of information.
– Sensitive data in ATM transactions -Triple DES / – – Message authentication code (MAC) is also be used to
ensure messages have not been tampered.
– Insurance of ATMs and cash in the ATM/in transit.
Man in the middle attack
– Attaching fake keypads / card readers/skimming devices .
– Phishing scam
Physical cash and cash balancing
-The cash balancing, Electronic journal,
-Reconciliation/ Surprise cash checking etc
-Access controls consists of two items in ATMs. ATM maintenance and for cash replenishment.
Skimming , Phishing : Debit and credit card scam.
Cards /Pin mailer /delivery – frauds
Ready kit/Insta card
Destruction of ATM cards
Third party SLA
-Sender asking confirmation about your account details
Links within e-mails
-Fraudsters use these links to lure people to phony web sites
-To check whether the message is genuine.
-Online ID theft. A virus or malicious program is secretly planted in the computer.
-Don’t do any financial transactions in public PCs( Cyber café,) keystroke logger.
-Anti virus software /Firewall protection and UPDATE it always.
-Never respond to any mails / phone calls asking your password, pin etc
-Dual authentication/ OTP.
-Sensitive information given in error what to do?
Shortcuts to your Banks website:
-Always verify the site before accessing it.
-Type the URL address manually.
– Make sure your URL begins with ‘https”
– Never enter your personal information in a pop up screen
Opening of E- mail attachments
Protect your computers:
–Spam filter- helps to reduce the number if phishing e mails
–Anti virus – scans all incoming messages for troublesome files
–Anti spyware – looks for programs that have been installed and track your online activities without your knowledge and protect you against pharming
–Firewalls– Prevent hackers and unauthorized communications from entering your computer
Phishing can also happen through phone
– Verify the persons identity before passing on information about you and your accounts
Cyber crimes in cards products
Why credit Card products affected most?
– Easy of operations.
– Transactions done through internet .
– Phishing scam.
-Weakness in internal control leads to unauthorized /manipulated inputs ( changing names, address ,due date, transfer of funds etc)
-Security needs to be tightened as per IISC policy
Frauds in POS
POS- Point of sale terminals are installed at shopping centers, malls etc .
Fraud is committed by getting the relevant information on the cards and the CVV code .
POS machines are handled by Humans and their involvement is more in these sorts of frauds .
Opt for additional pass word while using the credit cad or debit card in POS,.
Risk in Multi channels
1.Virus attacks: Entry of Virus is generally through CDs, Thump drives, Internet Intranet, Networks
2. Bugs: Bugs are different from Virus.
5. Accidental /Intentional deletion of data, Improper shut downs, spillage of water/drinks etc on the key board in the system.
Hacking: Hacker is a person who knows programmable language and how they work.
Skimming: Capturing personal account information from the credit card
Trojan :Is designed to steal the passwords and send your confidential data.
Malware: It is a program which hides malicious codes behind an innocent document and can collect usernames/passwords etc of mail accounts
oE-mail spoofing: Forging an e-mail header to make it appear as if it came from somewhere or some one other than the actual source.
Debit-card theft entails stealing and marrying up two sets of details: data /PIN
Skimming how it works : Near -invisible pinhole cameras in and around the ATM booths, plastic overlays over the machine’s card-reader, containing reading equipment that would relay the data to a remote storage device.
Social engineering techniques
Payment Solutions and Systems and Risk Management
At CAKART www.cakart.in you will get everything that you need to be successful in your CA CS CMA exam – India’s best faculty video classes (online or in pen drive) most popular books of best authors (ebooks hard copies) best scanners and all exam related information and notifications.Visit www.cakart.in and chat with our counsellors any time. We are happy to help you make successful in your exams.
Click here to download FREE CA CS CMA books.