New Small Tech dominant Banks to be licensed

RBI has issued a new set of guidelines for licensing small Payment Banks.

The essence of the new rules is that it will open the doors for Telecom operators, Super Market Chains, and NBFCs to enter Banking in a limited way.

These small “Payment Banks” can accept deposits upto Rs 1 lakh but cannot give loans. They need to invest their money only in Government Bonds.

Though these entities will be called “Banks”, these will be functioning more like  “Digital Wallet Keepers”. Minimum capital will be Rs 100 crores

Presently RBI has sought views from interested parties including public.

Details here

Share Button
Print Friendly

BPO employees arrested in Chennai for Bank fraud

Two BPO employees accused of having swindled an UK Bank of £ 30000/- were arrested in Chennai after necessary investigations.

D Ezhil Maran, 29, and S Ragava Giri, 28 worked as system engineers at Atos, a business process outsourcing (BPO) company, between 2011 and 2012, when they are alleged to have committed the fraud. The company handles back-end operations of a bank in the UK.

According to the Police the duo had identified a less operated account in the Bank and impersonated the account holder to transfer the funds to their account.

The police reportedly undertook forensic examination of the laptops belonging to the accused to establish the crime. The accused are now working elsewhere one as a Government employee and other as a professor.

Report

£Naavi

Share Button
Print Friendly

How the lure of Samsung Galaxy at Rs 1.72 can land you in trouble

It is known for some time that fraudsters use unrelated e-mails to drop trojans which may be used for phishing.

Here is an example of an e-mail which says “..Own Samsung Galaxy for Rs 1.72..”

 

phishing_samsung_1

The link appears to contain at least two trojans which are detected by Kasparesky pure 3.0

phishing_samsung_2

 

Similar tactics could be used with World Cup related information or budget related information etc.

Many Banks in their phishing defense inform customers that “Bank never sends an email requesting for passwords ..etc”. But such notices are not useful since fraudsters may use e-mails other than in the name of the Bank and still be able to drop trojans that steal the Bank passwords.

It is also known that the new generation of trojans are even able to defeat the two factor authentication. Hence Banks need to re think on their access mechanisms and make it robust in the light of the fact that customer liability is now limited to Rs 10000/-.

Naavi

Share Button
Print Friendly

Bogus Digital Certificates of NIC detected

It is reported that Google has detected several bogus SSL certificates issued by NIC and blocked them.

Details

According to the report the certificates have been later blocked by CCA also.

It is surmised that hackers might have gained access to NIC and created the bogus certificates.

NIC may need to review the incident and report its findings for public information.

Naavi

Share Button
Print Friendly

New Malicious Code for Android- Selfmite

A new virus called Selfmite has been detected on the Android platform. This virus spreads itself by sending SMS to contacts in the infected phone with a link.

The text message sent by Selfmite contains the contact’s name and reads: “Dear [NAME], Look the Self-time,” followed by a goo.gl shortened URL.

The rogue link points to an APK (Android application package) file called TheSelfTimerV1.apk that’s hosted on a remote server, researchers from security firm AdaptiveMobile said in a blog post.

If the user agrees to install the APK, an app with the name “The self-timer” will appear in the app list.

In addition to spreading itself to other users, the Selfmite worm tries to convince users to download and install a file called mobogenie_122141003.apk through the local browser.

Mobogenie is a legitimate application that allows users to synchronize their Android devices with their PCs and download apps from an alternative app store. The Mobogenie Market app was downloaded over 50 million times from Google Play, but is also promoted through various paid referral schemes, creating an incentive for attackers to distribute it fraudulently.

 Refer article here.

Naavi

Share Button
Print Friendly

RBI limits Customer’s Loss on Phishing

In an excellent but long awaited move, RBI has directed Banks that the liability of customers on “Phishing” loss should be limited to Rs 10000/-

See Report

The new Banking Service code of ( Banking Codes and Standard Board of India -BCSBI)  says that for any unauthorised internet banking transactions, the customer’s liability is limited to Rs 10000, irrespective of the funds moved out of the account. An unauthorised transaction is one that doesn’t have the express and implied approval of the account holder.

According to the code, “If a third party manages to get hold of the user ID or password in an unauthorised manner and any debit takes place and which he notifies the bank, the maximum loss will be Rs 10,000.”  Also, the code says that customers will not be liable for any losss due to unauthorised fund transfers taking before they receive the password for internet banking transactions.

Further, the onus will be on the banks to establish that customers have compromised the secrecy of their password.

In some instances, the liability could be lower than Rs 10,000. The new code says that in the event of any unauthorised transactions, this would be the lower of the following options: the actual loss at the time of notifying the bank; the limit set for such transactions; the balance available for withdrawal; a maximum of Rs 10,000.

For instance, if a customer has a balance of Rs 5,000 but the fraudster transfers Rs 25,000 by taking a temporary overdraft, the loss would be limited to the minimum balance of Rs 5,000 in the account.

It may be recalled that many such cases of frauds have been reported earlier at Naavi.org. The undersigned has been relentlessly following legal action against many Banks in this regard. Damodaran Committee report had also spoken about such cases.

The current guidelines come as a great relief to the Bank’s customers.

Naavi.org congratulates RBI for taking these steps.

Naavi

Share Button
Print Friendly