Header image alt text

Naavi.org

Building a Responsible Cyber Society…Since 1998

New Small Tech dominant Banks to be licensed

Posted by Vijayashankar Na on July 18, 2014
Posted in Cyber Law  | No Comments yet, please leave one

RBI has issued a new set of guidelines for licensing small Payment Banks.

The essence of the new rules is that it will open the doors for Telecom operators, Super Market Chains, and NBFCs to enter Banking in a limited way.

These small “Payment Banks” can accept deposits upto Rs 1 lakh but cannot give loans. They need to invest their money only in Government Bonds.

Though these entities will be called “Banks”, these will be functioning more like  “Digital Wallet Keepers”. Minimum capital will be Rs 100 crores

Presently RBI has sought views from interested parties including public.

Details here

BPO employees arrested in Chennai for Bank fraud

Posted by Vijayashankar Na on July 13, 2014
Posted in ITA 2008  | No Comments yet, please leave one

Two BPO employees accused of having swindled an UK Bank of £ 30000/- were arrested in Chennai after necessary investigations.

D Ezhil Maran, 29, and S Ragava Giri, 28 worked as system engineers at Atos, a business process outsourcing (BPO) company, between 2011 and 2012, when they are alleged to have committed the fraud. The company handles back-end operations of a bank in the UK.

According to the Police the duo had identified a less operated account in the Bank and impersonated the account holder to transfer the funds to their account.

The police reportedly undertook forensic examination of the laptops belonging to the accused to establish the crime. The accused are now working elsewhere one as a Government employee and other as a professor.

Report

£Naavi

It is known for some time that fraudsters use unrelated e-mails to drop trojans which may be used for phishing.

Here is an example of an e-mail which says “..Own Samsung Galaxy for Rs 1.72..”

 

phishing_samsung_1

The link appears to contain at least two trojans which are detected by Kasparesky pure 3.0

phishing_samsung_2

 

Similar tactics could be used with World Cup related information or budget related information etc.

Many Banks in their phishing defense inform customers that “Bank never sends an email requesting for passwords ..etc”. But such notices are not useful since fraudsters may use e-mails other than in the name of the Bank and still be able to drop trojans that steal the Bank passwords.

It is also known that the new generation of trojans are even able to defeat the two factor authentication. Hence Banks need to re think on their access mechanisms and make it robust in the light of the fact that customer liability is now limited to Rs 10000/-.

Naavi

Bogus Digital Certificates of NIC detected

Posted by Vijayashankar Na on July 11, 2014
Posted in ITA 2008  | No Comments yet, please leave one

It is reported that Google has detected several bogus SSL certificates issued by NIC and blocked them.

Details

According to the report the certificates have been later blocked by CCA also.

It is surmised that hackers might have gained access to NIC and created the bogus certificates.

NIC may need to review the incident and report its findings for public information.

Naavi

Close It