A one-time password (OTP), or a one-time pin, is a password that's only good for one time when you log in or do a transaction on a computer or other digital gadget. OTPs fix a bunch of problems that come with regular (unchanging) password-based logins. Some setups also use two-factor authentication, where you need both something you have (like a little keyring thing with a special calculator for OTPs, or a smartcard or certain phone) and something you know (like a PIN) to use the one-time password. A one-time password (OTP) is a popular way to double-check it's you when you're moving money around online.
But now, frauds have figured out a way around it. They're tricking bank customers into telling them their OTP, or they're hacking into smartphones to get it. Here's the sneaky part: instead of trying to get your OTP directly, they're going to the bank and pretending to be you. They ask the bank to change the phone number linked to your account. Once they've got control of the new number, they can get OTPs sent there and use them to take your money.?
Another trick fraud use is getting a new SIM card with your number on it. They trick the mobile company with a fake ID and get a new SIM that shuts down your real one. Then they can get OTPs sent to the new number and do whatever they want with your account.
Also Read:?Delhi Man Turns Millionaire Overnight With Rs 60 Lakh Worth Reliance Shares
As per ET reports, to tackle this rising fraud Indian government, SBI Cards and Payment Services Ltd (SBI Card), and telecom operators have teamed up to make a new way to alert people if their one-time passwords (OTPs) are stolen. This is part of a bigger plan to fight against cyber scams and fake messages that trick people into giving away their bank details.
They're trying out a system where banks can see where a customer lives and where their OTP is being sent. If there's a difference between these two places, the customer will get a warning that someone might be trying to trick them into giving away their details. Two bank officials who are familiar with the matter say the government is looking at a way for banks to check where a customer lives and where the OTP is sent, as per ET reports. However, Home Ministery declined to comment and SBI cards didn't respond to ET.?
Currently, the government is trying out a plan that helps banks keep tabs on where customers live and where their one-time passwords (OTPs) are being sent. If there's a difference between these two places, customers will get a heads-up that someone might be trying to trick them online. ¡°The solution is still being tested; these are early days but the idea is to track the geolocation of the customer through the telecom database and ensure that the OTP is going to the right area,¡± one of the bank officials told to ET.
The report says that the Reserve Bank of India suggested adding another step to verify digital payments. But since scammers have figured out ways to divert OTPs to their own gadgets, the extra step isn't very helpful anymore. ¡°In case of any issue with the OTP delivery location, we can undertake two steps--either pop an alert on the device or block the OTP altogether,¡± a second official said.
While the details of the solution are still being sorted out with phone companies, telcos can check where a customer's SIM card is right now and compare it with where the OTP is being sent. Banks also have information about where their customers live. So, they'll need to create the ability to use all this information at the same time, one of the executives explained.
According to the Indian Cyber Crime Coordination Centre (i4C), cyber criminals managed to steal a whopping Rs 10,319 crore between April 2021 and December 2023. The majority of these crimes were traced back to China, Cambodia, and Myanmar, involving non-state actors, as reported by the government body.
To combat this growing threat, the government established the 'Citizen Financial Cyber Fraud Reporting and Management System' under i4C. This initiative has successfully prevented approximately Rs 1,200 crore worth of fraudulent transfers, thanks to over 470,000 complaints from citizens received up to February 2024.
In the year 2023 alone, the registry received a staggering 1.12 million complaints, amounting to Rs 7,488 crore in fraudulent transfers, disclosed the government body in February.
Also Read:?With 7 Houses & A Helipad, This Scottish Island Is Up For Sale At Just Rs 26 Cr