An app may be stealing your bank data, RBI warns digital, UPI users

Do you use online banking? Beware! Hackers might be fraudulently accessing your e-wallets, mobile banking app and UPI. The Reserve Bank of India (RBI) has warned banks of a digital banking fraud that could wipe out a customer’s bank balance by using the Unified Payment Interface (UPI) route. In an alert dated February 14, the cybersecurity and IT examination cell of the central bank said that a mobile application called ‘AnyDesk’ was allegedly being used by fraudsters to access data on mobile devices.

Digital security concerns have assumed a greater importance amid the Narendra Modi government's efforts to steer India towards a less-cash, digital economy.

What is 'AnyDesk'?

‘Anydesk’ is a remote control application. It works to connect one device to another.

How can the fraud wipe out a customer's bank balance?

The method is simple.

— First, fraudsters get bank customers to download the app (AnyDesk).

— Through a nine-digit code generated on the customers' device, hackers get remote access to their mobile.

— After inserting the app code on the device, the hacker asks customers to grant certain permissions, which are similar to what is required while using other apps.

— Once they gain access to the mobile phone, hackers can carry out transactions fraudulently through any mobile banking app or payment-related apps, including UPI or wallets.

What must you do in case your mobile is hacked?

* If you are banking electronically, you must register yourself for SMS/email alerts and immediately inform your bank in case of a fraud.

* According to RBI, you must only use sites with https while banking online.

* Avoid banking on free networks.

* Regularly change and do not share your password/PIN

Rise in the number of UPI transactions and digital banking — a cause for worry?

RBI's warning on 'AnyDesk' calls for attention amid a rising volume of UPI transactions and digital banking. According to a Business Standard report, digital payments saw a spike after demonetisation. According to a report by the Reserve Bank of India, a total of 2,059 cases of cyber fraud were reported in 2017-18 amounting to Rs 109.6 crore. The number of cyber fraud cases in 2016-17 was 1,372 amounting to Rs 42.3 crore. A spike in cyber frauds is bigger than most other types of bank frauds. A total of 5,917 bank frauds were reported in 2017-18 and nearly a third of these were cyber frauds. UPI, Narendra Modi government's flagship payments platform, crossed the Rs 1 trillion milestone for monthly value in December 2018. NPCI attributed UPI’s success to three main features — simplicity, seamlessness and security. However, chinks in the UPI system began to show soon after it was introduced. 

Business Standard is now on Telegram.
For insightful reports and views on business, markets, politics and other issues, subscribe to our official Telegram channel