Banking Security Tips

Reserve Bank of India has launched a nation wide intensive financial awareness campaign for digital users. To know more, click on this link -

Reserve Bank has launched an Integrated Ombudsman Scheme which offers a single window for resolution of complaints against RBI regulated entities. To know more refer the following link -

Mobile Security – Do’s and Don’ts

• Password protect the mobile phone and never give your mobile phone to anyone.
• Choose a strong password to keep your account and data safe.
• Change your mobile PIN regularly at least once in every 60 days.
• Report a lost or stolen phone immediately to the Airtel Payments Bank, mobile service providers (Airtel / Vodafone / Idea etc.) and law enforcement authorities.
• Use anti-virus, anti-spyware and personal firewalls and keep them updating regularly.
• Use licensed software. Software purchased from untrustworthy sources could have virus or trojans that could corrupt your files and reveal your confidential data.
• Don’t store sensitive information such as credit card details, mobile banking password and user ID on your phone.
• Be cautious while accepting offers such as caller tunes or dialer tunes or open/download emails or attachments from known or unknown sources.
• Be cautious while using Bluetooth in public places as someone may access your confidential data/information.
• Don’t click on links embedded in emails/social networking sites claiming to be from the bank or representing the bank.
• Be careful about the websites you are browsing, if it does not look authentic, do not download anything from it.
• Update your mobile with latest security patches for your operating system, browser and email client.

Password Security tips

• When you receive your mPIN, change it immediately.
• Never use the following for your mPIN: undefinedundefinedundefinedundefinedundefined
• Never share your mPIN with anyone not even with bank employees.
• Avoid using the same mPIN for several different accounts. Once hackers have guessed one password, they’ll often try to see if it works on other accounts.
• Memorize your PIN. Don’t write down your password or PIN anywhere especially not on your card.
• Change your mPIN at regular intervals at least once in 60 days.
• If you suspect that someone knows your PIN/Password, change it immediately.
• Don’t send your password or PIN to anyone via email or text message.
• Don’t say your password or PIN aloud in public where other people can hear you.
• Don’t store your browser/mobile remember your card/account password.

Secure Online Banking

• Review your account statements frequently to check for any unauthorized transactions
• Don’t transfer funds without due validation of the recipient, as funds once transferred cannot be reversed
• Immediately inform the bank in case of changes in your mobile number to ensure that SMS notifications and OTP are not sent to someone else.
• Never reveal or write down mPIN/password, never retain any email or paper communication from the bank with regard to the mPIN/password
• Avoid accessing internet banking from shared computer networks such as cyber cafes or public Wifi network like hotel/airport etc.
• Always verify the authenticity of the Bank's NetBanking webpage by checking its URL as https://airtel.in/netbanking and the PAD Lock symbol.
• Disable “Auto Complete” and “Remember Password” feature on your browser.
• Always logout when you exit NetBanking. Do not directly close the browser.
• Read privacy policy of the website before entering personal information such as name and email ID. Be aware of how your information would be used by the website owner.
• Customers using airtel payments bank card for online transactions can set card usage limit for their Card by raising a  request at : Call 400 ( airtel number) or 8800688006 (non airtel number) Email: wecare@airtelbank.com

Secure Online Shopping tips

• Always shop or make payments through trusted/reputed websites.
• Do not click on links in emails. Always type the URL in the address bar of the browser.
• Before entering your private details, always check the URL of the site for HTTPS.
• If you are a frequent online shopper, signup for Verify by Visa and Master Card secure code program.
• Check for PAD LOCK symbol / HTTPS on the webpage before starting to transact.
• Do not enter your confidential account information such as Credit Card Numbers, Expiry Date, CVV values, etc. on any pop-up windows.
• Use One Time Password (OTP) received on the mobile phone instead of static Visa and Master Card secure code password as OTP are more secure.
• Customers using airtel payments bank card for online transactions can set card usage limit for their Card by raising a  request at : Call 400 ( airtel number) or 8800688006 (non airtel number) Email: wecare@airtelbank.com
• Never share OTP with any one, OTP is a temporary password which need to be kept secret same as mPIN.

Secure Phone Banking

• While talking to the Phone Banking officer, never disclose the following undefinedundefinedundefinedundefined
• Ensure that no one see you entering you PIN (personal identification number).
• Avoid giving verification details to the Phone Banking officer while in public places.
• The Phone Banking channel is meant to be used by the account holder only. Do not transfer the line or hand over the phone to any other person after you complete self-authentication.     

SOVA Trojan alert

• A new type of mobile banking malware campaign using SOVA Android Trojan have been targeting Indian banking customers. An alert regarding this Trojan was issued on 16th September, 2022. This malware captures the credentials when users log into their net banking apps and access bank accounts. The new version of SOVA seems to be targeting more than 200 mobile applications, including banking apps and crypto exchanges/wallets. As per the reports, the malware is distributed via smishing (phishing via SMS) attacks.
• Below best practices are recommended to be followed-
• Reduce the risk of downloading potentially harmful apps by limiting your download sources to official app stores, such as your device’s manufacturer or operating system app store.
• Prior to downloading / installing apps on android devices (even from Google Play Store): a) Always review the app details, number of downloads, user reviews, comments and "ADDITIONAL INFORMATION" section. b) Verify app permissions and grant only those permissions which have relevant context for the app's purpose. c) Do not check "Untrusted Sources" checkbox to install side loaded apps.
• Look for suspicious numbers that don't look like real mobile phone numbers. Scammers often mask their identity by using email-to-text services to avoid revealing their actual phone number. Genuine SMS messages received from banks usually contain sender id (consisting of bank’s short name) instead of a phone number in sender information field.
• Do extensive research before clicking on link provided in the message. There are many websites that allow anyone to run search based on a phone number and see any relatable information about whether or not a number is legit.
• Only click on URLs that clearly indicate the website domain. When in doubt, users can search for the organization’s website directly using search engines to ensure that the websites they visited are legitimate.
• Exercise caution towards shortened URLs, such as those involving bit.ly and tinyurl. Users are advised to hover their cursors over the shortened URLs (if possible) to see the full website domain which they are visiting or use a URL checker that will allow the user to enter a short URL and view the full URL. Users can also use the shortening service preview feature to see a preview of the full URL.
• Look out for valid encryption certificates by checking for the green lock in the browser's address bar, before providing any sensitive information such as personal particulars or account login details.
• Customer should report any unusual activity in their account immediately to the bank on the customer care number (For Airtel Customers: 400; For Other operators: 8800688006) with the relevant details for taking further appropriate actions.)

Modus Operandi - Fraud prevention tips

• Some of the modus operandi followed by the fraudsters and criminals through investment / part  time job / Ponzi schemes, wherein the transactions are routed through the banking channels are given hereunder:
• Victims are lured through part-time job offers and other advertisements on internet and /or messaging platforms, etc., and are promised high commissions or high returns such as doubling of money in short span of time. The advertisements / SMS messages usually contain a link, which directly prompts for a chat. Further, mobile applications, bulk SMS messages, SIM-box-based Virtual Private Network (VPNs), phishing websites, cloud services, virtual accounts in banks, Application Programming Interfaces (APIs), etc., are used to carry out financial frauds.
• Keywords such as “Earn Online” , “Part Time Job”, etc., are used by fraudsters and criminals to match their advertisements with the terms people are searching for. Further, such advertisements are mostly displayed from 10 AM to 7 PM, which is usually the peak time for internet use by Indian public. Majority of websites used by fraudsters have domains – ‘xyz’ and ‘wixsite’. Most of these sites either redirect to a messaging platform or to a website which has embedded messaging platform link which, on clicking, again redirects to a chat.
• Multiple Indian numbers were used for communication with victims. Upon analysis, it was found that  mobile number holder was not aware about messaging platform being operated in his/her name. In some cases, the mobile number holder knowingly shares OTP in return for some money from the fraudsters.
• The fraudsters sends an investment link over chat. Each person has a referral code. Fraudster generally communicates in English. Google Translate is also used to communicate with the victims.
• A screenshot needs to be sent to the person over the messaging platform to activate the account. Once the account is activated, a task is given to the user to gain confidence of the person. Mandatory condition to do a task is to load money through Payment Gateways which are not authorized to operate in India. All payments are made through UPI. Some of the UPI addresses belong to companies registered with Ministry of Corporate Affairs (MCA). A call centre is usually used to interact with the victim for communication regarding tasks. For instance, on failure to load funds on investment website, the call centre executive initiates a call.
• Once the task is completed, the victim is asked to withdraw the money. Money is withdrawn through various Payment Aggregators.
• On getting the first refund, the victim is now lured to do more tasks which involve loading of more money. The process continues and once a big amount is loaded by the victim, the person (fraudster) stops responding over chat.
• UPI details are updated daily on the fraudulent websites. Investment website keep changing. Source code remains same but domain changes.
• Bank account opened by money mules using real / fake identification are used to receive stolen funds from compromised bank accounts, through sharing of OTPs, etc. Rented accounts are sourced by agents and account owners (money mules) are given fixed rent or commission or lumsum amount for the account.