Click Here to Subscribe For FREE SMS Alerts on Disaster Awareness

Refresher Training of CERT by FOCUS

Wednesday, October 23, 2013

In a first, city co’s bank KYC hacked, 17 lakh withdrawn

Mumbai: Personal details provided to the bank as part of know-your-customer (KYC) norms are no more secure. In a recent fraud, at least Rs 16.7 lakh was stolen from a Mumbai company's bank account after fraudsters hacked into the bank's server and tampered with the information submitted under KYC guidelines. 

    The fraudsters replaced the victim's mobile number in the database with their own so that fund transfer alerts were sent to them. They then transferred money to seven different accounts across India. The money was withdrawn from these accounts and the account holders paid a commission. 
    "This is the first time that fraudsters have tampered with KYC information and swindled money," said cyber law ex
pert Prashant Mali, who is representing the fraud victim. TRACING THE E-FRAUD The fraudsters managed to get the victim's bank login and password from illegally available bank databases They hacked into the bank's know-your-customer database & replaced victim's mobile number with own They then logged into the victim's bank account by using a Nigerian IP address, and generated a onetime password (OTP) Used OTP to transfer money to 7 bank a/cs in India set up by agents, whom they paid 10% of the loot 
Fear of fraud rises in India Inc: Survey 
Fear of frauds runs deep in India Inc. The Global Fraud Report released by Kroll shows 71% of those surveyed in India feel that their exposure to fraud has increased, up from 67% last year. P 21 
'Hold bank responsible for breach' 
Mumbai: The fraudsters who stole at least Rs 16.7 lakh from the bank account of a Mumbai company clearly planned the crime intricately. 
    According to advocate Prashant Mali, who is representing the fraud victim, the fraudsters first procured the net banking login and password of Mumbai-based Raatronics—in all likelihood from illegally available bank databases. They then turned to hacking the bank's know-your-cus
tomer (KYC) database and changing the mobile number provided by the company's proprietor Ashish Goradia. Investigators traced the IP addresses of the computers from which hacking was committed to Nigeria and the United Kingdom. 
    After substituting Goradia's mobile number with theirs, the fraudsters obtained a one-time password to carry out a transaction. Funds were transferred out in the first week of May. Goradia learnt about the fraud later in May when he visited 
the bank's Juhu branch. "We were shocked because the number we provided to the bank was functional. The bank should be held responsible for the breach," he told TOI. 
    "Many more clients of the nationalised bank may have been defrauded with similar modus operandi. The Reserve Bank of India should take strict note of the bank's lapses," said Mali. They have lodged a complaint with the police and approached the adjudicating authority for refund of losses and compensation.


Popular Posts

Slide Presentation


Enter a Youtube URL to download:

Powered by KeepHD.com
Custom Search

Daily Green News


blogger templates | Make Money Online