We live in the age of plastic
money (handling money transactions through credit and debit cards). Since the
internet is rife with scams of all sorts - one of the most common methods that
people as well as banks resort to, is the usage of electronic ‘fraud alerts’ as
a measure of caution.
Fraud alerts are used by
customers in the form of messages and calls to the banks when they suspect
fraud. Alternatively, customers can attach fraud alerts to their credit reports
issued by credit reporting companies to stall identity fraud. From the
perspective of the banks and institutions, they use fraud alerts to caution
customers from becoming victims of identity thefts and phishing attacks.
Every day, we get general fraud alerts from banks and other institutes not to fall for their impostors and not
to reveal sensitive information to strangers. In addition to this, alert
messages are sent to us every time we use our debit and credit card, or use
internet banking, or withdraw money from ATM. Typically fraud alerts are sent
as messages to the registered mobile numbers and as mails to the registered
mobile ids. But fraudsters have devised techniques that challenge the relevance
of fraud alerts.
- Fraud alerts added to credit reports of an individual or an institution only when the stolen credentials of a person are used to open new credit facilities or get an additional credit facility sanctioned. This means that the existing finances of the victim is largely at risk.
- A creditor is not legally mandated to contact the victim who has opted for fraud alerts and take action to prevent fraud.
- Fraud alerts and credit freezes impair the eligibility of pre-approved credit and insurance which may be a disadvantage for people
- Fraud alerts may not be very effective in preventing non-financial frauds.
- Fraud alerts make use of mobile technology and the internet to reach to victims. It might so happen that a person loses his bag where he keeps both his mobile and his wallet. Within seconds the fraudsters get access to all personal information from the mobile, debit cards and credit cards. The relevance fraud alerts sent as messages and mails is questionable, with more tech savvy people configure even emails on their smartphones. Blocking sim cards and debit, credit card takes time and this time gap is when the fraudsters are most active.
- Fraud alerts are not of much use when secure payment gateways are not used.
- Mobile malware challenges the security of one time passwords which are important types of fraud alerts
- Since there is no ownership a person possesses over SMS or over the SIM, given the fact that they can be easily transferred exposes the weakness of electronic fraud alerts
- There are several technical risks associated with two factor authentication and unique identification system.
- Session timeouts due to delay in delivery of sms alerts may be caused when there is traffic congestion in network. In some cases fraud alerts may not get delivered at all.
- SMS based fraud alerts are exposed to attacks of social engineering.
- Encryption technologies used by some mobile service providers are weak.
