February 14, 2017 By Amit Kumar 4 min read

A couple months back, I received a phone call from a man claiming to represent my bank. He menacingly asked me to share my debit card details so he could stop my account from being blocked. I panicked for a few seconds, then asked him some probing questions. The caller hung up the phone.

A call to my bank about the security of my account did not provide very reassuring answers. Though my questions saved my account from the fraudster’s prying eyes, not everyone is so lucky. Indian banking customers have lost $1.8 billion to voice phishing alone.

A Challenging Year for the Indian Banking Sector

2016 was full of surprises for the Indian banking sector. Indian banks were hit by a massive financial data breach in which over 3.2 million debit cards were compromised. Banks reacted by blocking millions of debit cards and advising customers to change their ATM personal identification numbers (PINs).

If that wasn’t enough, fraudsters stole $81 million from Bangladesh Bank using its employees’ SWIFT credentials, sending ripples across Asia. The Reserve Bank of India (RBI) reported nearly 12,000 cases of financial cybercrime to the Indian Parliament. But the actual number of attacks may be much higher since, according to experts, 80 percent of cybercrimes go unreported in India.

While the Indian banking sector was juggling with these cybersecurity challenges, the biggest shock knocked on every Indian’s door on the evening of Nov. 8, 2016, when the government demonetized 86 percent of bank notes in circulation to promote the digital transformation of the economy. In the immediate aftermath of the surprise announcement, digital transactions surged by over 300 percent. This made our digital money more vulnerable than ever to cybercriminals.

The Multifaceted Menace of Cybercrime

In terms of cybercrime, India is the third most targeted country in the world, and 58 percent of these attacks target the financial services sector. Attackers employ a variety of techniques to steal financial data from banks and individual consumers. Let’s take a look at some of the most prominent attack methods affecting Indian banking customers.


Phishing is the most common attack vector in India. In 2015, 8.3 percent of global phishing attacks occurred in the country. This technique involves stealing sensitive personal information (SPI) through emails by masquerading as a legitimate entity or familiar person.

Voice Phishing

Also called vishing, voice phishing is another cybercriminal trick widely used in India. In a voice phishing campaign, fraudsters place unsolicited calls to potential victims and attempt to extract credit card details, PINs, passwords and other SPI. Fake call centers that perpetuate these attacks are growing in volume and sophistication.

Social Engineering

India ranks second in cyberattacks conducted through social media. Social media scams increased by 156 percent in the country, with every sixth scam impacting an Indian. Social engineering attackers often use fake social media profiles to lure victims to volunteer SPI, which could be used to commit banking fraud.

Card Skimming

ACI Worldwide’s “2016 Global Consumer Card Fraud Survey” ranked India fifth in payment card fraud. According to the survey, 37 percent of respondents in India have experienced card fraud in the past five years.

Card skimming involves attaching a small hidden card reader to an ATM to copy data from the card’s magnetic strip. The scammer can later use this data to clone cards and withdraw money from compromised accounts.

Mobile Fraud

Mobile wallets became hugely popular in India after demonetization. One study predicted a 65 percent rise in mobile fraud in 2017 as a result of the change, especially since most mobile wallets have security loopholes that fraudsters exploit to siphon money.

Cybercriminals also produce fake versions of popular mobile wallet apps to dupe users. To add insult to injury, many mobile wallets are uninsured, so users are often liable for lost money.

Point-of-Sale Malware

Cybercriminals commonly target point-of-sale (POS) terminals at retail outlets to steal payment card information by introducing malware. The POS malware intercepts the unencrypted payment data and sends it out to the attacker’s server. India is becoming a top target for POS malware due to the massive surge in the use of payment cards.

Securing Indian Banks

Several high-profile attacks against major financial institutions sent shock waves through the Indian banking sector. In June 2016, the RBI issued comprehensive guidance to help Indian banks implement a cybersecurity framework. The guidance outlined security measures banks should take to fight against cyberthreats and protect their customers. In August 2016, RBI issued a draft notification to ensure zero liability for customers if financial fraud is reported within three days.

Though demonetization heightened the focus on cybersecurity in India, there is still a lot of ground to cover. Banks and mobile wallet companies need to prioritize cybersecurity and implement well-defined processes to help customers easily recover stolen money. Currently, mobile wallet companies are hardly regulated, which leaves customers vulnerable. Recently several major Indian banks announced their intent to buy cyber insurance coverage to help protect their businesses and customers from cyber threats.

Proactively Protect Your Money

The rate of conviction in Indian cybercrime cases is low because of weaknesses in the Information Technology Act 2000. The legal process is also notoriously slow. Though many Indian banks claim to protect customer accounts, it’s not easy to recover stolen money from a bank after a breach. It’s better to exercise caution and follow online security best practices:

  • Use a strong password, change it often and never use it across multiple sites.
  • Check with your bank to determine whether your account is insured against internet fraud.
  • Monitor your account regularly and notify the bank of any unusual activity as early as possible.
  • Update your computer’s operating system and software and protect it with a good security solution.
  • Do not open suspicious emails or attachments, and do not share your SPI with strangers.
  • Exercise caution when clicking on social media links and do not post your SPI on social media.
  • Never access online banking from a public computer or over a public Wi-Fi.
  • Withdraw money from ATMs located in secure areas and use your card only with trustworthy merchants.

If your account is compromised, report it immediately to your bank and the local police. Swift action can help you minimize the damage and bring the cybercriminals to justice.

Read the white paper: Accelerating growth and digital adoption with seamless identity trust

More from Banking & Finance

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

DORA and your quantum-safe cryptography migration

5 min read - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector.The Digital Operational Resilience Act (DORA) is a regulatory framework that introduces uniform requirements across the European Union (EU) to achieve a "high level of operational resilience" in the financial services sector. Entities covered by DORA — such as credit institutions, payment institutions, insurance undertakings, information and communication technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today