cyber security

CERT-In and Master Card India sign MoU for collaboration in cyber security to enhance India’s cyber-resilience in Financial Sector

Two entities will leverage their shared expertise to strengthen financial sector cyber security incident response Indian Computer Emergency Response Team (CERT-In) is a Government organization under the Ministry of Electronics and Information Technology, Government of India. CERT-In has been designated to serve as National agency for incident response under Section 70B of the Information Technology Act, 2000. CERT-In has joined hands with Master Card to promote cooperation and information sharing in the area of Cyber security related to the financial sector. The two entities have signed a Memorandum of Understanding (MoU) under which they will leverage their shared expertise with regards to financial sector in the fields of cyber security incident response, capacity building, sharing cyber threat intelligence specific to financial sector and advanced malware analysis. As part of the mutual understanding, Master Card and CERT-In will hold training programs and workshops for cyber capacity building, latest market trends and best practices to enhance cyber security of financial sector organizations. The two entities will also share relevant cyber threat trends, technical information, threat intelligence, and vulnerability reports to strengthen the financial sector information security of India. “Cyber security is the need of the hour and Prime Minister Shri Narendra Modi government is committed to ensuring that people on digital platforms are secure, as this warfare is not on the ground but in cyberspace. I am confident that this is an important milestone that will benefit not only both entities but also the public at large,” said Shri Jitin Prasada, Minister of State in the Ministry of Commerce & industry; and Electronics and Information Technology. “Master Card’s comprehensive approach to security gives its partners and customers deeper visibility into cyber risk and greater adaptability and resilience, protecting their systems through the latest AI technology. The company is delighted to collaborate with CERT-In to fortify India’s financial digital ecosystem, which has powered unprecedented growth in the country,” said Shri Gautam Aggarwal, Division President, South Asia at Master Card. About CERT-In: www.cert-in.org.in The Indian Computer Emergency Response Team (CERT-In) is a Government organization under Ministry of Electronics and Information Technology, Government of India. CERT-In has been designated to serve as National agency for incident response under Section 70B of the Information Technology Act, 2000. CERT-In operates 24×7 incident response Help Desk for providing timely response to reported cyber security incidents. CERT-In provides Incident Prevention and Response services as well as Security Quality Management Services. About Master Card (NYSE: MA) Master Card is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all.

OTP Fraud: Protecting Yourself in this Digital Era

Whether ordering food in a few clicks, paying bills while sipping your morning tea or buying your favourite dress on any E-Commerce Website and app, online transactions have made our lives more Comfortable than ever. However, this Comfortability comes with a risk. While one-time passwords (OTPs) provide an extra layer of security for your online transactions, scammers have found ways to exploit this system. What is an OTP scam? An One Time Password is a unique code that is sent to our mobile phone or email address to authenticate various transactions, such as logging into an account or making a payment. Fraudsters take advantage of this security feature to force people to share these OTPs. Cybercriminals obtain a person’s personal information, such as banking details or mobile numbers. They call up legitimate entities such as banks, e-commerce platforms, logistics or service providers. Experts at pretending to be genuine, these scammers ask you to share the OTP. Once they get the OTP, they carry out unauthorized transactions such as withdrawing money from the bank account. What kind of scenarios indicate an OTP scam? OTP scam scenarios can vary but are often similar. For example, you may receive a text message urging you to share the OTP you just received, claiming to reactivate your account or verify a payment. Sounds reasonable, right? These scammers often take advantage of our curiosity or readiness. Here are some scenarios: – Fake bank call: You may receive a call purportedly from your bank. The caller, posing as a bank representative, will alert you about suspicious activity in your bank account. They may claim that sharing your OTP is necessary to stop that transaction and protect your funds. – Fake prize notifications: Another popular tactic involves receiving messages or calls claiming that you have won a lottery, prize or a very lucrative offer. To cash in on this alleged prize, scammers insist on receiving your OTP. – Misdirected OTP: Scammers may contact you, claiming that they have mistakenly entered your mobile number for their transaction and that the OTP for their transaction has been sent to you. They will then request you to share this code with them. – SMS Spam: spam refers to unsolicited and irrelevant text messages sent to mobile users. While not directly financially harmful, SMS spam is a nuisance, wasting users’ time and potentially exposing them to fraudulent schemes. It is not just our phones that are being targeted, these scammers are getting smarter in their tricks. They may also ask for your OTP to avail interest-free loans, get your income tax refund or increase your credit card limit and many more advices. How do we identify a scam? The key lies in suspicion and vigilance. Stop and think before acting on any such request. Legitimate entities never ask for your OTP. This is a red flag, indicating a potential scam. Ask yourself: Did I initiate this action? Is the request coming from a trusted source? Does the message sound urgent or compulsory? Also, look at the message or call carefully. Notice any spelling errors or unusual language? Trust your instincts; if something looks fishy, it probably is. How do we keep ourselves and our families safe? As it happens, it’s best to be forewarned. Here are some tips to educate yourself and your loved ones: Keep your OTP safe: It never goes out of date. Never share your OTP with anyone. Legitimate companies, banks or government agencies will not ask for these codes. They are like a secret password for your transactions; keep it to yourself. Be cautious: Be vigilant and question anything suspicious. Train yourself and your family to have a healthy dose of scepticism when dealing with requests for personal information. Verify before trusting: Before sharing any personal information or OTP, take a moment to verify the source. Contact the official website or company directly using trusted contact details. Don’t rush; taking this extra step can help you avoid potential fraud. Stay cautious of suspicious links: Fraudsters send malware-infested links under various pretexts like declaring a cash price, offering discounts, etc. Some attackers also impersonate service providers. You should never click on any of these links as they are used to read your device and capture OTPs. Always manually search for apps or websites instead of clicking on suspicious links. Clicking with caution: Be extremely wary of random links, emails, or messages promising lucrative offers or instant financial alerts. Clicking on unknown links can lead to trouble in the form of malware or phishing attacks. Secure network transactions: Make financial transactions or share sensitive information only through secure networks. Scammers may have used public Wi-Fi networks, and using these for such activities could expose your data. Monitor and take action: Keep a close eye on your account activities. Check your bank statements regularly and monitor for any unexpected transactions. If you notice anything suspicious, report it to your bank immediately. Avoid unknown/non-verified apps: Upon downloading an app, you often need to grant permissions to access your device’s camera, photo gallery, etc. Sometimes, approving these permissions becomes necessary for KYC formalities and SMS alerts. But if a suspicious app asks for access to these functions, it can easily steal your OTP and much more. Hence, you should only download legitimate apps and grant only the necessary permissions. Change you account passwords rendomly so no one share your and monitor activity. 2 fector authentification on net bankoing: Two-factor authentication ensures that only authorized individuals’ access their sensitive information or do online transaction. It provides substantially better security and makes it much more difficult for an attacker to impersonate the User and access his account. Future Trends in OTP SMS Security As technology advances and fraud techniques evolve, the landscape of OTP SMS security will continue to evolve. Several future trends are expected to shape the field: Biometric Authentication: Biometric authentication methods, such as facial recognition and voice recognition, are becoming more prevalent in OTP SMS systems. These methods offer a higher