独家
数字吗?5需要谨防欺诈
与数字支付见证记录交易和越来越多的人加入无现金潮流,安全是一个大问题。
-
BSNL眼睛人力资源变换把一个角落
平均每年近2000名员工即将退休十年为一个周期在2022 - 2032之间,使它更集中组织与私人企业竞争的球员——信实Jio Bharti Airtel和沃达丰的想法。
-
-
-
由Ramki Gaddipati,
最近的demonetisation在印度已经推动我们cash-free经济。这种转变,否则将会采取三年,现在预计要花三到六个月。电子支付最近也触及纪录交易。
与数字支付见证记录交易和越来越多的人加入无现金浪潮,在每个人的心中有一个明显的问题:数字交易安全吗?新技术的开发和集成的速度要快得多的速度安全协议实现和防御机制。这是什么使这些技术容易受到网络欺诈。例如,320万年10月在印度卡细节被盗,被盗印度最大的数据泄露。
印度的新数字经济需要注意的数字和漏洞移动支付系统。这里的关键数字支付可以突破的方法。
1。键盘记录工具:就像水龙头舞者强烈意识到如何以及何时踢踏舞鞋罢工地板,一个关键日志记录器是一种软件,可以记录下键盘由用户在键盘上。静态密码3 d别针或银行密码,定期进入,很容易受到网络欺诈通过键盘记录工具,因为它可以记录定期输入密码用户不知情的情况下。使用动态销是一个聪明的解决方案造成的违反关键伐木者。它也有利于使用应用程序有一个应用程序安全刷,而不是那些需要的OTP的键控。
2。社会工程:这些呼声,似乎来自于银行不可能从银行本身。在线使用信用卡和借记卡在许多商人和市场。即使这些联机事务使用OTP和cvv,有人打电话给持卡人,假装的代表银行,好像一个在线交易需要确认,随后问持卡人收到OTP分享。当OTP由持卡人披露,欺诈性交易。
3所示。OTP弹出窗口:作为一个密码有限时间有效性(分钟),它们被认为是安全的。尽管otp主要表现为手机上弹出通知。这些弹出信息是清晰可见,即使手机处于锁定状态。这意味着OTP可以很容易地访问没有权限的用户,使事务被突破。
4所示。OTP可访问性:虽然OTP至关重要,它传递的媒介是至关重要的。大多数的时候,有一次密码发送短信。这里的问题是,许多应用程序可以读取短信。这意味着,如果一个应用程序是恶意滥用的OTP已经收到。因此,用户应该知道哪些特权也给应用程序的智能手机和看评论和他们选择下载的应用程序。
5。EDC机器:即使第二次密码验证,EDC刷卡的机器并不像它看起来是安全的。EDC机器容易违反和破坏机刷卡时可以复制卡的细节。大多数借记卡和信用卡有一个静态销,甚至可以存储在这些针妥协EDC的机器。这样的违反可以给持卡人的个人数据的便捷访问欺诈组。动态销物理信用卡或借记卡可以防止破坏EDC的机器。
有许多威胁和漏洞与电子支付系统,我们需要一个系统,内容比常规的安全标准。这个数字支付系统应该超过两层的安全,让它几乎是不可理喻的。系统应该计划以这样一种方式,每一层都独立站本身也潇洒地集成了总体安全结构。从需要密码访问数字支付系统不需要键销,这个系统应该有多个安全检查点,以便只有授权用户才能成功,然而,支付。
作者是联合创始人兼首席技术官、ζfin-tech启动。
(免责声明:这篇专栏文章不一定反映的意见的经济时期,它是一个独立的视图)
最近的demonetisation在印度已经推动我们cash-free经济。这种转变,否则将会采取三年,现在预计要花三到六个月。电子支付最近也触及纪录交易。
与数字支付见证记录交易和越来越多的人加入无现金浪潮,在每个人的心中有一个明显的问题:数字交易安全吗?新技术的开发和集成的速度要快得多的速度安全协议实现和防御机制。这是什么使这些技术容易受到网络欺诈。例如,320万年10月在印度卡细节被盗,被盗印度最大的数据泄露。
1。键盘记录工具:就像水龙头舞者强烈意识到如何以及何时踢踏舞鞋罢工地板,一个关键日志记录器是一种软件,可以记录下键盘由用户在键盘上。静态密码3 d别针或银行密码,定期进入,很容易受到网络欺诈通过键盘记录工具,因为它可以记录定期输入密码用户不知情的情况下。使用动态销是一个聪明的解决方案造成的违反关键伐木者。它也有利于使用应用程序有一个应用程序安全刷,而不是那些需要的OTP的键控。
2。社会工程:这些呼声,似乎来自于银行不可能从银行本身。在线使用信用卡和借记卡在许多商人和市场。即使这些联机事务使用OTP和cvv,有人打电话给持卡人,假装的代表银行,好像一个在线交易需要确认,随后问持卡人收到OTP分享。当OTP由持卡人披露,欺诈性交易。
4所示。OTP可访问性:虽然OTP至关重要,它传递的媒介是至关重要的。大多数的时候,有一次密码发送短信。这里的问题是,许多应用程序可以读取短信。这意味着,如果一个应用程序是恶意滥用的OTP已经收到。因此,用户应该知道哪些特权也给应用程序的智能手机和看评论和他们选择下载的应用程序。
5。EDC机器:即使第二次密码验证,EDC刷卡的机器并不像它看起来是安全的。EDC机器容易违反和破坏机刷卡时可以复制卡的细节。大多数借记卡和信用卡有一个静态销,甚至可以存储在这些针妥协EDC的机器。这样的违反可以给持卡人的个人数据的便捷访问欺诈组。动态销物理信用卡或借记卡可以防止破坏EDC的机器。
有许多威胁和漏洞与电子支付系统,我们需要一个系统,内容比常规的安全标准。这个数字支付系统应该超过两层的安全,让它几乎是不可理喻的。系统应该计划以这样一种方式,每一层都独立站本身也潇洒地集成了总体安全结构。从需要密码访问数字支付系统不需要键销,这个系统应该有多个安全检查点,以便只有授权用户才能成功,然而,支付。
作者是联合创始人兼首席技术官、ζfin-tech启动。
(免责声明:这篇专栏文章不一定反映的意见的经济时期,它是一个独立的视图)
By Ramki Gaddipati, <\/strong>
The recent demonetisation<\/a> move in India has pushed us to move to a cash-free economy. This shift, which would have otherwise taken three years, is now expected to take just three to six months. Digital payments<\/a> have also recently hit record transactions.
With digital payments witnessing record transactions and more and more people joining the cashless bandwagon, there is an obvious question on everyone's mind: are digital transactions safe? The pace of the development and integration of new technologies is much faster than the pace at which security protocols and defence mechanisms are implemented. This is what makes these technologies vulnerable to cyber-fraud. For example, 3.2 million card details were stolen in October in India - making the theft India's biggest data breach.
The recent demonetisation<\/a> move in India has pushed us to move to a cash-free economy. This shift, which would have otherwise taken three years, is now expected to take just three to six months. Digital payments<\/a> have also recently hit record transactions.
With digital payments witnessing record transactions and more and more people joining the cashless bandwagon, there is an obvious question on everyone's mind: are digital transactions safe? The pace of the development and integration of new technologies is much faster than the pace at which security protocols and defence mechanisms are implemented. This is what makes these technologies vulnerable to cyber-fraud. For example, 3.2 million card details were stolen in October in India - making the theft India's biggest data breach.
<\/div><\/div>Members of India's new digital economy need to be aware of the vulnerabilities in the digital and mobile payment<\/a> systems. Here are the key ways in which digital payments can be breached.
1. Key Logger: <\/strong>Just like tap dancers are strongly aware of how and when their tap shoes strike the floor, a key logger is a software that records the key-strokes made by the user on the keyboard. Static passwords like 3D PINs or banking passwords, that are entered regularly, are vulnerable to cyber-fraud through a key logger, as it can record regularly typed in passwords without the user's knowledge. Using a dynamic PIN is a smart solution to the breach caused by key loggers. It is also beneficial to use apps that have an in-app secure swipe instead of the ones that require the keying in of an OTP.
2. Social Engineering: <\/strong>Those calls that seem to come from the bank might not really be from the bank itself. Credit and debit cards are used at many online merchants and marketplaces. Even if these online transaction use OTPs and CVVs, someone may call the cardholder and pretend to be a representative of the bank, acting as if an online transaction needs to be confirmed, and subsequently ask the cardholder to share the the received OTP. When the OTP is disclosed by the cardholder, a fraudulent transaction can take place.
1. Key Logger: <\/strong>Just like tap dancers are strongly aware of how and when their tap shoes strike the floor, a key logger is a software that records the key-strokes made by the user on the keyboard. Static passwords like 3D PINs or banking passwords, that are entered regularly, are vulnerable to cyber-fraud through a key logger, as it can record regularly typed in passwords without the user's knowledge. Using a dynamic PIN is a smart solution to the breach caused by key loggers. It is also beneficial to use apps that have an in-app secure swipe instead of the ones that require the keying in of an OTP.
2. Social Engineering: <\/strong>Those calls that seem to come from the bank might not really be from the bank itself. Credit and debit cards are used at many online merchants and marketplaces. Even if these online transaction use OTPs and CVVs, someone may call the cardholder and pretend to be a representative of the bank, acting as if an online transaction needs to be confirmed, and subsequently ask the cardholder to share the the received OTP. When the OTP is disclosed by the cardholder, a fraudulent transaction can take place.
<\/div><\/div>3. OTP Pop-Ups: <\/strong>As One Time Passwords have a limited time validity (in minutes), they are believed to be secure. Although OTPs mostly appear as pop-up notifications on mobile phones. These pop-up messages are clearly visible, even if the mobile phone is locked. This means that the OTP can be easily accessed without the permission of the user, making the transaction open to being breached.
4. OTP Accessibility: <\/strong>Although an OTP is essential, the medium through which it is delivered is of utmost importance. Most of the times, a One Time Password is sent as an SMS. The problem with this is that many apps can read SMS messages. This means that if an app is malicious it can misuse the OTP that has been received. Therefore, users should be aware of what privileges they give to the apps on their smartphone and also look at reviews and number of downloads of the apps they choose.
5. EDC Machines: <\/strong>Even with a second-step PIN verification, swiping a card on an EDC machine is not as safe as it seems. EDC machines are susceptible to breach and a compromised machine can copy the details of the cards when swiped. Most debit and credit cards have a static PIN, and even these PINs can be stored in compromised EDC machines. A breach like this can give easy access to the personal data of cardholders to fraudulent groups. A dynamic PIN for physical credit or debit cards could be a strong safeguard against compromised EDC machines.
As there are many threats and vulnerabilities with digital payment systems, we need a system that goes much further than regular security standards. This digital payment system should have more than two layers of security so that it is virtually impenetrable. The system should be planned in such a way that each layer both independently stands by itself and also smartly integrates with the overall security structure. From requiring a password just to access the digital payment system to not needing to key in a PIN, this system should have multiple security checkpoints so that only the authorised user can successfully, yet easily, make payments through it.
The author is Co-founder and CTO, Zeta, a fin-tech start-up.<\/strong>
(Disclaimer: This column does not necessarily reflect the opinion of The Economic Times, it's an independent view)<\/em><\/strong> <\/div><\/div>
4. OTP Accessibility: <\/strong>Although an OTP is essential, the medium through which it is delivered is of utmost importance. Most of the times, a One Time Password is sent as an SMS. The problem with this is that many apps can read SMS messages. This means that if an app is malicious it can misuse the OTP that has been received. Therefore, users should be aware of what privileges they give to the apps on their smartphone and also look at reviews and number of downloads of the apps they choose.
5. EDC Machines: <\/strong>Even with a second-step PIN verification, swiping a card on an EDC machine is not as safe as it seems. EDC machines are susceptible to breach and a compromised machine can copy the details of the cards when swiped. Most debit and credit cards have a static PIN, and even these PINs can be stored in compromised EDC machines. A breach like this can give easy access to the personal data of cardholders to fraudulent groups. A dynamic PIN for physical credit or debit cards could be a strong safeguard against compromised EDC machines.
As there are many threats and vulnerabilities with digital payment systems, we need a system that goes much further than regular security standards. This digital payment system should have more than two layers of security so that it is virtually impenetrable. The system should be planned in such a way that each layer both independently stands by itself and also smartly integrates with the overall security structure. From requiring a password just to access the digital payment system to not needing to key in a PIN, this system should have multiple security checkpoints so that only the authorised user can successfully, yet easily, make payments through it.
The author is Co-founder and CTO, Zeta, a fin-tech start-up.<\/strong>
(Disclaimer: This column does not necessarily reflect the opinion of The Economic Times, it's an independent view)<\/em><\/strong> <\/div><\/div>
Follow and connect with us on Twitter<\/a>, Facebook<\/a>, Linkedin<\/a>, Youtube<\/a><\/div>","HashCode":{"minfo":"-1010296616","minfoseo":"-1010296616"},"latestnewsflag":{"minfo":"1.0","minfoseo":"1-0"},"GEListMatchFound":{"minfo":"1","minfoseo":"1"},"canonicalURL":{"minfo":"http:\/\/economictimes.indiatimes.com\/wealth\/spend\/going-digital-5-likely-frauds-you-need-to-beware-of\/articleshow\/56238280.cms","minfoseo":"http\/economictimes-indiatimes-com\/wealth\/spend\/going-digital-5-likely-frauds-you-need-to-beware-of\/articleshow\/56238280-cms"},"key":{"0":{"keyid":"4010399","value":"online breach","smid":"0","keynameseo":"online-breach","keytype":"","keycount":"totalcount","weightage":"20"},"1":{"keyid":"88673","value":"Mobile payment","smid":"0","keynameseo":"Mobile-payment","keytype":"","keycount":"totalcount","weightage":"20"},"3":{"keyid":"6358577","value":"Digital Payments","smid":"0","keynameseo":"Digital-Payments","keytype":"","keycount":"totalcount","weightage":"20"},"4":{"keyid":"1551523","value":"digital fraud","smid":"0","keynameseo":"digital-fraud","keytype":"","keycount":"totalcount","weightage":"20"},"5":{"keyid":"3315394","value":"demonetisation","smid":"0","keynameseo":"demonetisation","keytype":"","keycount":"totalcount","weightage":"20"}},"authorsplit":[],"similarlytagged":[{"msid":"56250452","stname":"Going digital? 5 frauds you need to beware of","artsyn":"With digital payments witnessing record transactions and more and more people joining the cashless bandwagon, safety is a big concern.","seolocation":"telecomnews\/going-digital-5-frauds-you-need-to-beware-of","seolocationalt":"Going digital? 5 frauds you need to beware of","url_seo":"going-digital-5-frauds-you-need-to-beware-of"}],"primeid":0,"storytags":{"categoryTag":{"sectionid":"49830939","sectionname":"TelecomNews","seolocation":"telecomnews","seolocationalt":"telecomnews"},"otherTags":[{"keyid":"4010399","value":"online breach","smid":"0","keynameseo":"online-breach","keytype":"","keycount":"totalcount","weightage":"20"},{"keyid":"88673","value":"Mobile payment","smid":"0","keynameseo":"Mobile-payment","keytype":"","keycount":"totalcount","weightage":"20"},{"keyid":"6357247","value":"Internet","smid":"0","keynameseo":"Internet","keytype":"","keycount":"totalcount","weightage":"20"},{"keyid":"6358577","value":"Digital Payments","smid":"0","keynameseo":"Digital-Payments","keytype":"","keycount":"totalcount","weightage":"20"},{"keyid":"1551523","value":"digital fraud","smid":"0","keynameseo":"digital-fraud","keytype":"","keycount":"totalcount","weightage":"20"},{"keyid":"3315394","value":"demonetisation","smid":"0","keynameseo":"demonetisation","keytype":"","keycount":"totalcount","weightage":"20"}],"filterTags":[]},"formattedTags":{"companyTags":[],"otherTags":[{"name":"Digital Payments"},{"name":"Mobile payment"},{"name":"demonetisation"},{"name":"online breach"},{"name":"digital fraud"},{"name":"Internet"}],"newsCategoryTags":[{"name":"TelecomNews","seolocation":"telecomnews"}],"breadcrumbTags":["online breach","Mobile payment","Internet","Digital Payments","digital fraud","demonetisation"],"filterTags":[]},"breadcrumbTags":["online breach","Mobile payment","Internet","Digital Payments","digital fraud","demonetisation"],"Alttitle":{"minfo":""},"Altdescription":{"minfo":""},"amp_url":"\/\/www.iser-br.com\/amp\/news\/going-digital-5-frauds-you-need-to-beware-of\/56250452","associated":{"articles":{"56250452":{"msid":"56250452","stname":"Going digital? 5 frauds you need to beware of","artsyn":"With digital payments witnessing record transactions and more and more people joining the cashless bandwagon, safety is a big concern.","seolocation":"telecomnews\/going-digital-5-frauds-you-need-to-beware-of","seolocationalt":"Going digital? 5 frauds you need to beware of","url_seo":"going-digital-5-frauds-you-need-to-beware-of"}}}}" data-news-images="null" data-newsletter-by="0" data-newsletter-date="a" data-hasbottomcarousel="" data-alldetailsopen="0" data-multipleanalyticshit="" data-deeplink="https://ettelecom.app.link?$deeplink_path=" data-socialshareformat="default">
