With thousands of confirmed data breaches last year, the security of
the financial services is a topic of concern for all security professionals.
Organized fraud rings are constantly coming up with imaginative new methods of
stealing funds and identities and consumers are increasingly losing confidence
that there is anything that can be done to reverse these trends and protect
their interests. This is also evident with the increase in number of cases
registered for compensation under civil remedies provided by Information
Technology Act with Adjudicating Officer. The Maharashtra Adjudicating has
received 11, 44 and 30cases in 2012, 2013 and 2014(till June 2014) respectively.
Though very few people are aware about Civil remedies the increase in frauds
are sending shivers to Banks since they are made liable to pay compensation
under section 43A of Information Technology Act for failure in protecting
Sensitive Personal information of the customers. As most of the victims
preferring non- reporting of the incident except to their respective banker
those few who report the card fraud incident to Police often believe that crime
committed against them is of criminal nature only and hence they can not get
their lost money back. They are thus required to be made aware about available
civil remedy under Information Technology Act.
As per RBI April 2014 statistics with about 40 crore
debit/credit cards issued across India and 85000 and 77500 Online and Offline
ATM’s installations Indian card holders are most vulnerable to various cyber
financial attacks. With 554034275 actual ATM transactions amounting Rs. 1743462.56 millions and 56266452
POS (Point of Sale) transactions amounting Rs.86847.83 millions, Indian card
users are required to be taught more and more about security and protection of
their sensitive personal information.
Aite Group , an independent research and advisory firm having
Head office in Boston, with expertise in banking, payments, securities &
investments, and insurance, delivered its comprehensive survey report titled “Global
Consumers: Losing Confidence in the Battle against Fraud” regarding various categories
of online frauds in June 2014.This report, based on a Q1 2014 ACI Worldwide
study of 6,159 consumers in 20 countries, provides an overview of respondents'
attitudes toward various types of financial fraud and discusses the actions
they may take subsequent to a fraud experience.
The salient features of the findings are as below.
1) Of all cardholders—debit, credit, and prepaid—27% have
experienced card fraud in the past five years.
2) After experiencing fraud, 63% of consumers use their
card less, at least in some situations, than they used their card previously.
3) In 2014, 14% of debit and credit card holders cite
having experienced fraud multiple times during the past five years.
4) Of cardholders who received replacement cards as a
result of a data breach or fraudulent activity in the past year, 43% used the
new card less than the original.
5) Consumers who are dissatisfied with how they are
treated by their financial institution after experiencing fraud sometimes
change providers, resulting in a global attrition rate of 23%.
6) Fifty-five percent of respondents are "very
concerned" about reclaiming their financial identity if they become a
victim of identity theft; this represents a twofold increase in consumers with
this level of concern from 2011.
7) Eighteen percent of global consumers lack confidence
that their financial institution can protect them against fraud.
8) Forty-nine
percent of global consumers exhibit at least one risky behavior, which puts
them at higher risk of financial fraud.
The study was conducted in a
total of 20 countries in the following regions:
The
Americas (North and South America): Brazil,
Canada, Mexico, and the United States. MEA (Europe, the Middle East, and
Africa): France, Germany, Italy, the Netherlands, Poland, Russia, South
Africa, Sweden, the United Arab Emirates, and the United Kingdom. The Asia-Pacific:
Australia, China, India, Indonesia, New Zealand, and Singapore.
In total, 6,159 consumers were
included in the research: approximately 300 consumers, divided equally between
men and women, participated in each of the 20 countries. Of the total, 6,041
own one or more type of payment card (i.e., credit card, debit card, prepaid
card).
41%
Indian card users have Experienced Card Fraud in the Past 5 Years, @ 10%
increase over 2012. The United Arab Emirates (UAE) has the highest rate
of fraud overall at 44%, followed by China at 42%, and India and the United
States at 41% each.
Consumers in the UAE
experience the highest rate of credit card fraud at 39%, followed by the United
States at 36%. Sweden is the only country surveyed for which credit card fraud
is in the single digits—8%; it is important to note that consumers in countries
such as Sweden, Poland, and Germany are low users of credit cards. Consumers in
the Netherlands also enjoy a low rate of credit card fraud; only one consumer
in 10 experienced it in the past five years.32% Indians have experienced Credit
card fraud which is @ 15% more as compared with 2012.
Consumers in China
experience by far the highest debit card fraud rate at 30%, followed by India
at 23%, and Mexico at 20%. The United States is in fourth place again at 18%.
The highest rate of
fraud on prepaid cards is experienced by consumers in India at 18%, followed by
China at 17%, Indonesia at 11%, and Italy and Singapore at 10%.
Consumer behavior in
Australia and New Zealand tend to be far less risky than the rest of the
Asia-Pacific. The very low percentages of consumers who carry their PIN with a
card (India topping with 25%) or respond to emails and calls asking for bank
account information(India topping with 22%) more closely resemble consumers in
the Americas and EMEA than the other countries in the Asia-Pacific. Over 20% of
consumers in all countries leave smart phones unlocked when not in use (India
tops with 29%) and 28% Indian users throw documents with bank account numbers
in the trash. In all countries except Australia and New Zealand, over 20% of consumer’s
bank or shop online on computers without security software or on public
computers but unfortunately India again tops with whopping 31% users.
This implies a lack of consumer education or a lack of belief by
consumers that their behavior really has an impact on the likelihood of fraud.
Educating consumers about risky behavior and the need to avoid them can help
reduce fraud incidents and help consumers feel some element of control and
confidence over their ability to protect themselves from becoming a victim of
fraud.
High percentages of
consumers were unhappy after their fraud experience: 33% were at least somewhat
unhappy in Singapore, 40% in China, 50% in Indonesia, and 56% in India should
be cause of concern for Indian financial institutions. In China, India, and
Indonesia, between 44% and 58% of consumers switch financial institutions after
their fraud experience. These very high rates of customer attrition are very
costly to financial institutions.
Consumers in India have
the most confidence that their financial institution can protect them against
fraud—43% feel absolute confidence in such protection, and an additional 46%
feel the financial institution is doing all it can to protect them. No more
than 25% of consumers in other countries express absolute confidence in the
financial institution's ability to protect them.
Consumers are putting their
personal and financial data at risk when they act in risky ways, and they
deserve better education related to protecting themselves against fraud.
Encouraging consumers to work with their financial institution to protect
themselves is a true win-win scenario. Financial institutions can lower
customer attrition rates and back-of-wallet behavior through better consumer
communication and education.
Recommendations by AITE group for
financial institutions 1) Educate and engage consumers: Help consumers
understand how they can help protect themselves against fraud, and work with
the financial institution to combat it.2) Provide specific examples:
Consumers do not understand the importance of avoiding risky behavior such as
shopping online on a public computer or not securing their Smartphone or tablet
when it is not in use. Public computers or those without adequate security
software put consumers’ personal and financial data a high risk of being
stolen. As adoption of mobile wallets and online banking increases, securing
mobile devices is increasingly important. 3) Communicate more effectively:
Ensure consumers understand that replacement cards are safe to use, even after
a data breach. Make fraud protection protocols easy to understand and available
at all customer touch points (i.e., online, contact centers, mailers, etc.).4) Improve
customer service: After experiencing fraud, consumers may be traumatized or
emotional. Ensure agents are sympathetic and helpful to the greatest extent
possible in order to retain victimized customers.
Advocate Mahendra Limaye a noted Cyber Legal Expert opinioned that all
banks must undertake Customer Awareness initiatives to educate card holders
about current trends used by Cyber criminals to lure them and how to keep their
personal sensitive information most secured. Cyber Awareness Organisation has
launched CYBER CRIME HELPLINE to impart free advice to such cyber fraud
victims.