The news that came out on the morning of 24th August on Techie stealing Rs 49L from 3 bank accounts in Chennai almost shook the IT departments of the Banks. While working with multiple Service /Product companies, technology freaks like me do get exposed to sensitive information. Here is what happened in short and how the fraudulent activities were carried on
Now the account and details related to it are in total unsafe hands and are exposed to the variety of fraud. Though the likelihood of having access to Bank DB is very less, what –if he/she having access to the bank DB has malicious intentions and gives the bank a very hard time. In such situations, the only way for the bank to trace back is to trace the user Machine IP where query was executed. As a person passionate about technology, I can say for sure that it’s a cake walk to mask the Machine IP and give the Bank a tough time trying to trace the origin of fraud.
The point worth mentioning in this fiasco is, the techie was caught only because she started withdrawing large amounts. However, had she kept a little control on her greed, it was close to impossible to figure out. And we will never know if the employee had done small such malicious activity in the past as amount was not big enough to draw attention of bank officials.
Such fraudulent activities highlight the seriousness with which customer’s private data is maintained, and the low level of security practices banks follow in order to save their customers hard earned money. This also highlights the necessity of having a robust and capable Real Time online fraud monitoring system where multiple such incidents can be identified, predicted and prevented even before the funds can be transferred.
In India where changing the mobile number is quite common a phenomena, imagine the extent of damage that can be caused when one gets access to the Telecom DB. An illustrative scenario could be as follows
The received output list is the list of customer whose transaction should be ideally blocked until the new number is updated otherwise within few seconds and with little effort of two software engineers (One working for Bank and one working for Telecom ) the accounts can be swept clean and the loss can be much more than the 49Lakh amount fraud.
What should banks do?
Even before such a scenario can happen, banks can make it a regular activity to update and validate the contact details of the customers. Customers, on the other hand should immediately give a standing instruction to bank/Credit card company to stop doing any sort of transactions unless they have a working number again. The process might look a little cumbersome to follow but as we all know it for a fact that it’s always “better to be safe than sorry“.
Many a times, the fraudsters are sophisticated and the fraud patterns are emerging. This is just a hypothetical scenario that I have tried to outline in this blog post. What if you face many such scenarios? Are you going to handle all such exceptions case by case? How are you going to plan your IT investments with lot of uncertainties around? How about having a solution that provides you tools to replicate any kind of fraud scenario that you can think of on the fly, construct barriers to the fraud immediately, deploy them and integrate them as a part of core banking system without much effort, extra IT investment and any significant trade off with performance. If only a bank can achieve this level of agility, it can not only be a technology pioneer but also save itself from the potential reputational loss. What do you think? Let us know-we’d love to know.
- By Manish Ranjan
Manish Ranjan is Software Engineer at CustomerXPs.
He can be reached at firstname.lastname@example.org
CustomerXPs offers real-time, intelligent products that empower banks with instant insights enabling influenced outcomes of deeper customer engagement and fraud-free transactions.