We Make eCommerce Simple for Small Businesses
SEOsamraat
  • SEO Home
    • SEO for Corporates >
      • Beat Your Competition With SEO
    • Power Searching
    • Keyword Research
    • SEO Best Practices
    • Types of SEO
    • SEO for Images
    • Optimized Content
    • SEO Tools
    • Webmaster Tools
    • SEO History
    • Future of SEO
  • Online Reputation Home
    • ORM Security
    • ORM Keywords
    • ORM Training and Recruitment
    • ORM Legal Landscape
    • ORM Social Media Policy
    • ORM Tools
    • ORM Branding
    • ORM Goals
    • ORM Strategy
  • Google Apps for Work
    • Google Drive
    • Google Docs
    • Google Sheets
    • Google Sites
    • Calendar and Hangouts
    • Google Vault
    • Forms & Fusion Tables
    • Pricing and Value-Adds
    • Google Maps for Work
  • The Searchable Site

how indian banks combat cyber fraud

23/10/2014

1 Comment

 
The guiding light for Indian banks when it comes to taking precautions against cyber fraud is the report by the RBI ‘Working Group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds, 2011’.

Another influential document is ‘Cyber Crime, Securities Markets and Systemic Risk’ by IOSCO and World Federation of Exchanges. The recommendations of the first report guide all Indian banks. The recommendations of the latter report guide all Financial Market Intermediaries (FMIs) registered with stock market regulator SEBI.

Now let’s take a slightly deeper dive into the recommendations followed by all Indian banks, leaving aside FMIs for now.

FRAUD RISK MANAGEMENT GROUP

In all Indian banks, fraud prevention, monitoring, and investigation are owned and carried out by an independent group known as the Fraud Risk Management Group (FRMG). This group sets up fraud review councils for the bank’s various businesses. These councils are expected to meet every quarter. The FRMG periodically conducts vulnerability assessments. Mystery shopping is an important part of such assessments.

In addition to the FRMG, all Indian banks are expected to set up a special committee of the board to exclusively monitor and follow up frauds involving amounts of Rs 1 crore and above.

The FRMG sets up limits on frauds for all businesses of the bank. When the loss amount reaches 90% of the limit set, the FRMG is required to review the processes with the concerned group. Again, all frauds involving amounts of Rs 10 lakh and above have to be reviewed immediately by the FRMG. Same goes for cyber frauds where criminals used a new mode of operation to conduct the fraud. The bank is expected to use the findings of such reviews to redesign its products and processes to prevent such frauds in future.

Methods used for fraud detection:

•    System alerts on exceptional transactions.
•    Channels to take note of disputes involving customers and employees
•    Mystery shopping exercises
•    Encouraging customers and employees to report suspicious transactions

CAN-HAVE FACILITIES FOR BANKS

The Working Group Report suggests that banks can put in place the following mechanisms to reduce the risk of cyber fraud:

•    Dedicated email IDs for customers to report fraud.
•    A dedicated team to reply to customer concerns through the above email IDs.
•    A fraud helpline for customers and employees to report suspected frauds.

Only an audit will reveal how many Indian banks have set up such facilities.

ONUS FOR FRAUD INVOLVING MULTIPLE BANKS

In cases of fraudulent credit of money into an account in one bank through another bank, the Working Group has made it clear that the investigation and reporting should be done by the bank whose customer has received the money.

There could be transactions involving misuse of PoS terminals by merchants who swipe stolen or skimmed cards and abscond before the charge back of the funds. In such cases, the Working Group has made it clear that the reporting to RBI should be done by the bank which provided the (acquiring services) PoS terminal.

There could be transactions involving multiple banks when a fraud is done at an ATM of one bank using a card issued by another bank. In such cases, the Working Group has made it clear that the bank acquiring the transaction (in other words, the bank which owns the ATM) should report the fraud to RBI.

Banks are expected to file police complaints at the nearest Cyber Cell for all instances where the value of the fraud exceeds Rs 2 lakh, and cases involving staff where the value of the fraud exceeds Rs 20,000/. Besides, banks are also expected to notify the regulatory organization CERT-IN.

e.o.m.
1 Comment

The Perfectly legit origins of cloaking

22/10/2014

4 Comments

 
Picture
If your website is showing one type of content to site visitors, and another type to the Google bot, it is considered to be practicing the dark art of cloaking by the search engine giant. Soon Google will impose a penalty since it considers cloaking to be a violation of its Webmaster guidelines.

You have to then follow an elaborate remedy process using the Fetch as Google Tool in Webmaster Tools. It is all about narrowing down and detecting that part of your site which looks different to the search bot compared with what is seen by the naked eye. The problem content has to be then removed.

You are also believed to cloak if your site redirects users to a different page than what Google saw. Here the remedy is to identify those URLs doing the redirect and have them removed.

Once these remedies are done, a site owner has to use the Reconsideration Tool and ask Google to remove the penalty. It’s a long process and one has to have lots of patience. It’s much better to make sure that the penalty is never slapped on your website in the first place.

Because of Google’s no-nonsense stance, popular sentiment is against cloaking, which is considered a criminal activity. But please remember that site owners may have have their innocent reasons for why they did cloaking. So a blanket labeling of cloaking as ‘criminal’ is not the right approach.

NETSCAPE KICKED OFF CLOAKING

Recently, while reading an interview with Greg Boser, one of the pioneers in the field of Search Engine Optimisation, I got a totally different view on cloaking.

According to him, cloaking began as a well-intentioned, perfectly legitimate activity. It goes like this. At one time, Netscape was warring with Microsoft for survival after the Redmond giant released its own version of a user-friendly browser (Internet Explorer) and distributed it free with its operating system. The intention was to kill Netscape, which it eventually did. Netscape was a pioneer which made Net access easy for the masses by creating a easy-to-use browser, which it had given away free.

It is difficult to believe now that before Netscape came along, a user had to type in a series of code to access the World Wide Web. The Web would have remained a plaything of the nerds if a browser like Netscape hadn’t come along.

To cut the story short, Netscape worried that folks at Redmond were accessing its site and doing competitive analysis constantly to find out what it was up to. To prevent this, engineers at Netscape identified the series of IP addresses used by Microsoft and prepared a dumbed down version of its website exclusively for Microsoft folks opening its website.

This was how cloaking began as a perfectly legitimate activity according to Greg Boser. But of course, it was later misused a lot.

e.o.m.
4 Comments

the fantasy of airgapping for safety 

8/10/2014

2 Comments

 
Picture
Recently while researching the topic of security breaches at corporates, I came across this interesting nugget from the Wall Street Journal that Kellogg’s, the storied American cookie- and cereal bar-maker, is so obsessed about cyber spies ferreting away its trade secrets that it makes sure they are stored in a computer that is not connected to the internet.

“Kellogg's management is especially worried that cyberattackers might try to steal the company's know-how, like the way it puts the ‘Snap, Crackle and Pop’ in Rice Krispies or  the curve in Pringles potato chips, according to two people briefed on its computer defences,” wrote the WSJ. “Information on our recipes, including where they are stored, is proprietary,” said Kris Charles, a Kellogg spokeswoman. In a February 2014 securities filing, Kellogg said, “To date, we have not experienced a material breach of cybersecurity.” Looks like Kellogg’s is very happy with its tactic.

But is this approach hackproof? I turned to authors Richard Torrenzano and Mark Davis for insights from their book Digital Assassination. They let us know that cybersecurity experts have a name for the process of sealing a computer by taking it off from the internet — airgapping. It refers to the belief by certain ccybersecurity experts that “a computer system that is not connected to any other computer or to the Internet is safe”. But Torrenzano and Davis are not very impressed by airgapping. They say, “If evolution teaches us anything, it is that intelligent systems like to network. Of course no computer is going to extend its own cable and plug itself in. But a computer doesn’t have to network itself, because every computer comes complete with a parasite called a human, a creature with an irrepressible desire to network.”

RISKS OF A MERE NET CONNECTION

So airgapped computers may not be very safe because they are handled by humans, who have a tendency to network. But what happens if a computer is plugged into the internet and allowed to run without any human intervention? Torrenzano and Davis tell us that just such an experiment was conducted by a leading IT company. In step 1, “the company’s engineers purchased a garden-variety PC from a chain retailer”.

In step 2, “they installed in it the best off-the-shelf antivirus, anti-spyware protection, and firewall software packages available”. In step 3, “they connected this PC to the Internet. They did not use it for anything. They just tracked the flow of code into and out of the machine”. Any guesses on what happened next?

The authors wrote, “Within four hours the engineers detected the first ping by a potential hacker. In two weeks more sophisticated software from a computer in Canada slowly embedded itself in the PC and started running its own software. The Canadian computer soon set up links between the enslaved zombie PC and a computer in Singapore, which used the PC to attack a network in Poland.”
So despite the precautions taken, most computers invite security vulnerabilities merely by being connected to the internet. Imagine then the risks involved in the careless approach to security of most users?
Airgapping may have its benefits in certain circumstances. Here too, a lot depends on the discipline of the human handlers. No wonder many hackers stay invested in social engineering. For most ordinary people, however, nothing much can be accomplished at work or leisure without an internet connection, especially in these days when Cloud Computing is all the rage.

e.o.m

2 Comments

how to detect a phishing attempt?

6/10/2014

0 Comments

 
Picture
Phishers cast a big enough to catch a few fish.Make sure you are not their catch with these simple steps.Criminals phish for trouble through bulk emails or instant messages.The target victim is told to click a link or provide information.The phishing email usually pretends to be from a service provider you trust.You are told that there is some problem with your account which you need to set right,or else you are presented a situation that requires you to verify account . If you fall for it ,and reveal your credit card information ,you could soon expect some charges ,say security experts.The criminals may also sell your card,or destroy your credit history .Experts say there are some tell-tale signs of phishing scams you should aware of .

TELL-TALE SIGNS OF PHISHING SCAMS

Security researchers note that the spammed email from phishers nearly always begin with a generic way to address you,Instead of addressing you by your name.Eg:
<<
Dear Online Service User:

Dear Bank Customer:

Dear Credit Card Account Holder:

Dear Personal Club Member:

Greetings!

Welcome!

Warning!

Security Alert!

>>
Almost always,they ask you to verify or confirm your account.Experts say that legitimate companies will never ask you to verify the following information online:
  • Pin Numbers
  • Passwords
  • User Names
  • Bank Account Numbers
  • Credit Card Numbers
Make sure that the URL printed in the email messages that of your real service provider.Match the URL again at the site where you land after clicking on the link.Also,pay attention to the log of the service provider .Experts say that for some reason ,phishing letters are marked by their poor language and bad grammar .So be alert for these tell-tale signs.

Some times ,these criminals provide legitimate links but hijack you to land on a different site from where you thought were going .So don't forget to look at the URL of your final destination to make sure it's that of your service provider .Check whether the site you reached has a privacy policy ,uses https protocol and has the lock icon of the secure sockets layer (SSL).

Sometimes the criminals manage to include the names of the legitimate service providers as a sub-domain within their site. Again look at the URL carefully to find out where you are going .Many browsers have built - in phishing and malware protection facility .In Internet Explorer ,it is called Smart Screen Filter,and in Chrome browser it is called Phishing and Malware Protection.Make sure these are turned on by checking the settings .
e.o.m
0 Comments

    Archives

    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014
    March 2014
    February 2014
    January 2014
    September 2013
    August 2013
    April 2013

    Author

    I'm Georgy S. Thomas, the chief SEO architect of SEOsamraat. The Searchable site will track interesting developments in the world of Search Engine Optimization, both in India as well as abroad.

    Categories

    All
    30th Annual TED Conference
    A/B Testing
    Adsense
    Adwords
    Aggregation
    Airgapped Computers
    Alex Gawley
    Algorithms
    Amazon
    Andreessen Horowitz
    Andy Conrad
    Astro Teller
    Ben Horowitz
    Bill Gross
    Bing
    Bitcoin
    Boston Dynamics
    Brand Management
    Brin
    Buchheit
    Business Insider
    Cailliau
    Charlie Rose
    Code Messages
    Coders
    Competitive Analysis
    Credit Card
    Crown Jewels
    CSAT
    Cutomers
    Cyberattackers
    Cyber Criminals
    Cybersecurity
    Cyber Security
    Cyber Siberia
    DATA PROTECTION
    David Krane
    DeepMind
    Digital Assassination
    Digital Innovation
    Diversity
    Donkey Kong
    Douglas
    Douglas Edwards
    Doxing
    Driverless Car
    Dunbar Number
    EBook
    Ebooksearch
    Ebookseller
    Ebooksellers
    Ecommerce
    English Auction
    Facebook
    Facebook Page
    Fetch As Google Tool
    Financial Times
    Flat Organization
    Flicker
    Fortune
    Fraudulent Activity
    Generic Names
    Giant Target Corp
    Gmail
    Google
    Google Analytics Tool
    Google Apps
    Google Chauffeur
    Google Maps
    Google Search
    Google Story
    Google X
    GoTo.com
    Greg Boser
    Gregg Steinhafel.
    Guruji.com
    Hackers
    How To Queries
    Huffington Post
    Human Flesh Search Engines
    IBM
    I'm Feeling Lucky
    Incentives
    Internet
    IP Addresses
    Japanese Auction
    Jeff Bezos
    Jeffrey Brewer
    Jill Abramson
    Kellogg’s
    Keyword Research
    Kindle
    Larry
    Larry Page
    Lidar
    LinkedIn
    Links
    Lori Randall Stradtman
    Luck
    Mail
    Malware
    Mark Davis
    Mauboussin
    Michael Mauboussin
    Microsoft
    Microsoft Stable
    Moonshot
    More Than You Know
    Neocortex
    NeXT Computer
    Nicole Perlroth
    NYT
    Nytimes.com
    Online Reputation Management
    Passwords
    Paul Buchheit
    Phishers
    Phrasal Searches
    Planet Google
    Project Loon
    PROPUBLICA
    Puzzles
    QWERTY
    QWERTY VS. DVORAK
    Recommend
    Reconsideration Tool
    Reid Hoffman
    Richard Torrenzano
    Robert Cailliau
    Robin Dunbar
    Satya Nadella
    Scams
    Schaft
    Scoop
    SEARCH ADVERTISING
    Search Engines
    Search Patterns
    Search Queries
    SEO
    Seo Agency
    SEO Analysts
    SERENDIPITY
    Sergey Brin
    Shari Fujii
    Silk Road
    Skill
    Social Networking Sites
    Spam
    Spammy
    Steve Jobs
    STORY MARKETING
    Streetview
    Stross
    Success Equation
    Suspicious Activity
    Systran
    Tell-Tale
    The 20% Doctrine
    The Age Of The Unthinkable
    The Art Of Strategy
    The Atlantic
    THE BANDWAGON EFFECT
    THE DUTCH AUCTION
    The Guardian
    The Legend Of Zelda
    The New York Times
    Think Twice
    Tim Berners-Lee
    Trivia
    Union Public Service Commission
    Uper Mario Bros
    URL
    Venture Capitalist
    Vigilantes
    Webmaster
    Webmaster Tools
    Website Traffic
    Wii
    William Vickery
    Wired Article
    World Wide Web
    WYSIWYG
    Yahoo

    RSS Feed

    View my profile on LinkedIn

About Us
Contact Us
Site Map
Terms of Use
Privacy Policy
Downloads
Photo used under Creative Commons from futureshape