Suggestions to curb OTP related monetary frauds

Image source: Google image search – AppIndia News

One-Time Passwords (OTP) are used by banks to authenticate user login & authorize transactions, by ecommerce companies to confirm delivery, by UIDAI, for Aadhaar based verification, by stock brokers to confirm trades, by taxi aggregators to confirm trips and so many other similar use cases. 

There are numerous news articles which state, people are being scammed by obtaining their OTP, losing their hard earned money, and as a result of the loss, suffering serious health issues. Scamsters are well trained to talk in a way that sounds very genuine and earn the trust of their prey.

Currently most of the OTPs are in the format of a 4 digit numeric value. What if we have a unique alphanumeric format of OTP that prefixes some meaningful words like “BANK”, for transactions that would debit money from a user’s account. A format that clearly distinguishes and denotes that it is a money related transaction and one that could be easily understood by common people, so that they become aware money will go out or debited from the account when they key in the OTP.

Below are a few examples for OTP that could be standardized for money related transactions: 

  • BANK1234
  • BANK123456
  • BNK1234
  • PAY1234
  • SEND1234
  • DEBIT1234

If there are technical difficulties in having alpha-numeric OTP, then we can think of something like prefixing the OTP with 2 or 3 zeros, which can symbolically denote a transaction that would debit money from the user’s account once the OTP is keyed in.

  • 0001234

If the central agencies can arrive at a format, the same can be standardized for all money related transactions across all banks. The public can then be educated so that they are able to identify/differentiate an OTP for monetary transactions and not share the same with anyone. Also, we can keep educating the public that they do not need any OTP to receive money.

Addendum:

Of late I also read news on how people get cheated when they search for customer care numbers online and end up calling some dubious numbers. The crooks on call convince innocent people to install screen sharing apps, generate OTP and carryout banking transactions using the OTP they can view while the screen is shared.

Suggestion: Android currently shows tiny green dots called privacy indicators while the phone’s camera or mic is on. In a similar way, the user should be clearly indicated while his screen is shared and on top of this, to prevent misuse during screen sharing or screen mirroring, the Android Operating System should suppress or not allow anyone to open/access notifications, messages, email, banking apps or similar sensitive apps, while the screen is being shared.

With respect to the customer care numbers being altered, on Google maps or search results page, one resolution could be RBI (Reserve Bank of India) maintain a page with the customer care numbers and email ids of all banking and financial entities, similar to how it is done here. When someone searches e.g. “SBI customer care no.” on Google, Google can prioritize the search result by showing the official page from RBI both on search results as well as the side pane that shows details from Google maps, along with a note advising the public to refer the contact details shared by RBI or on the banks official website.

News references:

RBI Press Release

RBI warns against fraud calls, messages, emails and OTP scams | Mint

How to avoid OTP fraud

India: number of OTP frauds recorded by leading state 2021 | Statista

Rise of OTP based Frauds 

SBI OTP fraud alert! Lender says know how to make online system work | How-to

SBI Customers Alert! This OTP fraud can be dangerous; here’s how to avoid it

KYC, OTP and PIN theft, the biggest trends in financial cyber-crime: Report

Mumbai: Woman claims did not share OTP with cyber-fraudster but lost Rs 3.63 lakh | Cities News,The Indian Express

Punjab CM Amarinder Singh’s wife reveals ATM pin & OTP to fake bank manager, loses Rs 23 lakh – The Economic Times 

Beware of these 4 frauds while making payments via UPI amid lockdown – The Economic Times 

SMS Spoofing: How scammers are using this technique to steal money from your account – Times of India  

Two OTP frauds reported every day in city | Mega Media News English 

Cyber Crime: New form of OTP theft on rise, many techies victims 

Walk-in fraud: How this gang steals money via OTP | Delhi News – Times of India 

Tips to Avoid OTP Fraud – Bajaj Finserv 

Tips to keep your OTP safe from online fraud 

Beware of fake customer care numbers you find on Google | Mint 

WhatsApp users lose over Rs 54 crore to a new scam, here is what happened – India Today 

Illegal desi call centres behind $10 billion loss to Americans in 2022 | India News 

Fake delivery executives scam with OTPs: Here’s how to prevent falling prey | Mint 

Mumbai woman tweets train ticket details online, loses Rs 64,000: here is what happened

A $10 billion Indian call centre scam! 

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s