About Raj

Safeguard your Bank account usernames and passwords

By Vipul Shah

Q: I use online banking for operating my ICICIBANK savings account. Often when out of home I access this from other computers at office or cybercafés. I am worried about my username and password being logged when I do this, what is solution?

A: Avoid using cybercafés as much as possible for this purpose as even if they don't log your typed username/password by key logger, there is always chance that someone seating nearby can be looking as you type it.

Now about safety part, start using banks which think of all this thru before you have to worry. In India awareness among foreign bank about password based hacking is high. Citibank recently changed the way we logon to their website to access our accounts. By default it doesn't accept our keyboard input so there is no question of key logger trapping our keystrokes. Citibank uses onscreen keyboard which you use with your mouse, configuration of numeric keys on onscreen keyboard is random and changes every time for additional safeguards. Unlike keyboard strokes, mouse movement/clicks are extremely difficult to track for hacking purposes and that makes it very safer alternative.

If you are not able to switch your bank than use following method to fool key logger software. Let’s assume your password is CGPLUS. Don't start typing CGPLUS. Instead first type LUS and then lift blinking cursor after "S" with your mouse and put it at start before "L" and then type "CGP". Any key logger software present would record your password as "LUSCGP" since it won't record your moving cursor back at start halfway by using mouse. Where as bank would receive correct password "CGPLUS". You can use variety of this theme, type first later half password, then later half of username, then first half of password then first half of username. All movements of cursor strictly using mouse. Now key logger wouldn't know what username is and what password is.

Apart from this precaution, also be on alert when speaking to human staff at call center of bank. Never reveal your password to them as they don't need it. Recently 4 ex-employee of BPO were in heist of balance of bank customers in USA and we need to make sure in future we are not victim of call center employee who talks to us.

Also keep your ATM transactions to minimum or simply avoid it. Withdraw money on rare occasions from bank branch from human tellers. Banks don't like it as ATM transactions costs them fraction of human transactions, but risk you have on ATM transactions is many times higher then human transactions and banks in India are unwilling to pass on this benefits to you but are very happy to pass on risks to you. ATM fraud is best kept secret of banks as like online frauds they don’t receive publicity. A year ago in USA a crime ring was busted who tampered with ATM machines with fake keypads or camera and logged 1000s of ATM card numbers and passwords and then in one single day all 1000s of accounts were emptied from eastern European countries. In India also often complaint of this sort is made to banks and banks often refuse to believe customer when customer says my ATM card is not lost and I have never visited ATM machine on that day but still money was withdrawn. These stories don't make it to news media and are hushed up. So your policy should be make all payments by credit card, and cheque and 2 or 3 times a year withdraw cash from bank branch without any use of ATM machine.

When your credit card account is misused money is not gone from you, you can dispute any charges which are not incurred by you. Just make sure you don’t use credit card from same bank where your savings account is as it is very easy to discuss dispute with bank when your money is not with them.

Vipul Shah

Copyright 1997-2003 Dr. Raj Mehta. All rights reserved.