A big fallout of the increased online usage for financial transactions from customers during the COVID-19 pandemic has been data compromise. A lot of our personal information, including credit / debit card numbers, bank account details, PAN and Aadhaar data lies online. So how can you ensure data safety? Hiral Thanawala of Moneycontrol spoke to Mukul Shrivastava, Partner, Forensic and Integrity Services of EY to understand ways for protecting our personal data from breaches, malware attacks, etc. Shrivastava also explains the details of the Personal Data Protection Bill, 2019 and the rights users have been given. Excerpts.
What should we do if we realise that our bank details are misused and money has indeed moved out of our account or if a credit card is swiped?
First, freeze your bank account and your card that have been compromised. Lodge a report with the authorities (e.g. a first information report (FIR) with the police). Secondly, immediately change your passwords. Do the same with your mobile wallet if that has been compromised too.
It’s always a good habit to change your passwords at least once every three months. Keep different passwords across websites. Also, you should enable a two-factor authentication for your e-mail accounts, social media websites, net banking, etc.
What’s the worst thing that can happen to us, if our data is compromised?
The quantum of data breaches has increased tremendously during the COVID-19 pandemic. Hackers have taken data sets of customers from multiple sources and sold them online on the dark web.
Individuals have ended up losing personal details. Hackers then swipe money out of your bank account or make online transactions using stolen card details. They have even analysed the online spending patterns of an individual from the stolen data and are monetising it by selling to third parties.
If the Personal Data Protection (PDP) Bill, 2019 gets passed by the Parliament, will that help customers?
Yes it will. If this Bill becomes an Act, it will give you a say in the way companies store your data in their databases. You would be able to rectify the data stored. Most importantly, you would be able to tell the company or e-commerce website or an OTT player, to erase your data if you decide to stop using their services. Such companies would also be answerable to you if you find that your data has been compromised. The companies will have to deal with personal data far more cautiously when this bill gets executed.
What’s the best way to protect our data online?
Keep strong passwords. Don’t save your personal information and passwords on generic web servers. Keep your operating system software updated. And do not rely on free anti-virus software.
While working from home, be cautious while uploading documents for conversion to pdf or word files from free online portals. These websites may be unsafe for uploading documents that contain personal information. It’s an extremely dangerous practice.
As far as possible, use virtual credit cards for online purchases.
These days, many of us do our Know Your Client (KYC) process online. What measures do you suggest to make this safer?
You must give a masked Aadhaar card wherever it’s feasible for KYC purpose. A masked number implies replacing of first 8 digits of card’s number with some characters while only last 4 digits are visible. This secures your personal identity as the complete card number is not visible to others.
Alternatively, give a photocopy of your PAN card or photo identity document. Self-attest and mention the date, time and reason across the document before giving it to any entity. This will minimise the risk.
Avoid doing a KYC on phone or using the social media network. This could be a trap and not safe.
Another favourite online tool, is the Unified Payments Interface (UPI). How good is it?
Yes, UPI is a wonderful tool. But it’s a double-edged sword because not only can you make payments but can also request payments if a person knows the UPI ID. Accidentally, if a user accepts the payment request, the amount gets transferred from the bank account. Also, never scan a quick response (QR) code on an email or on social media as it could be that of a fraudster.Avoid buying and selling on websites you don’t know or haven’t heard of.