24th August and the morning news came out as Techie steals Rs 49L from 3 bank accounts in Chennai. This news was definately worth the attention as while working with multiple service /Product companies techies like me do get exposed to sensitive information. Here is what heppned in short and how the fraud was done
 |
| TCS Fraud protype |
Now the account and details related to it are in total unsafe hands and is exposed to the variety of fraud which can be done . Now though the likelihood of having access to Bank DB is very less but even a person in million having access to bank DB with malicious intention can give any bank a very hard time. The only way for the bank to trace back in these situation is to trace the user Machine IP where query was executed and me myself being a techie can say it for sure , its a cake walk to mask my IP and give the Bank guys even a harder time trying to trace the origin of fraud.
The point worth mentioning in this TCS fiasco is ,the techie was caught only becasue he/She gone greedy and started withdrawing large amounts. However if they had kept a little control on their greed, it was close to impossible to figure out . And we will never know if the employee had done small such malicious activity in past and the amount was not big enough to draw attention of bank officials. Looking at the pattern however , it exposes the seriousness with which customer's private data is maintained, and the low level of security practises banks follow in order to save their customers hard earned money.this also brings the necessity of a strong and capable Real Time online fraud monitoring system where multiple such incidents are coded as a part of online transaction as well as card swipe process and is capable to stop transaction in any of the possible fraud scenario and is part of core banking system . it will be interesting to see in indian market where changing the mobile number is such a common process , if one gets access to telecom DB and does a intersection and imaginary scenario something like this
The
received out put list is the list of customer whoose transaction
should be immideatly
blocked until the new number is updated other wise in a matter of
second and effort of two software engineers (One working for Bank and
one working for Telecom ) is capable of adding multiple zeroes in the
49Lakh amount fraud..
For customers , they should immediately give standing instruction to bank/Credit card company to stop doing any sort of transaction unless they have a working number again.The process might look a little cumbersome to follow but as we all know it for a fact that its always “better to be safe than sorry“.
