Use virtual credit cards when you want to make an online transaction
India is one of the biggest global centres for cybercrimes. India has 700 million smartphone users. In December 2022, 783 crore transactions took place on UPI with over Rs 12.8 trillion worth of transaction value. The Digital India initiative offers the whole spectrum of government services.
Local shops as well as larger businesses offer several forms of digital payment options and of course, it’s convenient. It’s practically impossible to use e-commerce, without using some form of digital payment. Similarly, if you’re entering your details on a travel ticketing site, or a healthcare site, or applying to register a vehicle, or a vehicle FASTag, you have to register personal data.
Given that most Indians carry out several transactions in a day, it’s impossible to avoid leaking data. Considering the huge number of people making transactions, and the vast number of organisations in digital transaction chains, it is a given your data will, at some stage, be in a database that gets hacked or sold.
The railway passenger leak, for example, supposedly came from one of Indian Railway Catering and Tourism Corporation’s (IRCTC) partners. It included details such as username, email, verified mobile number, unverified mobile number, gender, city, state, language preferences and travel including PNR and train number, etc.
Other hacks of other organisations could include credit/debit card numbers, Aadhaar/PAN details, etc. It is easy enough to buy databases of people who have registered vehicles, bought household appliances, or donated to charity. It is also possible to obtain databases of folks who have undergone medical tests, since pathological labs have been hacked. According to cybersecurity firm Kaspersky, organisations from India contributed 9.8 per cent of all data leaks advertised on the Dark Web in 2021 and 35 per cent of all sell orders placed on the Dark Web involved Indian databases.
Such data can be exploited in various ways that affect individuals. One is simply to importune you to buy something. Another is via the offer of a second credit card, or personal loan. A third is entreaties to donate to other charities.
These are in the realm of the irritating. However, this data can also be exploited for phishing scams, or impersonations. The commonest phishing scams involve sending a link to a smartphone — if you click on that link, your phone would be compromised and subsequent personal data sucked up.
Another scam involves impersonation. If a scammer has enough data about you, that scammer can approach the telecom service provider stating that your SIM card is damaged, or your phone has been stolen, and asking for a replacement SIM. They may then use that SIM to bypass two-factor authentication, which involves an OTP sent to your phone to log into various services including your bank account, Paytm or Aadhaar. A third scam involves sending messages to your phone book apparently from you, saying you’re stuck in hospital somewhere and desperately need a loan. This requires taking over your SIM, your email, your Facebook account. Again, not uncommon.
More sophisticated scams involve sextortion. An attractive young person contacts you on WhatsApp and seduces you into an online sexual encounter, which is recorded and used for blackmail. Many people pay up. Of course, once you pay up your bank account may also be compromised!
What can you do if you think you’ve been compromised? First of all, there are several different organisations that can help check if your personal data is available on the Dark Web. Have I Been Pwned (HIBP) is one of the more popular websites that will check for your info. Be careful though — there are no guarantees these searches are either complete, or safe — since the Dark Web is approximately 10x the size of the “non-Dark Web”.
Beyond this, try the following. Use virtual credit cards online rather than your credit card — ask your bank for this when you want to make an online transaction. It’s quite easy. Use a credit card rather than your debit card when you swipe. Keep a very low balance in your Paytm wallet. This is all damage control. If the instrument you use gets hacked, a credit card is easier to block. A virtual credit card has a limited balance set by you. When you have an Aadhaar authentication to be done, please mask your Aadhaar number. There are explicit instructions issued by the Unique Identification Authority of India about the process and again, it’s quite easy.
Beyond this, there’s not a great deal you can do to protect your data. Don’t recharge your phone at public outlets — carry a power bank instead. Also avoid clicking on interesting links sent by “friends”. And, if you decide to get into an online sexual encounter with a stranger, and get blackmailed, refuse to pay up.
- Many organisations can help check if your personal data is available on the Dark Web. Have I Been Pwned (HIBP) is one such popular website. But there are no guarantees that these searches are either complete or safe
- Use virtual credit cards when you want to make an online transaction
- Use a credit card rather than debit card when you swipe
- Keep a very low balance in your Paytm wallet
- If the instrument you use gets hacked, a credit card is easier to block
- A virtual credit card has exactly limited balance set by you
- If you have to do Aadhaar authentication, mask your Aadhaar number