ATM fraud is now increasingly common
all around us. With the explosive growth of Net Banking and ATM transactions,
there are chances that your ATM card and PIN can be compromised sooner or
later. Opting out of the ATM system and foregoing the convenience of Internet
banking would be out of the question, considering the sheer convenience they
provide. Crime gangs are very sophisticated now. Skimming and spy cameras can
crack your PIN surprisingly easier than you think. Once these details are stolen,
the criminals can withdraw money from any machine in the country, or, as was
seen in a case exposed two weeks ago, from foreign countries as well. Even if
the ATM is made secure by a combination of legitimate cameras and physical
security, the card’s PIN is still vulnerable at a POS (point of sale) terminal.
How many people will cover the keypad while punching in their PIN? Normally, it
is no bother for an unscrupulous salesman to note the number as you are typing.
The machine will be held in the salesman’s hand, which makes it difficult to
enter the number, and you end up taking more time for the operation, which
would be enough for the swindler to make a mental note of your PIN.
Once the card number and PIN is
leaked, it is only the sweet convenience of the thief that stands between you
and your money. He can forge a card in no time, and withdraw cash from an ATM
located thousands of kilometers away. You’ll come to know it only when the
payment alert is received on your phone. By the time, the money would’ve been
lost forever. Even though all ATM kiosks are supposed to be entered without wearing
a helmet or any kind of face mask, this can’t be effectively implemented in a
machine that is unattended by a security guard. Banks may recompense the
victims for their stolen money from their insurance cover, but the resultant
hike in premiums will only end up as increased costs on the customers
themselves. How can we bring in more security to our cards, without much
investment on the part of banks?
My suggestion is to enforce programmable
geographic validity to ATM cards. While it may be a matter of pride to brag
that our card can be used anywhere in India to withdraw money, its real-life utility
is rather limited. Who wants his card to be valid in Kanyakumari, Dibrugarh,
Kutch and Leh simultaneously, and all the time? Only if a person plans to
travel to these places need his card to be valid there. Statistics shows that a
person’s life is much more predictable than we think. Just take a moment to
guess where you’d be at 6’o clock in the evening next Friday, and compare
afterwards. Even inside a state, one person’s travel route is somewhat fixed
most of the time. 99.9% of the people follow predictable routes 99.9% of the time.
This may be tested, repeated and can be proven true or false based on trials. Hence,
this hypothesis must be scientific! So, who needs one’s card to be valid all
over the country all the time, making them sitting ducks for any adventurer who
cares to have some fun?
In the proposed programmable
geographic validity system, the regions where the card will be valid can be
configured by the user. By default, the card shall be valid only in the home
district where the card is issued. The user shall be able to use Net Banking or
Mobile Apps or USSD codes to add or delete other districts, states or regions
for additional coverage. If a person from Kerala having validity of his card
only in Ernakulam district in the state wants to travel to Shimla via Delhi, he
can configure the validity to include the states of Himachal Pradesh and Delhi
using his mobile phone or PC. He shall be able to set a time period also, for
this ‘roaming’ validity of the ATM card, say 2 weeks or 1 month or forever. For
truly high flying businessmen, the existing system of universal coverage can be
continued. Banks may charge a nominal fee for additional validity to meet the
additional cost on software. There must still be a provision for those
customers who couldn’t extend the validity, but want to withdraw money or use
the card urgently. Such users shall send the serial number of the machine displayed
prominently on it through SMS from their registered phone to the bank’s
designated number, which should be accepted as a request for one-time validity
extension for that machine.
These suggestions can be implemented
without making any software or hardware change on the hundreds of thousands of
ATMs and POS terminals installed in the country. The only hardware change is to
paint the machine’s serial number on it. The required software changes are on
the bank’s servers, where an additional module would do the trick. Once the
system is functional, banks may charge the customers a nominal fee for each
validity extension. The users who don’t want to part with even that may set
national validity on their cards, and opt not to use the system any more.
This is a Win-Win solution to banks
and customers alike, I think.
