Mitigating the Risk of Cybercrime in Online Transactions

It is a well-known fact that MSMEs face acute cash flow and capital shortage. The digitisation of this significant aspect can help MSMEs to resolve their financial issues to a great extent. Small business owners, however, are reluctant to do this because of lack of knowledge and fear of being duped.

P2S takes a look at how digital transactions can be compromised and what users can do to stay safe.

Digital Wallets

The primary objective of the Digital India initiative was to encourage small businesses to digitise all aspects of their business. Technologies such as m-commerce, e-commerce and online marketing portals are being promoted through this initiative. Unfortunately, tech experts believe that 60% of all online transactions are fraudulent. There are several reasons for this:

  1. Mobile devices are easily misplaced.
  2. The complexity of mobile apps gives fraudsters the opportunity to insert hidden codes.
  3. Most mobile devices are not secured, either because they are inherently insecure or because users fail to install the necessary software.
  4. Using different apps to make payment to different people leaves room for errors.

Fraudsters take advantage of vulnerabilities in mobile apps to insert a code that can redirect you to their website. Another common trick is to insert keystroke-logging code which will give them access to your username and password. Sending fake SMS, email and social media messages are other ways in which fraudsters attempt to gather information for fraudulent use.

To counter this, business owners must develop a clear understanding of the distinction between m-commerce and e-commerce. e-commerce (or also called Electronic Commerce) refers to the activities of buying and selling products and services with the use of electronic systems such as the internet. m-commerce (or also called Mobile Commerce) refers to the process of buying and selling products and services with the use of internet/cellular data via wireless handheld devices. Familiarity with fintech terms such as payment-gateway, net-banking, fund transfer and so on will help entrepreneurs understand the process better. Awareness of security measures and “digitally secure behaviour” is another way to help small businesses transact safely. Using multifactor logins, monitoring “normal behaviour” and reporting any deviances is yet another way to stay safe.


Debit and credit cards are increasingly replacing cash in physical wallets. Banks are offering higher than ever withdrawal and purchase limits. This makes credit/debit cards a target for fraud.

Since a PIN secures debit and credit cards, fraudsters attempt to learn this PIN of cardholders. Some of the most common tricks include standing behind you and looking over your shoulder as you look at the scrap of paper where you have noted the PIN or watching your finger movements as you enter your PIN. They also visit empty ATM kiosks and pick up any scraps of paper where a PIN may be written. Rigging the key-pad and putting a false front on an ATM are other fraudulent ways to log keystrokes and learn your PIN.

A little bit of caution on the part of the user/cardholder can go a long way in preventing such types of fraud. One golden rule is never to write, call out or share your PIN with anyone no matter what the level of trust you enjoy.


Identity theft is the theft of personal details and related data such as contact number, email id, Aadhaar or PAN number and so on. A combination of these details allows fraudsters to misrepresent themselves to financial institutions and merchants and use the information to extract money or make purchases. Calls made to call centres are sometimes diverted to fraudulent numbers for the explicit purpose of obtaining information.

Extreme caution is the best way to avoid identity theft. Users must remember that bankers and NBFC employees will not ask for login details, PIN and other vital information. Verification is done using the date of birth, address and other not-so-critical details. If any critical information is requested, you should refuse to supply it and report the incident to the concerned organisation.

SIM Card Fraud

If a fraudulent individual lays his hands on the mobile number and some KYC details of an individual, he can get a duplicate SIM issued for any mobile registered with banks or other financial websites.

Individuals with fraudulent intent gather discarded copies of documents such as PAN number, which is required for KYC. The information in these documents is combined with a newly issued SIM card and used make calls to customer care and transact on your behalf.

One point of relief in SIM card fraud is that when the fraudster powers up his mobile with a new SIM, he will be required to log in to any online accounts. You would, however, be well advised not to store any vital information on mobile phones or use the “stay logged-in” option in apps. Another necessary precaution is to tear up any extra copies of important documents in a way that all vital information is broken up. When submitting copies of KYC documents, make sure you mention the reason for submission before you self-attest them.

Tech Devices

Another way in which fraudsters access your details such as PIN and PAN numbers is to insert devices in and around ATM kiosks. These devices include pin-sized cameras, card readers, card blockers and false keypads.

A little bit of caution when using ATMs – such as covering the keypad, hitting cancel several times and checking the keypads before using them can help avoid tech traps.

As tech experts find new ways to secure information, fraudsters find new ways to circumvent security. Combining caution with knowledge of how financial fraud is committed will help you keep your money and data safe.

About the Author
Finansme | 34 Articles

We believe there is a need for easing the operating environment for the Micro, Small And Medium Enterprises sector. Access to finance, redefining investment limits, could transform MSMEs into a hotbed of entrepreneurial activity.