Last week, a reader of my column called me worriedly and said, “My bank account has been hacked, what should I do, sir?” When I inquired further, he said that I had not made any online transactions, had not given a cheque, had not used UPI and I had not received any transaction SMS but when I went to withdraw money today, I found out that someone had withdrawn Rs 43,000 from my bank account in two installments yesterday. “Will I get my money back”, he asked anxiously. After some further inquiry, he said that he had used his bank credentials (user ID and password) to make a purchase on some website in the last week, which I think may have been the reason why his bank account was hacked.
Digital banking is on the rise in India thanks to the Pradhan Mantri Jan Dhan Yojana and Digital India. With the increase in digital payments and net banking transactions, the threat of hacking and other types of online fraud has also increased. “Hack” is not the same as getting scammed, where someone tricks you into giving them money/OTP or physically steals your debit/credit card. Account hack is similar to house burglary: someone breaks into your bank account and steals money from your account online.
Symptoms to know if bank account is hacked :-
- You are unable to log in to your bank account even though you are entering the correct credentials.
- If you are able to access your account, you notice unusual transactions.
- You receive messages about suspicious activity from unauthorized users.
- The bank denies your credit/debit card when you try to use it.
- All the money in your account is empty.
As soon as you find out that your bank account has been hacked, you should :-
- Contact your bank and inform them about it, also record any transactions that are not yours.
- Change the password and PIN of all your bank accounts.
- If your credit/debit card has been used for fraud, block it.
- If your bank supports two-factor or multi-factor authentication, install it immediately.
- Uninstall all recently installed apps.
- Scan your mobile and computer for malware and antivirus.
- Be aware of suspicious activities and continue to monitor them.
- File an FIR about this hack at the nearest cyber or general police station as per the bank’s instructions.
To prevent your bank account from being hacked, you can :-
- For all your bank accounts, set a password of at least 10 digits, including a mix of letters, numbers and special characters.
- If your bank supports two-factor or multi-factor authentication, install it immediately.
- Add your usual phone number and email address to a system that provides instant access to every transaction in your bank account and update it immediately if it changes.
- Do not share your bank account password and PIN code with anyone (on unknown websites).
- Do not log in to your bank account on public WiFi and computers.
- Carefully check all your bank account statements for any unexpected or unauthorized transactions.
What RBI says about bank account hack :-
The Reserve Bank of India (RBI), in its 2017-2018 annual report, clarified who bears the financial liability in case of all unauthorized electronic banking transactions. Whether you or your bank bears the loss depends on whose fault or negligence is involved in the case and the extent of the loss to the customer depends on how quickly they report the incident to the bank.
* If the loss is due to the negligence or carelessness of the customer, the bank is not liable for the loss.
* If the loss is due to the negligence or carelessness of the bank or bank staff:-
– If the customer reports the unauthorized transaction to the bank within 3 working days of the bank informing them, their liability will be zero.
– If you report with a delay of 4-7 working days, the maximum liability of the customer ranges from ₹ 5,000 to ₹ 25,000 depending on the type of account.
– If you report after 7 working days, your liability will depend on the policy of the respective bank.
The bank is required to credit the amount involved in the unauthorized electronic transaction to the customer’s account within 10 working days from the date of notification by the customer.