For some time now, banks have been implementing several levels of bank authorisation and payment confirmation comprised of the client’s password as well as passwords from secure authorisation apps. But even the multi-level efforts of bank security systems are in vain if we ourselves are not careful about, for example, confirming pop-up requests to enter our banking app password when we are not making any payments. To protect yourself from scammers, Citadele’s Head of IT Security Kaspars Briška offers several useful tips.
How fraud happens
Nowadays, when we make most of our payments remotely or use online banking, scammers can be laying in wait to try and gain your online banking log in details. If they succeed, and you have entered your details into an insecure website or offered them over the phone, the scammer can then try and make purchases with your stolen card details or log in to your online bank. When the scammer enters your details or tries to make a purchase, you receive a notification asking you to enter your PIN1 or PIN2 or confirm the transaction using your biometrics.
The scammer may also try and register a new payment device in the online bank, for which you will also receive a notification. The problem arises when a client confirms transactions which they did not initiate by entering their PIN code or forwarding SMS codes to scammers.
Monitor the transactions in your bank account
To avoid unexpected surprises—lost money and unexplained payments—we suggest activating notifications on transactions from your account. These can be activated for every bank, either as an app notification or in SMS form. We also suggest activating notifications for when a new device is linked with your online banking profile.
Take care with pop-up password or biometric requests
Remember: password requests do not appear on their own. Each is linked with an operation in your bank account or an attempt to log in to a site which uses your bank login. For client security, each authentication notification is given a unique code which must be compared with the code appearing on your phone. For example, if you want to buy cinema tickets, the payment confirmation and the device with which we confirm payments will show the same four-digit code. Only then can we be certain that we are confirming that exact payment.
What if I see an unexplained payment?
For all payments that you cannot explain and you are certain were not made by you, you must contact your bank. Before asking the bank, check whether the payment can be explained: perhaps you signed up to a subscription which takes its payment periodically, or there is an internet service fee, for example.
You should also notify the bank if you receive a mobile app PIN code request, notification or SMS for operations not made by you. You should do this as soon as possible if you confirm a payment or other account activity that is not yours, or if you have forwarded and confirmed codes asked for by third parties.