Personal Finance News

NPCI Cautions Consumers Against Downloading AnyDesk App

RBI has recently issued advisory pertaining to fraud in digital payment ecosystem using remote screen access apps

NPCI Cautions Consumers Against Downloading AnyDesk App
info_icon

Mumbai: National Payments Corporation of India (NPCI) is at the forefront of driving digital payments to deliver 3S (simple, secure and seamless) experience for consumers. With widespread acceptance and growth of digital payments, it is imperative that consumers also learn safety aspects of any new payment ecosystem. NPCI has begun the process of consumer safety within the apps with various security controls.

The Resrve Bank of India (RBI) has recently issued an advisory (Alert 1/2019) on February 14, pertaining to new modus operandi to commit fraud in digital payment ecosystem using remote screen access apps. NPCI is committed to consumers’ safety and reiterates its commitment to support the cause stated by RBI in letter and spirit. Recently, this new type of fraud has been identified by NPCI only and proactively informed to the regulator and other authorities.

Advertisement

How does Remote Screen Access (RSA) Apps work?

  • Fraudster would lure the victim on some pretext to download an app called ‘AnyDesk’ from Playstore or Appstore.

  • The app code (9-digit number) would be generated on victim’s device, which the fraudster would ask the victim to share.

  • Once fraudster inserts this app code (9-digit number) on his device, he would ask the victim to grant certain permissions which are similar to what are required while using other apps.

  • Post this, the fraudster will gain access to victim’s device.

  • Further the mobile app credential is vished from the customer and the fraudster then can carry out transactions through the mobile app already installed on the customer’s device, NPCI said in a release.

Advertisement

Notably the threat of this modus operandi applies to all applications (Payment/Banking/Wallets/Social Media) installed on the victim’s mobile device, it warned.

Once access is granted by the victim, fraudster can not only initiate financial transactions but can also place online shopping orders or book rail/air tickets, etc. using the apps available on the victim’s phone or even steal any information stored in the mobile phone. While number of such fraud cases are few (five cases reported so far), we are vigilant and urge consumers to be careful, the release said advising the consumers.

Bharat Panchal, Head of Risk Management, NPCI said, “While we are continuously working towards enhancing security of our products & services from such attacks, this type of frauds can be better prevented by consumer education. The entire ecosystem comprising banks and fintech companies have to work collectively towards creating awareness and educating customers to refrain from sharing their account/card credentials, OTP/PIN and/or giving access to their mobile handsets to unscrupulous persons through such remote screen access apps”.

“UPI platform is fully secure and is also 2FA enabled. NPCI in its endeavour to safeguard the UPI ecosystem will continue to proactively monitor the fraud space and help implement control measures wherever required” Panchal commented.

Taking this ahead, NPCI has started the Consumer Safety and Awareness program leveraging the mass media vehicles like newspapers and radio. Last week, NPCI started a consumer content sourcing initiative STOP. THINK. ACT on twitter to gather creative ideas from consumers to educate them. This is one of a kind initiative to co create content along with consumers, in true sense  “for the consumers, by the consumers”, the release said.

Advertisement

Advertisement

Advertisement

Advertisement

Advertisement