Paytm is nowdays very popular for small payments in India and you can pay even the local chaiwala with it. This is great but there is a lot of paytm fraud going on as well. Not only from external people but the exploit can be done by the paytm developers themselves. Let me give you an example.
1. In the Paytm app there is an option to add money to your account by the click of a button.
2. When you click this button you navigate to a place where it asks you to specify the amount.
3. Next you select your bank name
4. Now you login to your bank account using your account id password combination.
Here is the catch. As per bank security regulations you should only log
in to bank account where you can clearly see the bank website address
which we cannot see here. But within the app you cannot see the bank website header. and the https:// which ensures that you are logged into the bank website. Within a third party app it is possible to read the keypress using keylogger and read your userid and password. An unsuspecting customer of this service does not know what the developer has programmed in the background so this feature is unsafe.
Given above is an example from hdfcbank website netbanking where you can see the https: for secure connection and the bank url hdfcbank.com/ clearly in a reliable web browser. You may topup Paytm on your computer where you can clearly see your bank website URL and the https.
5. Once you start making the payment through the bank the bank sends an OTP SMS to your mobile phone. It sends a message like: " One Time Password for NetBanking transaction is 123456. Please use this to complete your transaction. But did you know that the Paytm app may be authorized by you to read this sms or OTP messages? It is a huge risk to let any apps to read your SMS messages, specially apps that involve online payment as they can read your NetBanking OTP messages as well. Neither the government, nor the banks, nor google apps or apple store deeply scrutinize the programs for fraudulent behavior. It is mostly up to you to keep your money safe.
6. In order to prevent Paytm, or any other app to read you SMS / contacts / or anything in your phone which you have accidentally enabled without knowing the consequences, please navigate to Settings > Installed Apps > App Name (Paytm in this case) > Permissions manager > here uncheck all the permissions you do not wish to give to these apps. Never let any mobile app read your contacts and sms messages at least.
This is ensure that your NetBanking account is safe with you and the Paytm developers cannot steal your Netbanking details and OTP without your knowledge. Even if they dont this is for your own safety and security.
7. If you ever receive an OTP message when you are not performing any NetBanking transaction please immediately change your NetBanking password.
Thanks for reading this, please share the post with everyone and spread awareness.
OTP use to provide sms after any registration or enter for any services and that services send you confirmation by using Bulk SMS Service Provider in India.
ReplyDelete