Reserve Bank Of India [RBI] — solution to prevent banking online fraudulent transactions

Address:

560072

I, manohara m (Mob: [protected]) recently succumb with my citi bank credit card fraudulent transactions on 07th feb, 2017 5:15 pm ist.

Current situation:
—
As digital india adoption is growing, social engineering on people bank credit/debit card account details increasing for fraudulence.

The fraudulent team using bank card details for online transactions on wallet services soon your card details got shared/accessed. They exhaust your credit/debit card per day transactions limits by making immediate multiple transaction within 10-15 mins.

The banking erp risk management system (Like: citi, sbi bank etc.) is not fool-proof enough to identify or alert either the transaction doing person or bank risk/care team on those malicious transactions carried-out on your behalf.

There are large number of police and cyber cell complaints laying across india.

I did noticed/received report from payment gateway team, my citi bank credit card is used for 8 different transactions with 5 different vendors (Ccavenue, payumoney, oxigen wallet, freecharge etc.), soon my card details were stolen through social engineering. These transactions were happened within 10-15 mins as malicious team got my citi credit card details with otp information through social engineering.

Citi bank technical support team confirmed over conversation, they don't have any system that checks users source (Ip) address during online transaction using credit/debit card.

Suggestion:
—
I suspected there are multiple people on the fraudulent team carried out transactions on my behalf because one of the malicious person still over phone conversation (Who is involved in social engineering) with me while these transactions are happening in parallel.

I started thinking "why citi bank risk system failed to generate immediate alert on these fraudulent transaction, if my assumption correct where multiple people made these transactions on my behalf from different sources/physical computers" i thought a while this could have been the loop-whole or not a fool-proof within banking risk system for online transactions could have been prevented/saved so many people’s money and police processing across india.

I requested ccavenue risk team to share user transaction details on my citi credit card and from their report it’s been clearly identified 3 different people/users transacted over mobomoney merchant.

I raised concern to citi bank risk management and challenging them their bank online transactions are not 100% fool-proof. I did suggested citi bank these fraudulence can be prevented by validating person source (Ip address) for further truth. Let say 3 different persons transacted over ccavenue payment gateway using same citi credit card details (In this case mine), payment gateway can provide source of person to bank and bank can scrutiny after the transactions complete to validate, transactions happened over credit card of the person is from same source of ip or different. If it is different send alert to bank, payment gateway and card holder something fishy so, further scrutiny require, rest of the things in fall in-place.

Benefits:
This could be the patent solution for banking system (Like: citi, sbi etc.) to enhance their risk system security on fraudulent online transactions through credit/debit cards.

Enhanced security and intelligence integration within banking risk system.

Credit/debit card holders will still be relaxed from social engineering attacks or card lost scary incidents.

Trust and next level for digital india.

Police and legal department interference can be nullified.

Note:
Citi bank is not interested to investigate genuinely even though police complain furnished. Police worry about expense incur as fraudulent people from remote region.

I am attaching here high level proposal of banking erp security system modification that could prevent such fraudulent discrepancies.

Thanks & regards,
Manohara m