Source: Table 4: of the book 'Ecommerce Unmasked: Hidden secrets to fight online battles', author: Rekha Chandulal, the Courseloka founder.
1. Register your mobile number / email id with the bank to get security alerts of transactions made on your credit/ debit cards.
2. After first usage of your debit card, do not forget to change the PIN provided by the bank.
3. Access bank portals only by typing the correct url and with https. Do not click on any shortcuts / links.
4. For online transactions in ecommerce/ shopping websites, ensure that the site is secured with https.
5. Check the card when it is returned to you by the cashier to ensure it is yours, and not tampered with in any way.
6. Notify the bank of any change of address so that new cards/ statements are not sent to the old mailing address.
7. Phishing and lottery scams: Do not fill out forms in email messages that ask for personal financial information.
Report phishing to the bank.
If the email is unsolicited, never open any attachments.
Avoid filling out forms in email messages that ask for personal financial information and never click on a link in such an email.
Do not reply to emails or Phone text messages (SMS) claiming that the recipient has won a substantial sum of money in an online lottery or promotion.
8. Password security: Create strong passwords.
Change passwords at regular intervals.
Do not share passwords with anyone, even friends and family.
Do not share OTP, ATM PIN, iPIN and account related information with anyone.
Choose a Password that is memorable to you but not easy to guess by someone else. Passwords that contain combinations of alpha and numeric characters are generally harder to guess (e.g. a7g3cy91).
Do not choose a Password that you use for other services.
Your Password should be unique to Internet Banking.
Never disclose your Internet Banking Password to anyone.
The bank will never ask you for your Password.
Do not write your Internet Banking Username together with your Password.
Do not write your Password in a recognizable format.
9. Disable functionality on your computer or browsers that remembers logon details.
10. Ensure that cards are swiped only once, in your presence in the POS (point of sale) swiping machine.
11. PIN: Enter the PIN on the swiping machine yourself. Place your free hand over the other while entering the PIN at an ATM or merchant outlet so that anyone present or camera cannot see the PIN being entered.
Change your PIN at regular intervals.
Key in the PIN only when the ATM/ EDC screen prompts for it.
Never share your PIN with anyone.
Do not have a written copy of your PIN with the card.
Do not voice out the PIN to the merchant while performing the transaction.
Never disclose the PIN to the merchant or anybody claiming to be calling from the bank.
Watch out for cameras in ATM / swiping machine rooms which may see the PIN if written on paper or spoken aloud.
12. Do not share your OTP/OAC, passwords, IPIN, ATM PIN and account related information with anyone, even if the caller is claiming to be calling from the bank.
13. Scan for virus and malware. Install and use anti-virus, anti-spyware, and firewall.
Use the latest and genuine software on your system with secure settings.
Keep them activated and updated. Scan your system regularly for virus and malware.
Use a trusted browser and keep it up-to-date.
14. Ensure that your browser and security patches are up to date. Keep your system and web browser updated.
Manufacturers regularly release security patches when weaknesses are discovered in their systems and browsers.
Check with your software provider for these updates on a regular basis.
15. Avoid accessing your account from public places like cyber cafes to do your banking, like at libraries, internet cafes and schools.
Log out if you leave the computer, even if it is just for a moment. If possible, do not leave the computer unattended while you are still logged in.
Delete your browsing history before you log out of the computer, they store information about your passwords and the pages that you visit.
Make sure that the browser has any auto complete function turned off, delete any cookies, and clear the history.
Do not type in sensitive information: Public computers may have malicious software called a keystroke logger installed on it. These can steal your password, credit card number and bank details.
Avoid doing financial transactions that could reveal sensitive information.
16. Use the virtual keyboard to enter user ID and Password
17. Avoid entering sensitive information in pop-ups.
18. Track your transactions and usage history regularly. Check your accounts regularly. If in doubt about any transactions, note the details and call the bank.
19. Create separate email accounts for personal and official activities.
20. Select email id with Secure Socket Layer (SSL) certificate for Bank related communication. (URL should start with https:// and NOT http://)
21. Check the padlock symbol and site certificate. Double-click the padlock symbol at the bottom of your browser when you log-in to online banking to ensure the site certificate belongs to your bank. This will ensure you're not being duped into entering your details on a 'fake' site.
22. Always log-out after using Online Banking. Just select the logout button and never leave your PC unattended while you're logged in to the service.
23. Fraudsters may try to deceive you into giving them your personal and security details to get access to your financial information with the bank and also set up payments out of your account into theirs.
24. Trojans are usually emails that may contain files, pages or attachments that you are asked to open. Once opened, they can secretly install a program on your computer that can monitor your online activity, down to what keys you're pushing on what page. This can mean the next time you enter your credit card details on your favorite online shopping website, the fraudsters will be alerted.
25. Money mule / Additional income email scam: Someone offers via an email or website, to pay funds into your account on the understanding you then transfer them overseas. In return, you supposedly get a commission. Many of these scams involve the proceeds of fraud and you should ignore the request.
26. Advanced Fee Fraud ('419' scams): This involves unsolicited letters and email messages offering the recipient a generous reward for helping to move a staggeringly large balance of funds, usually in US Dollars. The fraudsters are after banking details. The transactions typically require the recipient of the letter or email message to pay something like a fee / tax / bribe to complete the deal - this is the Advance Fee. Such fees will be lost.
27. Please do not share your personal and/or confidential information with any unauthorized individual or in any public domain such as blogs, forums, social network sites and other media.
Personal information refers to your account number (for example: Savings Account, Loan Account or Credit Card Account), date of birth, address, mother's maiden name, card expiry date, contact details or email ids.
Confidential information includes Internet Banking password, PINs (ATM, Debit Card, Credit card, Phone banking) or Credit Card CVV numbers etc.
Such confidential information is not requested from the Bank in any communication. In case of any suspicion, contact the Bank immediately.