MUMBAI: Swiping his card at the Khalapur toll plaza ended up taking a toll on the bank account of a sales manager from Pune. On September 9, Rs. 87,000 was stolen from the account of Darshan Patil, 36, in two hours after he paid Rs. 230 at the toll plaza from his card. He has registered a complaint at the Hadapsar police station in Pune.
Patil was on his way back home to Pune on Saturday evening, when he stopped at the Khalapur toll plaza and swiped his card.
“At the Khalapur Toll Plaza, I paid R230 at 6.27 pm. Immediately, I received a message about the transaction. But around 8.31 pm, I received a notification saying that a purchase worth Rs. 20,000 had been done with my card. Within minutes of that, I got six more messages of fraud transactions made through my debit card,” said Patil.
Gone in four minutes
By 8.34pm, a total Rs. 87,000 had been siphoned from his bank account. But, the cyber criminals didn’t stop there. They also made a transaction of Rs. 100 once and three transactions of Rs. 10 each to purchase stuff.
“The cyber criminals took away my hard-earned money from the bank account by making transactions of Rs. 100 and Rs. 10. These offenders didn’t even leave a single penny behind,” Patil added.
Pin and privacy
However, he doubts that his pin and privacy was compromised while he swiped his card at the plaza.
“I don’t give my pin number to anyone. In fact, I entered the code myself. But I can’t deny the possibility of any mischief done by those guys. The toll window was at the top and there were CCTV cameras overhead,” he added.
As per the documents available with mid-day, though the siphoning was done in the evening of September 9, the e-mails received by Patil show post-dated transactions of September 11. He did not receive any notification for a One Time Password (OTP) for any of the transactions.
“It is crazy how the transactions were made without the OTP while the card was with me,” he said. Patil has approached his bank and submitted a written complaint with the Hadapsar police station in Pune.
Decoding the fraud
Ritesh Bhatia, a city-based cyber crime investigator, cyber security consultant and data privacy professional said, “While swiping the card, we give it in the hands of another person who keeps it until the bill comes out of the machine. This gives them the opportunity to take pictures of the cards. Later, a guy standing by sees the pin number typed on the machine. Once, they have details of the card and the pin number, they can use it even without the OTP.” “Also, criminals use CCTV footage to capture the pin number. Other than that, skimming is also a process to steal all details,” he said.