As Asirvad Micro Finance Ltd.’s reliance on technology grows, it’s more critical than ever to take steps to protect consumer data and information systems. We work hard to secure and protect our customers’ information because it is at the heart of our business. The Asirvad Information Security Program is designed to align information security with operational strategy, ensure compliance with applicable statutory, local laws, and regulatory requirements, manage, monitor, and mitigate information security risks and incidents, optimize information security investments, manage information security resources efficiently, and monitor the Information Security Program’s ongoing effectiveness.
Support Asirvad in securing information technology assets and data.
Promote the safe and efficient use of information technology resources while efficiently managing the risks that come with it.
“We work directly with our customers and vendors to incorporate security, threat management, compliance, and related governance into the digital core’s very fabric, guaranteeing Asirvad’ s expansion and digitalization is secure by design. Deliver effective security services and cyber resilience, thanks to our broad collection of innovative security frameworks and service offerings.”
When should an individual contact the Information Security?
- If you have any policy-related comments, questions, or concerns.
- When you need assistance or guidance from the Information Security Team.
- When it is necessary to report a data security event or incident.
- When you have a suggestion or an idea to improve Asirvad’ s Information Security Program,
Contact the Information Security
SMS / Email / Instant Messaging / Call Scam
Good and Strong Password
OTP based Fraud
Fake Loan websites / App Frauds
Information Smart Awareness – General Precaution
Information Security Alert
Information Security Advisory to Customers
Know Your Customer (KYC) Frauds
Know Your Customer (KYC) is an identity verification process followed for new customers while joining and existing customers.
Why KYC is important?
The main purpose of KYC is to prevent identity theft, terrorist financing, money laundering, and financial fraud. The KYC process helps NBFC to verify the customer identity. As per the RBI norms, KYC has become mandatory requirement.
The following details of customers are collected to complete the KYC process.
- Legal name
- Identity proof
- Aadhar Proof
- Bank Passbook
- Address Proof, etc.,
Taking advantage of this provision, fraudsters send bogus SMS/text messages or make bogus phone calls posing as Asirvad representatives in order to obtain personal information from customers. The fraudsters may provide the customers with a phishing link or a 10-digit mobile number, or they may persuade them to give them access to their digital device, through which they intend to obtain the customer’s personal information in order to gain unauthorized access to their banking accounts and steal money.
How fraud take place?
Modus Operandi – In case of fraudulent calls:
- Fraudsters call the victim pretending to be an NBFC representative, requesting that they update their KYC immediately and warning them of account blockage/loan suspension.
- The caller informs the customer that the validation/KYC can be completed online in order to keep the account active and instructs the customer to download an APP on the digital device being used.
- After you download the app, the fraudsters will ask you to share code and grant certain permissions, allowing them to gain access to your digital device.
- The caller then requests that the victim transfer a small sum of money from their bank account in order for them to see or access the OTP sent on the digital device.
Modus Operandi – In case of fake Messages
- Message sent from a mobile number containing a phishing link and/or a 10-digit mobile number in order to update KYC. The victim is redirected to the spoofed website after clicking the link in the message and is prompted to enter the bank username, password, OTP, and so on.
- When the victim dials the number provided in the message, he or she is prompted to share personal information such as account username, password, account number, OTP, and so on. To commit fraud, the fraudster uses these details to gain unauthorized access to the victim’s bank account.
Safety tips for safeguarding against such cyber frauds:
- Never click on unknown links or links received from unverified sources.
- Always remember that a NBFC or other authorized institutions, never does KYC on calls or send any links to its customers, for updating KYC.
- A valid customer care number can never be a 10-digit mobile number as generally given in the fake message.
- Never share your mobile number, account number, password, OTP, PIN, or any other confidential details with anyone. Any authorized bank or customer service never asks its customers to share any confidential information.
- Avoid contacting the customer service/contact numbers provided on google search. Only contact the authorized numbers provided original banking websites.
- Do not give your access to your device for anyone by installing remote access type of applications (AnyDesk , Quick support ,Team Viewer etc.)
- Only use original apps downloaded from authorized stores /websites, do not download third party apps.
- In case of any such issues immediately report to the specific NBFC authorities immediately.
- File an online complaint regarding any such frauds on the government portal ww.cybercrime.gov.in
Threats of contactless payments
Methods for fraudsters to commit financial fraud by utilising the contactless payment feature
- Use a POS terminal or a Mini-card reader to conduct the transaction without the user’s knowledge.
- Because there is no PIN or password required, misplaced/lost/stolen cards can be easily misused by fraudsters for unauthorised transactions.
- Fraudsters can bypass the maximum transaction limit by using a technique known as “Man in the middle attack,” which uses specialised hardware to capture and insert messages.
- Enable the mobile banking app-based control (if available) to disable contactless payment and cap the transaction limit when not in use.
- Use special wallets/holders that can protect you from unauthorised contactless transaction access and skimming.
- Always keep track of your financial transactions, be on the lookout for any updates on unauthorised transactions and double-check your account statements on a regular basis.
- In the event of theft or loss, immediately block the card and notify your bank.
- You can also report financial fraud online at the National Cyber Crime Reporting Portal (cybercrime.gov.in).
SMS / Email / Instant Messaging / Call Scam
Fraudsters circulate fake messages in Instant messenger / SMS / social media regarding availability of attractive loans and use the logo of any known NBFC as profile picture in the mobile number shared by them to induce credibility. The fraudsters even share their Aadhaar card / Pan Card and fake NBFC ID card.
After sending such bulk messages /SMS /email to loan seekers, the fraudsters call random people and share fake sanction letters, copies of fake cheques, etc., and demand various charges. Once the victims pay these charges, the fraudsters abscond with the money, leaving the victim with very little chance of getting it back.
- Never click on links sent through SMS / emails or reply to promotional SMS / emails.
- Never open / respond to emails from unknown sources containing suspicious attachment or phishing links.
- Never believe loan offers made by people on their own through telephones / emails etc.
- Never make any payment against such offers or share any personal / financial credentials against such offers without cross-checking that it is genuine through other sources.
- Fraudsters create a third-party website which looks like existing genuine website, such as bank’s website or e-commerce website or search engine, etc.
- These links are generally circulated by fraudsters through SMS / social media / email / Instant Messenger, etc.
- Most of the time, customers enter secure credentials by just having a glance and clicking at the link but not checking the detailed URL.
- The links are masked through authentic looking names of websites, but in reality, the customer gets redirected to phishing website.
- When customers enter secure credentials on these websites, the same is captured and used by the fraudsters.
One should not click unknown links and should delete the SMS / email immediately to avoid accessing them in future. Care should be taken to verify the website details especially where it requires entering financial credentials.
➢ Imposters call or approach the customers through telephone call / social media as bankers / company executives / insurance agents / government officials, etc., and seek confirmation of the secure credentials by sharing few details such as name or date of birth to gain confidence.
➢ In some cases, the imposters pressurize /trick customers into urgently / immediately sharing confidential details citing emergency, details required to block transaction, payment required to stop penalty, get attractive discount, etc. These credentials are then used to defraud the customers.
Bank officials / financial institutions / any genuine entity never ask customers to share confidential information such as username / password / card details / CVV / OTP.
Good and Strong Password
- Use at least 8 characters or more to create a password. The greater number of characters we use, the more secure is our password.
- Use various combinations of characters while creating a password. For example, create a password consisting of a combination of lowercase, uppercase, numbers and special characters etc.,
- Avoid using the words from dictionary. They can be cracked easily.
- Create a password such that it can be remembered. This avoids the need to write passwords somewhere, which is not advisable.
- A password must be difficult to guess.
- Change the password once in two weeks or when you suspect someone knows the password.
- Do not use a password that was used earlier.
- Be careful while entering a password when someone is sitting beside you.
- Do not use the name of things located around you as passwords for your account.
OTP based Fraud
- Victims get SMS / Instant messages from fraudsters impersonating as NBFCs offering loans or enhancement of credit limit and are asked to contact the fraudster’s mobile number.
- When the victims call the number, the fraudsters ask them to fill few forms (even online) containing financial details and they incite / convince them to share the OTP or PIN details, resulting in loss of money.
➢ Never share OTP / PIN Numbers / personal details, etc., in any form with anyone.
➢ Regularly check SMS / emails to ensure that no OTP is generated without your knowledge.
Fake Loan websites / App Frauds
- There are many unscrupulous loan apps which offer instant and short-term loan. These apps dupe the borrowers and may also charge significantly higher interest rates.
- To attract gullible customers, the fraudsters advertise “limited period offers” and ask applicants to make urgent decisions using scareware tactics.
- Check the following points before taking loan from dubious loan app, etc.
- Is the lender more interested in knowing personal details rather than checking credit scores?
- Is the lender registered with the Government / authorized agencies?
- Check whether the lender has provided a physical address or contact information; otherwise, it may be difficult to contact them at a later point .
- Remember any reputed NBFC / Bank will never ask for payment before processing the loan application.
- Genuine loan providers never offer money without verifying documents.
- Verify if these NBFC-backed loan apps are genuine.
Cyber Smart Awareness – General Precaution
- Be wary of suspicious looking pop ups that appear during your browsing session.
- Always check for a secure payment gateway (https:// – URL with a Pad Lock Symbol) before making online payments.
- Keep your PIN (Personal Identification Number), password, and credit or debit card number, CVV private.
- Avoid saving card details on websites/devices/public laptop/desktops.
- Turn on two-factor authentication where facility is available.
- Never open emails from unknown sources containing suspicious attachment or phishing links.
- Do not share copies of Cheque book, KYC documents with strangers. For Device/Computer Security
- Change passwords at regular intervals.
- Install antivirus on the device and install updates whenever available.
- Always scan unknown USB drives /devices before usage.
- Do not leave your device unlocked.
- Configure auto lock of the device after specified time.
- Do not install unknown applications or software.
- Do not store passwords or confidential information on unknown devices.
For Safe Internet Browsing
- Avoid visiting unsecured websites
- Avoid using unknown browsers.
- Avoid saving passwords on public devices.
- Avoid entering secure credentials on unknown websites.
- Do not share private information to unknown persons on social medial.
- Always verify security of the page, in case an email or SMS link is redirected.
For safe Internet Banking
- Always use virtual keyboard on public devices since the keystrokes can also be captured through compromised devices, keyboard, etc.
- Log out of the internet banking session immediately after usage.
- Update passwords on periodic basis.
- Do not use same passwords for email and internet banking.
- Avoid using public terminals (viz. cybercafé, etc.) for financial transactions.
For E-mail Account Security
- Do not click emails from unknown addresses.
- Avoid using emails on public or free networks.
- Do not store secure credentials / bank passwords, etc., in emails.
For Password Security
- Use a combination of alphanumeric and special characters in your password.
- Keep two factor authentications for all your accounts if facility is available.
- Change passwords periodically.
Cyber Security Alert
Greetings from Asirvad!
Due to the pandemic crisis, we strongly advise you to use our digital solutions for all EMI transactions.
However, never share your personal confidential information, such as Card Number, Card Expiry Date, CVV, OTP, Internet Password, UPI PIN, and so on, with anyone via unsolicited calls, SMS, IVR, or e-mail.
Asirvad Micro Finance Ltd never requests such information.
Do not forward Asirvad SMS to anyone.
Do not give your SIM card to anyone who is not authorized to have it.
Do not click on links in messages or emails that promise free COVID-19 testing, COVID vaccines and remedies, Reward Point Redemption, Income Tax Refund, Web Series Subscription, and so on. These could be fraudsters attempting to steal your personal information.
PLEASE STAY ALERT and SAFE.
Cyber Security Advisory to Customers
You may have received numerous emails, SMS messages, or WhatsApp messages purporting to be from your Asirvad, advising you to click on links provided in the email or message to update or activate financial services. But proceed with caution. They could be malicious links that infect your device with malware or steal sensitive information such as your account number, Internet Banking user id, passwords, and so on.
From: Asirvad Micro Finance Team [firstname.lastname@example.org]
Dear Customer, Your Customer portal password has not been updated since last 90 days. Kindly update your password at http://AsirvaddigitalOnline.com to continue the service.
- Do not click on links sent to you via email or SMS from unknown senders.
- To ensure the authenticity of an email, always check the sender’s email address in addition to the display name.
- Always access your Asirvad approved payment portal by entering the URL directly into the browser.
- Always keep in mind that Asirvad will never request an OTP, Password, Mobile Banking PIN, debit card details, OTP, CVV, or other confidential information via email, SMS, or phone call.
- Do not install unknown apps.