Security Tips/Alert

1. Choose a strong BOBCARD portal login password that cannot be guessed.  

2. Do not disclose your BOBCARD login ID or password with anyone. 

3. Change your password periodically. 

4. It’s advisable to memorize your BOBCARD login & password.  

5. Change your username & password immediately, if you suspect any fraudulent activity on your account or if you think your credentials have been compromised. 

6. Avoid using cyber cafes or public kiosks for accessing your BOBCARD online account. 

7. Delete suspicious and unknown emails. Please do not click on any link shared on such emails. 

8. Do not download app from unsolicited website/social media. Always download applications from Play Store or IOS store. 

1. Do not share OTP (One Time Password) to complete the transaction with anyone. 

2. Do not click on links, you find unsolicited, unexpected or strange. 

3. Check all e-commerce site for secure symbols like ‘https://’ or the padlock icon before transacting. The presence of these features tells that that particular site is following the necessary standards of safety, needed for secured online transaction. 

4. Never update your card details in a pop-up window. 

5. Do not respond to emails or SMS asking for your card details.  

6. Beware of sites/ links that is asking you for your credit card details or online credentials. These could be a phishing attempt aimed at getting your card details and other sensitive information by posing to be from a reliable source. 

7. Be very careful what you click on social media. If any discount or offering is showing on social media, visit merchant’s original website or app to revalidate the offering/discount.  

8. Always buy product from genuine/original websites or applications using play store. 

9. Do not fall prey to whatapp / SMS messages informing about discontinuation of electricity, bank account, UPI ID or wallet if not clicked on the link or call on some mobile number. Always check with the actual service provider about the authenticity of such messages.    

10. Use card control option provided in BOBCARD App or BOBCARD Portal when not using card for online transactions. Controls can be updated on a real time basis. 

11. For further assistance please call on our All India Toll Free Number 18002665100/7100 or write to us at riskops@bobcard.co.in  

Customers are advised to protect their cards, and their credentials; and do not share confidential personal information like Card number, Card Verification Value (CVV), Expiry date, PIN(s) or OTP’s (one-time password) (setup to process online transaction) to any other person / third party (including subsidiaries, bank, and its officials). If a customer is disputing OTP enabled / ATM transactions’ which got processed after authenticating the pin/password, it is considered as a secured transaction. Due to the fact that these transactions are regarded as secure, customers would be liable for such transactions.  

1. Unsecured transactions are where OTP is not required to complete the transactions, if you witness any such transactions in BOBCARD App/Portal, or in credit card statement. Report such transactions to BOBCARD helpline number.  

2. Customers’ are advised to keep their personal information like mobile number & email address up to date with BOBCARD to receive regular transactions alerts, it will also help BOBCARD to reach out to the customers in-case of any suspicious activities. 

1. Vishing 

What is Vishing? 

a) Vishing is "voice phishing," which involves defrauding people over the phone. Fraudsters attempt to collect your personal data, pretending to be calling on behalf of the bank/credit card company, KYC updation etc. 

b) Please note that BOBCARD will never ask you for any confidential data like credit card CVV, PIN, login credentials, password, One Time Password (OTP), etc. 

2. Phishing 

What is Phishing? 

Phishing is an act of attempting to acquire information such as user names, passwords, and credit card details by disguised entities with malicious intent. It can be in the form of an email, SMS, website screen or pop-up that appears to be from BOBCARD, Banks or Winning lottery.   

Follow these simple steps to protect yourself: 

a) Do not open attachments in emails coming from strange or unknown sources, as they may contain virus or Trojan, which transmit keyed-in details to phishers. 

b) Avoid clicking on any link in an email. 

c) Do not disclose your credit card number, CVV, One Time Password (OTP), online account ID & password or any other sensitive information to anyone, including BOBCARD representatives. 

d) Type the web address in the browser whenever you intend to access your BOBCARD online account. Do not use links provided in emails sent from unknown resources. 

e) Install effective antivirus, anti-spyware and personal firewall on your computer and mobile phone and update them regularly. 

1. The power/data cable at public charging stations, provides an unauthorized access to cyber attackers to our mobile phone or electronic devices data during the charging process, leading to data theft. This is known as Juice Jacking. 

2. The attack could be as simple as extracting all your contact details and private pictures or can be an invasive attack of injecting malicious code directly into your device which can then copy all your passwords or financial data. 

3. A regular USB connector has five pins, where only one is needed to charge the device. Other pins are used for data transfer. 

4. A hacker can easily tamper with a USB charging port at a public charging station to steal passwords and export data. 

How to prevent: 

a) Keep your devices fully charged or carry personal charger/power bank with you 

b) Go to settings and disable data transfer while charging. 

c) Use USB data blockers/power-only USB adapters which cuts off the connection of data transfer pins of the USB port electronically and permits only the power supply thereby preventing Juice Jacking. 

d) If It’s inevitable and you must charge your device, then first switch off/shut down your device and then consider using a wall socket instead of a kiosk. Data cannot transfer between your device and a regular AC wall outlet. 

Screen sharing or mirroring app fraud is a scam where Fraudsters ask users to install a third-party screen-sharing application in order to assist you online or to update some documents. These apps may or may not be malware, but they do grant complete access of your device to the scammer.  

How it happens: 

• Fraudster approaches the user imposing to be from a financial institution/bank or an online service provider. 
• They will ask user to download a third-party screen-sharing application on their device to solve an issue or assisting you to update your KYC on a real time basis.  
• Instead of asking user to share their card, bank details, UPI PIN or OTP, fraudster will ask users to type in the details. 
• While user thinks they are being helped, fraudster use the opportunity to record the user’s card number, CVV code and send an OTP for transferring funds into their own account through an SMS. 
• Remember, screen-sharing apps allow access to your device. Fraudsters can view the OTP received on the user’s device and use it for transferring funds to their own account or taking an unauthorized transaction. 

How to prevent: 

• Do not download any unknown/unauthorized application on your device. 
• Do not permit any third-party application to be installed on your device. 
• If you see notification from an app asking you to make changes to your device immediately 'Deny' and decline.  
• Report any such call/suspicious activity on the helpline number mentioned at the back of your credit card. 

Smishing is a social engineering attack which uses mobile text/What’s app messages to trick people into downloading malware, sharing sensitive information, third party applications (Screensharing) sending money to cybercriminals.  

There are a few things to keep in mind that will help the cardholders to protect themselves against these attacks. 

1. Do not respond - Even prompts to reply like texting “STOP” to unsubscribe can be a trick to identify active phone numbers. Attackers depend on your curiosity or anxiety over the situation at hand, but you can refuse to engage. 

2. Slow down if a message is urgent - Approach such messages with extra caution, limited time offers/winning lottery/disconnection of electricity/disconnection of mobile phone can be a sign of possible smishing. Remain skeptical and proceed carefully. 

3. Suspicious messages - Details updation (KYC/ReKYC/CIBIL Score etc.) - Legitimate institutions do not request account updates or login info via text. Furthermore, any urgent notices can be verified directly on your online accounts or via an official phone helpline number. 

4. Avoid using any links or contact information updation - Avoid using links to update your contact information. It can be done using official websites of the banks/service providers. 

5. Download an anti-malware app – Download an anti-malware application which can protect your phone against malicious apps, as well as SMS phishing links themselves. Report all SMS phishing attempts to designated authorities (Banks/ Service providers).