There has always been lots of issues with me when it comes to ICICIBank but I was fine with them until yesterday when I found that ICICIBank Phone banking is very unsafe and anybody can do any type of transactions using my ICICIBank account.
There has always been lots of issues with me when it comes to ICICIBank but I was fine with them until yesterday when I found that ICICIBank Phone banking is very unsafe and anybody can do any type of transactions using my ICICIBank account.
Yes you heard it right. One of India’s largest bank is having such an issue. You may be wondering how?
Call ICICIBank customer care number in your city. To log-in as somebody else you need only 2 things.
- User’s Account Number
- Primary User’s Date Of Birth
If you issue a cheque or even do an online fund transfer, the other person knows your account number and so all he need to do is go to your online profile to find your date of birth. My FaceBook profile has my date of birth and I even checked with Orkut and they have it online too.
Now if I issue a cheque to you I risk my complete ICICIBank account. Do you think this is tolerable?
ICICIBank online facilities has always pretended to be much more secure with password grids and what not but this type of lapse is by no means tolerable.
Are you still using an ICICIBank account? If your answer is yes it is the time to think now.
Dear Shabbir,
We are the customer service team at ICICI Bank.We would like to clarify that there are different verification parameters which define the levels of authentication, services offered through Phone Banking are mapped to the different levels of authentication. Date of Birth is one of the authentication parameters used at Phone Banking for basic queries only. For any further queries,you can write to us at care@icicibank.com.
Regards,
ICICI Bank Customer Service Team.
Thanks but I guess whatever information is told after knowing DOB is not acceptable at least to me. I do not even dare to test what else could be done only with DOB and so I am better closing my account in ICICIBank
Shabbir,
It has been over an year I tried it with and have very vague idea on the process. But I do remember that it asked nothing more than my a/c and dob. I was able to know my acc balance. Since, I have not done any transactions that way, I cannot tell it whether the same authentication is enough to make payment or not.
I expected that the process would ask for my banking id digits. It didn’t. That could be a more safer way.
If my previous comment suggested that I didn’t try it at all, you shouldn’t have accepted to get it published. 🙂
No I mean you also did not try ICICIBank and there is nothing where you cannot say anything on the blog.
Hi Shabbir,
I do have an account with another private bank but they confirm your DOB and your address also. It is better to have a sms facility registered with your bank so that any transactions are instantly known.
I know with the usage of online banking increasing, it is very easy for someone to compromise your banking details and do some transactions.
One way is not to have any online transfer of money facility or remove it if you already have one activated.
Another is only have your immediate family members registered for transactions if they have an account with the same bank. In this way money can never be transferred to somebody else other than family out of your account.
I hope this is useful.
Nicholas, you are trying to say that we should not use the facility but I have account with many banks and none of them is so much easier to transact. The details are pretty prelimnary details and I think just having a password instead of DOB could keep me as customer.
yes! I always knew this is unsafe.
I practically found it about an year ago.. when I tried to login w/o my id. Only the a/c number and DOB were enough then.
But I think it is possible only to know the balance or previous transaction. To order for any payment transactions to take place, may be our mobile no# has to be registered with them.
Your May be in the comment suggest it all that you have not tried it and nor did I