zerodha: Temporary one-time password not enough, says Zerodha’s Nithin Kamath on demat hacking

Major Indian brokerage firm Zerodha sprang into action to protect clients facing cyber-attacks after a local media outlet revealed how demat accounts of many clients, including some from the company, had been compromised.

Mumbai police arrested five people this week on charges of accessing the stock broker’s demat accounts and defrauding Rs 3.5 crore.

Zerodha will soon be launching a feature that will not allow placing orders for options at abnormal prices, Nithin Kamath, the brokerage’s founder and chief executive, wrote in a LinkedIn post, acknowledging that their method of getting a ​temporarily requesting a one-time password is not enough.

“Money cannot be withdrawn from trading accounts to third party bank accounts. To move money, fraudsters create artificial losses by trading illiquid options (buy high, sell low) or buy scammy penny stocks. Our best bet is to find ways to block such suspicious transactions,” he wrote.

The number of incidents will decrease from Sept. 30, when OTP/TOTP/Biometric becomes mandatory at login, Kamath said.

While India has seen a surge in recent years among private investors, and more so among millennials, to bet on the stock markets that hit record highs after the coronavirus pandemic, cyber-attacks via phishing or other forms have also increased at the same time.

The hackers’ modus operandi involves sending fake websites to random people via text messages, emails, social media and recording their username, password, personal identification number or date of birth when unsuspecting investors try to log in by accessing the fake website. click. The hackers can then use these credentials to log into the investor’s trading account to execute buy or sell transactions on illiquid penny stocks as planned by the fraudsters, brokers said.

Amid mounting cases of cyber scams, India’s capital markets regulator last month also required stockbrokers and depository participants to report all cyber-attacks, threats and breaches within six hours of detecting such cases. The Securities and Exchange Board of India had also prescribed the cybersecurity and cyber resilience framework for stock brokers.

However, it is not individual accounts that have been hacked, but hackers around the world have also attacked stock exchanges – be it New Zealand, Moscow or Tel Aviv.

The International Organization of Securities Commissions, recognized as the global benchmark for the securities industry, said in a recent report that the pandemic has increased cybersecurity risks, accelerated the use of existing, new and emerging technologies and disrupted some outsourcing arrangements.

Cybercrime has increased through banking-to-broking-to-social media, Kamath said.

But to be sure, security measures will only work if users are careful enough not to share their account access by believing in get-rich-quick schemes, which is how most fraud happens, he added.

Leave a Comment

Your email address will not be published.