After Demat Hacking Zerodha’s Nithin Kamath Says: Temporary One-time Passwords Are Insufficient
In parallel with the rise in retail investors, particularly millennials, betting on the equities markets after the coronavirus epidemic, cyberattacks using phishing or other methods have also surged in recent years in India.
After a local media outlet disclosed how many customers’ demat accounts, including those from the company, were hacked, India’s largest trading business Zerodha acted quickly to protect consumers from hackers. This Monday, Mumbai Police detained five persons on suspicion of hacking into the share broker’s demat accounts and defrauding them of Rs 3.5 crore.
Nithin Kamath, the founder, and CEO of the brokerage company acknowledged that their current way of requesting a temporary one-time password is insufficient and promised that Zerodha will soon include a feature that would prevent orders for options from being made at anomalous pricing.
To shift money, he said that it is impossible to withdraw funds from trading accounts into accounts held by other parties. Instead, fraudsters manufacture fictitious losses by trading illiquid options (buy high, sell low) or purchasing phoney penny stock, and finding funding solutions to stop such shady dealings is their best option.
When OTP/TOTP/Biometric logins become required on September 30, Kamath predicted that incidents will decrease.
According to Kamath, cybercrime has increased across all sectors, from social media to brokerage. However, he warned, safety precautions can only be effective if users are cautious enough to avoid sharing their account credentials by falling for get-rich-quick scams, which is how most frauds take place.
The hackers’ method of operation is delivering phoney websites to random individuals via text messages, emails, and social media. When unwary investors attempt to log in by clicking the phoney website, the hackers steal their username, password, personal identification number, or date of birth. Brokers claim that the hackers can use these credentials to enter into the investor’s trading account and carry out the fraudsters’ planned purchase or sell orders on illiquid penny stocks.
India’s capital markets regulator also ruled last month that stock brokers and depository participants need to notify any cyber assaults, threats, and breaches within six hours of discovering such occurrences. This was done in response to the rising number of cyber frauds. The framework for cyber security and cyber resilience for stock brokers was also established by the Securities and Exchange Board of India.
The pandemic has increased cyber security risks, accelerated the use of existing, new, and emerging technologies, and disrupted some outsourcing agreements, according to a recent report from the International Organization of Securities Commissions, which is regarded as the global standard-setter for the securities industry.
