Tuesday, May 22, 2018

State Bank of India ( SBI ) suspected Fraud transaction

As a Software Engineer, when you move from one company to another, you will get new bank accounts. So have been using various banks credit card / debit card for the last couple of years. But have never experienced something like this.

Recently I re-activated my SBI account when it got dorment, and applied for a debit card. Only used 2 times for cash withdrawal from ATM. And no online transactions were done via SBI Debit Card.

Yesterday ( 22-05-2018 ) I got 2 messages

1. TM-SBPAYU at 12:47PM

xxx is your onetime password for online purchase of 30.00 at rechargeitnow.com thru state Bank Debitcard ending xxxx. Don't share this with anyone.

2. BW-ATMSBI at 12:47 PM

Dear customer, your txn at POS PAYUST000000076 declined due to incorrect PIN. Please enter the correct PIN.

I send an email to contactcenter and report.phishing at sbi.co.in. Also tweeted to @TheOfficialSBI

According to the response got for the complaint, it mentions

The bank will not be liable for any losses that might occur due to transactions upon card blocking/hot listing request over email.
We also have a facility to block the ATM card through SMS. We request you to kindly send an SMS from the registered mobile number in the following format to get your ATM card blocked:BLOCK<space>XXXX to 567676 from Card holders registered mobile number (in CBS) only (XXXX is the last 4 digits of State Bank Debit Card which Card holder wishes to block).

So I blocked the card.

I got a reply for my complaint from contactcenter.
We request you to go ahead and destroy the card once the card is blocked since cannot be used.
Note: The card replacement charges will be Rs.300.00 + GST.

So lets look into more details what happened here.

1. I have not used the Debit Card in any other place other than 2 ATM withdrawals.
2. Only the bank and me knows my Debit Card number , Password and CVV .
3. The 3rd party was able to provide Debit Card and CVV / Password, only thing missing was OTP.

So the questions are 

1. Who is doing these transactions ?
2. Is it the bank employees ?
3. Is there any audit for your software ? If so, who did it and when ?
4. I wonder if the employees can get the password and wonder whether the password itself is  encrypted or not.
5. It looks the bank is making money via 300 + GST via doing this them selves.
6. Or the system has loopholes.

When a fraud transaction happens, you don't need to be at the near by branch. What you do is notify via email / twitter. Still they can't take any actions? It will be fun for SBI to play with our money.

So request all to stop using SBI credit / debit cards. In the last 6 month span, doing 2 ATM withdrawals, the card details are in the hands of 3rd party. Who is liable for this?

Tuesday, March 13, 2018

Tips and tricks to buy MiTV 4a / Redmi5A Phone via Flash Sale on Flipkart and Mi.com


I have tried buying Redmi5A Phone and MiTV 4a via Flash Sale on Flipkart and Mi.com : Is it worth the time I spend? Have you ever bought an Mi Phone or TV from Flipkart or Mi.com via Flash sale?

Mi Phones comes with variety of Price range. I was looking at Redmi5A which advertised as a 5000 phone. I have tried 3 weeks to buy the same. It was out of stock in a couple of seconds. Sometimes before the flash sale begins it shows out of stock. Now after 3 week the price is 6000 ;-). Did you learned anything from this ?

UPDATE 19-03-2018 : Now the maximum price is 6499 INR.

Today ( 13-03-2018 ) I even tried to buy an MI 32 inch smart TV. It also went out of stock in a couple of seconds. Lets look into twitter and see if any of them have bought any TV.


You can see 2 people mentioned they got it. If you look closely one account have 6 tweets and is genuinely spam. I believe these are all fake accounts. Don't count on me, just verify yourself. But the majority of twitter says no one have ordered. And sometimes even when people say they ordered the product after a few days we can see they complaining about the order is cancelled.

So is it worth to spend your time on Mi Products on a Flash sale? The answer is NO.

What are they doing in the name of Flash sale?

They don't have these product, but just trying to see / understand the market. They are studying how many customers are interested in their product and at what price they can sell these products.

Lets look at Redmi5A, they offered it for 5000, and they learned about this from each week how many customers are online trying to buy the same. On the next flash sale they are again looking how many are interested to buy the same in 6000 INR.

My wife have one xiaomi phone. I don't see a battery, everything is embedded to phone. From my understanding it is a use and throw phone, you will not able to replace the battery once it is dead. So think whether you want to buy a "use and throw" phone or a good one available in the market. Just don't think about the price. Your time is worth the amount.

Don't even trust them and link your bank / credit card information. The connection is not even secure. The one below is taken when I changed to https , but the site defaults load to http. I don't know whether they are really PCI Compliance when they are storing your credit card and bank informations.

If you are interested delete your account from xiaomi.com , you can click on the link https://account.xiaomi.com/pass/del .

What if Xiaomi really wanted to sell their Products?

They would have told their customers, we don't have adequate product with us. But you still can book with us, and when it is ready we will ship it. This is similar to how the Indian Railway booking system works. We all are in a queue. I believe people will be ready to pay the amount for the same if that is the strategy. But they are not actually looking to sell anything as they boast.

UPDATE : 19-03-2017 , MiTV4A when you get on your hands will be priced 16000 and not as they advertise. See Redmi5A price increased from 4999 to 5999 and now maximum price shown as 6499. Similarly the TV price will increase. See screenshot below.

 Before you buy MI Product itself do check the thread by Elliot Alderson who have found many security flaws of different systems. Eg : Aadhar.

UPDATE : ( 20-03-2018 )

Some of the people already have taken how the flash sale lasts. See and enjoy!

On Mi

On Flipkart

via https://twitter.com/Harish_WebDev/status/968377215036674048