1 in 3 Indians store confidential personal information like bank account, debit/credit card, ATM Pin, Aadhaar/Pan card in mobile, computer or email; 11% even store it in their mobile phone contact list

September 6, 2021, New Delhi: In the last few years, incidents of ATM frauds, unauthorised use of debit or credit cards or mobile numbers being issued on false identities have drastically risen. Similarly, large-scale data thefts where hundreds of millions of records of personal have been stolen are also common headlines in newspapers. Per Unisys Security Index 2020 report that measured consumers’ concern around personal financial security, it was found that bank card fraud via unauthorised access to individual’s credit & debit card details and concerns around banking and shopping online was amongst the top problem highlighted in the report.

To curb the menace, many efforts have been made by the Government of India vis-a-vis RBI in areas of financial inclusion, financial literacy, and financial security. Nonetheless, financial experts reason that one of the most common ways for hackers to commit cybercrime is by phishing an individual’s email account, text messages on mobile, to access their personal financial details, either ATM PIN-based or OTP-based. However, people continue to rely on storing their sensitive personal financial details, their banking passwords, and information of their ATM debit and credit cards, on their smartphone, email, or computer. Hackers have tried every method to find the loose end here and breach any underlying securities, with the motive to siphon off funds by accessing these details.

With many such concerns raised by citizens over the last 24 months in various communities on LocalCircles including the one founded by the Department of Consumer Affairs, LocalCircles decided to conduct a survey to understand how Indians store and share their ATM or Debit cards pin details, and even the details of their Aadhaar and Pan cards, aimed to expose the vulnerability of storing personal finance information on email, mobile phone, or computer. It is important, especially at the time the COVID-19 outbreak with the need for social distancing having given rise to increased use of digital channels and most people rely on saving such details on email, contact lists on mobile phones, or computers for easy access to shop online, send and receive money that involves carrying out transactions online by giving out these details. Over 24,000 responses were received from citizens residing in 393 districts of India. 63% of the participants were men, while 37% were women. Of the total participants, 45% were from metro/tier 1 towns, 31% were from tier 2 towns and 24% were from tier 3 towns and rural locations.

Risk of Personal Data Breach: 29% Indians share their ATM or Debit Card pin with close family members, 4% share it with their domestic and office staff

The first question in the survey sought to know from respondents about who all have access to their ATM or debit card(s) pin details. It was found out that 29% have given this access to “1 or more members of the close family”, 4% have given it to “1 or more domestic or office staff”, and 2% have given it to “1 or more friends”. The majority of 65% of respondents said no one other than they have access to their ATM or debit card detail. This question in the survey received 8,158 responses.

Aimed to make digital payments using debit cards and credit cards more secure, new rules by RBI mandate that cardholders of both debit and credit set up transaction limits. It has also directed banks to allow people to register for preferences such as opt-in or opt-out of services, also on spending limits, and other services for online transactions, international transactions, and contactless transactions.

Risk of Personal Data Breach: 33% Indians store their bank account, debit/ credit card/ ATM passwords, Aadhaar and Pan numbers on mobile, computer or email

Generating a strong password is easy, but it's a pain to keep track of them all between multiple bank accounts, websites & apps demanding their unique log-in criteria. The following question sought to know from citizens about how they generally store personal financial details like bank account, debit or credit card CVV or ATM passwords, Aadhaar or Pan Number, etc. In response, 7% said “In my phone”, 15% said “In my email or computer”, and 11% said in phone, email, or computer. Breaking down the poll, 21% of citizens said they have memorised them all, and 39% said they have kept it in a paper format with them. 7% of respondents did not have an opinion. The survey findings indicate that 33% of citizens store their credentials in their digital means, especially on mobile phones, email/ computer. This question received 8,260 responses.

11% citizens are storing their ATM, bank account, email, other online account passwords in their mobile phone contact list

Many people in the community discussions on LocalCircles also indicated how they rely on their smartphone’s ‘contact list’ to store their banking passwords and details of ATM, bank account, email, etc. This is a very unsafe way to store such credentials because most online apps these days ask for permission to access one’s contact and text messages. Though some apps have high levels of security and are trustworthy, the same can’t be said for the majority of other apps that are available on app stores. India’s cybersecurity researchers recently identified 167 counterfeit iOS and Android apps used by hackers to steal money from people. The final question tried to know from citizens if they store 1 or more of their passwords (ATM, bank account, email, other online accounts, etc.) in their phone’s contact list. In response, 5% said “yes, many of them”, 6% said “yes, few of them”. However, the majority of 88% of citizens said “no”, while 1% did not have an opinion. The poll result indicates that 11% of citizens are storing ATM, bank account, email and other online account passwords in their mobile phone’s contact list. This question received 7,956 responses.

Storing sensitive financial details on a phone’s contact list which 11% of citizens are doing poses a significant risk of misuse, either by apps or hackers or even by contacts of the individual. The findings also suggest that 33% of citizens store their bank account, debit or credit card and ATM passwords, Aadhaar and Pan numbers on mobile, computer or email again posing a major risk to the individual. Similarly, as indicated by the survey results, 29% of citizens share their ATM or debit card pin details with close family members, and 4% share it with their domestic and office staff.

There is an urgent need for RBI and Banks to make concerted efforts in the direction of digital financial literacy. Citizens on the LocalCircles platform also suggested that from time to time the Government via Finance Ministry, Consumer Affairs Ministry and MEITY, along with RBI, should organize awareness programs on how to secure personal data and the dos and don’ts. LocalCircles will be sharing the findings of the survey to related stakeholders in the Government and RBI so these findings can be utilised to create necessary programs to educate the public at large on how to secure personal and financial information effectively.

Survey Demographics

Over 24,000 responses were received from citizens residing in 393 districts of India. 63% of the participants were men, while 37% were women. Of the total participants, 45% were from metro/tier 1 towns, 31% were from tier 2 towns and 24% were from tier 3 towns and rural locations. The survey was conducted via LocalCircles platform and all participants were validated citizens who had to be registered with LocalCircles to participate in the survey.