How can you prevent identity theft?

The story of opening fake accounts with identity theft is not new. Nor is the confidence of people that they follow safe practices.

Here are some statistics from a NortonLifeLock Cyber Safety report for 2019.

  • About 80% of the respondents have either been a victim of cyber fraud, or have at least faced and thwarted one attempt.
  • 61% of these felt they were safe, before catastrophe struck.
  • 63% of identity theft victims have no clue about the course of action to be taken after the crime happens.


The Wells Fargo scam was exposed in 2016, when 3.5 million credit cards were issued in the name of customers who never asked for those. 3.5 million fake email ids were created and 3.5 million SIM cards were used to authenticate the transactions. A few customers noticed it, when they saw a new account on their net-banking screens, started receiving uncalled-for credit and debit cards and being charged fees. However, there were many who did not notice.

Don’t miss the conversation between Elizabeth Warren, Senator and Timothy Sloan, then CEO of Wells Fargo.

The next bank in India to follow was Airtel Payments Bank. They used EKYC given for phone connections to open savings accounts in the bank, and diverted LPG subsidies to those. The then CEO, Shashi Arora, resigned after the scam was exposed.

Read details here.

PayTM Bank is doing it since 2018. The welcome email sent to customers whose savings accounts were opened in a similar fashion as Airtel, included a line.

“If you do not wish to continue with this savings account, please click on the box below to Message Us.”

They supposedly complied with legal requirements by offering a choice.

Only that the mentioned box was not there in the email, and no link to click.

The RBI action against PayTM Payments Bank restraining onboarding of new customers, till an IT audit is conducted and completed, appears to have come too late.

Meanwhile, the license of P.C. Financial Services who owns the moneylending app CashBean was cancelled, due to non-compliance with RBI guidelines in KYC and outsourcing processes.

A celebrity wakes up to the fact that her credit score is ruined, because somebody has borrowed Rs.2000/- from Dhani Loans (formerly Indiabulls) using her PAN.


In the above two cases, the Ekyc given for one purpose was used for another. It can happen to self-attested hard copies of id and address proof documents too.

If you store documents in the Gallery of your phone, all the apps on your phone have access to it.

If you happen to share sensitive documents in Whatsapp groups, one click by all 256 members of the group can have the document downloaded in their Galleries. How many apps would these 256 people be using, and your personal docs have been made available to those.

You can’t resist the lure of using a free or open WiFi system somewhere, and make an online payment giving your card or bank account details.

You are tempted by a too good to believe time-bound offer, and try your luck without verifying the authenticity of the site.

Sharing of OTP or scanning a QR code to get defrauded happens too often.


1. Check your credit score regularly.

All the sites Experian, TransUnion CIBIL, Highmark and Equifax give one reading free in a year. There is no harm in paying for a report, if you suspect something fishy.

The credit report will tell you about loans or credit cards in your name, which you have not availed of.

Related post: How to manage good credit scores

2. Spend a little extra time on net-banking

Don’t just do your transaction and log out.

Check the transactions and balances in all accounts.

Check if there is any extra account showing up, or any charges you are not aware of.

3. Read transaction alerts carefully

Check the format carefully, if it is the same as what your bank regularly sends. Usually, they show an account number with only the last four digits visible.

Delete if you won’t need a reference later, as apps can read your SMS messages. Details of your bank accounts, insurance policies or other investments can leak out from there.

4. Scan through the Spam once before clicking on Empty folder

A good email provider has sorted out suspicious messages. But there may be a clue to something else happening somewhere.

Don’t ever click on any link given in spam messages.

5. Pay attention to urls and fraud email ids

A spelling mistake, a comma where it is not needed or an extra alphabet is the indicator of a fake site.

6. Passwords need to be managed

It is not enough to just change passwords at regular intervals and keep them strong. We create accounts on several sites with email ids. Ensure that you do not use the same password that is used for your email. It can lead to hacking, if data on the site is hacked. It happened with Quora a few years ago. We were asked to change both Quora and email passwords.

7. Keep a separate email id for financial transactions

Ideally, have one registered email id for all your financial transactions in banks, insurance, mutual funds and others. It helps keep all the data in one place.

And don’t use this email id to register on any other site. Have separate ids for those.

8. Use a VPN

VPN is a Virtual Private Network, which hides your IP address and encrypts internet traffic. It makes it difficult for hackers to steal your sensitive data.

9. Install anti-virus software.

Seems like common sense, but gets ignored or postponed for so many reasons.

10. Mention the purpose on KYC documents

If you are submitting, self-attested hard copies of KYC documents, mention the purpose on it like “For LPG connection” or “For SIM card of …. Company”. Documents can be morphed, but it will make the job harder.


Companies like Bajaj Allianz and Bajaj Finserv provide identity theft protection. It covers the amount lost from your bank account, legal expenses and expenses to fight extortion, cyber-bullying etc.

Spread the love

Leave a Reply

Your email address will not be published. Required fields are marked *