Security
on 04-03-2024
I was tortured by a whats app call
I thought it was real and showed him
the yono app that i had logged in.
in future we need to block all non sense.
So I am coming up with corrections that needs
to be done to the online - web app and phone
software updates.
we need to build a database of illegal cpu id
and phone imei number that has to be checked
before logging in to any bank application
either by phone or by web.
Alternatively
login should be allowed
from 1 desktop/laptop and 1 phone only
for any registered user id.
This also has to be implemented for all emails
by all providers
online and phone app
should record last login with
cpu id in addition to other details like ip.
IP/network mac address since all could be cloned.
We need a non clonable id like CPU ID
with manufacturer name in it.
Phones should log
cpu id with imei number
This cpu id and imei number should not be clonable.
All OS browsers should provide this cpu id
and relevant information to
the browsers app.
if a cpu id is found to do 1 failed login
it has to be reported to the cyber crime dept database.
online browser apps should check for failed login database
and not allow any future logins with this cpu id
and imei number
Kindly do all necessary changes to implement the same.
At the time of First login - account setup time
Record
cpu ID+manufacturer+imei+login_id
You can setup using other valid details
to setup this using OTP dob and other relevant credentials.
This can be reset only by bank home branch
by person indicating he is changing his device.
after physical written request with uid+pan and other
original documents
To register a new cpu id,
The person has to take a screen shot
of the cpu id imei
and go in person with details
to activate the new cpu id
time taken to register the new CPU ID is
only after physical verification or 15 days
ONLINE BANKING SHOULD BE ALLOWED TO BE DONE ONLY FROM
ONE DESKTOP/LAPTOP
ONE PHONE ONLY
for any given user id.
if a new machine is to be configured,
the old machine access will be removed.
if the access is coming from a 2nd machine
simply deny the access with no reasons
report to cyber crime database.
go to home branch to fix the issue.
kindly do the needful.
Send it to the world to fix the security issue