CITI Bank – Do you think you are Secure?

          What do you do if you want to transfer your fund online? Ideally you will be adding payee account details in your bank account. Once your bank acknowledged your payee then right away you can transfer your fund. That’s it? Is it secure? Do you think you are making secure transition? How do you restrict someone (could be a hacker) to transfer money from your account without your knowledge? Is it possible?

            I have 2 debit bank accounts. ICICI & CITY. Both the banks are pretty famous here in India.  Let’s look out the security aspects on these 2 banks. Also I’m not considering my credit cards here. That’s a separate tragedy. :)

            Say for an example let’s take a user called ‘xxx’. xxx wants to transfer money to his/her friend named ‘yyy’.

This is how ICICI reacts,

•             xxx logged into ICICI account
•             xxx adds yyy as payee with yyy back account details
•             xxx receives secret code to confirm yyy to his/her mobile
•             xxx confirms the yyy by entering secret code.
•             xxx chooses yyy to fund transfer
•             xxx enters the amount and remarks and click submit
•             xxx asked to enter transaction password
•             bank application authenticate xxx’s transaction password
•             xxx asked to enter the 3 grid number of random alphabets
•             xxx enters the respective grid number which is printed in the debit card
•             bank application authorize the grid number
•             xxx transfers the amount to yyy successfully

With CITI,

•             xxx logged into CITI account
•             xxx adds yyy as payee with yyy back account details
•             xxx receives secret code to confirm yyy to his/her mobile
•             xxx confirms the yyy by entering secret code.
•             xxx chooses yyy to fund transfer
•             xxx enters the amount and remarks and click submit
•             that’s it
•             xxx transfers the amount to yyy successfully

Do you see any security breach from the above comparison?

            If you tried to login with invalid passwords or logging from different network, ICICI sends sms to confirm. (What if your mobile phone also hacked?) Previously CITI used show your security token with random number in the browser address bar. Fortunately they have addressed it now. Even I have few more potential points on CITI. But I don’t want to motivate someone from my story

            Cyber crime is very strict here in India. Though I see some threats I’m afraid of attempting anything. That means I’m not attempting anything. Also I’m not sure whether the Indian versions of CITI application only like this or it’s applicable worldwide.

It’s all might be my own myth. But I’m really uncomfortable in using CITI.