Your role to ensure security


Internet Banking Security Tips

While we ensure to make sure your online transactions are secure, you also have a role to play to ensure online security. Here are some additional steps you can take to ensure the security of your transactions:


Password Protection
  • Change your password when you receive it the first time, and thereon regularly
  • Use passwords that are hard to guess. Avoid real words or those that can be easily identified, such as, name, family name, date of birth, telephone number, pet's name, parents' names, etc
  • Avoid using the same password on different websites. Always use unique passwords for each website
  • Do not give your password to or share your password with anybody, including the employees of Kotak Mahindra Bank
  • Notify the Bank immediately by writing to us at or calling our Customer Contact Centre at 1860 266 2666 if you suspect that your password has become known to or used by someone else

Login/Browser Security
  • Always log on to Net Banking by entering the Bank's website address www.kotak.com into the address bar. Do not access the bank website from a link provided in an email from any source
  • Look for the padlock  symbol on the bottom bar of the browser to ensure that the site is running in secure mode before you enter sensitive information. Double clicking on the lock will verify that the digital certificate is issued to https://www.kotak.com/. Proceed only if such verification is available
  • Log off from Kotak Mahindra Bank's Net Banking after you complete your transactions every time. Do not just close your browser
  • Avoid accessing Kotak Net Banking from a public/shared computer. In case you need to do so then please use 'Virtual KeyPad' to input login credentials
  • Regularly log into your Net Banking accounts and check your bank statements to ensure that all transactions are legitimate
  • Clear your browsers cache and history after each session so that your account information is removed, especially if you are using a shared computer
  • Configure the browser not to remember passwords (disable Auto Complete function)
  • Beware of pop-up windows that ask for your account number and PIN (Personal Identification Number). Kotak Mahindra Bank Login pages are always on a web page and never in a pop-up window

Email Security
  • Kotak Mahindra Bank will never send e-mails that ask for confidential information. If you receive an e-mail requesting your Internet Banking details like your PIN, password, account number etc, please do not respond
  • "Phishers" typically include upsetting or exciting (but false) statements to get people to react immediately. Avoid filling out forms in e-mail messages that ask for personal financial information. Communicate such information only via a secure website. Read more about 'Phishing Fraud' in our 'Types of Fraud' Section
  • Check the sender E-mail address to verify that it is from a valid E-mail account. Never open E-mail attachments from sources that you cannot trust
  • Always scan E-mail attachments for viruses before opening them. If you are unsure about the source of an attachment, delete it
  • Be alert for scam E-mails. These are designed to trick you into downloading a virus or jumping to a fraudulent website and disclosing sensitive information

Protect your computer
  • Make sure your computer has the most recent anti-virus software
  • Configure the anti-virus software to automatically update the virus definitions regularly and to notify you when new updates are available
  • Perform a complete scan of your computer at least once a week
  • Configure anti-virus software to scan all in-coming and out-going E-mails
  • Make sure your computers Operating System and browser software are updated with the latest security patches
  • Use Anti-Spyware software to do a full system scan to detect any ad/spyware on a regular basis. Ensure that you update your software regularly

Protect your Information

Your information is the most valuable asset to protect yourself from online fraud such as Identity Theft. Identity thieves try to obtain key pieces of your confidential information in order to gain access to your bank account. To protect your confidential information follow below mentioned steps

  • Safeguard your account information, just as you would do with any other sensitive personal information
  • Do not write your user ID and password anywhere
  • Always get your latest contact information updated with the bank
  • Dont carry your Cheque book around with you unnecessarily
  • Dont leave bill payments or other Cheques in your mailbox
  • Tear or shred any old Cheques or account statements before throwing them away
  • Consider online alternatives to cheque payments while making purchases or bill payments

Debit/Credit Cards Security Tips

Do's

  • As soon as you receive the consignment carrying your card, ensure that it is in a sealed condition and not tampered with. If there is any tampering found, inform the bank immediately
  • Sign on the reverse of the card immediately on receipt
  • Always keep your Debit/Credit card in a safe and secure place. Please inform the bank immediately if your Debit/Credit card is lost or stolen, or if you suspect unauthorized use
  • Please cut the card diagonally in case it is to be disposed off at the time of renewal/upgradation/cancellation
  • Guard your Kotak Debit/Credit Card's Personal Identification Number (PIN) like you guard your cash
  • Please change your Debit/Credit card PIN immediately after overseas trip
  • Prevent others from seeing you enter your PIN at the ATM by using your body to shield their view
  • Memorize your PIN. Don't write it down anywhere, especially on your card, and never share it with anyone
  • Kotak Mahindra Bank recommends that you change your Personal Identification Number (PIN) every six months
  • Beware of advertisements and people who promise to lend you cash against the credit card. The same should be strictly refrained from
  • Please destroy and dispose of copies of receipts, airline tickets, travel itineraries and anything else that displays your card numbers
  • When selecting a Personal Identification Number (PIN) don't use any number that appears in your wallet (such as name, birth date, or phone number)


Don'ts

  • NEVER give a photocopy of the front and back of your card to anyone for any reason, even if it is an application for a new credit card
  • Do not hand-over your card to anyone, even if he/she claims to represent the Bank
  • Do not disclose card number, expiry date and CVV value to anyone
  • Do not use your card on websites like gaming, pornography, Lottery, gambling and unsecured payment gateways
  • Do not write the ATM PIN on the card or on a paper which you carry along with the card
  • Never sign a blank application form, to be filled in by an agent or bank representative later

Tips for Safe online transactions using Credit Cards
  • Please get yourself enrolled for 3D Secure (Verified by Visa (VbV)/Master Card Secure Code (MCSC)). This is now mandatory for carrying out online transactions
  • Make sure you are using a secure site while making payments through the Internet. Ensure that there is a lock icon in the status bar of your web browser. This icon indicates that the site is employing an encryption technology during the transmission of your sensitive data
  • Please keep a record of your transactions. Just as you save store receipts, you should keep records of your online purchases. Back up your transaction by saving and/or printing the order confirmation

Password Protection

  • Change your password when you receive it the first time, and thereon regularly
  • Use passwords that are hard to guess. Avoid real words or those that can be easily identified, such as, name, family name, date of birth, telephone number, pet's name, parents' names, etc
  • Avoid using the same password on different websites. Always use unique passwords for each website
  • Do not give your password to or share your password with anybody, including the employees of Kotak Mahindra Bank
  • Notify the Bank immediately by writing to us at or calling our Customer Contact Centre at 1860 266 2666 if you suspect that your password has become known to or used by someone else

Login/Browser Security

  • Always log on to Net Banking by entering the Bank's website address www.kotak.com into the address bar. Do not access the bank website from a link provided in an email from any source
  • Look for the padlock  symbol on the bottom bar of the browser to ensure that the site is running in secure mode before you enter sensitive information. Double clicking on the lock will verify that the digital certificate is issued to https://www.kotak.com/. Proceed only if such verification is available
  • Log off from Kotak Mahindra Bank's Net Banking after you complete your transactions every time. Do not just close your browser
  • Avoid accessing Kotak Net Banking from a public/shared computer. In case you need to do so then please use 'Virtual KeyPad' to input login credentials
  • Regularly log into your Net Banking accounts and check your bank statements to ensure that all transactions are legitimate
  • Clear your browsers cache and history after each session so that your account information is removed, especially if you are using a shared computer
  • Configure the browser not to remember passwords (disable Auto Complete function)
  • Beware of pop-up windows that ask for your account number and PIN (Personal Identification Number). Kotak Mahindra Bank Login pages are always on a web page and never in a pop-up window

Email Security

  • Kotak Mahindra Bank will never send e-mails that ask for confidential information. If you receive an e-mail requesting your Internet Banking details like your PIN, password, account number etc, please do not respond
  • "Phishers" typically include upsetting or exciting (but false) statements to get people to react immediately. Avoid filling out forms in e-mail messages that ask for personal financial information. Communicate such information only via a secure website. Read more about 'Phishing Fraud' in our 'Types of Fraud' Section
  • Check the sender E-mail address to verify that it is from a valid E-mail account. Never open E-mail attachments from sources that you cannot trust
  • Always scan E-mail attachments for viruses before opening them. If you are unsure about the source of an attachment, delete it
  • Be alert for scam E-mails. These are designed to trick you into downloading a virus or jumping to a fraudulent website and disclosing sensitive information

Protect your computer

  • Make sure your computer has the most recent anti-virus software
  • Configure the anti-virus software to automatically update the virus definitions regularly and to notify you when new updates are available
  • Perform a complete scan of your computer at least once a week
  • Configure anti-virus software to scan all in-coming and out-going E-mails
  • Make sure your computers Operating System and browser software are updated with the latest security patches
  • Use Anti-Spyware software to do a full system scan to detect any ad/spyware on a regular basis. Ensure that you update your software regularly

Protect your Information

Your information is the most valuable asset to protect yourself from online fraud such as Identity Theft. Identity thieves try to obtain key pieces of your confidential information in order to gain access to your bank account. To protect your confidential information follow below mentioned steps

  • Safeguard your account information, just as you would do with any other sensitive personal information
  • Do not write your user ID and password anywhere
  • Always get your latest contact information updated with the bank
  • Dont carry your Cheque book around with you unnecessarily
  • Dont leave bill payments or other Cheques in your mailbox
  • Tear or shred any old Cheques or account statements before throwing them away
  • Consider online alternatives to cheque payments while making purchases or bill payments

Types of Frauds


Phishing

Phishing refers to a person or a group of cyber-criminals who create a copy of an existing legitimate web page (in the name of your bank) to trick users into providing sensitive personal information. Responding to 'phishing' emails put your accounts at risk.

To carry out this trick, the phishing scammers send fraudulent email disguised as an official request for information from the bank. Generally, they also create a look-a-like website that is designed to closely resemble the target company's official site. The fake website may appear almost identical to the official site.

Recipients of the scam mail are requested/ lured to click on a link, which will cause fake website to open in the user's browser. The recipient will be asked to enter the user ID and Password of Net Banking. The scammers then use this information to their advantage. Very often such phishing emails may contain various spelling mistakes. Even the links to fraudulent website may contain URLs with spelling mistakes.


Tips to protect you from Phishing
  • Never respond to any mails asking for your confidential information such as User ID, Password, etc. Please note that Kotak Mahindra Bank will never ask for your password
  • Visit the bank website by always typing our URL www.kotak.com in your browser window. Never click on a link that takes you to bank's website
  • Always look for the padlock symbol on the bottom bar of the browser to ensure that site is running in a secure mode before entering sensitive information
  • Check your previous login date and time post logging into Net Banking
  • Avoid access of Net Banking from Cyber cafe or shared computer. However, if you happen to do so, please use Virtual KeyPad for enhanced security
  • In case you feel you have divulged any sensitive information to fraudsters, please change your password immediately and inform us by contacting our Customer Contact Centre or write to us at email us

Vishing

Vishing is a combination of Voice and Phishing that uses Voice over Internet Protocol (VoIP) technology wherein fraudsters feigning to represent real companies such as banks attempt to trick customers into providing their personal and financial details over the phone.

In this trick, fraudsters call up customers through an automated dialer through a computer-modem. Once the phone is answered, an automated recording is played to inform customer that customer's bank account had an illegal activity and customer should call the recorded phone number immediately.

Once the customer calls up the recorded number, he is asked to enter his confidential information such as Account No, User ID, Password, Date of birth etc on phone keypad. Once the customer enters the required details the fraudsters have all the confidential information required to carry out transactions in the customer's account.

Vishers generally do not have any actual information regarding customer and would address customer as 'Sir' or 'Madam' and not by their actual name.


Tips to protect you from Vishing
  • Do not call and leave any personal or account information on any telephone system that you are asked to through any telephonic message, SMS or E-mail, especially if it is regarding possible security issues regarding your bank account.
  • Your bank would have knowledge of some of your personal details such as your first/last name. Beware of calls claiming to be from your bank's customer service centre.
  • In case you happen to receive such a message or email, inform us by calling our Customer Contact Centre or write to us at security.bank@kotak.com

Identity Theft

Identity theft is a crime in which fraudsters try to obtain key pieces of your personal information such as date of birth, mother's maiden name, passport number, etc. in order to gain access to your bank account, make online purchases or illegally apply for New Account /Credit Card. Fraudulent Web-sites/E-mails, misplaced account statements or personal documents, impersonation as bank staff are some of the tools used by fraudsters to gain access to customer's personal information. Revealing personal information to unknown entities puts your account at risk.

By using gathered personal information, fraudsters carry out transactions through banking channels such as Phone Banking, Internet Banking to their benefit. In a worst case scenario, they can also transfer funds from your account.


Tips to protect you from Identity Theft
  • Never respond to mails asking for your personal information such as Date of Birth, Mother's maiden Name, user ID, etc. Please note that Kotak Mahindra Bank will never ask for such information
  • Inform us immediately in case your mobile number is de-activated without your consent. Also get your correspondence address updated with us, in case it has changed
  • Verify the identity of the Bank's representative visiting you
  • Consider shredding rather than thrashing unused copies of documents such as PAN Card, Ration Card, Bank Statements etc which contains your personal information
  • Beware of unsolicited phone calls claiming to be from Bank's Customer Service Centre and asking for confidential personal information

Nigerian Fraud (419 Scam)

Nigerian fraud refers to fraudulent schemes which starts with bulk mailing/e-mailing of offers asking the recipients to enter into a business or to extend help in getting money transferred in return for huge commission. The scam is referred to as '419 Scam' after the section 419 of Nigerian Penal Code.

The Nigerian fraud emails commonly have proposals such as transfer of funds, generous reward for helping to move large balance of funds or offer of disbursement of money from 'Will'.

Such mails would generally display a sense of urgency and ask for bank account and other details. These mails may also ask the recipient of the letter or email message to pay something like a fee / tax / bribe to complete the deal - this is the Advance Fee. Such an advance fee is always lost.