Select Page

Many ICICI Bank customers have raised concerns on social media platform X (previously known as Twitter) about a glitch on the iMobile app.

On their iMobile app, a number of users have claimed to be able to access details of other customers (people they don’t even know) – these include credit card details.

This worrisome as this becomes simple for a person to use someone else’s credit card details fraudulently for overseas transactions because iMobile displays the complete card number, expiration date, and CVV and allows users to adjust the settings for foreign transactions, as per the tweets from customers.

If you are able to see other people’s card and account details, make sure to raise the complaint to avoid and any misuse.

Also read: Kotak Mahindra Bank penalised by RBI: What happened on April 15, 2024, that was the final straw?

Here are the social media posts of ICICI Bank customers raising their concerns.

Serious Security Glitch in ICICI Bank’s iMobile Alert!!! Several users have reported being able to view other customers’ ICICI Bank credit cards on their iMobile app. Since the full card number, expiry date, and CVV are visible on iMobile, and one can manage international transaction settings, it’s easy for someone to misuse another person’s credit card for international transactions. Requesting @ICICIBank to fix this issue as soon as possible. And @RBI, please review ICICI Bank’s security systems.

Same issue for me as well. Called them mailed them no response

Their current tech is worst, app shows different data in different screens. I am not able to link my mobile number, different email ids for OTP and alert, Visited branch and reached out call centre multiple times but no resolution.

For this user, the bank replied “Hi, we are concerned about your post and would like to get in touch with you. Kindly DM us your contact details by clicking on the link below. Regards, Team ICICI Bank”

Same issue for me

You just able to view, I was getting email alert of someone’s transaction for so long even their statements. They have lots of issues. Their reward points system is worst . And cashback was not credited for hpcl SUPERSAVINGS rupay

I can see more than 10 Credit cards right now

I have emailed ICICI Bank regarding this critical security bug. For those concerned, here is the email template: https://hastebin.com/share/eduzilesiq.swift… . Feel free to modify and use as needed. Email address: customer.care@icicibank.com antiphishing@icicibank.com

How ICICI Bank customer can report fraud

If you are a victim of online fraud, reach out to the National Cyber Crime at cybercrime.gov.in, call the helpline on 1930 or call ICICI Bank’s helpline on 18002662.

To report Internet Banking, Credit, Debit and Prepaid Card transactions not done by you, call Customer Care on 1800 2662.

Here are some precautions for safe and secure mobile banking, according to the ICICI Bank website:

  • Set up a Pin/password to access the handset menu on your mobile phone
  • Register/ update your mobile number and e-mail ID for alerts to keep track of your banking transactions.
  • Delete junk message and chain messages regularly
  • Pay attention while accessing any URL
  • Do not browse un-trusted websites or follow un-trusted links and exercise caution while clicking on the link provided in any unsolicited emails and SMSs.
  • Only click on URLs that clearly indicate the website domain. Do extensive research before clicking on link provided in the message. When in doubt, you can search for the organization’s website directly using search engines to ensure that the websites you visited are legitimate.
  • Exercise caution towards shortened URLs, such as those involving bit.ly and tinyurl. You are advised to hover the cursors over shortened URLs (if possible) to see the full website domain or use a URL checker that will allow you to enter a short URL and view the full URL. You can also use the shortening service preview feature to see a preview of the full URL.
  • There are many websites that allow anyone to run search based on a phone number and see any relatable information about whether or not a number is legit.
  • If you have to share your mobile with anyone else or send it for repair/maintenance
  • Clear the browsing history
  • Clear cache and temporary files stored in the memory as they may contain your account numbers and other sensitive information
  • Block your mobile banking applications by contacting your bank. You can unblock them when you get the mobile back
  • Clear the browsing history
  • Do not save confidential information such as your debit/credit card numbers,CVV numbers or PIN’s on your mobile phone
  • Do not part with confidential information received from your bank on your mobile
  • Install an effective mobile anti-malware/anti-virus software on your smartphone and keep it updated
  • Keep your mobile’s operating system and applications, including the browser, updated with the latest security patches and upgrades
  • Password-protect your mobile device to protect against unauthorised access. Set up a Pin/password that is difficult to crack
  • Do not enable auto-fill or save user IDs or passwords for mobile banking online
  • If possible, maximise the security features by enabling encryption, remote wipe and location tracking on device
  • Never leave your mobile phone unattended
  • Turn off wireless device services such as Wi-Fi, Bluetooth and GPS when they are not being used. The Bluetooth can be set up in invisible mode
  • Avoid using unsecured Wi-Fi, public or shared networks
  • Do not use “jailbroken” or “rooted” devices for online banking. Jailbreaking or rooting a device (the process of breaking into the phone’s built-in operating system to control it outside the vendor’s original intention) exposes the device to additional malware and gains administrative or privileged access of OS
  • Only download apps from official app stores such as Apple App Store and Google Play Store.
  • Never disclose personal information or online banking credentials via e-mail or text message as these can be used for identity theft
  • Log out from online mobile banking or application as soon as you have completed your transactions. Also make sure you close that window
  • Be aware of shoulder surfers. Be extra careful while typing confidential information such as your account details and password on your mobile in public places
  • In case you lose your mobile phone, please call our 24-hour Customer Care to disable the iMobile application
  • Always check your bank or service provider’s website for Customer Care numbers or e-mail IDs. Genuine SMS messages received from banks usually contain sender id (consisting of bank’s short name) instead of a phone number in sender information field. (Fraudsters/scammers manipulate caller ID apps and search engines to list themselves as toll free numbers. They then gain your trust and extract sensitive information like OTP, passwords, or Credit Card details.)
  • Look out for valid encryption certificates by checking for the green lock in the browser’s address bar, before providing any sensitive information such as personal particulars or account login details.
  • Never download and install applications from untrusted sources. Install apps downloaded from reputed application market.
  • Always verify app permissions and grant only those permissions which have relevant context for the app’s purpose.
  • Always remember in settings, do not enable installation of apps from “untrusted sources”.
  • Avoid using unsecured, unknown Wi-Fi networks. There may be rogue Wi-Fi access points at public places used for distributing malicious applications.

  • Published On Apr 25, 2024 at 01:06 PM IST

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETBFSI App

  • Get Realtime updates
  • Save your favourite articles

icon g play

icon app store


Scan to download App
bfsi barcode