Advocate (Dr.) Prashant Mali's Blog

Is Credit or Debit Card  PIN a Electronic Signature as per the Law ? For Lawyers across the world, click and wrap agreement i.e. the act of ticking an icon in the shape of a box to accept the terms of a contract can hardly count as a form of signature. In the physical world, that must be right. Similarly, it might be questioned that a personal identity number (PIN) can also be considered to be an electronic signature. Arguably, the PIN combines two functions. Before considering the two functions, consider the requirements of the bank. The bank needs to satisfy itself that: 1. The card is legitimate (this is difficult to achieve, as the reports about fraud demonstrate), and 2. The card is in the possession of the customer to whom it was issued, or a person authorised by the customer to use the card. If the bank satisfies itself that its computer systems are interacting with the card issued to the customer (which is not always the case), then the computer system requests

A new Android trojan has the ability to intercept text messages and bypass the SMS-based two-factor authentication system protecting customers' bank accounts. The trojan, detected as   "Android/Spy.Agent.SI"   is currently targeting customers of large banks via their mobile apps. The malware tricks users into downloading it onto their devices by masquerading as Adobe Flash Player. Upon installation, it requests that the user grant the malicious app administrator rights, before seemingly disappearing from view. Rest assured, however, that while the Flash Player icon might no longer be visible, the trojan is just getting started.At this point, Android/Spy.Agent.SI contacts a remote server hosting malicious APK files whose corresponding URL paths are regenerated hourly in a bid to avoid detection by anti-virus software. The trojan uses this connection to send information about the infected device, along with the package names of installed applications, to its opera