Depends on safety measures deployed by your bank for Net Banking.

In a safe internet banking environment, while hacker can easily navigate through your account information and personal details, for him or her to change anything, such as adding a new beneficiary, changing a password, making a remittance etc, OTP to linked phone is mandatory & a safety net for account holder. Few banks also ask for answers to secret questions or Debit Card Pin for authentication before allowing any change to account operating instructions.

Internet banking systems of most of the bank’s are quite safe and come with dual / multiple authentication mechanism.

Please ensue to keep Mobile Information and OTP transmissions safe to prevent complete lockdown. Mobile Phones are integral part of Banking Opearations for customers as official communications including attempt to change instructions in bank account happen through mobile phones. In these times of social media with email ID & Mobile number used at multiple places, measure such as locking device, strong password and antivirus tools on devices can prevent avoidable heartburn.


Depends on the security features available on the banking site…

I assume the hacker have your login credentials. Below listed are some options he have….

  • If the bank site requires another password or an OTP send to your mobile number to do cash transfers then he is in trouble.
  • But if there is no need of two factor authentication to change the set mobile number then hacker can try to change the mobile number to his and attempt it.
  • Hacker might be able to order banking services like a loan or recurring deposit if again two factor authentication is not required or he cracked that too.
  • basically he have whatever privileges you have in that account, think in his shoes in conjunction with the security features available in the banking site

Most likely they would transfer it to a 3rd party’s account (like a mule) and then have that person transfer it to them or withdraw it as cash and then send it via another service such as western union. That way the trail points back to this person and not the hacker.

Hackers will recruit people to perform this role in return for a share of the proceeds. Sometimes they will advertise work from home jobs that pay really well and it is part of this type of scam. Unsophisticated people may fall for the job ad and not realize they are exposing themselves to criminal charges or maybe they know but think the rewards are worth it.

It would be a nightmare if a hacker gains access to my online bank account!

Although, looking at the current security implementation across all major net banking portals, any transaction will require OTP or a 3D secure password or Grid value printed on the card.

Considering the fact that the above mentioned restrictions are bypassed, then it can lead to the following outcomes:

– He/she can transfer the money to a virtual currency system such paypal, bitcoin or any other. The chances of tracing the person and arresting the attacker will be very slim.

Syphoning your money out of your bank account is only one of the things they can do.

Your bank account can be used to show them _other_ accounts you may have in your name like credit card accounts. Those accounts can be used by them also.

There are 3 key pieces of information they need to pull off a full identity theft:
your social security number, date of birth and your mother’s maiden name. Once they have those, then they can pull of a full identify theft and starting doing stuff like opening new accounts in your name.

I woud suggest in general monitoring to see if there is anything happening in your name you didn’t authorize.