Recently, many fraudsters set up fake websites that mimic the look and feel of the login pages of the trading platforms offered by many large stock brokers. These websites were then sent to unsuspecting investors through various means of communication, such as text messages, e-mails, and social media posts with contact data stolen from a variety of sources.
Unsuspecting investors then happened to click on these fake links where they entered their login credentials, such as their username, password, PIN, and other private information. This was captured by the fraudsters, which they then use to log in to the investor’s trading account to conduct and initiate transactions on illiquid scammy penny stocks or illiquid options contracts. This would generate a loss on the compromised account. There are also many cases where scammy penny stocks are bought in customer accounts at a high price, and these were shares that cannot be sold on the market as there would be no buyers.
As a temporary fix, Zerodha, an Indian financial services company, had blocked trading by default in all illiquid risky contracts, such as stocks and options. People were allowed to trade in them only on specific instructions from the customer through their registered email addresses. Now, they have a permanent solution to this.
They made it mandatory for all their users to use a mobile or email OTP to log in to Kite. TOTP is an acronym for “time-based one-time password”. Unlike a traditional OTP that is delivered to people through an email or an SMS, a TOTP is generated by a TOTP app that is already installing on your mobile device. This TOTP is valid only for a short duration, which is usually 30 seconds, and is regenerated every 30 seconds.
To set up a TOTP, use the steps given below:
- Log into Kite, and click on your client ID. This can be found in the top right-hand corner of the page. Choose ‘My Profile’ from the drop-down menu.
- Press on ‘Password & Security.’
- Select ‘Enable 2-step TOTP’.
- Enter the OTP that you will receive on your registered email ID.
- Install the Google® Authenticator on your phone. You can find this either on the Play Store or iOs App Store. Alternatives include (or Microsoft® Authenticator or Authy).
- Choose ‘Scan a barcode’ under the option to add an account and tap on ‘Begin’.
- Allow the app access to your phone camera, and scan the bar code that will be shown on the profile page on Kite. After you have scanned it, the account will be added to your authenticator app.
- Enter the OTP shown on the app on Kite and tap on ‘Enable’.
- You will receive a notification confirming the set-up of the TOTP.