I am planning to close my trading account with a online platform and move the holdings to Zerodha. The old platform has asked for the CMR of Zerodha to facilitate transfer.
While I am aware that this is a standard process followed by the industry, the details captured therein are enough for most criminals to get thru the most confidential databases be it banks, other brokerages, ESIC details etc. and initiate fraudulent transactions.
It is staggering that such sensitive information is printed on a piece of paper and is expected to be physically shared between depositories without any data security norms in place - all this when the only scrap of information required is the client ID!
Should this process not be changed ???