Photographs: Rediff Archives Govind Rammurthy
Recently, Chennai police busted a huge credit card cloning racket, which ultimately forced a bank to recall many cards. In addition, to make the matters worse an HR manager's bank account was wiped clean with the account having only Rs 600 as balance and the remainder Rs 54,000+ being transferred for online shopping by an unknown entity.
The reason for this is a simple one: Most of the credit card companies do not have additional authentication feature.
The security surrounding the transactions is based on merchant machine verification only. While fake machines are not available in the market, fake credit cards are and there is no way to verify the cardholder has supervised the all-important card-swipe.
To look on the security features provided, first we need to categorise our transaction methods:
- Card swipe
- Internet
- Mobile banking
Click NEXT for more
Govind Rammurthy is managing director and chief executive officer, eScan
Here's how to avoid credit card frauds
Photographs: Rediff Archives
Card swipe
Card Swipe does not require the cardholder to authenticate her/his card by inserting additional code. However, the cardholder is supposed to authenticate the receipt. This effectively means, in case the signature is wrong, the bank may decline the transaction, as the signature does not match.
Nevertheless, in the past, many times, I have provided a wrong signature and yet the merchant was able to claim his amount. So where do we stand? We need a credit card, which has an authentication mechanism like the Maestro Card and at the same time is accepted all over.
Second crime is related with skimming, that is, procuring card details from a swipe. Some merchants may deploy a card-reader device, also known as a skimmer, and swipe your card two times. Firstly, for the actual transaction and secondly for collecting your card details. Once privy to your confidential card data it can be utilised to clone your credit card.
Click NEXT for more
Here's how to avoid credit card frauds
Photographs: Rediff Archives
It may also happen that the POS (point of sale) terminals in a retail store is connected to LAN (local area network) and is authenticating the card via the Internet. It is up to the retailer, whether they store the card details are not. But, in case their system does get compromised then every person who has taken all the precautions as mentioned in this document (specifically related to card swipe section only) is at risk.
The best example for this type of crime is the intrusion of HeartLand Payment System (a New jersey-based payment processor which was hacked and confidential data stolen) in which 130 million credit and debit card data was stolen.
Click NEXT for more
Here's how to avoid credit card frauds
Photographs: Rediff Archives
Internet
Internet based transactions are the trickiest of all. The security for these transactions is manifold and the cardholder needs to have an innate understanding of the security procedures which have been put into place by the Bank. These security procedures vary from bank to bank and may not always conform to the strictest standards, which is essentially the need of the hour.
As an Internet-banking customer, you have to take certain precautions, which are outlined as follows:
OTP: One Time Password is for the particular transaction during a specific session. Enable your Internet Banking account to provide OTP.
IPIN: Internet Pin is different from APIN (ATM PIN). IPIN will protect your account and is similar to the email password. Take precaution and keep the password difficult and DO NOT ACCESS Internet banking from unknown PCs or cyber cafes or in fact, not even from your friend's home PC.
The IPIN is known only to the cardholder.
Click NEXT for more
Here's how to avoid credit card frauds
Photographs: Reuters
Two factor authentication: This feature will enable sending out an SMS containing a six-digit code after successful login has been initiated. Only those who have registered their mobile number and having access to the mobile number can access the account.
Due to this feature, it is recommended never to store your IPIN, APIN, card number, account number on your phone. With the advent of smartphones, this becomes difficult, however, safety always comes first. Not every bank offers this, hence be extra careful.
During internet-based card transactions, it is imperative that before inserting your card number or other details, you should be on your bank's website. The merchants provide the names of the banks or the type of activity (e.g. net banking) based on your card type.
After selecting the name of the bank, ensure that you are redirected to your bank's websites, the bank's website should ask for your IPIN, and account number along-with the amount that will be deducted from your account should be displayed and verified. Many times merchants will take advantage of the bank's flaws in not displaying the amount to be deducted and you will end up paying more.
Click NEXT for more
Here's how to avoid credit card frauds
Photographs: Reuters
Secondly, if you have chosen net banking, then most probably, you will be redirected to a payment gateway of a known bank and from these you will be redirected to your bank's website, provided the bank has IPIN feature and you as a customer have enabled it. Nowadays, due to RBI's notification most of the banks have enabled this feature. However, since this is a new feature, some of the banks allow 2 to 3 translations after which it is locked down, that is, unless and until you register your account for IPIN, your account will not allow Internet banking.
Enable your OTP, enable IPIN, enable Two Factor Authentication, do not store your banking details on your mobile cause it can be stolen and if you have deleted the data then there is a possibility that data can be recovered.
Many of the financial institutions have KYC -- Know your Customer. Times are such that we as consumers need to have KYB -- Know your Bank!
If we look at the numbers in this context, statistics by one of India's surveys on security across the country's financial institutions found that 30 per cent of banks reported to have been victims of identity theft during the last year. In addition, over 57 per cent of banks do not have a dedicated budget for online security, which is still considered part of the overall IT budget.
Click NEXT for more
Here's how to avoid credit card frauds
Photographs: Reuters
Strange but true, only one-third of respondent banks have a formal plan in place for creating customer awareness against online identity theft and financial frauds.
Computers are vulnerable to various kinds of malware and viruses. Moreover, to make the matters worse, some of the malware are written specifically targeted at banking customers. Hence, the cardholder should always ensure that anti-virus with HTTP/s content scanner is being used.
Also, the anti-virus should have Phish detection algorithm inbuilt. Update your anti-virus regularly and be an alert and a responsible cardholder.
Some of the fake merchants may also try to entice you with lowest prices, in these scenarios always use the option of cash on delivery. Never provide your residence address but your office address.
Click NEXT for more
Here's how to avoid credit card frauds
Mobile banking
For mobile banking users, only one word of caution: DO NOT SAVE / Store Passwords and beware of the fact that, mobile viruses are on the rise, due to which you yourself are to blame if there is an intrusion in your account.
Even though limited technology is available to protect the consumer against card swipe crimes and Internet banking, however not everyone knows about it and not every bank / merchant supports it. It is a pity that even though this generation has woken up against credit card / online banking related crimes, banks and card providers offer almost nothing to protect our savings and investments.
Comment
article