IS YOUR CREDIT CARD AT RISK?
Given
the recent rise in card fraud, find out how to keep your plastic money safe
and what to do if you are a victim of identity theft.
Who is
your greatest financial foe? The corrupt agent, the con artist or a
complacent you? Surprised to see yourself in the list? Don’t be. The truth
is that sometimes our own ignorance or negligence leaves a door ajar to our
financial lives, an opportunity that a hacker or fraudster is lying in wait
to get through to raid us. One of the most susceptible instruments is
credit cards and the way we use them. We flaunt them in the open, swipe
them on sundry shopping portals and post personal details as status
messages on social networks. If you’re wearing a sceptical expression after
reading the last one, wipe it away. Hackers can use personal data to
impersonate you at a bank or financial institution and get more information
about your credit card. “In a day, a person will visit one payment site,
which will have stringent security in place, and 99 nonpayment sites that
may be somewhat lax. He will probably share some personal information, such
as his date of birth or mother’s maiden name. Hackers simply amass such
information, collate it and sell it to a third party,” warns Uttam Nayak,
group country manager, India & South Asia, Visa.
While everyone agrees that plastic is the most
convenient way to pay, many are wary of using credit cards as they believe
these are highly prone to frauds. However, what they miss is the silver
lining. If you can prove to your bank that your card has been used for a
fraudulent transaction, there is a good chance of recovering your money,
which isn’t the case if you lose cash. So, don’t cut up all your cards.
Instead, recognise your vulnerable areas, know how you can fortify your
security and what should be your strategy if your card is misused.
Beware of bugs
Whether it’s the physical world or the digital one, watch out for all
malicious elements that are trying to worm their way into your wallet. When
you use your card, check that nobody is peering over your shoulder to
memorise the card number or, worse, click a photo with his mobile phone.
Another way that thieves steal card data is by skimming them. They copy the
information that is embedded in the magnetic strip and then clone it on a
counterfeit card. To reduce such instances, card companies have come up
with chip cards that are difficult to skim. An offshoot of these are chip
and PIN cards, which require the card holder to enter the PIN number rather
than sign a receipt. However, as of now, such cards are issued mostly to
customers who travel abroad frequently or conduct highvalue transactions.
This is because the cards are a bit more expensive than the ones that have
a magnetic strip.
However, the bigger chink in your armour is online
transactions. “While shopping in the cyber world, you need to ensure that
your computer is protected against virus and malware, and that it is a
trusted portal. Check security certification of the eretailer, such as
Verified by Visa and Secured by MasterCard, and if you cannot see it
upfront, mail the portal and ask about it. Don’t shop if you do not get a
satisfactory answer,” says Muge Yuzak, country head, cards and personal
loans, Citi India.
You also need to be careful about the mails and
SMSes you receive. Phishing, vishing and smishing are three common methods
through which a hacker can send you an e-mail, SMS or even call you up and
pretend to be a representative of a bank or financial institution. He will
ask you to access a certain website or provide some innocuous information
to update your account details. The only adage you can follow in such
cases: don’t trust blindly. Tell the other person that you will either call
up the customer care or log in to the website yourself.
If your card is misused
You could be very vigilant, yet
a data breach, whether at your end or anywhere else, may lead to your card
details being leaked. You will only come to know of this when you get an
e-mail/SMS alert that your card has been used for a transaction that you
never used it for. Abhishek Singh and Amir Khan have both gone through the
harrowing experience of their cards being used fraudulently. In Singh’s
case, his card was swiped for GBP 606 for a UK-based online transaction,
while Khan’s card was used to buy airline tickets worth 37,500 through a
travel portal. It took both of them months to pursue the issue with their
respective banks, but their perseverance paid off as they managed to get
their money back.
If you too get such a rude shock, the first thing
you need to do is inform your bank. Get the card blocked so that no one can misuse it further.
Banks usually offer a 24-hour zero liability for any transaction from the
time you inform it of a loss of card or block it. However, the redressal
process will take longer. “A complete card transaction takes less than a
second. So, it’s not easy to stop it the way most people assume. Some
customers ask us why we can’t get in touch with the merchant establishment
immediately, but the fact is that there are a million portals and
brick-and-mortar shops and it’s not possible to contact one on the spot,”
says Jairam Sridharan, head, consumer lending & payments, Axis Bank.
SBI Card says that the investigation time for a
fraudulent transaction can vary from 45-120 days, depending on the nature
of the case. A senior banker from an international bank provides the
reason: “Banks have an obligation to both sides: customers and clients.
They need to investigate allegations of a fraudulent transaction thoroughly
so that neither the merchant establishment nor the card holder loses money.
This is why it takes time for an issue to be resolved and the money
reimbursed.”
Fortunately, till the investigation is going on, no
late payment fee is levied on the outstanding amount. However, this leeway
is only provided for the transaction amount that is in doubt. To avoid a
bloated bill later, you should pay the amount that you have actually spent.
Frauds in case of physical transactions are easier
to crack since you can ask for the charge slip. If the signature differs,
your case becomes stronger. To prevent forgery, most people avoid signing
on the strip at the back of their cards. Another precaution you can take is
to memorise the CVV number the day you receive the card and then scratch it
out.
In case of online transactions on Indian websites,
you will have to go through two levels of authentication—CVV number and
onetime password. This makes it difficult for someone to misuse your card.
However, most international sites don’t have a second layer of protection,
and these are the ones where a hacked card is often swiped.
“If this happens, a customer can ask the bank to
check the IP address from where the transaction has been made. Your case
will be stronger if you can prove you weren’t in the vicinity. Banks also
track your card usage and spending pattern, and a sudden spike in it
usually sends a red flag,” says Venkatesh Swaminathan, country head, The
Attachmate Group, India.
The problem is that the onus is on the customer to
prove that he was a victim and not an accomplice to the fraud. In Khan’s
case, the fraudster had known his CVV number and Internet PIN, which is why
at first the bank did not ackowledge that it was a fraud and levied a late
payment fee. However, Khan found two other people whose cards had been
misused at the same travel portal, and he used this fact to push forward
his case.
How to protect yourself
Precaution will always be better than cure, so here are a few things you
can do to protect yourself.
Tear and erase: Scrutinise all financial documents thoroughly and if you
notice an anamoly, report it to the relevant organisation. Tear your ATM
slips and cancelled cheques, don’t just crumple them when you throw them in
the trash. Before disposing of all your redundant or old gadgets, wipe out
their memory or any data on it. Even an SMS or mail from your bank can be
misused.
Be digital savvy: Use virtual keyboards to input your passwords. Change
passwords frequently and use different ones for various websites. Hackers
go for online forums or blogs to hack passwords because people usually use
the same passwords for every account, and online banks and shopping sites
are more difficult to crack.
Inspect a URL carefully for the presence of an ‘@’
symbol, as it’s a common sign of fake sites. Be very suspicious of websites
that display an IP address, or numerical address (e.g.,
http://192.134.2.1), instead of a domain name. Bookmark frequently used
websites so that you can access them through your own PC rather than
clicking on a ‘phishy’ email. Log out from the sites if you aren’t using
them, especially on common PCs; don’t just close them. Don’t opt for ‘auto
save’ to store the user name or password and disable Auto-Complete on your
browser to prevent the browser from storing your passwords. If
you use a shared computer, clear the browser’s cache and history
after each session.
Protect your phone: Don’t store important information on your phone. Even
so, your phone will contain lots about you through photos, SMSes, mails,
etc, so install a password for it. Enable an auto erase system, wherein the
data is erased after 10 wrong password attempts.
Prepaid and virtual cards: If you aren’t a frequent user, you could buy a prepaid
card from a bank and load it for the amount that you want. However, such
cards are usually difficult to use for online transactions as they cannot
be registered for the second level of authentication. So, for the purpose
of e-shopping, you could apply for a virtual credit card that can be used
for only a single transaction.
|
No comments:
Post a Comment