Given the recent spate of news articles about credit card frauds, we thought we should ‘de-mystify’ all the discussions going on and outline what you, the user, needs to know to safeguard against such frauds.
What comprises a ‘Credit Card Fraud’?
When criminals get hold of your credit card details (including the cvv number printed on the reverse of your card) and use these to make purchases with your card, it is a ‘credit card fraud’.
How can someone get hold of my Credit Card details?
This can happen in any of the following ways:
#1. When a criminal manages to actually see your credit card
How can this happen to YOU?
- If your card gets lost or stolen.
- If you may have taken a photocopy of your card and the copy gets into the wrong hands
- At a shop or restaurant where you may have used your card:
- Yes, many shops & restaurants are infiltrated by criminal gangs who manage to copy your card details without you being aware. Sometimes, a person working there is a part of the gang who swipes your card on another unauthorised device to copy the card details or sometimes the swipe machines (those ‘thingies’ where your card gets swiped) have been infiltrated by criminals to capture and copy /forward the credit card details online. At times, the billing systems may also have been compromised. All this is known as “skimming“. Unfortunately, despite some very stringent mandates from MasterCard & Visa (there is a security standard for this known as PCI-DSS) many establishments, especially the smaller ones, are not compliant and remain insecure.
- Note: Some countries are notorious for this. So when you travel to such countries, you become an easy victim
#2. When your card details get stolen online
How can this happen to YOU?
- Your own device (PC/Laptop/Tablet/ Smartphone) gets ‘infected’ or ‘compromised’ by malware (malicious software) that is programmed to steal your credit card details as you use the card online
- The online merchant with whom you are doing an online transaction may have insecure servers or databases or applications (in other words, ‘systems’) – where your credit card details are stored. So these may get infiltrated by cyber-criminals – from where your credit card info gets into their hands
- OR the other folks in the credit card chain– like the bank with whom the merchant has tied up with or a ‘payment aggregator’ (an intermediary between the merchant and the bank) – may have had their systems similarly infiltrated.
- You may become a victim of ‘Phishing’ or ‘Vishing’/’Smishing’.
- ‘Phishing’ is when you get a very authentic-sounding mail supposedly from your bank asking you to go online and give your credit card details – which you may end up doing. In reality, banks NEVER ask you to give your card details – and it is usually a cyber-crime gang behind it
- ‘Vishing’ is when the same thing happens over a phone call – and you end up giving out your card details
- ‘Smishing’ is via sms
How will I know if my card has been ‘compromised’ or ‘defrauded?
-You may see suspicious transactions in your statement – transactions you may have had nothing to do with
-You get sms or email alerts or a call from your bank informing you of transactions you have not done
So what should I do to protect myself?
– If you ever lose your credit card, report it IMMEDIATELY to your bank. Keep your bank’s call centre number and your credit card number handy in case you face this situation (and DO NOT store your credit card number on your mobile phone!!)
– NEVER give a copy of your credit card (especially a copy of the reverse side) to untrusted people. In fact, you should simply avoid giving it to anyone, even your family members, since you don’t have control over where they may leave it by mistake, etc
- So what should you do if you book a ticket for a relative and have to give him/her a copy of your credit card to show at the check-in counter (since airlines in India require this)?
- DIN it into their heads that, under no circumstances, should they give the photocopy of your card to the airline. And that they should TEAR the paper properly and dispose it as soon as they reach their destination. Call and follow-up with the person if required!!
-Subscribe to the “transaction alert” facilities offered by your banks (in case your bank doesn’t do it automatically) – where an sms and/or email is sent to you every time a transaction is done.
-Be alert to Phishing and Vishing/ Smishing. Remember, your bank NEVER asks you to reveal your credit card details. In case you do have a doubt that the mail you have received is indeed genuine, CALL your bank on a number you already have (not the one mentioned in the email) and re-check. Similarly, if you get a call asking you to give your credit card details, disconnect the call and call up the bank yourself on a number you already have to verify. Never give out details on an incoming call as you can never be sure it is really coming from your bank
-If you are traveling abroad, it may be worthwhile to call your bank to find out if the country you are traveling to comes under their list of “high risk” countries for credit card frauds. In such places, it makes sense to avoid using your credit card – instead use travel cards / travelers cheques and other less-risky products. In fact, many banks themselves replace your card as soon as you are back from a travel to a high-risk country.
-If you ever get an sms/email alert about a transaction you haven’t done, call your bank immediately and report it.
-Go through your monthly credit card statements carefully – to ensure that no suspicious transactions have happened. If you see something, report it immediately
-Always tear your charge slips before you dispose them. Especially make sure that the part where your credit card details are mentioned is properly destroyed. The credit card ecosystem standards now require that your full credit card number is not to be printed on charge-slips. But there are several places where this is not done – so it is better that you remain careful!
For Online Transactions:
-Always keep your Anti-Virus and Anti-Malware up-to-date on your devices (yes, you MUST install one on your smart-phone or tablet if you use it for extensive browsing or use apps on it). And avoid visiting suspicious websites!
-Turn on the secure online transaction mechanisms offered by Visa (‘Verified by Visa’) and Mastercard (Secure Code) – where you get a second password (one time passwords (OTPs) or special ‘internet pins’) for online transactions. In fact, in India, the RBI has made it mandatory for banks to give a second password for online transactions.
– While transacting online, make sure the site where you are giving your credit card details is SSL-protected. Which means, check if the URL in the address bar of your browser begins with ‘https’ instead of ‘http’
-NEVER do online transactions using a public device (like a cybercafé, etc) or using a free wi-fi (like at airport terminals or cafes). They are extremely high-risk areas!
And last but not the least, it is always good to have cards with lower credit limits. Have multiple cards if required – instead of one single card with a high limit. This ensures that even if there is a fraud, your maximum damages would be to the extent of your credit limit only.
Posted by Shivangi Nadkarni, Co-Founder & CEO, Arrka Consulting.
www.arrka.com | @arrka2 | @shivanginadkarn