Quite often we come across some fraudulent transaction or other on a credit card or a payment wallet. With the proliferation of digital payments, the opportunities for fraudsters are on the rise. There are frequent news articles about how this has become a small scale operation based out of few countries and also in few states in India. When we read about such an incident one of the thoughts that comes to our mind is that these are very dangerous and the good old days of carrying cash is the best option. Imagine if you have to buy a new washing machine and also do few other big ticket shopping, would you want to carry 50,000/- in cash? Is that really safe & convenient? While some of the cynics can always argue for that, even during the good old days of hard cash there have been stories of day light robbery. It’s just with technological development, the fraudsters are upgrading themselves too. So what’s happening today is nothing short of day light robbery and it is important to safe guard ourselves from the same. Let’s simplify how these payments work and also understand some simple ways to safeguard against daylight robbery, the fraud.
WHAT HAPPENS WHEN YOU SWIPE A CARD?
Most of us own a credit or a debit card. Am sure most of us really feel exhilarated when we see the charge slip coming out of the machine after the successful purchase. Those of who still think owning a credit card is a sin, please read my earlier article on the same here. At the same time, it is also important to understand the way credit cards work. While some of the flow are quite technical, I’ll simplify the same here.
These are the parties involved in a transaction:
You – while you know who you are, The card identifies you by the credentials you would enter. The transaction can be initiated with physical card’s presence of without the card. It is important to safe guard the card credentials – card number, date of expiry, CVV and PIN like any other personal property. CVV is the 3-digit number that is in most cards mentioned at the back of the card. (in certain cards like American Express it is 4 digits and in the front).
Shop – this is where the transaction is happening. This could be a physical shop or an online site or a market place. At times the name of shop could be different from the name of the company that owns the shop and hence you may have noticed different name in the narration in your statement during such times.
Acquirer – this is usually a bank where the shop keeper is having a banking relationship. Basically the money for the transaction that you are making will be paid by this bank. This is called the acquiring bank. In few countries this could also be a non banking entity that is doing this business.
Network – You may have noticed on the face of your card it is written Visa, Mastercard, etc. This is the credit card network which act as an interface between the various banks that operate in the space. With millions of transactions going through them every minute, they have high-tech infrastructures to enabling them. They also have guidelines that the banks will have to adhere to.
Issuer – this is the bank that has given you the credit card. This bank has evaluated your documents and provided the credit limit suiting your requirement. The issuer will receive the inputs for every transaction in an encrypted manner which will be processed in their internal systems which will be either approved or declined depending on the rules. This process is called authorization. The correctness of inputs that you have entered in the Swipe machine (EDC machine) or the online shopping site will be verified by this bank.
The entire information flow from the shop to the issuing bank and back happens within a second or few.
WHAT ARE THE DIFFERENT CREDENTIALS
With a card, a transaction can be executed in different ways, usually these are also governed by local regulators. Let me provide the broad types and the credentials that are needed for the same:
Contactless – I have come across people calling it the Wifi-Card. You’d have noticed a Wifi symbol on the face of the card. With this feature you can basically execute a transaction in a shop just by waving the plastic over a machine. This is usually used to make small purchases like train ticket or coffee. Regulators usually restrict the value of transaction using this mode. For eg., in India the maximum value allowed using this mode is INR 2000/-
Physical with Sign – This is still allowed in certain countries. The card can be Swiped (magnetic strip at the back) or dipped (chip on the card) to obtain the card and holders details. You authenticate by physical signature on the chargeslip.
Physical with PIN – This is now being mandated in lot of countries. Essentially you enter a PIN to validate the transaction. Physical signature is not mandatory here.
Online with CVV – In this transaction you could make an online purchase with just the card number, expiry date and CVV. No other authentication required. Yes, you may be surprised, but this is still allowed in few countries.
Online with 2 factor authentication – The commonly used method is the one-time password (OTP) for this transaction in addition to the card number, expiry date and CVV.
Basically the transaction type and the card date are passed one to the card issuing bank before the transaction is authenticated. The bank would have a strong system of identifying trends and patterns that raise an internal alarm to highlight suspicious activity.
HOW DO FRAUDSTERS CRACK THIS AND HOW CAN I BE CAREFUL
While these systems are available in the ecosystem, fraudsters also work towards improving their infrastructure. Some common frauds and precautions listed for safe guarding
Card lost – when you lose a credit or a debit card, immediately inform your banker. Delayed intimation can prove costly. Best is to carry only those cards that you use the most so that you realize it immediately in case you lose it.
Never ever write the PIN on the card or keep it in the wallet along with the card. This is like giving your house key to a burglar.
Skimming – This is a method by which a fraudster steals card information. This can then be used later to make transactions. Avoid using the card in shops that you are not sure of and look for any additional device or an attachment in a swiping machine or ATM.
I’ve noticed few people handing over the PIN to a restaurant waiter. Would you call them stupid or lazy!
Phishing, Vishing, Social Engineering – These are various ways by which a fraudster having some basic information tries to gain more detailed credentials from you. Phishing is by sending an email with a link and Vishing is by speaking to you posing as your banker. Social engineering is through messenger or whatsapp, posing as a friend or a potential business partner.
Never ever share OTP or your password even if a Nigerian widow is willing to share a million USD with you.
Malware/Spyware – This seems to be gaining momentum. A person posing as a banker calls and shares a link clicking which, your phone would download a malware which may enable the fraudster to see the messages on your phone. Then transactions are executed with OTP which can be seen by the fraudster.
Never ever click any suspicious link or download an app on insistence of any unknown person.
ADDITIONAL SAFE GUARDS
More Importantly, use online purchase platforms that are renowned and are secure. When in doubt check for a lock symbol near the URL or the SSL details at the bottom. (SSL is secured socket layer, the security level of information transfer).
Most of the banks allow you to set transaction limits by transaction types. For example, you may set the international transactions to ZERO or Lock your other unused cards while travelling. Explore your banking app to have this done across your cards. Usually this will be under Manage Cards
Banks that provide certain fraud protection limits and benefits, do check them out and understand the features.
It always feels that flying is more dangerous than good old driving. But did you know the percentage of people dying on road is way higher than those flying. It is important to safe guard than shun the new age payment options.
Being a detailed subject, I have not covered a lot of technical aspects. Do share your thoughts, experience and comments and of course more tips for the benefit of the readers! Stay safe guarded from daylight robbery!
This is not a Financial advisory. The intent is to simplify financial concepts. Please seek professional advise before any financial decision and if you come across any suspicious transaction in your bank or credit card account, call your bank immediately!