Credit cards have become an integral part of our life, but concerns about its security and vulnerability is an ongoing issue. Credit card frauds are rising at an alarming rate. Card associations and banks on the other hand have been trying hard to enhance card security features to minimize frauds and misuses.
Here is a look at the security features introduced by card issuers and banks in the current scenario.
Verified by Visa/Mastercard SecureCode
A significant upgrade in credit card security features came with the introduction of 'Verified by Visa/MasterCard Secure Code programme' or second factor authentication. It addresses the credit and debit card transactions over internet.
Earlier, to do an online transaction, the only information needed was your credit card number, expiry date and the CVV number printed on the back of the card. It is easy to obtain this information as they are exposed when you handover your card at hotels, shops or petrol stations. Fraudsters can use this data for online transactions where physical presence of the card is not needed.
With the introduction of the Verified by Visa/MasterCard Secure Code programme, apart from card information, the customer needs to provide an additional password like that of a debit card, to make the transaction secure. This is to authenticate any online transaction.
The EMV chip addresses security concerns while the card is physically swiped in a machine. When cards are being swiped on an electronic device, all the information stored on its magnetic strip gets extracted for verification. Fraudsters can extract this data from swiping machines and use them to make a duplicate card through a process called cloning. This duplicate card can be used for online transactions and your credit account gets billed.
The susceptibility of magnetic strip cards forced the card associations to come up with an innovative solution - the EMV (Europay, MasterCard and Visa) chip. It stores the data securely in a highly encrypted format which is difficult to skim off and thereby reduces the chances of extraction. It also relies on a digital signature scheme based on public key techniques to confirm the data's legitimacy. As the transaction is being processed, any tampering or unauthorised alteration of data is detected and the transaction will be declined.
India is slow in adding this security feature. In India, the card acceptance mechanism at many merchant outlets is still not equipped with the process. So, the Indian card manufacturers need to issue cards with both EMV platform and magnetic strips. The card makers ensure that the new cards will have a magnetic strip, but the card's confidential data will be stored on the chip. The magnetic strip facilitates the transaction where EMV processing is not available and at the same time data will not be skimmed.
Second Level Authentication for IVR Transaction
Even though second-level authentication has been introduced for online transactions, telephonic transactions with Interactive Voice Response (IVR) started using second-level authentication with a PIN or a password this year only. So, now a customer making an IVR transaction would need to provide an additional password, just like he does on the Internet, so that fraudsters would no longer use the information on your card for IVR transactions.
Credit Card Protection
If you happen to lose your wallet while traveling in India or abroad, earlier you need to call each card issuer separately to get the cards blocked. To ease this situation, a solution in the form of Credit Card Protection (CPP), exists. CPP India comes with a 24-hour toll-free helpline and a world wide cover. One free call to this number will block all your cards on request with additional features like emergency travel cash assistance, fraud protection, valuable document registration and lost card replacement assistance. This service can be availed by taking a membership with CPP which costs around Rs.1000/- to Rs.1500/- annually.
Although many security features have been introduced, still you can be a victim of the most common trap —phishing. Beware of mails appearing like coming from your bank/ card company asking for your card details or personal information. They will contain an unsolicited link, which when clicked will be directed to a fraud website looking similar to that of your bank. The chances of clicking them unknowingly are fairly high and you will end up exposing your confidential information.
So, as far as credit card transactions go, be cautious. Here are a few pointers:
- Type the URL yourself and don't rely much on search engines as there are chances for clicking similar duplicate sites.
- Look for the prefix 'https' in the website addresses. The 's' in https stands for secured.
- Keep in mind that no bank/card company would ever ask for confidential information through email/phone under any circumstance.