Let's Build a Responsible Cyber Society

 

Credit Card Frauds ..Alarming Proportions

According to a Times of India Report, Over 100 people have approached the cyber crime investigation cell (CCIC) of the Mumbai police in the last one month and complained that someone had used their credit card numbers to book air tickets they had never sought or got. This is the tip of the iceberg that indicates the huge risk that the Indian Credit Card holders run.

What is important to note is that part of this risk is because of the negligence of the Credit Card Issuing Banks which needs to be immediately addressed.

Charge Back

Many of the Credit Card Issuing Banks have been refusing to accept "Charge Back" requests from their clients and threatening recovery actions on their customers. This must be stopped immediately  since the Credit Card holder and the Bank hold an intimate Banker-Customer Relationship and the Credit Card transaction represents an instruction from the Customer to the Bank which can be revoked anytime.

It is open to the Merchant to take action against the customer if there is any "Cheating" by the customer.

This approach alone will encourage Credit Card users online to upgrade their security measures.
 

CVV Number

Some of the Credit Card issuing banks have the practice of asking their customers to indicate CVV number on forms requesting for automatic payments for utility bills from the credit card account. These forms are handled by marketing agents who have no long term commitment to the Bank or its clients. It is this factor which enables the use of Credit Cards for online purchases. Banks who are having this obnoxious practice should immediately replace the cards of all their customers and stop asking for CVV numbers on print.

More importantly, they should provide "OVC" or "Online Verification Code" which can be either a PIN or a Password which the customer can set online and use optionally for all online transactions. While implementing this may involve certain inconvenience to customers since the Merchants also need to revamp their online payment systems, in the long run this is a necessity. The VISA Verification and Master Card Security features are trying to achieve this but the system needs to be refined so that it is more customer friendly.

Liability of the Bank

In the current scenario where Banks are extremely negligent in handling Credit Card transactions, they must realize that they are liable under ITA-2000 for not following "Due Diligence". Customers should be protected both under ITA-2000 as well as Consumer Protection Act except when there is gross negligence such as loss of credit cards on which the PIN is written etc. Perhaps Banks should also undertake a customer education programme.

New Security Solutions

It is evident that there is scope for New Security solutions to safeguard Credit Card use online. One such solution is  " Naavi's Online Credit Card Security Procedure" (NOLCCSP) is a means of securing CVV misuse. If Credit Card Companies are interested, the solution can be discussed with the respective Credit Card issuers. May be more such solutions are available for Credit Card companies to try.

Naavi

September 29, 2006

(comments welcome)