Saturday, February 9, 2013

Reducing liability in Credit Card Frauds

In the last few days I have seen multiple articles pop up regarding credit card frauds performed internationally on Indian Credit Cards. If you want to read more about the frauds themselves, please refer to this article. The possibility of use of malware is the topic of this article. If you are already a victim of credit card fraud, you might want to read this article.

But in my article, I am about to offer three suggestions, which if implemented by the banks, can make credit cards much safer than they are today.

Voluntarily Lower Credit Limit
Banks should provide their customers with the choice to lower the credit limit below that offered by the banks. Suppose I have a Rs.1,00,000 credit limit as defined by the bank but I do not use so much of the limit usually. Then I should have an option to lower the limit temporarily to any amount I wish, say Rs.25000. I should be allowed to do this online, at ATM machines, or using phone banking. Similarly, if I am about to make a higher value transaction, I should be allowed to raise my self imposed limit to a maximum of that allowed by the bank. Even this I should be allowed to do using my ATM pin or online netbanking password or though phone banking.
The advantage of allowing such a dynamic reduction and increase of the credit limit is that it will limit the fraud liability should such an eventuality occur. It is easier on the pocket to challenge a fraudulent Rs.25,000/- transaction than a Rs.1,00,000/- transaction

Voluntarily Disallow International Usage of Card
If I have an international card, but I do not frequently visit other countries, I should be allowed to dynamically  turn off possible usage of my card internationally. If I am travelling, I could turn this facility on through an ATM machine, or through netbanking, or through phone banking. If I forget to do so while in India and use an ATM outside, the bank may even charge a fee to do so.

Voluntarily Disallow Non-secure Transactions
The banks must also provide the facility for customers whereby they can declare that any transactions done on merchant websites which do not have Verified by Visa or Mastercard 3D security enabled should be rejected by the bank. This single facility will prevent a lot of fraud which happens on e-commerce websites.

I am releasing these ideas in the open so that banks can start offering some such facility to all of us.
If you are a bank and would like a discussion, please do not hesitate to contact me. If you are a customer and would like to write to your bank, you are free to quote the contents of this blog entry.

7 comments:

  1. Hi Ashutosh,

    It is nice article to make people aware that these can be one of the features of their Credit/Debit cards. I felt to quickly comment on your article because I am in the Product design which Handle all you Debit and Credit cards.. :D

    First two points you mentioned are already opted by many Banks where you can Decrease you Card Limit and also stop International Transactions. Both are basic features our Banking Product. You can talk to customer care to check if your Bank do support this feature.

    About third point I will comment in coming days as I am not sure 'Verified by VISA' security feature is done at Bank Software level or VISA level only.

    I feel I can answer many of your queries regarding the same.:D Feel free to discuss.

    ReplyDelete
    Replies
    1. Hi Pradip,

      I am aware of the facility about decreasing the credit limit voluntarily. However, can we also call up the bank and ask for increasing the limit back up when we need it? Moreover, can we do it at ATM machines or using netbanking? I think we cannot do all of that.

      About VBV I am not completely sure but I think it is done only at merchant sites which participate in the program.

      Would surely like to discuss more! Your comments are extremely important given your role as a developer of these systems :)

      Delete
  2. I doubt banks would agree much on the First point as they are hell bent on pursuing customers to get higher limit credit cards. (Idea conflicts with their Business interest :D).

    Second point I would say is an absolutely necessary feature that banks should provide. I suppose only 5-10% of all the credit cards issued by a bank are actually used for international transactions which makes the idea more profound and sensible to implement.

    Third point, I suppose, seems to be on a headway already as all of our credit card transactions are being verified by VISA/MC I think.

    ReplyDelete
    Replies
    1. I agree that the business imperative of the banks conflicts with what I am suggesting here. However, when fraudulent transactions occur, the bank is the one at a loss. Therefore, it does make sense for the banks to provide this facility.

      I think VBV and MC 3D security is limited to participating merchant websites only. It does not prevent someone from making a transaction on a site which does not require those authentications. Not completely sure about that. Will wait for Pradip (comment above) to confirm about this aspect.

      Delete
  3. Adding one more point:
    In many cases (e.g. restaurants), credit cards are not swiped in front of the customer.
    Typically, customer handovers his card to merchant's staff. Then the card is taken over to cash counter for swiping.

    There is a possibility of stealing important information from the card (name, number, expiry date, cvv code etc.) in this process.

    Instead, POS terminal machines should be wireless. This will allow merchants to handover POS terminal machines to the customer.
    So that, customer himself can swipe his card; Or merchant staff can swipe in the presence of customer.

    Extending this further:

    There is a possibility of fraudulent POS terminal machines. It would be great if we can somehow eliminate the entity called POS terminal machine.
    Let us say card is replaced by some other device which can also performs fund transfer activities.

    For example, if money transfer through mobiles becomes a norm then mobile can be made self sufficient for transaction processing.
    It should not need any external terminal device for processing the transaction. I guess this will make it harder for fraudulent usages.

    ReplyDelete
    Replies
    1. Agree. In fact wireless POS are available in many developed countries.

      The other technology you are talking about is feasible when Near Field Communication in mobile phones becomes ubiquitous. Whereas it is an interesting idea, I am basically talking about what can be easily done given the available Credit Card infrastructure.

      Your suggestion is already in prototype phase and has been demonstrated in a few conferences and so on. In fact, Intel's first phone the Xolo already has NFC incorporated into it.

      Delete
  4. Thanks for your comments. Suggestions and ideas are always welcome on all topics.

    ReplyDelete