Soon, the way you use debit and credit cards may change drastically. You might need to key in a PIN number for every swipe, and new cards coming to you by post could be a thing of the past.
These changes are likely if banks act on a series of recommendations made by the Mumbai police to curb the recent spate of card frauds.
The series of cybercrimes in which city debit/credit card users have had their details stolen and money spent abroad has caused a dent not only in their bank accounts, but also their confidence.
Hardly four months into the year, the cyber wing has already received at least 150 cases in which Mumbaiites' cards have been used abroad, despite the users being in the city with their credit or debit cards firmly in their wallets.
The police, who have not met with much success in solving these crimes, suspect the involvement of a cloning racket. Apart from investigating such cases, which has proved largely fruitless, the police, having gone through the modus operandi of the criminals, have recommended a series of measures to banks in order to prevent such crimes. Joint commissioner of police, crime, Himanshu Roy confirmed that the recommendations had been made.
In addition to suggesting that all cards get PIN numbers so they cannot be misused even if someone else gets hold of them and asking that banks personally hand over cards to customers, the police have recommended that banks also devise a system in which two cards cannot have the same embedded details.
An officer explained, "Just like a SIM card gets deactivated if the number is updated on to another SIM card on request, it should not be possible to update details of one active card to another piece of plastic. This would ensure cloning does not take place."
Another option to consider would be to make sure all credit cards are chip-based and don't use the common magnetic strip.
Explaining the rationale behind this, an officer said, "Cards that have data embedded in magnetic strips have been cloned through skimming machines. Microchip cards have data stored in an encrypted format that makes it difficult to copy."
The police's other recommendations include banks preparing the cards themselves rather than outsourcing the task to private companies and improvement the storage system for card data such that no one person has access to all of it.
'Transactions made from a place I hadn't even heard of'
Zohar Jaorawala, a 25-year-old engineer from Thane, woke up to his phone buzzing with several text messages on the morning of January 16. He was in for a shock. They informed him of a series of credit card transactions he had not made, worth Rs. 37,311, Rs. 14,198, Rs. 4,097, Rs. 2,957 and several smaller sums, adding up to nearly Rs. 60,000.
He immediately contacted the bank, which informed him that the transactions had been made at Chantilly (USA), a place he had never heard of.
Realising he had been duped, he approached the Powai police station, but the officials there refused to register an FIR. When he approached the cyber wing of the police, he claims he was told that they did not investigate cases where the fraudulent amount was less than Rs2 lakh. After much persuasion, the Powai police finally registered a complaint and began investigations.
But by January 22, another fraudulent transaction of Rs16,410 had been made.
No one has been arrested in the case yet. Jaorawala, in the meantime, has received credit for the transactions from his bank after their investigations confirmed the fraud.
Jaorawala nearly lost Rs. 76,300 through card-cloning.
"I went to the police station twice to check on the follow-ups. However, I could not meet the concerned officer. They have made no effort to contact me," said Jaorawala.
'They disabled my SIM so I wouldn't know of the transfer'
On the morning of November 26 last year, Chinmay Dash, a Kandivli-based corporate executive, realised there was no network on his phone. His mobile service provider told him that someone had made an application on his behalf to de-activate his SIM card.
Fearing the worst, the 36-year-old rushed to his bank, only to be informed that Rs. 1.75 lakh had been transferred from his account. Normally, he would have received an SMS alert about the withdrawal, but since his card had been de-activated, he was in the dark.
Dash then approached the BKC cyber police station. There, he was directed to approach the local Samata Nagar police station, where a case of cheating was registered against an unidentified accused.
Dash has also written to the Telecom Regulatory Authority of India (TRAI) and approached the high court against the mobile service provider. No arrests have been made in the case yet.
"I approached the police again, asking them why they had not taken any action against the mobile service provider as they were clearly at fault here. They told me that they would probe the matter," he said.