A fellow journalist travelled to Beijing, and swiped his card at a Kempinski resort. On checkout, he paid a minor room service charge of 80 yuan; his hosts were paying the hotel bill. But by the time he returned to Bangalore, his credit limit was wiped out. His card had been used for a shopping spree at Hong Kong totalling over Rs 25,000 – until the credit limit was reached. (The amounts were later reversed by SBI Cards.) Ever travel to Indonesia or Malaysia? Try using your credit card there and you’re likely to find that your card will be blocked and replaced by your bank or card company as a ‘precautionary measure’. Worse, you might find a series of charges in different countries, charges that you did not make. How do they do it?
Skimming The Cream
A hot-selling item in many countries is a skimmer: a small device into which the store clerk, or waiter, discreetly swipes your card. In a second, the skimmer stores your name, card number, expiry date and other details. The clerk sells the numbers gathered during the day to a buyer for up to $50 a pop. The middleman sells it to upstream buyers in other countries, who use blank cards and a card encoder – available cheap – to replicate your card. The next day, a dozen copies of your card will be in use across the world.
How about your poor local-restaurant waiter who doesn’t have a skimmer? Well, he takes your card away from you for a few minutes: enough time for him to copy all information on the card (these days, they simply click a photo with their camera phones). He can then sell the day’s haul to buyers who will spend on them online.
And so, contrary to popular belief, it’s safer for you to use your credit card online than physically in the real world. Online transactions are mostly secure, and you have additional ways to ensure security. But given that credit cards are a part of life, what do you do? Online or offline, your top safety measure today is to stick to banks that give you SMS alerts on transactions.
ICICI Bank leads the way here, with instant SMS alerts on every bank or card transaction; HDFC Bank and others also use SMS alerts. American Express remains technologically backward (the bank still hasn’t discovered email, sending only paper communications, and even telegrams!), and simply does not use SMS or email alerts.
If you shop online, you don’t have to use your regular credit card, even though it’s mostly quite safe if you stick to known sites. You have other options. PayPal is among the most popular online payment services. This is a virtual banking system that bypasses the regular banks. It lets you pay online, send money to someone in another country, or even sell items and receive payments by credit card. You set up an account on PayPal.com, and register your credit card.
You can then pay online at any site that accepts PayPal, without having to enter your card number; the website won’t ever see your card number. I’ve used PayPal for five years, finding it quick, convenient and safe – for buying stuff online, paying for Skype, or receiving payments from friends.
The other option you have is to use an ‘online credit card’. If you’re a Kotak Mahindra Bank account holder, and you want to pay Rs 240 at a website: log into your Kotak bank account, click on ‘Netcard’, and enter Rs 240. You’ll get a virtual credit card generated on the fly: with a valid Visa number, and a credit limit of Rs 240. The card will expire after two days.
You can’t use this for online purchase of airline or movie tickets where they may want you to physically present the card for security – stick to your regular card for that.
You also don’t want to use a temporary card if you’re likely to have to cancel the order and ask for a refund: the refund will have to happen to the same, and still valid, credit card number.
Or you can use a virtual credit card from ICICI Bank or others. I use this for shopping on Amazon and eBay. Log onto ICICI Bank (Infinity) online and click ‘Apply for a virtual credit card’. Specify a credit limit, say Rs 3,000. You’ll get an online-only card generated for you permanently: the number will remain constant, but you can change the credit limit anytime. I keep my limit to Rs 5,000, but if you’re more cautious, you can keep yours to zero, changing it just before you shop.
There’s also a ‘Verified by Visa’ and a similar MasterCard system to add a second check to online card transactions. But they’re both glitchy and do not work well, and they usually decline all my transactions!
Plastic is getting safer – adding features such as ‘two factor authentication’. Even so, there’s nothing for it but to stay vigilant, look at your SMS alerts for transactions, and be extra careful in physical transactions. With a bit of care, plastic is better, and safer, than cash.
Prasanto K Roy ( email@example.com ) is chief editor at CyberMedia, publisher of 15 specialty titles such as Dataquest and Living Digital