Kandivli woman loses ₹1.62L in credit card data breach
A 43-year-old woman lost ₹1.62 lakh to credit card fraud after the fraudster used her leaked data to transfer the money to a Canadian bank account of a cosmetic company. As the transaction took place abroad, the fraudster did not need a one-time password (OTP).
According to Kandivli police, the complainant approached them on December 27, after which they lodged a first information report, charging the unidentified fraudster under relevant sections of the Indian Penal Code (IPC) and the Information Technology (IT) Act for cheating and impersonation.
As per the complaint, on December 26 around 9.58pm, the woman received multiple messages from her bank informing her that a total of ₹1.62 lakh had been withdrawn from her account. She called the bank and blocked her card and then approached the Kandivli police.
Speaking with Hindustan Times, the complainant said that in the past she had used her credit card to make international payments. “I have used it to make payments abroad, including to Canada. About 20 days ago, I used my credit card to make a payment for my daughter’s fees at an educational institution in Canada,” she said.
“But the problem is that many foreign companies by default save your credit card number and CVV. As an OTP is not needed for foreign transactions, it is unsafe for us to allow them to save our credit card details,” the complainant said.
Ritesh Bhatia, cybercrime investigator said, “It is high time that the two-step authentication system is made mandatory worldwide with an OTP or a password. If not, it must at least be mandatory for all foreign companies to adhere to two-step authentication for Indian customers. Secondly, every person using a credit card must disable the international transaction service if they do not need it. They can enable again as per their convenience. Thirdly, keep the credit limit to the minimum or as per the requirement so even if a fraud takes place, not much money will be lost.”