Even yesterday I knew that my credit or debit card is super safe on the internet. Did you ever think that your card information can be used for a fraudulent transaction without OTP or password? The fraudulent transaction can be any type of transaction say to some under reputed company or some personal transaction. When we say “fraudulent transaction without OTP or password”, it becomes freaky, isn’t it? So, let’s discuss what can happen with your card information and how you can avoid such.
Can one face fraudulent transactions without OTP or password?
A Simple answer is yes. With this strange answer comes some questions in mind! No? This becomes freaky when it comes to the idea of online fraud. All the countries around the globe have developed their fraud detection system so that fraudulent transactions get caught and canceled. But they all use different algorithms and privacy measures, which may not be the same as India follows. So in such a situation where you are willing to perform a foreign transaction and you may not ask to perform the “Two-Level Authentication”.
I will try to answer all such question came to my mind while writing this blog. I will answer all the questions at the end of the blog. If you came up with another question please let me know in the comment section.
What recently happened?
A girl based in Noida got a jolt from the blue when she has robbed of Rs 1.5 lakh without any OTP or PIN. On New Year’s Eve, Neha Chandra was on a metro when her wallet was stolen. She lost her money only a few minutes. The girl’s HDFC Bank Debit and Credit Cards were transacted fraudulently.
In a 15-20 minute time, Rs 1.5 lakh was deducted from her HDFC debit card and credit card with three fraudulent transactions. The RS 52,499.99 and RS 44,544.24 were two of the fraudulent transactions from her debit card. A further transaction was worth Rs 52,499.99 on her HDFC Bank credit card. The same dealership was called ASHANTI, PARIS 10/FR for these purchases.
How this could possibly happen?
When you are performing the online transaction inside India, you might have noticed that 2 -step Authentication is mandatory for every transaction getaway or authorized body. Generally in India, RBI is the topmost authority for any kind of online or offline money transaction. RBI has imposed some rules and regulations, one of those is making the 2 step authentication mandatory, to prevent frauds. Now India has implemented this but it is not necessary all the countries will be following the same. If the transaction is happening outside India, or the gateway is not under the control of RBI, it may or may not use 2-step authentication.
Recently I purchased a service for Google and I had to pay a certain amount to Google. As usual, I gave all my debit card details and expecting an OTP will come the confirm the transaction. But on my surprise, the money just got deducted on the go. No OTP, not a separate portal. It is really scary. Suppose, you gave you entire card details to some phishing site and expect something to happen. Now that site may illegally store the data of your card, violating PCI-DSS (Payment Card Industry Data Security Standard). No, they use your card details to transfer money to some bank where the country does neither impose RBI standards nor fall under the control of RBI. So in such a way, your money may get transferred if the hacker knows your Card Number, Date of Expiry, Card CVV.
According to Rahul Tyagi, co-founder of the cybersecurity firm Lucideus, when using debit cards issued in India abroad, one does not receive an OTP while making an online transaction up to a certain amount.”. All a hacker needs are the card number, Date of Expiry and CVV. For ATM transactions, there are multiple ways a hacker can get access to the user’s PIN, depending on the scenario. For example, a hacker can reset the PIN, use compromised ATMs to track data or can perform a skimming attack,” Tyagi told IANS (Indo-Asian News Service).
Manan Shah, Founder, and CEO of Mumbai-based Avalance Global Solutions agreed: “Hackers have devised unique ways to bypass PIN and OTPs on both debit and credit cards. There are point of sale (PoS) machines in use that do not need OTP for a transaction for a certain amount and I have seen such cases growing in the near past”.
Point of Sale (POS) Machines:
A POS (Point of Sale) terminal is a card reading machine or any other device that accepts payments for an order placed on the POS system. These machines may or may not be integrated with the POS Software. You may have noticed that in some stores, the bill is printed and the card swiped on a single hardware device
From a user’s perspective, when traveling abroad, users should request the bank to decrease the minimum transaction amount, continuously monitor the usage of their card and immediately report any anomalies to the bank.
Such similar events had taken place in the past and one of the solutions is to enquire with the bank and limit your card usage if you’re planning to go abroad. If anything happens, immediately inform the bank to avoid complications, later.