Keeping a credit card just got a bit more expensive! Stealing and using a credit card are passé. In today’s world, hackers are working overtime to find out new innovative ways to make new money, and going by the look of things, they are gaining a sizeable lead in this domain! From skimming and cloning your credit card, to making fake sites; from using stolen cards on them to using new online trading models, the cyber thieves are on prowl to hack into your bank account.
Now, it’s no longer safe to trust a restaurant employee or petrol pump attendant with your credit or debit card. Many cases of multiple cards being ‘skimmed’ and ‘cloned’ are being reported to the police and bank authorities, and many of them are originating when a customer is least expecting it! So next time, think twice about giving your credit card in a restaurant or in a petrol pump! Card thieves are using magnetic stripe readers and encoders which are easily available in the market for $250-$600.
While a card reader can read the data on the magnetic band of your credit or debit card, an encoder can encode it on to any plastic card with a magnetic band, even a normal hotel room key.
Rajat Khare, who is the founder director of network security management company, Appin, said, "All credit cards can be cloned by simply inscribing cards with a similar magnetic band just like a hotel number is fed into a magnetic room key. These kinds of card frauds are becoming common."
Banks are trying to fight this menace, by advising customers to subscribe to mobile alerts. ICICI Bank card products head Sachin Khandelwal said, “We have a 45% market share with about 8.5 million credit cards in the market. The percentage of card frauds is low at about 4 basis points of all transactions. Nevertheless, we shoot an SMS alert for every transaction above Rs 2,000 to all our customers. Skimming of credit cards is generally done when a customer places a mail or phone order transaction.”
However, certain banks, like HDFC, do not stop at mobile alerts. In additions to the alerts, the bank also provides an extra security layer for all credit and debit card customers. Through this facility, the cardholder can create his own additional password, which provides an additional security layer for all On-line transactions, said HDFC Bank credit card marketing head Parag Rao.If you have just received a new credit card from the bank, but discover that it already has a charge attached on it, don’t be surprised. These days credit fraud happens even before a new card has been received from the bank. Credit card number generators are freely available online (on sites like http://www.brothersoft.com) which claim to generate card numbers of various companies starting from ‘5’ (Master Card) or ‘4’ (Visa) or other digits. It also generates 13, 16, 18 or 19 digit card numbers. These generators use the same algorithms like `Luhn formula’ used by government agencies and banks to generate numbers.
“In one case, a hacker managed to crack the algorithm of a bank’s credit card generator and sold hundreds of numbers online. So even before the fresh card came into customer’s hands, they already had a charge on them. In another case, a credit card hacker set up a site and started using stolen card numbers to provide downloadable images and managed to siphon off about $2 million,” adds Mr Khare.
However, the biggest wrath of the credit card fraud can be felt in the E-commerce portals, which have also become like trading havens for hackers. This is how it works: A hacker enters the stolen card number and CVV (card verification value) number, as mentioned on the reverse of the card, into an e-commerce site and buys a product. The payment is made but the buyer doesn’t take the delivery immediately. He gives the delivery date – of generally a week to 10 days. During this time, the hacker posts his costly buys (from the stolen card) on the portal for sale obviously for an even lower price. As the hacker gets a customer for his product, offered at a jaw dropping price, he gives the customer’s address as the delivery address, on the same or other portal.
He receives cash from the final customer in an electronic cash account or an escrow account from where he converts it into hard cash. Escrow is a legal arrangement in which an asset (such as cash, real property or other tangible assets) is deposited into safekeeping (e.g. a bank account) under the trust of a neutral third party (escrow agent) pending satisfaction of contractual contingency or condition. Once the condition has been met, the escrow agent will deliver the asset to the party prescribed by the contract.
Thus during the entire transaction the hacker can manage to cruise through without leaving a trace. Says IT risk and consulting firm Mahindra Special Services Group Captain, Raghu Raman, “Most hackers try and steal small amounts–just 2-3% of a monthly transaction to avoid getting caught. In large transactions, the banks usually call and ask the customer immediately to cross check whether a transaction was done by him. Hackers are also using card numbers to get a subscription or download a costly software which they in turn sell it online.” Thus, this makes it difficult to catch them also.
However, all is not lost for the credit card customers. There are certain precautions which one can adopt so as to be on the safe side. Net security experts have warned that web transactions with credit cards are no longer 100% safe. They suggest the use of credit cards only on sites which are ‘Https’ (Hypertext Transfer Protocol over Secure Socket Layer) and direct the transaction webpage to a payment gateway. Deleting cookies and browsing history from your computer after a transaction might also help prevent the cyber thief stealing your card number.
By Ankit Sharma
No comments:
Post a Comment