In a recent case of Credit Card fraud busted by the Chennai
Police, it was found that the Credit card particulars had been stolen
from many hotels in several foreign cities such as Singapore. These were used
in preparing duplicate credit cards through which purchases were made from
shops in Chennai.
The incident highlights the risks that are inherent in the
use of Credit Cards. Netizens have always been very skeptical about use of
Credit Cards for online purchases fearing the stealing of credit cared
information and their use on the Internet. Lack of "Signature" was the
principle reason for the fear.
This fear has been one of the reasons for the slow growth
of E-Commerce and perhaps also contributed to some of the dot com failures
also.
In the initial days of E-Commerce, there were incidents
where "Pseudo Sites" were created to gather credit card information in
exchange of some service. Many of the E-Commerce sites used to save the credit
card details on the web server which were hacked into and information stolen.
Some time, the unencrypted flow of credit card information was collected by an
eves dropper. All these are now things of the past. At present the E-Commerce
sites use various measures to prevent misuse of Credit Card data. Firstly,
there is encryption of data between the client's browser and the E-Commerce
site. The Credit card information also is sent directly to the payment gateway
and the E-Commerce site avoids storing of the data on its servers.
As a result of some of these measures, exchange of Credit
card data online is safe even though the authorization itself is done on the
basis of information otherwise found on the face of a credit card.
Some of the E-Commerce sites today take a precaution to
ensure that the billing address on the card and the destination of goods
purchased are same to ensure that there is no third party who is benefiting
from the purchase. This some times creates an embarrassment when a person is
trying to send a gift to another person. One of the precautions that Indian
E-Commerce site owners are adopting in such cases is to verify from the
destination address the genuineness of the transaction and the relationship
between the credit card holder and the beneficiary.
It can therefore be said that the biggest risk for credit
card frauds online is not from online security problems but from the
possibility of the credit card data being stolen offline in a hotel or a shop
where the user parts with the card for some time.
Prevention of Credit card frauds online therefore involves
prevention of the leak of credit card data offline.
It is therefore necessary for the Credit Card companies to
issue separate cards for Net purchase and do not issue universal cards. For
the same reason, the biggest risk is for persons who hold credit cards that
are accepted globally and on the Internet and it would be better to de-link
online validity of Credit cards from offshore validity as well as onshore
validity.
Let's hope that the Chennai Credit Card racket will open
the eyes of the Credit card companies to issue Internet Credit Cards as well
as Off-shore Credit cards as "Add-On" cards and make the parent card
invalid except for on shore transactions.
Naavi
December 11 , 2002
Related Articles:
Major racket in credit cards unearthed, three arrested
