Earlier in the day today, Times of India first reported the arrest of 5 Indians in USA in connection with the US$ 200 million credit card fraud.
Immediately thereafter there was a second report in TOI itself attributing the growth of recent credit card frauds to “Dexter” malware. The report referred to quotes from some Bankers who were not identified who stated that the fraud did not reflect any weakness in the security system of the Banks.
The unidentified Bank official was quoted as stating “I doubt that this is related to skimming. In skimming there is a physical limitation in the number of cards that can be read also we are getting cases from metros across the country” . It was also added that since this fraud was perpetuated at the card acceptance stage it was not limited to one card issuing bank. He is said to have further assured that “We have secured our solutions through incorporate of advanced security mechanism such as Unique Key Per Terminal and Terminal Line Encryption which make the systems future ready as per RBI compliance needs”
The report absolves RBI by stating that it cannot prevent international frauds.
The entire report appears to be a planted story from some credit card issuing Banks in India along with RBI to hedge against them being held liable.
While the Bank official proudly states that International E Commerce sites some times accept credit cards without the CVV2 number and hence the frauds prevail, Naavi has brought to the attention of the public in India an instance with SBI cards where a Hotel In Delhi had charged the customer without any kind of authorization from the customer. This indicated that most Banks in India never verify the charge slips and make payments against forged charge slip signatures as well as non existent charge slips. (After prolonged correspondence over a few months the charge was reversed. However though Naavi insisted that action should be taken against the fraudulent merchant, no such action appears to have been taken).
The fact is that RBI has introduced certain technology features without proper security measures and influential Banks are not absorbing the fraud risks.
RBI is aware that credit card companies in India are forcing the customers to buy fraud insurance at their costs even against “Forged Charge slips”. This is unethical and illegal as it tries to force a Consumer to accept additional cost for a service arising out of a “Forgery” which is the responsibility of the Bank to prevent. RBI is by its silence contributing to the prevalence of the fraudulent practice.
Will the unidenitfied Bank official clarify if the above situation is prevailing in India and if so whether it is correct?
A detailed explanation of the activity of “Dexter” virus is available in the following article.
As this article indicates Dexter attacks the POS terminals used by Merchants in the physical space. This is not an internet transaction. Hence this needs the signature of the customer. If therefore frauds can take place in this scenario, it can occur only because of unsigned charge slips. Such debits cannot be placed on the customer and the Banks must absorb the losses.
Hence the US $ 200 million fraud to the extent it relates to Indian Banks (If any) represents the losses to the Indian Banking system. RBI needs to disclose the details of the Indian Bank’s involvement and how it would prevent consumers from being bullied by Banks to accept the losses on their accounts.
Also see: Credit card fraud in Mumbai