The RBI's crackdown on fraud in Card Not Present (CNP) transactions ‘led to' an increase in the volume of CNP transactions, by giving remote users a greater sense of security, according to Mr. G. Padmanabhan, Executive Director, RBI.
But, he feels, RBI's success on this front might have caused fraudsters to shift their focus to Card Present Transactions.
In this connection Mr Padmanabhan cites the example of a scam in Hyderabad, where fraudsters posing as merchants offered mobile talk time worth Rs 250 against payment of Rs 50, on condition that only card payments would be accepted.
The kiosk machine specially set up for this purpose was configured to prompt for PIN and print a charge slip indicating approval of the transaction by the bank. The Magnetic Stripe Card data and the PIN were captured from unsuspecting customers and later used to make counterfeit cards for withdrawal of cash.
The same modus operandi was used at a petrol pump in Ranchi; only this time instead of mobile recharge vouchers, customers were offered car wash liquid and air freshener.
The moral of the story is that it is safer to stick to the beaten track, that is, KYC-processed point of sale terminals; avoid shady nooks and corners.
RBI directive
More important, with effect from July 1, 2011, the RBI has instructed banks to send out SMS alerts for all card transactions, irrespective of the channel used; ATM, phone banking, Net banking, whatever. If an unauthorised transaction comes your way, sound the alarm.
If you happen to be one of those who keeps the mobile switched off for extended periods of time, you can instead, ‘regularly at irregular intervals', check out the transactions which have taken place in your accounts. Not to look for transactions you have made, but to spot those you haven't.
Of course, you still need to ensure that your bank has your mobile number on record, not someone else's. For it is to this number that it will send SMS alerts and one time passwords.