Frauds not only happen at ATMs and points of sale but also when we use cards to make online payments (Card Not Present transactions).
While beyond the card number, the name, expiry date, and CVV2 or CVC2 numbers was used initially as an additional security measure, a second factor authentication based on information not visible in cards was made compulsory by the RBI from August 2009.
This second factor is like a PIN to protect your card usage on the Internet.
PIN made mandatory
Both Visa and Mastercard have tied up with banks to help you create this PIN under the ‘Verified by Visa' and the ‘Mastercard SecureCode' services. Most banks allow you to register in their Web site for this service.
Otherwise, you can also activate it when you are doing your shopping if the seller is a participating merchant with either Visa/Master Card.
Once you register, the ‘Verified by Visa' or ‘Mastercard Secure Code' service will be extended to you at all participating online stores each time you purchase.
However, take amazon.com, for example. Have you noticed that the PIN-based authentication is not required for this Web site? That is because the RBI mandate extends only to India. This could happen with many other foreign Web sites, which don't participate for this service.
Hence, when you wish to transact from such sites, remember than the additional layer of security for your card is not available.
Look out for other signs of security — whether the site begins with https:// instead of http: //, whether it has a ‘lock' symbol on top, whether it carries any security certificates such as ‘Verisign Secured', etc.
In India, though, beyond online payments, PIN-based authentication for card not present transactions has been extended to IVR (Interactive Voice Response) services from February 2011 and will also cover Mail Order/Telephone Order services from May 2012 onwards.
Create virtual cards
Another choice to ‘extra protect' your online transactions is to create virtual cards.
Banks such as HDFC and Kotak Mahindra currently provide this option.
If you are an HDFC Bank customer, for example, you can use the ‘NetSafe' card instead of your actual debit or credit card. This single-use card will be generated online for an amount decided by you and will remain valid for 48 hours.
At the end of this period, the unutilised amount will be credited back to your account.
Since the NetSafe card carries a virtual number, your original card number is never revealed in online transactions. Axis Bank too has launched a similar online payment solution called the e-wallet card.
Net banking safer?
Considering the convenience of your account not being immediately debited, credit cards are a necessity. But when it comes to debit cards, would an electronic transfer of funds be safer than using the card?
Not necessarily, feels Uttam Nayak, Group Country Manager, Visa.
“Debit cards have daily withdrawal and POS Limits, have fraud tracking programmes and better dispute resolution mechanisms.
If you are operating from unknown PCs or cyber cafés, there may be programmes to capture your Net banking password and the entire amount in your account may be cleaned out.
From a marketing perspective also, Net banking never gives you cash backs, rewards and promotional offers”, he says.
However, if your bank sends a one-time password to your mobile for a Net banking transaction, there are less chances of compromise, feels Sanjay Sharma, MD and CEO, IDBI Intech.