Tuesday, November 30, 2004

Hacked!

I think I've become an easy target for credit card fraud.

About a month back, my credit card was hacked and used to buy software and computer peripherals, apparently somewhere in the USA. This was done online, so there was nobody physically present while using my card. The bank, informed that I hadnt made those purchases, cancelled the credit card and issued me another. I was told that I wasnt liable for the theft - and a good thing, too! - and that the stolen money would be credited back to me. The refund would show up on my next statement from the bank. So that seemed all right.

Only, it wasnt.

I got my newly issued credit card within about 10 days and validated it as normal. I used it only once in the next couple of weeks, to buy a book on Amazon UK. Imagine my shock when I checked my credit card account online after 3-4 days, and found that somebody had been merrily using it to buy telecom items from a merchant in Istanbul, Turkey! What's more, it turned out that my new card had been hacked practically the day it had been issued - well before I got around to using it myself.

Again informed of the hacking, the bank said that the Turkish merchant hadnt been suspicious because the hacker's expenditure had been just below the store's maximum (beyond that amount, the store would, apparently, have checked the authenticity of the card before accepting it). And the bank could do nothing about tracking down the hacker, even though this time the purchases had been made with the "cardholder" present.

It's a good thing that the authentic cardholders arent held liable for falling prey to online hacking, and also that the banks reimburse the money lost in fraudulent transactions. Of course, if cardholders WERE held liable, credit cards would very quickly become useless. Who would bother with using credit cards if it meant that they could lose money to thieves? It's in the banks' interest to keep the customer happy and take on the responsibility for the fraud. (That way, they can keep making money from the interest on card purchases while still making customers feel that credit cards are an asset!)

So, dont make the mistake of feeling grateful to the banks or thinking that the banks are doing customers a favour. Banks dont take the loss themselves. They are doing nobody any favours. They make sure to get back the money from the shops or retailers who accepted the hacked cards as authentic in the first place.

In the end, it's really the high street retailers and shopowners who must bear the costs of credit card fraud... but then they should be more careful about what they accept. If their greed for higher sales figures overcomes caution and subverts security precautions, it would serve them right to be defrauded. The time and methods required to check the authenticity of cards might be a pain for customers and shopowners alike, but it would make fraud that much more difficult.
Debit cards would seem a better option, but they have a downside too. If you use your debit card online and it gets hacked, the money will not be refunded by the bank! Debit cards do not have the fraud protection (of sorts) that a credit card does, so any money stolen by unauthorised usage will remain stolen. Debit card holders need to be very careful when they use it online!

Anyway, once again the bank and I have been through the entire cancel-reissue-submit-revalidate process, and now I'm the rather nervous owner of a new credit card, third re-issue! Hopefully, when I get my next statement, it will only show my own use and not dozens of unfamiliar purchases made in Latvia or Peru. Maybe I'll be third time lucky - if I'm lucky!

17 comments:

Harish said...

Spammers, Credit card hackers..
hmmmm, Did u check behind the refridgerator for a spy? :)

Shyam said...

Yeah, I'm getting a persecution mania!

PS. Remember this for people with low self-esteem - Just because you think they're not out to get you doesnt mean they ARENT out to get you! :)

Sowmya said...

Hey
I guess your experience just reafirms my policy never to use my card online !
But glad you dont dont have to bear the brunt of the hacker !!

hari said...

Hi Shyam,

You seem to be on a rebellion against Spam authors and credit hackers or shall I say the Electronic tricksters in general.The more hi-tech we go, the more serious the frauds.

Good that atleast the Bank is not holding you liable for the purchases made by the trickster. I do not think the same will be the case in India, unless you report the fraud within 24 hours.

Shyam said...

Hari, My god, I cant belive it's true that customers have to bear the loss through credit card fraud in India. Is it possible that foreign banks can have one customer protection policy for the West and another - that of no customer protection - for India? Surely not!!

Shyam said...
This comment has been removed by a blog administrator.
Shyam said...
This comment has been removed by a blog administrator.
Shyam said...

Hi Sowmya, I'm also glad that I dont have to bear the loss! :) Mind you, it's not just through online buying that credit cards get hacked... I believe cards can also be copied at restaurants and supermarkets (I dont know how, exactly - I just know it's possible because a banker friend told me so!)

hari said...

Hi Shyam,

Why not? When we can have Coke without bacterias and enzymes in US and UK and one with permitted bacterias in India, there is nothing surprising in this happening.

The protectionist policy of the banks depends on the stringency of the penalising laws of the country. In that regard, Indian Laws are still to come of age.

Harish said...

hari,
I was very very tempted to say something here in response to ur last line. But my conscience piped up saying "No kadis while a serious discussion is going on".
But I'll give u a hint.. I know one Law that did!

Anonymous said...

C'mon Harish, one thing that is actually worse than a kadi is knowing there's a kadi lurking about, but not being told what the kadi actually is! :) Spit it out, laddie!

Harish said...

"In that regard, Indian Laws are still to come of age."

Well, I know one Law that did.

Harish said...

Shakeela! :D

I'm outta here!

Shyam said...

ARRGH :) (Now where's that icon that's banging its head against a wall???)

Anonymous said...

Hey Harish...a simpleton is me! Its taken me quite a bit of time to get this kadi! Good one, pal! :)))

Anonymous said...

That was me....Ravi :)

jeethu at softhome dot net said...

I am going to get a credit card for internet purchases as I have found that e-bay doesn't accept my debit cards. By the way how did you convince the bank that those purchases weren't your's?