[fosscomm] [fosscom] security in online banking transaction {was} Fwd: [openSUSE-India] something interesting ...

Linux Lingam linuxlingam at gmail.com
Thu Jul 9 13:44:05 PDT 2009

>> On Saturday 27 June 2009, Gaurav Vaish wrote:
>>> 2. Their CC transaction is one of the most insecure ones. I once made an
>>> online CC transaction and within 2 days found two fraud transactions
>>> (international - totaling over $500) done on my card. Similarly, my cousin
>>> used his card to buy a ticket online and the very next day saw a couple of
>>> fraud transactions totaling over INR 25,000 done on his card (For
>>> completion, both the cards were VISA cards).
> FWIW, you can complain to the bank within 60 days, and also file an
> FIR at your local police station (there is a cyber crime branch for
> this sort of thing). Most cities have a Credit Card Consumer
> Association (Bangalore does) and they will be able to help you with
> more details. Such cases are usually filed with the local consumer
> courts,
> From, http://www.rbi.org.in/Scripts/PublicationReportDetails.aspx?fromdate=06/28/05&SecId=21&SubSecId=0
> . Each bank has a procedure to be followed in case of loss/ theft/
> misuse of card - generally, a time limit of 60 days is given. For
> wrongful billing, you can ask the bank to provide documentary evidence
> within 2 weeks.
> On http://www.rbi.org.in/scripts/NotificationUser.aspx , scroll down
> to Jun 05, 2009 and download "Closure of fraud cases - relaxation in
> the existing norms       58 kb" file. - useful if you decide to take your
> case to the consumer courts.
> The first document "Draft Guidelines on Credit Card Operations" is old
> but afaik, there has not been any major changes. The nice thing about
> laws is they are always in B&W, never verbal. A copy of these RBI
> circulars are sent to all banks under its jurisdiction, including
> small branches and as per law, they are required to publicly display
> it within their premises on a Notice board.
> I hope this information was useful.
>> How is that "insecure" on the part of ICICI.
>> I have made innumerable online transactions using ICICI CC and have never had
>> a problem.
> No two people share the same experiences and I doubt if fraud is an
> experience anyone wishes for.
> That said, I suspect that the second layer verification is provided by
> Visa/Mastercard  only to those banks that pay them for this service.
> This, after experimenting with multiple cards for the _same merchant_,
> with ICICI's CC approving the transaction sans the second verification
> layer.
> This is a probable security lapse on the banks part because : for
> example, even if someone memorizes your card number gets the expiry
> date, $name and reads the 3-digit CCV overleaf), s/he will have to
> still have to pass the II-layer verification for the online
> transaction to be approved -- they would need to know your email id,
> password, answer to your security question, etc... before they can
> (mis)use your card online. This II-layer verification (besides the IP
> verification, etc)) helps to narrow down the culprit(s) to: 1) an
> internal source who has access to your bank records, OR 2) social
> engineering, where you gave the details to your confidant and it was
> (mis)used sans your permission.
> If a second layer security feature provided by VISA and MasterCard, is
> being withheld by not informing and not providing the customer with
> the service, it _is_ a security lapse on the banks part.
> --

a credit card is inherently insecure, so old and stale 20th century,
c'mon move to the 21st century, or atleast its first decade:
use mcheq, use paymate, or else good ol' classic cash.
augment with traveller's cheques, western union,
and you'll do ok.

this century we'll really wonder how and why three generations
of people worldwide got suckered into using creditcards.


niyam bhushan

More information about the network mailing list