Once they have obtained the data, cybercriminals can use it to cause card owners immense financial harm. In India, a customer needs two-factor authentication to carry out internet transactions. Besides the password, he needs a one-time password (OTP) which is sent to him over the mobile phone. But the provision for two-factor authentication does not exist in most parts of the world.
In view of growing security risks, banks and card companies need to safeguard their systems against the risk of cyberattacks. They need to check their ATM and PoS machines regularly to ensure card-skimming devices are not installed on them. “Usage of best-in-class security tools, experienced people, and continuous monitoring of the IT environment can help reduce the risk of such attacks. High-level encryption of data and full compliance with protocols like PCI DSS and ISO 27001 can help enhance security,” says Panchal.
On their part, card users, too, need to be vigilant and observe security-related best practices. Scan your credit card and bank statements at regular intervals. If you observe a transaction that you have not undertaken, call up your bank and get the card blocked. Two, if you don’t need to carry out international transactions, then switch off the international usage feature. You can do so via internet banking or by visiting your bank branch. Three, do not reveal card-related information like name, password, card number, OTP, etc to anyone over the phone or in person.
While the Reserve Bank of India has mandated that customers should be shifted from magnetic strip cards to EMV chip-based cards, many customers may still be using plastic of the former type. “Customers who are still using magnetic strip credit cards
should switch to chip-based cards to avoid card skimming at swipe terminals. Chip-based cards are more secure because they encrypt the information contained in the magnetic strip,” says Saurabh Sharma, senior security researcher (GReAT), Kaspersky (APAC).