Financial Daily from THE HINDU group of publications
Sunday, Oct 31, 2004
Investment World
Features
Stocks
Port Info
Archives

Group Sites

 Investment World - Credit Cards & Debit Cards
Money & Banking - Security


Credit cards and the safety Net

Krishnan Thiagarajan

WE all see something interesting on the Web, but defer the purchase or give it up altogether when it comes to giving credit card details for completing the transaction. Does this diffidence make sense?

Let us get one thing straight right away: Using credit cards for online transactions is probably as safe and secure as offline (or non-online).

While giving your credit card to an attendant at a petrol bunk or waiter at a restaurant, have you ever wondered if it will be misused? Not too often, probably. When the card is taken out of your sight, there is always the risk of it being swiped legitimately for the transaction, and swiped a second time so as to record the number that can be reproduced on fake cards or used illegally for online transactions.

Moreover, global studies and surveys on credit card usage show that one steady source of credit card numbers is the thrown away charge slips.

Through these charge slips that have the 16-digit credit card number and the expiry date, hackers or fraudsters can conduct online transactions. Something that consumers have no control over anyway.

Key rules for online safety

While using credit cards on the Net, users will surely have to be vigilant. But as long as they follow some simple rules, the leap of faith may not be as perilous as you think:

Navigate the site

It is absolutely essential for any user to browse the Web site and get familiar with some basic requirements such as:

Privacy terms: It is important to establish if the merchant respects customer privacy and follows the highest level of confidentiality in preserving customer information or not. One of the important terms to look for is "storage of credit card details'. There has to be an explicit statement from the merchant that "the credit card details are not stored in our Web site".

This is critical because any storage of credit card details leaves them exposed to hacker attacks. This information is generally furnished either under privacy terms or in the order payment form.

FAQs and sitemap: Skim through the FAQs (frequently asked questions) provided in any site, as it clearly reflects the care or diligence that any merchant takes in increasing the customer's comfort level with the site. Similarly, a sitemap which outlines the site design and navigation features shows the importance that is assigned to enhancing the usage experience. Any site which is slipshod in design, hardly shares any meaningful information, or has poor help features or links should not be trusted for online transactions.

Transaction terms

Any customer-friendly merchant will take care in designing the transaction terms. Look out for:

Contact details: Any Web site which offers contact details for any queries or redressal on transactions automatically enhances the comfort level of the user. It is important to see whether the name of the person (or at least the designation), phone/fax number and e-mail address is given. The site must also have a clear and fair complaint handling process, which includes the policy the site will follow if a credit card owner disowns any transaction. If any site lacks this, it may be better to use other secondary sources to establish the merchant's credibility or avoid the site altogether.

Return or refund policy: The site must spell out the return or refund policy clearly. In case of return, whether full or partial refunds, preferably product-wise, would be made. Similarly, the policy on refund of advance, say, in hotel reservations or car hire must be stated. The cancellation charges should also be spelt out clearly. Any ambiguity on these terms can lead to problems.

Security policy

Straightaway look for the security policy on the Web site. Since the credit card usage is protected entirely by the security policy, every customer will have to ensure a secure server.

Every customer has to make sure that he enters into a payment site only through the secure server option. Using the standard server option can be dangerous because it offers public access to customer's information. There are a few things to look out for whether you are on a secure server or not:

  • On looking at the site browser window, one will find that an "s" has been added to the familiar "http" on the screen, that is, http will become "https". This means that the technology called SSL (secure socket layer) is working on the page. The SSL ensures that the information or communication cannot be intercepted during transmission by a hacker/unauthorised user. It is a 128-bit encryption, which is generally used by most secure payment gateways (though 40-bit encryption can also be provided) to ensure safety in transmission. If SSL is not on, the browser will warn you.

  • The other way is to check out for the security icon at the bottom of your browser. This is displayed by different web browsers in different ways. For instance, in Internet Explorer 5.0, a padlock appears when the site is in secure mode.

  • Generally, most secure sites will have a security certificate, such as Verisign, which signifies that financial transactions can be conducted in a confidential and secure environment.

    Three-digit security code

    The payment gateway mechanism (or virtual swipe machine) comes into the picture at this stage. This helps the merchant selling goods use proprietary or third-party connection offered by different banks to put through the transaction. When entering the credit card number, customers can look for an additional layer of security protection in the form of a "3-digit numeric code" which is printed on the back of a credit card after the credit card number.

    This security feature is called CVV2 in the case of Visa and CVC2 in the case of Mastercard. As said earlier, the card number and expiry date can be obtained from charge slips thrown away by retailers, but this 3-digit number will be available only with the owner of the card.

    Any payment option which calls for this 3 digit number authorisation is better and safer than the ones that rely only on the 16-digit credit card number.

    Failed transactions

    In a dial-up connection, there are occasions when processing a transaction, the operation gets timed out or there is a power failure. If this happens after one has given the credit card details and before the completion of the transaction, most customers tend to panic.

    It is important that the site spells out a clear policy guide in this case. Take, for instance, the Railway reservation site (www. irctc.co.in) which states that: "After pressing the `buy' button, if the `ticket reservation output page' is not displayed in your monitor due to power failure or Internet link failure, please click the `booked tickets' menu on the left side of the screen in the monitor.

    This page contains all the details of the tickets booked by you. If the reservation desired by you finds a place in the above page, you can note down the transaction ID, PNR number and other details. The tickets will be delivered as desired by you. You are also advised to check your e-mail or contact IRCTC, if necessary."

    Few general precautions

    These may also be necessary for all those contemplating regular credit card usage online such as:

    Avoid cybercafes: This is avoidable as customers are leaving behind their trail right from the username and password level onto the payment options for processing the transactions. It is better to use a personal computer at home or at the office (depending on official policy in this regard).

    Disable cookies: While accessing any payment site in a public cafe, it is advisable to disable "cookies" by going to the help menu of the browser.

    Most Web browsers automatically accept cookies. "Cookies" are small pieces of information that are stored by the browser in the computer's hard drive.

    Use a single credit card: Preferably use only a single credit card for online transactions which has a low credit limit. This will help you easily track your transactions better and also keep the risk to the minimum level possible.

    Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

    • Stories in this Section
    TVS Victor - It's tried and tested

    Systematic investing still scores
    Phase-out of NBFC deposits — Death of retail debt market
    UTI Mastergrowth: Hold
    Franklin Prima Plus: Hold
    0.61 pc dividend from Chola MIP
    Aventis Pharma: Buy
    Zodiac Clothing: Buy
    Dr Reddy's Labs: Pare exposures
    Zee Telefilms: Sell
    ACC: Hold
    Maruti Udyog: Hold
    ABB : Long term buy
    There's benefit for principal repayment even before the flat is ready
    Focus of the week
    Bearish outlook for Nifty
    Reliance may touch Rs 490
    Query Corner
    Something special
    Price and its elasticity
    Active trading in Tata Steel, SBI, Infosys
    What's theta-positive?
    Options guide
    Futures guide
    Credit cards and the safety Net
    OCL: Block it for a year
    Jury still out on our differential model — Mr Phaneesh Murthy,CEO, iGate Global Solutions

    The Hindu Group: Home | About Us | Copyright | Archives | Contacts | Subscription
    Group Sites: The Hindu | Business Line | The Sportstar | Frontline | The Hindu eBooks | Home |

    Copyright © 2004, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line