Credit card issuers in the country are stepping up efforts to prevent swindlers from gaining access to customers' card details. The move follows rising instances of phishing and skimming attacks, through which fraudsters steal card information and make purchases using those details.
American Express is introducing a new solution, ezeClick', for its customers in India to ensure their card data is not shared with merchants while making online transactions. Currently, an individual has to share information such as card number, expiry date and card verification value during online credit card transactions.
"With ezeClick, our customers can conduct all online transactions with a single unique user ID. The new solution eliminates the need to share card details on e-commerce sites. The scope of fraud is much less when card data is not shared or stored on merchant servers," Sanjay Rishi, president at American Express India, told Business Standard.
He added that by the end of March, most of American Express' partner merchants would allow the use of ezeClick solution.
"It uses secure socket layer technology to transmit and receive the card members' personal information, which is then encrypted in such a way that it is virtually impossible for anyone other than American Express ezeClick to read it. The solution also makes e-commerce transactions simple and swift," Rishi said.
Most bankers blame the weak technology platforms of merchant outlets for incidents of frauds apart from oversights, deviation from existing controls and collusion between employees and outsiders. A few private banks are already taking steps to strengthen the systems and processes at merchant establishments to reduce the scope of skimming frauds.
The biggest worry, however, is the absence of 3-D secure authentication protocol across many nations in southeast Asia, Europe and Americas. The 3-D secure is mandated in India for all online transactions. It provides an additional layer of security as the customer has to key in a password apart from card details to complete an online transaction.
Indian banks have often found that fraudulent transactions in their clients' accounts have taken place on sites that do not have 3-D secure mechanism. "The situation is serious. There is an urgent need for all stakeholders to sit together and plug the points of frauds. We hope that when central banks meet, there will be a discussion on this and mandating 3-D secure across the globe will be considered. The scope of frauds will come down drastically then," said Pallav Mohapatra, chief executive of SBI Cards.
As a preventive measure, some of the Indian banks have started replacing the cards of their customers, who have recently travelled to countries that do not have 3-D secure protocol. Lenders are also substituting the magnetic strip-based cards with chip-based cards as it is difficult to steal data from the latter.
Some bankers indicated that fraud management is now being discussed at the board level at least once in a quarter.