[Thad E Ginathom]

Quote:

Originally Posted by diyguy

I've never had to pay duty maybe by pure luck.

Me neither, although most of my items (except maybe one or two) would have been below the limit. Duty payable on any other package was just given to the postman. I know people who regularly buy hifi from abroad: where larger amounts are concerned, they prefer to visit their local post office.

I just had my first Ali-Express no-show. The sellers asked me to extend the time and then raise a dispute for a refund. I asked, couldn't they just send it again; they said, "Sure! OK!" So I wait in hopes. Oh, now they inform me that the original has been returned to them! Photography, tripod-head quick-release clamp, value merely Rs.850.

My big caution with China shopping is not to jump to the conclusion that it will be the cheapest price. I have brought several Sirui tripod/accessory items recently, and all them have been cheaper to buy from Indian dealers. And, of course, they arrive within a day or two: sometimes, even when Ali Express is cheaper, it is not-enough-cheaper to warrant waiting a month for the thing.

[Rohan24]

A genuine doubt for the more experienced shoppers on the forum, especially the ones using Aliexpress and other international sites. I just bought a dashcam from aliexpress using an international debit card, and the payment was completed without any OTP or any other security code! My concern is, shouldn't they be asking for an OTP, which is sent to Reg. Mobile no.? Is this the bank's fault that OTP wasn't demanded or the portal's? Also, is this normal on international portals?
This is scary because anyone who gets hold of a card can simply enter details and spend!

[diyguy]

Quote:

Originally Posted by Rohan24

This is scary because anyone who gets hold of a card can simply enter details and spend!

This is normal for international transactions I think. The way you can protect it is if your bank provides you virtual one time use credit cards. Axis Bank and ICICI used to permit this earlier but have taken it out now. So off late I am using HDFC and you can set international transactions permitted or not and even the max amount to allow through online banking. This is some protection but not total.

[Rohan24]

Quote:

Originally Posted by diyguy

This is normal for international transactions I think. .
.
.
. you can set international transactions permitted or not and even the max amount to allow through online banking. This is some protection but not total.

Thanks. Will have to check with my bank if something like that can be done.
It's surprising how no protection is offered for international transactions. What could be the reason for this? There must be something that's not feasible for them to ditch this process completely.

[Thad E Ginathom]

Quote:

Originally Posted by Rohan24

Thanks. Will have to check with my bank ...

Do let us know what they say. Seems to me that sometimes an OTP is asked for, and sometimes not, at least with Amazon.IN. Aliexpress, I don't recall. I have a hunch that the banks' systems have some inteligence and recognise, then trust, transactions one does regularly. Just a hunch!

My preference is to use netbanking, but, of course, that is a domestic system. But doesn't the OTP system for card payments would work with international transactions?

[diyguy]

Quote:

Originally Posted by Thad E Ginathom

I have a hunch that the banks' systems have some inteligence and recognise, then trust, transactions one does regularly.

When I took up the issue with Axis Bank, they told me this exact same thing. However still doesn't give me comfort that my card is safe from fraudulent transactions. Ultimately the liability is with us, unless we cough up for protection (insurance), which is kind of expensive.

[rdst_1]

OTP system is only implemented in India. It is another layer of protection that was added to make it difficult to wrongfully use someone else's credit/debit card.
There is no such system implemented abroad. There you are only supposed to remember your CVV. Other countries believe that implementing such systems now would make it cumbersome for the people to use their cards. In India, we implemented this system very early when not many people were using cards for online payments, so not much of an effort was needed to re-educate people on how to use their cards.

[arvind71181]

Quote:

Originally Posted by Rohan24

A genuine doubt for the more experienced shoppers on the forum, especially the ones using Aliexpress and other international sites. I just bought a dashcam from aliexpress using an international debit card, and the payment was completed without any OTP or any other security code! My concern is, shouldn't they be asking for an OTP, which is sent to Reg. Mobile no.? Is this the bank's fault that OTP wasn't demanded or the portal's? Also, is this normal on international portals?
This is scary because anyone who gets hold of a card can simply enter details and spend!

OTP is only an Indian regulation, mandated by RBI. International transactions do not need them. Initially, even Uber used to directly charge from credit cards once the trip was done, they got into a huge mess for this and were forced to comply so they removed it, IIRC

RBI's safety first approach is way ahead of its times, I suppose

[audioholic]

Quote:

Originally Posted by Rohan24

This is scary because anyone who gets hold of a card can simply enter details and spend!

For quite some time international transactions both online and at POS was done without PIN. But now, POS transactions abroad are now being done via the PIN authentication method. The method of OTP I guess exists in India alone. Eventually they should move to PIN based authentication even for online transactions to prevent misuse. That is the reason we should never share our card details to anyone. I am not sure if they will adopt OTP method in the near future. Best is to set the transaction limit and be safe.

I have no interest in HDFC matters, but even I use their cards for international transactions. Unless you specify it is enabled, they will decline all transactions which originate outside of India without OTP authentication.

[rajivr1612]

Quote:

Originally Posted by Rohan24

A genuine doubt for the more experienced shoppers on the forum, especially the ones using Aliexpress and other international sites. I just bought a dashcam from aliexpress using an international debit card, and the payment was completed without any OTP or any other security code! My concern is, shouldn't they be asking for an OTP, which is sent to Reg. Mobile no.? Is this the bank's fault that OTP wasn't demanded or the portal's? Also, is this normal on international portals?
This is scary because anyone who gets hold of a card can simply enter details and spend!

As others have pointed the OTP is not used in international transactions.
The precaution that I have always taken for my debit and credit cards is to scratch out the CVV as soon as I receive the card. This way even if it is stolen it cannot be used for any online transaction.

[Thad E Ginathom]

Quote:

Originally Posted by rdst_1

There is no such system implemented abroad. There you are only supposed to remember your CVV.

When I last looked (not very recent), there was an additional password thing called, I think, Verified By Visa for online transactions using my RBS Visa Debit card.

Quote:

Originally Posted by rajivr1612

The precaution that I have always taken for my debit and credit cards is to scratch out the CVV as soon as I receive the card.

What a clever idea! Sort of obvious when one thinks about it, but I never did

The trouble is, it is all I can do to remember the PINs.

[Rohan24]

Quote:

Originally Posted by Thad E Ginathom

Do let us know what they say. Seems to me that sometimes an OTP is asked for, and sometimes not, at least with Amazon.IN. Aliexpress, I don't recall. I have a hunch that the banks' systems have some inteligence and recognise, then trust, transactions one does regularly. Just a hunch!

Quote:

Originally Posted by diyguy

When I took up the issue with Axis Bank, they told me this exact same thing.

It's funny they should say that, because this was my first international transaction, so can't really say this is a kind of transaction I do regularly.

I guess the only way to be safe is set a limit or block international transactions completely as everyone has pointed out, and enable when you need to buy something.
Again, depends on how convenient this whole process of enabling/disabling is.

[binand]

Quote:

Originally Posted by Rohan24

I just bought a dashcam from aliexpress using an international debit card, and the payment was completed without any OTP or any other security code! My concern is, shouldn't they be asking for an OTP
This is scary because anyone who gets hold of a card can simply enter details and spend!

Actually, all the OTP system achieved is that certain kinds of workflows are difficult or impossible now. You cannot leave a card on record for recurring payments (eg: a subscription), for example. Your ability to change your mobile number is severely restricted. You lose your phone, and well.

Quote:

Originally Posted by rajivr1612

The precaution that I have always taken for my debit and credit cards is to scratch out the CVV as soon as I receive the card. This way even if it is stolen it cannot be used for any online transaction.

Ditto here, though not "as soon as". It takes me a few days to memorize the card number and the CVV2. :-)

Quote:

Originally Posted by audioholic

But now, POS transactions abroad are now being done via the PIN authentication method.

"Abroad" is a broad term (pun intended). All it takes is one country/bank/merchant to not do it, and the whole edifice crumbles. The UK (I believe) was the first to go live with the Chip n Pin system; but for long they still had combined pin-reading and swiping POS devices because well, all the tourists that came to London didn't have chip-enabled cards.

Quote:

Originally Posted by Thad E Ginathom

there was an additional password thing called, I think, Verified By Visa for online transactions using my RBS Visa Debit card.

And a corresponding offering from MasterCard called SecureCode. VbV and SecureCode are opt-in, though (sometimes mandated by banks or regulators).

Quote:

Originally Posted by Rohan24

It's surprising how no protection is offered for international transactions.

Ultimately, credit cards are far safer than PayTM and other payment options. Some merchants try to take shortcuts, and when that goes out of control stuff hits the fan. And despite all the OTP and other stuff that RBI here has done, I find pretty much every payment gateway nowadays default to "store this card for faster checkouts" everywhere.

[Thad E Ginathom]

Quote:

Originally Posted by binand

... ... And despite all the OTP and other stuff that RBI here has done, I find pretty much every payment gateway nowadays default to "store this card for faster checkouts" everywhere.

And despite never wanting this, Amazon, at least, has caught me out and stored my card.

Whilst there are some sites that say they are never privy to the actual card details, we can never be sure of anything.

It always "amuses" me that my phone pouch has a space for storing cards. That's like putting my name and address on my keyring! I would never keep my phone and cards even in the same pocket, let alone directly together.

[binand]

Quote:

Originally Posted by Thad E Ginathom

And despite never wanting this, Amazon, at least, has caught me out and stored my card.

I actually don't mind Amazon (and a few other sites) storing my card details. At least they have the inclination and know-how to do it the right way.