Team-BHP > Shifting gears


Reply
  Search this Thread
2,133,643 views
Old 15th October 2016, 15:53   #2236
Distinguished - BHPian
 
arunphilip's Avatar
 
Join Date: May 2007
Location: Bangalore
Posts: 1,988
Thanked: 6,167 Times
Re: How to deal with credit card scam ?

Quote:
Originally Posted by Haste View Post
My friend was scammed into giving my credit card information over phone. I know he shouldn’t have given away his credit card information and multiple OTPs which he recieved on his phone
Was it your credit card or his that was compromised?

Could you also shed some light on how this scam happened - if only to educate the rest of us? It seems like some social engineering attack.

As noopster has said, the two-factor authentication provided by the OTP will indicate that there is no credit card fraud (i.e. not an unauthorized charge), since it is the card holder who has willingly paid for some goods/service; but that turned out to be fraudulent.

Unlike countries like the US, we don't have credit card protection where if you're dissatisfied with the goods/service, you can "hold" the credit card payment. So the bank issuing the credit card is totally out of the loop once your friend authorized the transaction with the OTP.

Quote:
Originally Posted by Haste View Post
Also I looked at some of KYC forms, they seem poor people whom I guess too would have been scammed into giving their ID proofs.

What additional steps can we take to further our cause ? They also might have a part in fraud KYCs.
Coming to the bank into which PayTM credited the funds: first, check with someone who knows these things better (e.g. auditor, tax lawyer), and see if you have grounds to raise a complaint with the RBI's Banking Ombudsman. Their FAQs are here and their online complaint form is here.

Realistically, I think its best to accept this as a harsh and expensive lesson, and move on. If any good comes of it in terms of funds recovered, treat it as a bonus.
arunphilip is offline  
Old 15th October 2016, 18:05   #2237
Senior - BHPian
 
Join Date: Dec 2008
Location: Bangalore
Posts: 3,533
Thanked: 5,477 Times
Re: How to deal with credit card scam ?

Quote:
Originally Posted by Haste View Post
Can we sue PayTM since they are also culprits in a way as we had notified them as same day when it happened but they don’t have any live phone number where can talk to people directly, so all we could do is send them email for which they took 2 days to respond and all the money had transferred by then. They also might have a part in fraud KYCs.
You can do that, if you want to throw another 2-3 lakhs beyond the 2 lakhs that you already lost. To prove that they are culprits, you need to prove their culpability. Best of luck doing that in this case.

Btw, this page on PayTM's website lists several phone numbers for contacting PayTM.

Quote:
Originally Posted by Tapish View Post
As for KYC, any bank/ financial institution does not have the responsibility to verify beyond KYC. If you give a PAN card that matches the name on the account and that largely matches the photograph- that is pretty much it.
This is not accurate. Banks have fairly stringent KYC norms to follow. At the very least, the OP can make some things quite unpleasant for some officer of the bank in this case.

Quote:
Originally Posted by gupta_chd View Post
Some awareness advertisements/ campaigns should be run by govt on TV so that this menace can be tackled
I see SBI and associate banks advertising on TV about these scams. My other banks have been emailing and snail-mailing stuff too. It is not as if there aren't any awareness campaigns run by banks; it is just that the customers are, not to put too fine a point on it, idiots.

Quote:
Originally Posted by noopster View Post
The whole idea is that your credit card can only be authorised for online payment AFTER you have entered the second factor which in this case is linked to a message received on your registered mobile phone. When this was first introduced in India I thought it was an unnecessary headache. But given the number of online transactions I routinely perform, am really thankful for the wisdom of our lawmakers now. It's virtually fool-proof.
Well, not fool-proof as we have seen already. :-) To quote Douglas Adams, "A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools".

Btw, these OTP-based systems don't exactly match the 2-factor model; many of them are of a category "Wish it was Two-Factor" as exemplified in this case.

Edit: One more thing - banks could put a stop, or greatly reduce this sort of thing if they put their mind to it and not worry about the cost all the time. Instead they lobby for these sort of misguided two-factor implementations so that the cost of any misuse can be completely dumped on the customer.

Last edited by binand : 15th October 2016 at 18:07.
binand is online now  
Old 16th October 2016, 16:58   #2238
BHPian
 
jayded's Avatar
 
Join Date: Jan 2010
Location: TVM, HYD
Posts: 564
Thanked: 548 Times
Re: The Credit Card Thread

With HDFC severely devaluing all their cards, I've decided to use my Superia card less often and signed up for a new IndusInd Platinum card. The offers on the card looks really good and much better than the HDFC card I'm holding. The fact that it's a lifetime free and no minimum spend limit card, made it a no-brainer for me. Waiting to get my hands on it.
jayded is offline  
Old 17th October 2016, 10:37   #2239
BHPian
 
Join Date: Jan 2008
Location: Pune
Posts: 39
Thanked: 2 Times
Re: How to deal with credit card scam ?

Quote:
Originally Posted by noopster View Post
I am in fact extremely curious what persuaded your friend to share a transaction password over the phone with a third party, presumably unknown to them.
They tell a story that reward points are there on your card and they will convert it to statement credit, also another offer through cashback will be earned on future transactions, but for that they need to reduce credit limit.
They tell you will receive some transaction messages as they will reduce credit card limit. Also they need the OTP to authenticate the transactions. Once you give OTP they tell it didn't go through, share again and like that...

The thing is, they sound very professional and also they have some details already that you were sent a new credit card recently as older one expired (this information is sourced via courier companies I guess) and approx credit limit and reward point balance ( i guess they could be making a wild guess).

You are right, and as others said the OTP system is kind of fool proof, however there are people who aren't that aware or can be persuaded easily. This scam is fairly common, police told that there are large call centers in Delhi/NCR involved in same practice and all of them use PayTM or some digital wallet as intermediate :( , since its easy way to charge a card. See below link, its getting more and more common:

http://www.business-standard.com/art...0400746_1.html


These story vary, sometimes they tell you will get personal loan at reduced rate (sourced from bankbazar or policy bazar or others), or sometimes even worse they tell people you will get a job through there special services for unemployed (which information can be easily sourced from job portals).

If it is getting so out of hand, paytm should take some steps to reduce it, like if they just put a hold of some days that when you charge a card, you can't withdraw for like 3 or 5 days to bank, the scam will reduce.
Otherwise they can just beef up customer support for security cases like provide a live person for that (duh).
Haste is offline  
Old 17th October 2016, 10:48   #2240
Distinguished - BHPian
 
arunphilip's Avatar
 
Join Date: May 2007
Location: Bangalore
Posts: 1,988
Thanked: 6,167 Times
Re: How to deal with credit card scam ?

Quote:
Originally Posted by Haste View Post
Also they need the OTP to authenticate the transactions. Once you give OTP they tell it didn't go through, share again and like that...
Ah, I see the problem. When an OTP is used on the Internet, the payment is routed through a standard page to verify the OTP (for my IndusInd card, it goes through Arcot, I presume its the same or similar for other banks). All payment gateways based in India have implemented this, so it just works transparently and seamlessly.

However, on the phone, OTPs are meant to be entered via an IVR system where you have to type the OTP on the keypad for the touch tone to be recognized by the IVR system. Unfortunately, this doesn't appear to be common knowledge for customers, so they think its safe to provide an OTP over the phone.
arunphilip is offline  
Old 17th October 2016, 11:21   #2241
BHPian
 
Join Date: Jan 2008
Location: Pune
Posts: 39
Thanked: 2 Times

Quote:
Originally Posted by binand View Post
You can do that, if you want to throw another 2-3 lakhs beyond the 2 lakhs that you already lost. To prove that they are culprits, you need to prove their culpability. Best of luck doing that in this case.
lol that quote is too funny

We did not see that page, all we saw was paytm IVR helpline number in customer care which just tells to send email

It's not bank KYC, its paytm KYC which has dhodu.com stamp (online dhobi website ). But none the less, we have told same information to police, hope they follow up with them (although not expecting much from them, judging by their attitude), don't know what are our options to follow it up on my own for this ?

Quote:
Originally Posted by arunphilip View Post
Was it your credit card or his that was compromised?
It's friends. If it had been goods/services it might have been recovered as it takes time to deliver. However through these digital wallets, it has given any person the power to charge a card and transfer it to bank immediately, it is too risky.

Thank's for RBI's link, i'll try if something comes out of there.

Last edited by ampere : 13th November 2016 at 17:52. Reason: Back to back posts merged
Haste is offline  
Old 17th October 2016, 12:57   #2242
Senior - BHPian
 
BenjiRoss's Avatar
 
Join Date: Jul 2008
Location: Tamilnadu
Posts: 1,066
Thanked: 1,330 Times
Re: The Credit Card Thread

Quote:
Originally Posted by jayded View Post
With HDFC severely devaluing all their cards,
I've got a regalia and am looking at other options too after points get devalued. My main issue with Regalia redemptions of points is that it doesn't allow postpaid payments for mobile a d their travel portal is priced higher than most other travel websites for hotel bookings.
All other vouchers and redemption options are overpriced.
Any further devaluation from present rates will not be good.
BenjiRoss is offline  
Old 17th October 2016, 13:14   #2243
BHPian
 
jayded's Avatar
 
Join Date: Jan 2010
Location: TVM, HYD
Posts: 564
Thanked: 548 Times
Re: The Credit Card Thread

Quote:
Originally Posted by BenjiRoss View Post
I've got a regalia and am looking at other options too after points get devalued. My main issue with Regalia redemptions of points is that it doesn't allow postpaid payments for mobile a d their travel portal is priced higher than most other travel websites for hotel bookings.
All other vouchers and redemption options are overpriced.
Any further devaluation from present rates will not be good.
Exactly. Their rewards redemption is not that great. I am redeeming all my points before November deadline. Already redeemed a 1TB WD Hard-disc. Still another 2000 odd points to redeem. After November, the value is being almost halved.
jayded is offline  
Old 20th October 2016, 18:11   #2244
Distinguished - BHPian
 
condor's Avatar
 
Join Date: Jun 2006
Location: Speed-brkr City
Posts: 15,845
Thanked: 15,969 Times
Re: The Credit Card Thread

May have been posted before, but still :

When any bank's agency / rep calls offering a specific card, you can always ask for any other card of that bank. Something where the benefits are more in line with your usage.
condor is online now  
Old 1st November 2016, 10:23   #2245
Distinguished - BHPian
 
Join Date: Sep 2008
Location: --
Posts: 3,549
Thanked: 7,235 Times

My HDFC card expires in next couple of months. They sent me an automated email mentioning the same. Since I don't want to continue it, I simply asked them to not renew. Turns out, one can't simply do that .

I have to either reject delivery or send them the cut card to cancel it. Don't know why would they want to bear the renewal and shipping cost when I am informing them in advance that I don't want it.
Dry Ice is offline  
Old 1st November 2016, 13:01   #2246
Senior - BHPian
 
msdivy's Avatar
 
Join Date: Aug 2006
Location: Bangalore
Posts: 1,815
Thanked: 2,825 Times
Re: How to deal with credit card scam ?

Quote:
Originally Posted by binand View Post
Btw, these OTP-based systems don't exactly match the 2-factor model; many of them are of a category "Wish it was Two-Factor" as exemplified in this case.
Secret questions aren't 2-factor authentication . But isn't OTP 2 factor?
1st factor: One which user knows (bank username & password)
2nd factor: One which user has (his/her phone, number registered with bank)

Quote:
Originally Posted by Haste View Post
They tell a story that reward points are there on your card and they will convert it to statement credit, also another offer through cashback will be earned on future transactions, but for that they need to reduce credit limit.
Golden rule of online security: Never accept anything, unless you specifically went for it. This applies (but not limited) to,
1) Somebody you never knew wanting to transfer money into your account
2) Some web popup wanting to install some application
3) Somebody, you don't know, trying to sell you something, without any offline interaction.

My card tips:

1) Between using debit & credit for shopping, always use a credit card. Credit card usage improves your credit score, which will benefit when getting a loan. Some cards come with fraud protection, which can be reported to the bank and they will mostly reverse it, and insurance cover for outstanding amount if case someone cannot pay for valid reasons. Note that never buy items on your credit card that you can't afford to buy with your debit card.

2) Between using debit & credit for withdrawing cash, always use debit card. This is the only purpose of debit card . In case you had to withdraw cash on your credit card, transfer that amount to credit card ASAP.

3) Get a credit card where you can easily make the monthly payment. Usually, it is easier to make payment if the card is linked to your savings bank. You might be tempted to get a card with attractive offers (like movie ticket free & so forth). Note that these offers are for a limited period and when they expire you will be left with a useless card, which you to run pillars to get it canceled.

4) Some organizations require your card number for auto debiting periodically (like magazines, insurance payment, etc). You can share the card number with caution, but never ever share the CVV number.

Last edited by msdivy : 1st November 2016 at 13:03.
msdivy is offline  
Old 1st November 2016, 20:01   #2247
Senior - BHPian
 
Join Date: Dec 2008
Location: Bangalore
Posts: 3,533
Thanked: 5,477 Times
Re: How to deal with credit card scam ?

Quote:
Originally Posted by msdivy View Post
But isn't OTP 2 factor?
1st factor: One which user knows (bank username & password)
2nd factor: One which user has (his/her phone, number registered with bank)
The second factor, "that which the user has", is technically supposed to be the SIM card (not phone). Two problems make it wish-it-was-two-factor:
  1. Due to lax issuance procedures, possession of the SIM card does not signify authentication (crooks can obtain SIM cards in my name).
  2. Due to the relative long lifetime of the OTP (15 mins minimum), possession of the SIM card at the time of authentication cannot be guaranteed.
#2 is what happened in this case, but #1 is also amply documented in the press (see, for example: http://timesofindia.indiatimes.com/a...w/55022507.cms).

These two lacunae in the OTP model followed by our banks severely compromise the 2-factor authentication they want to practise.

I like TOTP-based authentication with a mobile client as "poor man's 2FA", because it adequately addresses both the issues above. To mitigate #1, it depends on the mobile device and not the SIM card, and #2, it has OTP lifetime of only about 1 minute. It has a somewhat cumbersome enrollment procedure, though - which could fail at scale. Yet, in my view banks make a lot of money off us; so they need to fix these issues or invest in true 2FA systems (like Yubikey or some such).

Last edited by binand : 1st November 2016 at 20:05.
binand is online now  
Old 13th November 2016, 17:49   #2248
Senior - BHPian
 
SilentEngine's Avatar
 
Join Date: Jan 2008
Location: KA19,KA04
Posts: 1,167
Thanked: 735 Times
Re: The Credit Card Thread

Quote:
Originally Posted by rdst_1 View Post
Guys who are using HDFC Regalia, are you guys not perturbed by the fact that they have now stopped giving reward points for fuel purchases.
HDFC now claims to give 5x reward points on all BP fuel transactions with HDFC POS terminals till March 2017. I am yet to try this.

I had stopped using my HDFC credit card for fuel. I use Citi if at Indian Oil and HDFC debit card everywhere else. Recently used Amex at HP because of 3% cash back, so that's a good option now for HP.
SilentEngine is offline  
Old 16th November 2016, 15:54   #2249
Distinguished - BHPian
 
Join Date: Sep 2008
Location: --
Posts: 3,549
Thanked: 7,235 Times
Re: The Credit Card Thread

Any recommendations for a good cashback card? I used to have a HDFC one, which reduced the cashback drastically, so I did not renew it post expiry. Major uses for me are automated utility bill payments, fuel occasionally and some shopping once in a while.

PS: Closing the card was another experience in itself, the customer care is almost illiterate!! They don't understand a word of what is written in emails, and what the customer is requesting
Dry Ice is offline  
Old 17th November 2016, 07:26   #2250
BHPian
 
avingodb's Avatar
 
Join Date: Sep 2011
Location: Delhi/Mumbai
Posts: 682
Thanked: 696 Times
Re: The Credit Card Thread

Recently I shopped at one of the In and Out outlets and paid using my credit card. To my utter surprise, there was a petrol surcharge of 16 rupees on my credit card in the next statement. When I went and asked the store manager he coolly says that I should have used HDFC credit card. I told him its his work to not take a separate line of cards for the shop!
avingodb is offline  
Reply

Most Viewed
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Copyright ©2000 - 2024, Team-BHP.com
Proudly powered by E2E Networks