[wrongturn]

Quote:

Originally Posted by rajeev k

It now becomes imperative to scratch the CVV off after memorizing it.

And even better to save a memo in your mobile phone (or as a draft in mail, or as a screen shot in google drive) in a discreet manner in case of multiple cards.
For example, following is the method I have been using:
1.RJ 123IC 1234 (123 is CVV, IC is for ICICI and 1234 is the ATM PIN)
2.RJ 456SB 7890 (456 is CVV, SB is for SBI AND 7890 is the ATM PIN)

That way you won't forget the CVV after erasing it.

[vibbs]

Quote:

Originally Posted by apachelongbow

In my card, the moment I make a transaction which seems out of place (say a different country, different cities or some extremely high amount), I get a voice call by a bank officer verifying if I have done that transaction. Incase its a fraud, the transaction is reversed and the card will be blocked. Also I get sms for each transaction and card is chip enabled with a pin. I wonder why all cards can't be like that?

I started getting this after the fraudulent transaction. I even got a call to verify this the moment I swiped for paying my wife's hospital bills after my daughter was born.

I was amazed by the speed of action. Probably due to the amount as well.

[Dry Ice]

International transactions need the card number, expiry and CVV, no need of PIN or OTP. While scratching off the cvv is a good way to ensure the details are not recorded physically from the card, but it doesn't save you from leaks happening from online portals where you might have used or saved this card.

Off late, I have been hearing of too many Citi credit card frauds even in my organisation. While the other banks' card do get misused, more than 80% of the cases are reported by Citibank users. I wonder what's brewing at Citi.

With HDFC credit cards, at least, you have the option of completely disabling the international transactions, so that gives you a little peace of mind. And it's a simple thing to do via netbanking, no need to contact customer care. Not sure if any other banks offer this facility?

[DejavuTrip]

Not exactly credit card but involves Citibank Bangalore. Happened a couple of months ago http://www.thehindu.com/news/cities/...le19589118.ece May be you too need to reach out to the police as in this instance. Good luck.

[atulsian]

On 23 October, my colleague went through the same fraud. His CITI card was used on a google account and 15k was spent on it. Luckily, he called up the bank in 15 minutes post the transactions and citi blocked his card and removed all the transactions.

I'd suggest Samsung users to shift to Samsung Pay (if your current phone supports it). I've been using Samsung pay from the day it was active in India and till now I haven't swiped my physical credit card. The main benefit of using Samsung pay is that it generates a new random card number from the actual card and is token based. If someone even tried to skim( Skimming is replicating your actual card on a new card by reading the magnetic strip) my card , he will not be able to use it on other machines as the token is limited to one transaction.
Samsung pay works on 99% of the machines I've tried. Everyone seems to be amazed when I swipe my phone over the machine

[GTO]

Just thank your lucky stars that it was a credit card (bank's money) and not a debit card (your money). That's why I have ZERO debit cards on me.

I wouldn't hold the petrol pump guilty until proven. It could be that your card details were skimmed earlier, and the timing was a coincidence.

Quote:

Originally Posted by gkveda

He filled my bike tank and collected my card as well.

Then, he brought the swiping machine

Don't let him go anywhere with your card. Either ask him to bring the swiping machine to you, or you should walk to the machine.

Quote:

Originally Posted by rajeev k

It now becomes imperative to scratch the CVV off after memorizing it.

Great tip, thanks!

Quote:

Originally Posted by batish

You have zero liability if you report these transactions within 3 working days.

. And there's a reason for that I'm guessing. The merchants (where the card was used) aren't reimbursed by the banks immediately, so they can always cancel the fraudulent transaction.

[s_pphilip]

Quote:

Originally Posted by gkveda

....
Now, I am not sure what is the next step. ...

Me and my wife (then fiance) were victims of a similar scam and both our debit cards had multiple fraudulent transactions recorded in a single day in Jan 2016, it was an organised ATM fraud, (there were many other victims too according to the bank), the amount totaled about 1.5 lakhs, the cards were ICICI and the ATM used too was ICICI's located in a prominent housing locality in Porvorim, Goa, since ICICI was my everyday bank, they assured me that its the banks liability and the bank is insured against such fraudulent transactions and I will be reimbursed the total amount, I was asked for a written complaint and since the transactions occurred overseas, I had to specifically state I was in Goa, it took about 45 to 60 days but we both were reimbursed the amount in full. In fact my wife traveled oversees the next week and I had to ask her to courier me her complaint letter which I then submitted.
I am not expert in banking matters and others could help you with the rules, but you need not worry, ask your bank what needs to be done and register a complaint accordingly.

Quote:

Originally Posted by batish

Don't worry. You have zero liability if you report these transactions within 3 working days. Get it from the bank in writing that they have received your complaint.

RBI Notification

That's right, even I recently read that according to banking rules, RBI holds the bank responsible to repay every cent.

[drive2eternity]

Thanks GKVEDA for highlighting this to all of us.
Hope you have Zero financial loss.

I have a some what different experience with my Corporate Credit Card.
If I use my Corporate Card anywhere, I am asked to enter a 6 digit PIN to confirm the transaction. All well here.

When I am supposed to travel on assignments, the travel desk of my company books the tickets/ hotels etc.
All they need is my Corporate Card number. They don't have my CVV nor my PIN nor any OTP. Just an email from me and the bookings get done.
I receive SMS confirmations for all the transactions.

Wonder how this happens. Mind you, these transactions are both domestic as well as International. So the domestic ones should comply with RBI rules, right?

Edit: Just remembered another case.
If I use my personal 'chip' type credit card while in the air to buy meals (eg in Indigo), they swipe it instead of inserting. Then, the transaction is completed. Without a PIN/OTP/any other authentication. Once we land, I get a SMS that "the transaction was processed without OTP (2nd factor auth) prescribed by RBI. For queries, please contact customer care"

[theexperthand]

After reading about the skimming scams, I have installed Skimmer Scanner and off late, use this before I scan my card in any unknown areas.

The GitHub for this app is: https://github.com/sparkfunX/Skimmer_Scanner
An Excellent article by the author about how the skimmers work: https://learn.sparkfun.com/tutorials/gas-pump-skimmers

--Anoop

[ajitsank]

Quote:

Originally Posted by petrolhead_chn

1. Pardon my ignorance but Agoda is an online booking portal for hotels, travel, etc., Using the card on that portal must mandate an OTP to post a successful transaction. OP hasn't received any OTP for the Agoda transaction and yet he received a successful transaction text SMS which indicates that either the transaction must be a human or server error or the card must have been used in any affiliates of Agoda hotels which again is not possible without having a original card or morphing another card with the details in magnetic strip. Phew!

As Per all my bookings in Agoda, the site never ask for OTP. You punch in your Card Number, expiry date and CVV number and it is done. In most cases it does not even ask for CVV number

[govindremesh]

Quote:

Originally Posted by paragsachania

OTP or 2 factory authentication is something mandated by RBI for merchant transactions in India only. Anywhere else you just swipe your card and money goes away instantly. Netflix, Aliexpress are other everyday or common examples where we never enter any Internet Banking Password or OTP to authorize, all that it needs is just card no, expiry date and CVV.

Quote:

Originally Posted by Nonstop-driver

As wrongturn said, international transactions don't need an OTP.

Quote:

Originally Posted by wrongturn

OTP is not required in case of international transaction.

While these statements hold true for transactions in the past, I was asked for 2nd factor authentication (Verified by Visa/MasterCard Secure code/OTP) when I paid my brother's test fee for TOEFL exam two weeks ago (USD transaction with a merchant in the US). I remember that in late 2015 when I paid my GMAT/TOEFL test fee, there was no 2 factor authentication for international transactions, but it was present for domestic transactions.
I think the system has now changed and one needs to have a 2 factor authentication for any transaction. But it might be bank specific as well!

As for the fraud, I always make it a point to get out of my car/bike to not only check if the fuel dispenser is set right, but also to ensure that my card never goes out of my sight from the time it comes out of my wallet to the time it goes back in

[sandeepmohan]

Fraud of this kind is everywhere and the thugs just keep getting smarter at swindling us. The risks are much higher if you have one of those contactless cards.

Akar IOC Service station in Cooke Town is where I used to fill gas for almost a decade. One of the few customer friendly pumps and the owner is quite involved in the operations. They have been careful with who they hire too as attendants. At this pump, there is nobody holding the card swipe machine nor will the pump attendant take your card to do you a favor. You have to get off your motorcycle or car and go with the attendant to the card machine, which is placed right next to the office where the owner is seated. Not that a fraud in ruled out in this case but slightly better in terms of security. A similar practice is followed at all Shell pumps.

I faced something similar though this was online. I purchased a Recommended Components Hi Fi magazine from Stereophile. A reliable source. What could possibly go wrong. All went smooth with the transaction. Similar to your experience, I hear two SMS alerts at around 1am at night. I don't care to check texts in the middle of the night. Two $ transactions. Not a huge amount but still. At a real estate company and at a stationary shop. Called up CITI and blocked the card. I did not have to pay anything towards those transactions. I wrote to Stereophile and reported the issue. I told them that their online portal is not secure. Unfortunately; they could not find any loop holes in security which could also mean they have outsourced the process. I do not believe they investigated this well enough, post which, I decided that they do not deserve my business anymore. As much as I like to buy that book every year, I can't knowing that this could repeat again.

Moral of the story. I don't trust any online portal today no matter how secure they claim themselves to be. Amazon and some other folks maybe an exception.

About time we introduced self service gas stations.

[MaxTorque]

I hope by this time you already received the merchant list where your card was used without your knowledge. You can directly write to them and they will look into the case and cancel the order promptly.

Also, write to Citi Bank and keep everything on records. Normally they will reverse these transactions. After an inquiry.

I had a similar experience with Standard Chartered and HDFC Bank. Both of my cards were used for some transactions (eigh nos) with a total value of 75K. The card was mainly used for Udemy, Netflix and others were with some online stores. After few weeks both Standard Chartered and HDFC reversed the transactions. But you may have to pay them dues to avoid bad credit history. Even you can ask them for exemption.

[nishsingh]

Quote:

Originally Posted by gkveda

...there were more than 10 transactions from various part of the globe in various currencies. ... All these are from various sites like TONYQUINN.com, LVD Fitness,....

Man, that is one fitness-freak card skimmer! No wonder he thought he could get away with it!

[Brumby]

Hello!!

I had been through a similar situation way back in 2012 when there were no PINs for card transactions. The card was an ICICI bank card and they were the most reluctant to help. A request to block the card was taken by the call centre and no other assistance was provided. It was a transaction of USD 1200/- done on Aerosvit (some airline in Russia).

Generally in such cases no one will help you. In my case, police station refused to register a complaint based on the SMS and asked me to come with the statement of the card (which will come at the next scheduled date).

What I did was, filled up a dispute form at the bank branch for the disputed amount (ICICI call centre did not tell me that such thing even exists), registered a complaint with the cyber-crime cell in my city and paid the amount due on my card except the disputed amount. The process took almost 4-5 months and I did not have to pay the disputed amount. During this time I did have to go through the ordeal of attending the "vasooli" calls from the agents of ICICI bank and then a claim for the interest accumulated due to the unpaid disputed amount. A complaint at the local police station was also registered based on the copy of complaint registered with the cyber-crime cell.

Do all the formal procedures required and have patience. Deal with situations as and when they arise and you will not have to pay anything. May be Citibank has a better way to deal with such issues. I remember ICICI bank officials saying that they cannot help me much as USD 1200 is a big amount and I was like , if USD 1200 is a big amount for a bank like ICICI, imagine how big it will be for me

Regards.