[nec2152]

The requirement of having to enter PIN or OTP is mandated by RBI only for transactions in India. You can still use your Indian bank issued international credit or debit cards for transactions outside India, POS or online, without requiring a mandatory PIN or OTP.

[Nonstop-driver]

Quote:

Originally Posted by chintazz

It is generally very difficult to identify a real bank executive and a fake one.

It is not. A bank executive will never ask for your CVV or OTP.

[lordvader]

I had a similar experience few months back when my citibank card stopped accepting transactions. I called up the customer care and was informed that the card has been blocked automatically due to an out-of-place transaction. The merchant name for that transaction was some Spa which I had never heard of. The cc exec offered to replace the credit card which I readily accepted. It took a few days to receive the replacement card and till then making purchases was a pain. But just imagining the damage that I could have incurred if they had not blocked the card automatically was enough to thank my stars and put up with the inconvenience.

A similar episode with my non-tech savy colleague who never used his cards anywhere, let alone online, left him dearer by 70k. An ATM withdrawal was done in some far-off area in Rajasthan from his card leaving him with very little hope of reversal.

[gkveda]

Quote:

Originally Posted by lordvader

I called up the customer care and was informed that the card has been blocked automatically due to an out-of-place transaction.

Thanks for this input. Is there an option to enable this feature? if this was there by default to everyone, then, am surprised why this feature did not kick-in in my case. In fact, I have 4-5 transactions that have happened abroad and not ONLINE

Let me check with citi contact center to enable if this is available as an option

[lordvader]

Quote:

Originally Posted by gkveda

Thanks for this input. Is there an option to enable this feature? if this was there by default to everyone, then, am surprised why this feature did not kick-in in my case. In fact, I have 4-5 transactions that have happened abroad and not ONLINE

Even I didn't know that they have this enabled. And it was only when I called up the contact center did I get to know of it. Maybe they have deployed some predictive model to flag transactions that do not conform to the pattern.

[Ford5]

I do not get OTP alerts on my Indian Bank EMV MasterCard World Debit Card when I pay for online services like Paypal or donate to providers like Ad-block etc, or swipe at a POS in an international destination like Dubai etc.

I wasn't aware that just the card number & cvv number is sufficient for a payment authorisation when our card's are used online, I'd assumed the name as printed on the Card as it is also required to be entered.

There's a flip side to this incident. Using a Credit ensures your money isn't stolen, but using a Debit card instead of a credit card ensures you get OTP and a Pin, and most standard debit card's & International debit cards issued by banks in India do not get through International transactions. Exceptions ofcourse being the International debit EMV Mastercard World Card. The word "World" on the card ensures it functions like a Credit Card at POS as well as online, which I have used in Dubai to withdraw cash at any Mastercard ATM as well as paid for my hotel stay using the same card.

I'll have to use all my cards with utmost care now. On another note, like most have commented here about Citibank Credit Card fraud specifically I have heard of a slew of HDFC Debit card frauds for payments made to Indian vendors without OTP even being recieved. HDFC's facebook page is littered with complaints of Salary accounts being hijacked and swiped at Indian portals. Seems to me like a inside job, as there have been cases were such cards weren't swiped at all at any POS/used for online purchases, i.e. Brand new accounts being hijacked within a few hours of recieving salary in it.

[lordvader]

Quote:

Originally Posted by lordvader

Even I didn't know that they have this enabled. And it was only when I called up the contact center did I get to know of it. Maybe they have deployed some predictive model to flag transactions that do not conform to the pattern.

Quoting myself, I found this article on fraud detection AI being deployed by citi UK

https://www.finextra.com/pressarticl...ercard-ai-tool

I'm hoping it has made its way to Citibank India as well.

[SanjayDalal]

My two bits worth:
When abroad, I always take a prepaid forex card AND a sufficient amount
of both cash US$ plus a small quantity of local currency (for immediate use).
The US$ are strictly for use in case the prepaid forex card fails for any reason.
Current RBI rules allow you to retain indefinitely, upto max.US$ 2,000/- after returning from a trip abroad, balance has to be sold back to authorised forex dealer.
I also alert both my banks, before each trip, that I will be travelling abroad with exact departure & return dates, and country/countries where I will be going. And I shall be carrying their credit cards, but for emergency use only.
On reaching my destination I use the forex card at large merchant establishments. For small outlets, I ALWAYS use the local cash, and if necessary converting some US$ at bank/moneychanger/hotel where I am staying, if I run short.
For me security and peace of mind is more important then thinking about exchange rates.

As far as India is concerned, I do use credit cards, for larger amounts and at reputed establishments only. Again small outlets only cash or Paytm.

At petrol pumps again, strictly cash, which has become more easy since the new 2000 rupee notes have been introduced. Since I habitually top up my cars' tanks when they half empty, mostly a single note suffices.

The Moral of the Story Is : The more you use your credit card, the greater the chances of fraud happening.

It never fails to amaze me to see people use credit cards at McDonald, cinemas (for buying popcorn) etc even for amounts as low as 200rupees-

No disrespect to anyone.

[Aroy]

I use AMEX where ever it is accepted and have never faced any problems as yet. Where that is not possible, I use Visa, but with a lot of caution, never at small establishments, though I have had occasions where the spend was around Rs.100, and there is no problem at McDonald, Wengers or KFC. What you have to ensure is that the merchant does not see the PIN.

[agambhandari]

For those who have Samsung Pay enabled phones, a recommendation would be to load your card onto it. It emulates a swipe, but sends a unique card number everytime so the merchant machine gets no info about your real card. Essentially you get a burner card at every transaction.

[Sankar]

Quote:

Originally Posted by atulsian

I'd suggest Samsung users to shift to Samsung Pay (if your current phone supports it). I've been using Samsung pay from the day it was active in India and till now I haven't swiped my physical credit card. The main benefit of using Samsung pay is that it generates a new random card number from the actual card and is token based. If someone even tried to skim( Skimming is replicating your actual card on a new card by reading the magnetic strip) my card , he will not be able to use it on other machines as the token is limited to one transaction.
Samsung pay works on 99% of the machines I've tried. Everyone seems to be amazed when I swipe my phone over the machine

Quote:

Originally Posted by agambhandari

For those who have Samsung Pay enabled phones, a recommendation would be to load your card onto it. It emulates a swipe, but sends a unique card number everytime so the merchant machine gets no info about your real card. Essentially you get a burner card at every transaction.

Thanks for this great tip. Much appreciated!
Can others who have used this facility pitch in with their experience? Is it reliable does it work on all POS machines? Do we just tap the phone on the POS or hold it over? Any negatives, issues, security flaws that one should worry about?

My samsung phone is broken on both sides and I am looking to replace it. If this samsung pay works as well then I am thinking of staying with the brand.

[atulsian]

Quote:

Originally Posted by Sankar

Thanks for this great tip. Much appreciated!
Can others who have used this facility pitch in with their experience? Is it reliable does it work on all POS machines? Do we just tap the phone on the POS or hold it over? Any negatives, issues, security flaws that one should worry about?

My samsung phone is broken on both sides and I am looking to replace it. If this samsung pay works as well then I am thinking of staying with the brand.

It works on all 99% of the machines. I'm yet to see a machine which didn't accept it. You just hold it near the place where the card is swiped and it will accept it. It's a proven security and Samsung well known Knox security protects it. Even if your phone is stolen, the cards are useless until he figures out the pin or emulates your fingerprint. It now uses the Bharat QR and also supports paytm payments.

[Red Liner]

Interesting! Is there something similar from google directly? Would love to start avoiding the whole swiping process...have a motorola android phone.

[agambhandari]

Quote:

Originally Posted by Red Liner

Interesting! Is there something similar from google directly? Would love to start avoiding the whole swiping process...have a motorola android phone.

Unfortunately, no

It's a Samsung patented technology (MST) , actually they bought out the company that made it. Other mobile payments like Android pay/Apple pay need NFC payment terminals and are yet to launch in India.

[meetraghav]

Ok. Couple of inputs on this (some might be repeat suggestions):

A. Do not write your PIN anywhere especially never on your card/cardholder. If you must store it, store it in your contacts under some obscure name. e.g. I have created a contact under whom I have saved multiple numbers, one for each card, with the first 6 digits random numbers and last 4 digits are the PIN. So anyone checking it finds a regular 10 digit number.

B. Sign your cards immediately on receiving. This helps you authenticate yourself as the owner.

C. Scrap off the 3 digit CVV code on the back of the card. Save it in a similar manner as mentioned for PIN if you must. In any case, if you use it long enough, you get it memorised.

D. It is now mandatory to issue only Chip based cards in India. All existing mag strip only cards are also to be replaced and a number of people might have already received new cards from their banks. (Now you know why you got a new card without request!). Further, cards in India are issued with International transaction disabled or activated on customer request (in case of specific card types). The same can be enabled once the card is issued. Mag strip cards can be duplicated in a flash on a card reader available for a couple of hundred bucks while chip cards can’t be (at least for now).

E. OTP/PIN is called the second factor of authentication (first factor is the card/card number). Like several people have mentioned, international transactions do not need OTP/PIN as the 2nd factor has been mandated by RBI in India.
To make this clear, if you have a card enabled for international transaction and use it on Amazon.in, it will ask for 2nd factor. Use the same on Amazon.com and the transaction will go through without 2nd factor.
To safeguard yourself, do as under:
1. Don’t use debit card for international transactions. Use credit cards. Credit cards have a safety from frauds which debit cards don’t.
2. Keep the international transaction status disabled. When you have to make an international transaction, just log in to the respective credit card portal and enable it. Once transaction is done, disable it again. The system is instantaneous.
3. For any card enabled permanently for international usage, scrap off the CVV IMMEDIATELY on receiving the card.

F. Keep the credit limit of your cards in check. There is no use keeping a credit limit of 2 lakhs when your monthly bill doesn’t exceed 50,000 at any time. Ask the credit card company to reduce it. You can always get it increased.

G. NEVER handover your card for payment. Swipe/insert it in POS machine on your own. Cover the Keypad while entering your PIN.


These are small steps I can think off which will help in safe digital transactions. Digital transactions are good and convenient once you get the hang of them. This is coming from a guy who uses his cards/net banking for almost 90-95 percent payments.