Protecting more than your PIN
Payment card fraud has been around for as long as payment cards exit.
Windhoek • Riaan ViljoenInitially bank cards were stolen and used at ATMs and shop check-outs or counterfeit cards were created. As a result, banks have traditionally advised customers to protect their Personal Identification Number (PIN) at all costs. But since the Internet and online purchasing became a viable alternative, card-not-present fraud has escalated at an alarming rate.
According to a 2017 study, it is estimated that global losses relating to card-not-present fraud will reach more than U$70 billion within the next three to five years.
In 2015 chip cards were introduced to replace mag-stripe only cards worldwide. This has helped curb the occurrence of counterfeit fraud, but unfortunately, at the same time it has stimulated card-not-present fraud on the internet, as this became the “easier” way of conducting fraud.
Fraudsters do not need to steal a card any more, they only need the information. All that is required to conduct a transaction on the internet is the information on your debit or credit card – the full card number, known as the Primary Account Number (PAN), the expiration date on the front, and the three-digit Card Verification Value (CVV) on the back. Websites have no way of confirming that the person entering the card information for an online purchase is the actual owner of the card. Therefore, it is important to keep the card information confidential. Even during card-related queries with your bank, the full PAN should never be communicated in any format. Sharing only the first six and the last four numbers of the PAN, known as masking the PAN, is key in protecting confidential card data.
Also:
• Never allow your debit or credit card to be photocopied.
• When destroying an expired debit or credit card, make sure that it cannot be glued or pieced back together again.
• Always keep your debit or credit card within view when transacting at any Point-Of-Sale (POS) device. Never allow yourself to be distracted.
• Do not transact on just any website. Spend some time to research and confirm the validity of a website as a legitimate online merchant with a secure track record.
• Be wary of emails and telephone calls requesting personal or payment card information and never click on links in emails of unknown origin.
*Riaan Viljoen is an Information Security Specialist at the Capricorn Group.