SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
26 Feb 2015

Some dangerous peculiarities in the way plastic cards work

Earlier, we wrote a lot about different skimming techniques, different ways of compromising bank cards, and flaws in new secure credit cards that lets hackers steal money. Now let’s talk about the less apparent dangers that run the risk of remaining unnoticed by the majority of users.

We will relate stories about risks attributed to cross-border payments, as well as some inherent flaws found in payment systems. Many think that indicating a CVV code (3 digits printed on the reverse side of a card) is necessary for processing any online transaction.

However, some online shops provide an opportunity to avoid this step, and do not transmit the secret code to a payment gateway. We asked Sergey Dobrinyuk, director for R&D in the department of business development at DiaSoft, to comment on this fact: “The following credentials are usually submitted: card number, expiration date, cardholder’s name embossed on the card and the CVV code printed on the reverse side of the card.”

“However embossed cards (the ones having letters visibly protruding above the surface), which are more frequently used when paying online, are, in general, of a higher class, whether it is Visa Classic, Visa Gold etc. A bank that issued the card, is handling the check of the client’s identity and their purchasing ability. This is why in case of low-value purchases, the seller might just verify the card number and skip authorization, as he is sure the client is a worthy buyer.”

This is what we call “floor limit”. With some banks and some shops this floor limit might reach as much as $1000”, Dobrinyuk said. According to the expert, on emerging markets this awe before the ‘worthy’ client is not that prominent, and the payment system would, generally, employ more security levels, but there are no shared policies on card credentials — each online store can establish its own rules.

“All transactions completed remotely, without a PIN code or a 3D Secure certificate, might be disputed by a user. Should you have any doubts about the legitimacy of the transaction, just file a charge back complaint at the bank, and the money would be returned to you at the end of the investigation”, Dobrinyuk said. Dobrinyuk recommends users rely on online stores which employ a 3D Secure standard (“Verified by Visa” and “SecureCode” for Visa and MasterCard respectively) for online transactions — it is a two-factor authentication which requires you to enter a one-time passcode sent via message or printed on the ATM receipt.

Unfortunately, the store is the one deciding on whether an additional security level should be deployed in their payment system. Even if your card is protected by 3D Secure, the store might just skip this step. Using virtual cards also helps to increase the level of protection. They have a very limited validity period and can contain only small sums of money.

In case of a breach, payment credentials of your primary card would not leak into the wild. As you can see, it is not a good idea to present your card number to anyone. If a culprit lures you into passing him over the cardholder’s name and the expiration date, it’s a piece of cake for them to steal your money — even without a CVV code. The good news is that in this case, you can file a charge back. Bad news is, you need to detect the fraudulent transaction and act promptly.

Cross-border payments

Due to currency fluctuations, one might experience problems with cross-border online payments and money withdrawals when abroad. One of the major risks here is an unfavourable exchange rate. “Conversion in this case might be applied up to four times: on e-commerce platform’s terminal, in the acquirer bank, in the payment system and in the issuing bank”, Dobrinyuk warns.

Fees are applied at each of these stages, but the cardholder usually sees them as a conjoint sum which might or might not be included into the total cost of the purchase. “Honestly, without a detailed insight into the payment system’s and the bank’s fee structure a common user would not understand how the whole concept works. My piece of advice here is to shop at the supplier who charges less”, the Dobrinyuk said.

It can happen that the card is charged later than the payment is processed, as the shop might be liaising with its bank once every few days or even weeks (policies employed by payments systems allow for up to 45-day delay). It is due to this delay, combined with sudden change, that the card may be charged at a less favourable exchange rate.

This is the situation many Russian cardholders are dealing with at present when shopping in overseas online stores or withdrawing cash from ATMs while abroad. If you have to process large sums of money in such circumstances, we’d recommend you not. An overdraft in this case is quite likely. It might sound strange, but debit cards with no overdraft allowed pose a higher risk as a ‘technical’ or ‘restricted’ overdraft is applied in their case, with banks charging cardholders a penalty up to hundreds per cent annual interest rate.

Electronic use only

There is one common misbelief about VISA Electron and other entry-level credit card products by different payment systems. Such cards are not embossed and have a disclaimer printed on its face: “ELECTRONIC USE ONLY”. Many people mistakenly consider that such a card cannot be used for online transactions, however, it is up to the issuing bank to decide. Payment system policies do not restrict online operations for such cards. To put it simply: online scammers can steal money from an entry-level card as well.

Protecting against conversion

Some banks offer multi-currency cards, with their holders having an opportunity to vary the currency used for transactions. Should you travel to Europe, take EUR as your primary currency, or USD if you travel to the US, respectively, etc. This is the easiest way to avoid conversion. There are some tips for you to follow in order to protect your credit cards.

If you use your bank card abroad with fixed currency as it is often the case, then VISA, Mastercard or any other payment system establishes its internal exchange rate. The surplus then is relatively small: some per cent or even less. The highest surplus is characteristic of ATMs, third-party payment systems (PayPal, for instance) and POS-terminals, which offer to process the transaction in your native currency and not the currency indicated on the price tag.

It’s hard to comprehend that on the spot: you need to spend some time on careful calculations, remembering all up-to-date exchange rates for all currencies, fees, etc. Just take our word on it: in most cases, it will mean overpayment, which might be quite high. Say no to such appealing offers and pay in the currency indicated on a price tag or necessary in the country you happen to be in.

The simple truth here is that bank cards, as well as the methods of charging them, were invented almost half a century ago and are by no means flawless. Technical solutions offered by payment systems are not 100% convenient and are bound to offer more profit to the seller and less security to the buyer. But on developing certain skills, you could mitigate your risks: be cautious and mind the tricky peculiarities.

Tags:
fraud password credit cards
Source:
Kaspersky Daily
2167
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015