Share This Post

Startup

How India can minimize credit-card fraud in 60 days!

The news that more than 30crore (~USD 6Million) of credit card fraud is hitting Indian consumers with potentially more to come is most disturbing – not because of the scale of the fraud, but because the industry could take steps to minimize such fraud at a very low cost, relatively speaking.

While the longer-term migration to Chip cards and PIN or Aadhaar-biometric authentication might be inevitable, these are also extremely expensive and impossible to implement overnight.

As someone who has been in mobile payments in India and is currently an investor, I have seen many new and secure and low-cost technologies developed in India that can help address this problem.

Like all problems, there are often incremental solutions where 90% of the value might be obtained with 10% effort – and indeed in this situation, there are several things the industry could do to make things easier and safer for merchants and consumers. All 3 suggestions could be implemented in less than 60-90 days if the industry so chooses! 

1)     Eliminate Landline (un-encrypting) Point of Sale (POS) terminals immediately

The first generation of POS terminals read card data on the magnetic stripe when it was swiped and transmitted them without encryption over landlines. Skimming fraud can happen in such cases merely by tapping the phone-line, without even the Merchant knowing it, and a clone of your credit card can be manufactured and used in a different part of the world within 30 minutes. This risk can be eliminated by replacing all existing un-encrypting POS terminals with encrypting terminals. While this may appear expensive, the emergence of the low-cost but extremely secure encrypting Mobile POS terminals – already available in India via Citibank, HDFC Bank, ATOS, YesBank, State Bank of India & American Express at a sub-1000 rupee price-point – makes this an incredibly simple and affordable solution for merchants to adopt.

2)     Restaurants introduce Pay @ Table – ideally with the consumer swiping the card

A second variation of Skimming fraud happens at restaurants or wherever you give your card to a waiter – the waiter can procure a skimming device and copy the magnetic stripe data that is subsequently cloned. In today’s portable device world, such practices should be eliminated. We have to move away from the “folder” to a “Pay @ the Table” model – this ensures that the card never leaves your sight. Once again the Mobile POS terminals can minimize such fraud risks.  Today a few restaurants are beginning to use this as a tool to reduce their risk while reassuring consumers.

3)     Turn OFF my card when I am not using it!

While the first two points are on the merchant POS side, the third suggestion revolves around the consumer side. The credit card industry has always worked with the model that a credit card has got to be easy to use. However banks have got to offer the consumer the option of a simple “ON/OFF” Switch when they want to do a transaction. One approach is to use a simple technique like a Missed Call from the registered mobile number to turn “on” the credit card for say one transaction or 15 minutes. In other words, as a consumer, when I have to pay my bill, I pull out my mobile phone and dial a number. I then hand my card to the retailer and everything goes through. However, even if someone has skimmed my card, they can never use it unless my mobile phone “pre-activates” the card. Over time, a smart-phone application could perform the same task. This will ensure that no thief can use my card on the Internet or at the POS, whether domestically or internationally.

These three simple approaches can indeed reduce risk to merchants and or and reassure consumers that their Credit or Debit Card is indeed the safest way to pay at the till or at a gas station or at a restaurant. The low-cost and speed with which these solutions can be deployed make further delays unacceptable.

Would love to hear your views.

About the Author: The author, Sanjay Swamy is currently Managing Partner at AngelPrime Partners, an early-stage investor. He was previously CEO of mChek and served as a volunteer on Authentication & Payments for the Unique Identification Project. He is an active proponent of electronic payment transactions. He can be followed on Twitter @theswamy 

Disclosure: Sanjay Swamy is an investor in ZipDial and Ezetap.

Comments

Share This Post

8 Comments

  1. sanjay… i totally agree with you on pay@table – makes so much sense (even though it’s not discrete when you are entertaining guests/biz associates) – in that case the host could merely get up and swipe the card, personally, aside….

    an interesting read. many thanks!

  2. point 2- pay at the table is something thats already being done internationally and I see no reason why it cannot become a norm in India. excellent suggestion. in fact, people who have visited apple stores abroad will know that most of the retail staff in the store is equipped with these mobile pos/modified iPhones to enable a smoother purchase experience. 

    point 3- turning on and off your card. I am not quite sure how this will work. what if someone clones my phone and gives a missed called to the designated number using my cloned phone if he already has access to my card details? 

  3. Not to come out as a spammer, but my startup Eashmart, does not even need 60 days to prevent all kinds of Card fraud. Do check it out! I appreciate any feedback!

    Its at https://www.eashmart.com

  4. Why use a card et all ? Most of us have smart phones , what square did in collaboration starbucks is revolutionary

  5. exactly what Eashmart is doing Tejas.

  6. The missed call has to originate from your registered mobile number with the bank. For this to happen, someone would have to both get possession of your card and skim it, and also get possession of your mobile.

  7. Here are my views as someone who studied POS payments at a large bank in my previous job and mobile payments out of curiosity.

    The credit card fraud business is more than 20 years old. However the frauds still survive post awareness. What might be more pertinent than the statistics or parameters of fraud occurances is the inertia of people to adopt precautionary behaviour.

    While researching mobile payments, I have found a few bewildering statistics and some indescribable lost miles. A large percent of fraudulent cases happen due to people compromising their passwords or card PINs! a larger percentage are aware of how fraud occurs but may not follow any rules while transacting!!

    Hence in most disputes, credit card companies did award the benefit of doubt to the card holder (no favours, they were insured). This behaviour is mostly attributed to inertia in following rules, as large spenders  possess them (credit cards) as a status symbol and wish to prove that they are secure and have wealth that supercedes the current amount of transaction.

    The very same credit card holder would then send grievance emails to the company if he/she were to be expected to make a call(cost of the call) or any other extra activity to have the payment processed. I know that zipdial definitely solves that problem in a missed call but RBI would cry authentication and security woes.

    On the other hand Retailers or dealers refuse to spend an extra amount even if it is as low as Rs. 1000 or less for an attachment to their POS which is why NFC is yet mis-adopted in electronic payments.

    In the current scenario I believe IMPS (a subsidiary company of the RBI for mobile payments) has been making some headway by tying up with billing and spreading customer awareness, yet the question of bandwidth and cost of internet on phone is a huge hurdle in India. We are assured by stalwarts like Ajit Balkrishnan that the scenario will be different in 2 years and the numbers on internet penetration in India will break the 100 million to 1 billion gap but this is yet to be seen.

    My current solution is a CPP(Card Protection Plan) and companies like One Assist which provide insurance, post mortem surgery preferred to pro-active approach. 🙂

  8. wow brilliant and simple solution

Comments are now closed for this post.

Lost Password

Register