Indian Credit Card Fraud Soars

Indian credit-card holders are increasingly becoming the target of online fraud with thieves using the cards frequently on online sites abroad, raising questions about how secure bank data is and why they seem reluctant to crack down on the leaking of customer information even when alerted to such crimes as soon as they happen. Not only that, the redressal appears to be a convoluted process.

Unlike in some countries, there is no immediate reversal of the charges. And when the money is restored, customers must sometimes bear a part of the sum, thereby ending up paying for the crimes of which they were the victims. That’s besides the inconvenience of having the cards replaced, a process that can take days.

Holders of cards, issued mostly by private and foreign banks in India, come to know they have become the latest victim of such fraud when they get text messages alerting them to transactions in their name in some distant country in currencies including pounds, euros, dollars, roubles and kronor. ICICI Bank Ltd, the country’s largest private sector lender, seemed to be the worst affected.

The complaints, posted on the government’s customer grievances site Grahak Seva, have been rising steadily since November last year. In August and September, the websites of Amazon.com Inc. and Apple Inc. were hacked and more than one million card details sold off to others who sought them with the intent to commit fraud.

Users register credit cards on the sites for a smooth online purchase process. In some cases, such registration isn’t optional.

But, as the complainants point out, many of them haven’t ever used the cards for international purchases; so the leaks have come from elsewhere, with the holders putting the onus on the banks’ own security apparatus. No bank has been spared.
Victims in the last few months include holders of cards issued by Standard Chartered, Citibank, HDFC Bank and ICICI Bank, apart from others such as SBI Card. As for ICICI Bank, fraudsters seem to have a particular fondness for cards starting with the digits 4477.

“ICICI Bank has already examined these transactions,” the bank said in an email. “They are not just specific to ICICI Bank and have taken place on sites which do not have 3D Secure authentication protocol. The bank confirms that all e-commerce transactions on sites located within India are protected by 3D Secure authentication protocol which has been mandated by RBI.” 3D Secure is an additional authentication process that’s required for online transactions in India.

Many of the purchases have been made at a Swedish merchant that goes by the name of Comviq Vesta since mid-January. An HDFC Bank spokesperson said it’s looking into the matter and offered no further comment.

SBI Card was the only issuer to answer queries in detail, confirming that it has received complaints against fraudulent transactions. “So far we have received a few complaints from our card holders for fraudulent transactions with the Swedish merchant Comviq Vesta,” SBI Card said in an email. As the merchant is based overseas, the additional authentication is not required, SBI Card said. That makes fraud easier. In the US and elsewhere, transactions don’t require this. “As a process, we have a financial recourse to the merchant/acquirer through a charge back process,” SBI Card said. “This will ensure that the card holders are not held liable to pay for the disputed transactions. In the interim, till the card holders’ disputes are settled in their favour and we receive the money on the disputed transactions from the respective merchant/acquirer, we can extend a temporary credit to the card holder,” said SBI Card. SBI Card added: “We have also blocked this merchant (Comviq Vesta) so that no more card holders are inconvenienced with such instances.” The company denied its servers have been compromised. As part of its investigation, SBI Card has informed Visa as well as MasterCard about such disputes so that the card issuers can investigate the matter.

Comviq is a Swedish mobile telecom provider and is owned by Tele2, a European telecom services provider. It is not clear if Comviq Vesta is part of Comviq. An email sent to Comviq was not replied to. The same merchant received payments in fraudulent transactions using HDFC Bank cards in November and Citibank in December.

In December, a website, www.Rzd.Ru, originating from Russia, began cropping up in complaints. The victims were holders of credit cards issued by ICICI Bank and Citibank, with as much as Rs.50,000 being siphoned off from each customer.

Citibank customers were among those that fell prey to a UK-based merchant called Entropay. To be sure, cards have also been used fraudulently at such reputed merchants as Best Buy in the US. In most cases, the money is relatively small, unlike high-value global hacking frauds.

According to Sanjay Sharma, MD and CEO of IDBI Intech, a banking platform provider, bank servers may not have been hacked but individual cards may have been compromised by vendors and passed on to international hackers. “In East Asian countries, this practice is prevalent. If you visit these countries and swipe your card, all the information is registered and can be passed on to sites that don’t require second-factor authentication,” he said. The reason why the transactions are of relatively small value could be because higher sums sometimes trigger a phone call from the bank to authenticate the transaction, said Sharma.
http://www.livemint.com/Industry/HGO2TndrI88sCYZmALoBpM/Spotlight-on-security-as-credit-card-frauds-soar.html

Induslnd Bank targets Rs 1000 crore credit card business

Induslnd Bank laid an ambition to touch Rs 1000 crore in its credit card business by the end of March 2014, Said Mr. Romesh Sobti, Managing Director and Chief Executive Officer of Induslnd Bank.

At present the credit card portfolio of Induslnd Bank is Rs 380 crore.

Mr. Sobti said that the credit card business is very profitable as it generates lot of ‘other income' in form of fees, foreign exchange business, transaction and issuance fees, etc. "Ours is a transaction-based model so spenders make the money for us...," he said.

IndusInd Bank had taken over Deutsche Bank's credit card business in 2011 for around Rs 224 crore. The bank's active customer base during the take over was around 1.35 lakh.

"This base has grown, though not dramatically, but we have tried to deepen the existing relationship with customers. Currently, we issue about 4,000-5,000 cards every month."Mr. Sobti said.

The acquisition has worked very pleasantly for the bank. "It has surprised us. We tried to rationalize a little bit on the cost structure and some rationalization on the vendors' side, so there was a cost reduction initially. But we gave stronger propositions to the card holders and there has been almost nil attrition," Mr. Sobti added.

Mr. Sobti said, "We see a profit before tax of about 50-60 crore this year. It was a small purchase, easily digested and profitable."

http://www.rupeetimes.com/news/credit_cards/induslnd_bank_targets_rs_1000_crore_credit_card_business_7858.html

IMF warns India of the risks of allowing business houses into banking

The International Monetary Fund (IMF) has cautioned that India risks supervisory oversights by issuing banking licences to corporate entities even as the government is prodding the Reserve Bank of India (RBI) to issue new bank licences to stock broking and realty firms.

India needs to improve its financial system supervision and crisis preparedness while at the same time liberalising some sectors to reduce distortions and risks created by heavy state involvement in banking, the International Monetary Fund (IMF) said on Tuesday.The IMF suggested implementation of a comprehensive framework before deciding on the entry of "mixed groups and conglomerates" into commercial banking.

"In the current context, the risks may outweigh the benefits... The legal, operational, and regulatory framework for consolidated supervision of both bank-led groups and financial conglomerates is still missing some important elements," IMF said in its report `India: Financial System Stability Assessment Update', released on Tuesday."Even greater complexity is introduced in supervisory frameworks when a significant part of the group is engaged in non-financial activity, the risks of which are not well captured by current supervisory frameworks. This may lead to concerns of 'under the radar' risk transfer; concentration of risk exposures; and contagion across the group," it said.

The warning comes at a time when Indian corporates, including Anil Ambani-led Reliance Group, Religare, Shriram, L&T and Aditya Birla group, are keenly awaiting final guidelines for their entry into commercial banking. In fact, the finance ministry is reported to have asked the RBI to delete the clause prohibiting promoters of realty and stock broking firms from applying for bank licence. According to the ministry, since there is a complete ban on new banks' exposure to the promoter and promoter group entities or any individuals associated with that, there is no need to keep this restriction on the businesses of the promoter group.

New technology allows BlackBerry phones to double up as credit cards

BlackBerry users will soon be able to charge purchases at the cash register to their Visa cards using technology incorporated in the company's new smartphone models.Research In Motion says that Visa had given the go ahead for its credit card system to work using the smartphone maker's encrypted mobile payment technology. The technology allows secure linkage of BlackBerrys to bank accounts and credit cards. The announcement makes RIM an early mover in the growing market for mobile payments, which was still in its infancy.

RIM's payment technology allows customers to use their smartphones like bank cards, for making payments for items by holding the phones up to a sales terminal for the transaction to be processed.The phone would incorporate a feature that would make it identical to chips implanted in credit cards.According to Geoffrey MacGillivray, manager of services security and payments at RIM, any place which could be tapped with a credit card could now tap mobile phones.

Visa's approval builds on a partnership between RIM and Canada's three biggest wireless networks through their EnStream joint venture. The network also formed part of the security infrastructure that would make the payment method work at checkouts.The EnStream agreement would allow RIM to manage security credentials for SIM cards in BlackBerrys and devices running both Google's Android and Windows operating systems.

Meanwhile, the company is helping customers make the switch to its soon-to-be-launched BlackBerry 10 smartphones that it hoped would help it reclaim market share from rivals such as Apple.RIM is betting on the new range of touchscreen and keyboard devices, to launch on 30 January to revive its fortunes.According to Bryan Lee, senior enterprise accounts director, the company was very enthused by the engagement and response to its customer base to a programme aimed at persuading them to adopt the BlackBerry 10 devices.

Indeed, whether this would help in regaining market share would depend on the response from RIM's top clients, like companies and government agencies, who have long valued the strong security features that BlackBerry devices offered. Lee said over 1,600 customers in North America had registered for its recently launched BlackBerry 10 Ready Program and there were over a 1000 active users of the programme, which offered customers access to services, information and tools to ease their transition to the BlackBerry 10 and the BlackBerry Enterprise Server 10. RIM further said its BlackBerry Enterprise Server 10, which ran the new devices on corporate networks, was in beta testing over 130 major government agencies and corporations in North America.