Debit and credit card data of around 10 crore individuals in the country was breached over the past week. From digital payments gateway JusPay, which processes payments for Swiggy, Amazon, etc, to sites such as WedMeGood and ClickIndia, servers of several firms saw a data breach. Online grocer BigBasket too, suffered a data breach that could have potentially exposed confidential financial data of over 2 crore users. And these are just a few of the several data breaches that have happened over the past year.
With financial transactions increasingly moving digital, keeping our financial data safe online becomes increasingly important.
For starters, it is important to always exercise some basic caution as not clicking on fishy links or images or giving out sensitive information to anyone. Be careful of what personal data you provide on social networks and avoid sharing personal contact details online. Do not provide your bank details on any link or forms.
Vinay Bagri, Co-founder & CEO of digital banking startup Niyo suggests not exposing all your credit and debit cards for day-to-day transactions. “You may consider having 2-3 such cards which you may use for paying off your utility bills, online shopping and subscriptions. Ensure that you have a low balance/limit on these cards,” he says.
Experts suggest that one should always ensure that two-factor authentication is enabled for cards. That way, the CVV and an OTP on the registered mobile will be used for authenticating transactions.
While using your card online, be sure that any web page that asks you to enter your debit or credit card information has "HTTPS" in the address bar (the "s" means secure) and includes a padlock icon near the address bar. Avoid making purchases on unsecured networks in retail locations such as cafes and the like.
Gaurav Chopra, CEO and Founder, IndiaLends says never to respond with personal information unless you made the contact first. “Legitimate businesses will not ask you for your debit card or credit card number without a valid reason,” he adds.
As part of the new rules for credit and debit cards put in place by the Reserve Bank of India last year, customers have the option to switch their card and its features on and off.
Security expert Rajesh Mirjankar, MD and CEO of InfrasoftTech, which offers fintech solutions for banks and financial institutions strongly recommends that people use these features and only unlock facilities that they would use.
He also recommends keeping transaction limits on credit cards low.
“Customers can block limits that they do not intend using so that financial loss is limited though the data breach may have happened at a merchant site database,” he adds.
Additionally, Vinay from Niyo suggests that users keep their cards locked and unlock them only when you need to use them. “If you are not using your card for international transactions or online/ecommerce transactions, you can block such spend categories. Set limits for domestic online transactions, ATM transactions, etc. Alternatively, use a virtual card or have a card with a lower credit limit for online use,” he adds.
Making online purchases on several sites means that your credit card or debit card numbers are stored in various places on online platforms. Therefore, it is important to use strong passwords.
Card pins too, could be changed at regular intervals and Rajesh suggests not using known dates like birthdays and anniversary dates as your PIN.
Going one step ahead, Gaurav of IndiaLends says avoid tossing your credit card bill statements directly into the trash. “Your full credit card number would be printed on them. Shred them to keep dumpster divers from getting their hands on your credit card number. You can go a step further and put the shredded pieces in different trash bags for the extra eager thieves who might put shredded pages back together.”
Vinay also advises people to always check credit card and bank statements to ensure there are no unauthorised transactions under your name.
In the event of a card fraud, RBI requires customers to inform their bank within three working days. “Retain any messages that you may have received from the fraudsters since they will act as evidence for refunds and also for the cyber-crime unit to obtain crucial information on the modus operandi of the fraudsters,” Rajesh says.
Further, Gaurav is of the opinion that mobile banking is a great fraud-fighting tool. “If you aren’t using your bank’s app, you’re missing out,” he adds.
While debit cards are convenient and not inherently dangerous, Gaurav says credit cards offer better overall fraud protection. However, it can still be a better idea to use a debit card when you want to limit your debt.