Even though
e-commerce is the norm of the day, yet when it comes to personal transactions,
skepticism over online payments are yet to be overcome. With one of our members,
PK Jain of Birla Copper raising this issue in the forum, w present here some of
the CIO recommendations which offer an insight on this matter.
Even though
e-commerce is the norm of the day, yet when it comes to personal transactions,
skepticism over online payments are yet to be overcome. At least in the in the
Indian context, people are
concerned about giving their credit card details over the
Internet. And they ought to be. Around 14% of all credit card fraud occurs
online. At around 4%, the fraud rate for online transactions is 24 times higher
than it is offline.
Even though in most of the cases, it's the merchants and credit card companies
who pick up the tab and customers rarely find themselves liable for Internet
fraud, nevertheless there are as many people who favour online payments as there
are who advise cautious approach to this mode of payment.
One of our CIO
members PK Jain of Birla Copper, who has initiated a discussion on this,
questions the security aspect of this kind of payment. He queries that, “Today a
number of products are available through various sites, which requires one to
enter only credit card and CVV No, to purchase the same. As these two
information can easily be known to any one whenever we swipe the card for
payment transaction, how secure is the transaction on web for purchasing through
credit card.?”
As told earlier,
the subject matter offers a debatable point of view with varying individual
experiences. A discussion of similar nature was initiated sometime back on our
board with various members discussing their viewpoints and experiences. We
present here some CIO recommendations which offer an insight on this matter.
Arun O Gupta, CIO,
Pfizer
When you go to a
restaurant and pay using the credit card, the person disappears with the card
and during that period to until he returns with the card back which is only
after you have signed the charge slip in most cases, s/he can do whatever they
want with the card, including duplicating the magnetic strip on the card, which
is not very difficult.
When you do decide
to shop, go to sites that offer some degree of comfort with a digital
certificate that specifies that the site has been certified by someone, e.g.
Verisign. Check for the validity of the certificate by clicking on it.
You don't stop carrying cash in your wallet because pickpockets are around!
S Sumil of
OSN Teachnologies
When you do
transact on web remember to see for encryption level it should be 128 bit and
the web site should have security certificates , reason for this is that when
you transact on these web site the data goes to payment gateways and only the
card no and other details are gone to the company database , that also for there
records , and always keep the ID which is generated whenever you transact . Or
you can use special cards for internet shopping which provides limit on credit ,
major banks have them .
Wilfred Prakash, Novo Nordisk
India Pvt
On a payment
gateway the component which resides in the merchant website, shall not/should
not transfer the Credit Card, Card expiry (and in most cases the last three
characters, which is found in the back side of the card) etc.. to the merchant
database, but instead sends only whether authenticated for the purchase or not.
Hence there is no sharing of common information between the merchant webstite
and the bank. Bank validates and gives authentication only based on the Credit
card validity and the merchant gets only the Buyer name, Shipping address,
Amount to be paid, etc. Banks ensure that these processes are carried as per the
strict guidelines laid out.
G.Muthuvalavandan,
Vellore Institute of Technology
First of all we do
not sign on charge slip paper for foreign transactions, except we accept after
giving all relevant information regarding our cards. Many companies use this for
fraudulent purposes even later. Or they get these details from some source who
sells them.
For any transaction
you have not made but charged you can take up the matter with your credit card
issuing bank, but there is no proof to ask from them, in the case of foreign
transactions, unlike Indian transactions. Even in Indian transactions, sometimes
you don't sign any charge slips if they are on line.
Be careful on, online transactions. If you get cheated more than once, change
your card.
K.A.Shah — GIPCl,
Baroda
Even though it has
convenience of buying, credit card payments over the web is risky. But then do
you buy just with the description of an item on internet? It is very much
similar to the mail order trading which still occurs via news paper where there
are 100% chances of fraud in India.
Credit Cards
however can be used to some limited purpose between B2B or customer to
organization with some arrangement like DD. If credit card bank agrees, a fixed
amount of transaction with payee / payer and amount can be generated and sent to
payee with little encrypted form. This will prohibit hackers to use credit card
number as there is no CC number and transaction is valid only for a single
transaction. This can be used between two traders or by students to pay fee for
getting admission forms.
RR Alluri,
VisualSoft Technologies
A good rule of
thumb is to go by the reputation of the organization you are dealing with - with
most reputable and well known companies; you should not have any problems. After
all, their reputation is at stake. On the other hand, beware of dealing with
unknown individuals or organizations - use extreme caution in such cases.