« Back to articlePrint this article

How not to get your credit/debit card hacked

Last updated on: October 28, 2016 13:39 IST

There are 7 key rules one can follow to ensure that the chances of such fraud are almost reduced to a negligible level when shopping online, says Anil Rego

How not to get your credit- debit-card hacked

Raji Menon, a young advertisement executive with a PR agency, was heavily sold on to the concept of online shopping. Over the last two years, she had shopped online for everything including clothes, groceries, kitchen equipment and furniture and had even booked a 1BHK apartment online. Raji was a big fan of online shopping.

She could shop from the comfort of her home, pay using her credit card, compare and contrast competing product and even get attractive discounts in a competitive ecommerce market.

Raji, therefore, was quite shocked when she heard that her best friend's debit card had been hacked on one of the ecommerce websites and the hacker had made away with cash worth Rs 50,000.

Being a young professional with a scientific temper, Raji decided to research a little deeper and discover if there was a foolproof method of shopping online.

Towards the end of her research Raji realised that, while there was no foolproof method of shopping online, there are 7 key rules one can follow to ensure that the chances of such fraud are almost reduced to a negligible level.

Rule 1: Stick to secured websites with a track record…

Normally all sites that facilitate ecommerce have to be secured. How do you know that a site is secured?

Rule 2: Take some basic safety measures with your PC…

Normally hackers first introduce these hacking programmes in the form of malwares and viruses. They will infect your computer if you have not installed a proper anti-virus package in your PC or if you have forgotten to renew it.

Always ensure that your anti-virus package is current and all updates are downloaded. They can protect you from most of these computer infections.

As a matter of principle, doing any ecommerce transaction through cyber cafes is a strict 'No'.

Most of these cyber cafes run on unsecured networks and do not have the necessary firewalls to protect your confidential data. 

Rule 3: Be careful of what you share on the web…

All ecommerce transactions require you to share some basic data about yourself on the web. That is fine; just ensure that you do not share confidential data on the web.

Avoid sharing your card PIN number on the website. Also avoid sharing the 3 digit CVV code at the back of your card even if someone asks you to share it.

Some airlines insist on a printout of the ticket along with the back side of the credit card. In that case, ensure that your CVV number is blacked out.

More importantly, avoid sharing passwords, secret questions, etc., on the website.

Many websites will give you the option to store your card information for easy processing in future. To the extent possible avoid such offers.

While there is nothing wrong, and most websites give you that option, in your own interest it is best avoided.

Rule 4: Managing your passwords is the key…

According to studies of ecommerce buying behaviour, more than 40 per cent of the frauds happen because people do not create foolproof passwords. Here is a quick primer!

Don't ever write down your password on a piece of paper for reference.

Avoid setting obvious passwords like your name, date of birth, marriage anniversary etc.

Remember, password hacking is based on probability so ensure that your password is long and includes lower case alphabets, upper case alphabets, numerals and also special characters.

More importantly, keep changing your password at regular intervals of 20-25 days. That is your best defence against online shopping frauds.

Rule 5: Do a continuous audit of your statements…

This is where most people tend to slacken. Do not wait for your monthly statement to reach you. Make it a point to access your transaction statement online and confirm that the transactions shown in the statement are what you have transacted.

If you find any discrepancy, immediately inform the call centre.

When your card is lost, make it a point to immediately call up the helpline and block your card.

Register to receive your transaction alerts on your mobile phone. Most banks offer this service at a small cost and it is actually worth it.

A high degree of diligence from your side can save you a lot of blushes.

Rule 6: For online transactions, prefer a credit card over a debit card…

In India, the preference for using debit cards is more as Indians are basically debt-averse. But when it comes to online transactions, it is always better to use your credit card.

Remember, debit cards will lead to an immediate debit from your account.

In case of credit cards, it is much easier to get a reversal than in the case of debit cards.

Most credit cards limit your monetary liability in case of online frauds and that will protect you.

Rule 7: Lastly, be certain of the quality of Wi-Fi service you are using…

Indians are increasingly resorting to mobile commerce for transactions. That is a good sign, but also carries with it a much higher risk.

Most people tend to use Wi-Fi networks as it gives more capacity and is also cheaper than the internet service provided by your mobile phone network. But most Wi-Fi networks are not fully secure and are the breeding ground for hackers.

A private Wi-Fi is still ok, but a public Wi-Fi is best avoided, especially the Wi-fi services that you get at malls and airports. It may be a little more expensive and a tad slower, but prefer the internet network provided by your mobile service operator.

To summarise, you can enjoy the comfort and discounts of online shopping this Diwali but take care to put in some basic security checks:

Photograph: Brian Klug/Creative Commons

Anil Rego is the founder and CEO of Right Horizons, an investment advisory and wealth management firm that focuses on providing financial solutions that are specific to customer needs.

Anil Rego