Remove CVV code, prevent misuse

Recently, when Kapil Raj returned from a business trip abroad, he was shocked to know his credit card had been misused. “Your card has been compromised,” informed his bank. They asked Raj to refrain from using the card for some time and disabled it.

All leading banks advise clients not to disclose their credit card number or automated teller machine (ATM) password to anyone. There is also one other number that needs protecting, since online transactions have become very common – the Card Verification Value (CVV) number.

WHAT IS CVV? The CVV number is three-digit, typically imprinted at the end of the signature panel on the reverse of credit (or debit) card. It especially comes handy during online transactions like booking tickets or paying bills, as the transaction is not complete without CVV. It serves as the authorising code for the transaction.
 

HOW TO PROTECT YOUR CARD

• Ensure your card is swiped in your presence and no one is making note of your card details
• Either scratch-off the CVV number or put an opaque sticker on it and memorise it
• Ensure you update your mobile number and/or e-mail address to get updates about transactions 
• In case you suspect your card details are exposed, inform your bank immediately to get a fresh card, with new details

All leading banks warn cardholders to be careful when revealing their CVV numbers on various sites. “Preferably, transact on sites which mandate validation of card verification code (CVC2) or those that are certified by Verified-by-Visa or MasterCard SecureCode,” says the HDFC Bank website.

Last year, the Reserve Bank of India (RBI) directed all banks to send notifications to customers (either via mail or text message) of every transaction worth Rs 5,000 or more. The RBI also asked banks to provide additional authentication to deter frauds. In most cases, it is an extra password or code, asked for after the CVV number.

The CVV number of a card can be easily obtained when a credit card is swiped for making transactions. Since it is a small number, it can be easily remembered and and other important details such as the card number, etc come in the receipt when swiping the card, enabling one to misuse the card.

As in the case of Raj, who was duped of almost Rs 1 lakh, details are leaked when credit cards are swiped either in shopping malls or while booking rooms at hotels.

PRECAUTIONS
Hence, experts advise removing the CVV number from the card because other important details (card number or card expiry date) cannot be removed from it. CVV being a small number, it can always be memorised or written in a safe place.

S Govindan, general manager - personal banking and operations, Union Bank of India, said, “We ask the customers to be careful before letting out their CVV numbers. It can be scratched-off the card. But, frauds related to CVV are most common during online transactions and not when it is swiped.”

Most of us use our credit and debit cards very regularly without protecting the CVV number, which can be taken from the card, while other card details come to the person swiping it automatically through the point of sale (POS) machine. “Mostly, what happens is that if someone has managed to know your card details, he or she will use those details for online transactions by changing the password,” said a banker. So, it is not impossible to misuse a card while swiping it.

Importantly, though RBI has come out with the mandatory additional password norm, it is still in the implementation process for many banks, say industry experts, and it is giving way to many fraud cases.