By Chee Jo-Ey
MANY people favour credit cards over cash mainly due to its convenience. But sometimes, convenience comes at a price as many credit cardholders fall victim to fraudsters.
According to Bank Negara Malaysia, credit cards are the most widely used payment card in Malaysia. An average of 349 million credit card transactions had been made annually over the past decade.
During the popular online sale, the Singles’ Day sale, fraudsters often take advantage of shoppers’ lack of security awareness, and fraud cases involving credit cards might skyrocket at these times, according to news reports.
Just recently, news of a data breach involving “hundreds of thousands” of credit card details from at least six Southeast Asian countries including Malaysia and Singapore had hogged headlines, according to India-based cybersecurity start-up Technisanct.
The company revealed that its research turned up “a series of data breaches involving credit card details issued by top banks in Singapore, Malaysia, the Philippines, Vietnam, Indonesia and Thailand,” according to the South China Morning Post.
An initial response from CIMB Group Holdings Bhd stated that there was “no credible evidence that any actionable customer data has been compromised from us,” after having been pointed out in the press release by Technisanct as one of the banks compromised.
Although local banks have since called for calm among credit card users, standing by the statement that “there is no credible evidence that any actionable customer data has been compromised,” it is always good to reiterate what steps one can undertake to safeguard their credit card information.
Nexagate chief technology officer Zahari Norzekimi said: “First, credit card users should not simply reveal their CVC number. Secondly, they should never save the CVC number in e-commerce sites. Lastly, they should set daily transaction limits for their credit cards to mitigate the impact should information be compromised. These are the steps I’m practicing myself.”
Nexagate is an IT security consulting company that provides services such as security audit and testing, risk and compliance consulting, among others.
On regulations to protect credit card information, Nexagate chief marketing officer Tuan Faisal said: “Bank Negara Malaysia has issued Risk Management in Technology (RMiT) policy document, which came into effect on June 1, 2019 whereby banks and financial services industry players have to meet strict qualifications to ensure information security including credit card information.
“Most banks already have Information Security Management Systems (ISMS) which is an international standard to meet to protect information and Payment Card Industry Data Security Standard (PCI DSS) an international standard specific for personal account information.”
Other measures one can take to prevent credit card fraud include to check all your SMS transaction alerts in a timely manner and login to internet banking regularly to check your account balances and statements of account at least once a week to detect any unauthorised transaction, error or discrepancy and, if there are any, to report it to the bank immediately.
It is also good to practice the habit of always logging out when you have completed your transactions and take reasonable steps to keep your security device secure at all times by keeping your anti-virus software up to date and not to access personal details when using unsecured WiFi.
Experian Malaysia CEO Dawn Lai said credit card users should always be careful when making online transactions.
“For credit card users, it is important for them to be mindful when using their credit cards for any online transactions. They should only enter their credit card details in trusted merchants or websites.
“In addition to that, they also should monitor their credit card bills regularly to ensure the purchases or transactions made are legitimate. Sign up for a credit report and scrutinise their credit report once a month, or at least once annually, for any unauthorised activity and prevent any identity theft incidents.
“Most financial institutions have SMS alerts in place to alert for transactions made which are important to prevent any unauthorised use of credit cards. Banks and financial institutions typically invest heavily in their security framework and measurements and have control in place to safeguard clients information from any potential data breaches, and this would typically include governance and control, access control management, data loss protection and all the necessary security fencing.”
At the end of the day, credit card holders have the responsibility to ensure their card details do not fall into the hands of miscreants, although there are times where the breaches are out of our control. – March 13, 2020