How India can minimize credit-card fraud in 60 days [“Eliminate Landline (un-encrypting) POS terminals immediately”]
The news that more than 30crore (~USD 6Million) of credit card fraud is hitting Indian consumers with potentially more to come is most disturbing – not because of the scale of the fraud, but because of the trivial cost today of minimizing such fraud. While the longer-term migration to Chip cards and PIN or Aadhaar-biometric authentication might be inevitable, these are also extremely expensive and impossible to implement overnight. As someone who has been in mobile payments in India and is currently an investor, I have seen many new and secure technologies developed in India that can help address this problem.
Like all problems, there are often incremental solutions where 90% of the value might be obtained with 10% effort – and indeed in this situation, there are several things the industry could do to make things easier and safer for merchants and consumers. All 3 suggestions could be implemented in less than 60-90 days if the industry so chooses!
1) Eliminate Landline (un-encrypting) Point of Sale (POS) terminals immediately
The first generation of POS terminals read card data on the magnetic stripe when it was swiped and transmitted them without encryption over landlines. Skimming fraud can happen in such cases merely by tapping the phone-line, without even the Merchant knowing it, and a clone of your credit card can be manufactured and used in a different part of the world within 30 minutes. This risk can be eliminated by replacing all existing un-encrypting POS terminals with encrypting terminals. While this may appear expensive, the emergence of the low-cost but extremely secure encrypting Mobile POS terminals – already available in India via Citibank, HDFC Bank, ATOS, YesBank, State Bank of India & American Express at a sub-1000 rupee price-point – makes this an incredibly simple and affordable solution for merchants to adopt.
2) Restaurants introduce Pay @ Table – ideally with the consumer swiping the card
A second variation of Skimming fraud happens at restaurants or wherever you give your card to a waiter – the waiter can procure a skimming device and copy the magnetic stripe data that is subsequently cloned. In today’s portable device world, such practices should be eliminated. We have to move away from the “folder” to a “Pay @ the Table” model – this ensures that the card never leaves your sight. Once again the Mobile POS terminals can minimize such fraud risks. Today a few restaurants are beginning to use this as a tool to reduce their risk while reassuring consumers.
3) Turn OFF my card when I am not using it!
While the first two points are on the merchant POS side, the third suggestion revolves around the consumer side. The credit card industry has always worked with the model that a credit card has got to be easy to use. However banks have got to offer the consumer the option of a simple “ON/OFF” Switch when they want to do a transaction. One approach is to use a simple technique like a Missed Call from the registered mobile number to turn “on” the credit card for say one transaction or 15 minutes. In other words, as a consumer, when I have to pay my bill, I pull out my mobile phone and dial a number. I then hand my card to the retailer and everything goes through. However, even if someone has skimmed my card, they can never use it unless my mobile phone “pre-activates” the card. Over time, a smart-phone application could perform the same task. This will ensure that no thief can use my card on the Internet or at the POS, whether domestically or internationally.
These three simple approaches can indeed reduce risk to merchants and or and reassure consumers that their Credit or Debit Card is indeed the safest way to pay at the till or at a gas station or at a restaurant. The low-cost and speed with which these solutions can be deployed make further delays unacceptable.
[About the Author: The author, Sanjay Swamy is currently Managing Partner at AngelPrime Partners, an early-stage investor. He was previously CEO of mChek and served as a volunteer on Authentication & Payments for the Unique Identification Project. He is an active proponent of electronic payment transactions. He can be followed on Twitter @theswamy
Disclosure: Sanjay Swamy is an investor in ZipDial and Ezetap.]