— With the spread of card transactions, fraud with them is becoming more common. In Russia and in the world fraudulent schemes are of the same nature, or we have some features? Pavel Chebotarev
According to payment systems in banks of the Russian Federation more effectively protect their customers from fraud, than in the whole world. — A little on theory. Each Bank card has certain properties: the number, expiration date, CVV code, name, PIN code. Is this all or are there any other identifiers? What all these data? Pavel Chebotarev
All of this data and a dataset that is encrypted in the chip card payment system used in the algorithm to check the validity of this card and supplies the card to a specific Bank, and banks use these data to check the affiliation of the card to a particular client. — According to some, even a few years ago foreign you can make the payment using only a card number without being prompted to enter the expiration date and CVV code. Is it really so? What data are required for input when the card is used for purchases in the Russian or foreign online store? And how widely used the technology 3DSecure? Pavel Chebotarev
The CVV code is a verification value of card number and expiration date. So, shops that did not require entering this code, much risk to sell a product for a non-existent map. Now, as far as I know, this code is checked always. Rules of payment systems regulate the division of responsibility between the banks for the card transactions. For example, if the store’s website supports 3D secure check, and the Bank provides their card holders a service responsibility to the cardholder for fraud will carry the Bank that issued the card. And, conversely, if the map connected to the 3D secure service and store this verification does not hold, the liability for fraud will carry the Bank of the seller of the goods. Therefore, all banks tend to support the 3DSecure service. — On the web suggest to do the CVV code on the card unreadable — with bullet or blade. Whether it is from the point of view of banks and payment systems? Whether a seller refuse to accept such a card? Pavel Chebotarev
So better not to do. Careful, the seller may declare the card void and to refuse to accept it for payments on POS terminal. — If to assume that when paying by card in the restaurant, the waiter rogue secretly took the card from both sides. What in this case the risk of the cardholder? If the CVV code was erased, it would help to avoid the risks? Pavel Chebotarev
If the map connected to the 3D secure service, the fraudster-the waiter will have to steal the phone to get the password to it and read the TEXT. And if the scammer did not bother to steal a phone and found a site that does not support 3DSecure, and something paid, then such operation is quite easy to challenge — you need to contact the card issuing Bank, and the Bank, on the basis of the customer’s application for regulated payment system procedure return the money. — What payment system do post the CVV code on the back of the card? Isn’t it better to give it in an envelope, like a PIN code? Pavel Chebotarev
This code is written on the card for convenience to not have to get a separate piece of paper from a separate envelope for payment services in the Internet. — Studies show that 90% of thefts of money from the card to blame their owners lose the card, are careless about their personal data, etc. But who is responsible for the remaining 10% of cases? Pavel Chebotarev
Real case: In the centre of a large city quite a long time was not known ATM of the Bank. People put in their cards to obtain cash, and the ATM gave an error “Operation is not possible”. After some time at the ATM drew the attention of law enforcement officers and found out that the ATM is not owned by any Bank. It established the fraud, and at the time when the inserted ATM card and PIN, the fraudsters received the card information, making clone cards and steal money. Who is to blame for these thefts?
The protection of Bank customers against fraud and financial literacy is a constant collaboration of banks and payment systems. — If there is a risk that card data is compromised (stolen) then the card is blocked. And how long after that? In other words, how many the client remains without access to their money? Pavel Chebotarev
If the card is compromised, the Bank, in any case, the customer produces the card with a different number. In most banks the customer can get a card with a different number and can access your money the same day or next business day, if the Bank is a member of the faster payments, funds the client will be able to transfer with it to another Bank where he has a card, as a transfer is made from the card account (not the card). — Is it true that when online payment is made by filling out the fields with the name and surname of the holder is a mere formality? Usually the operation can be carried out even if the fields have errors, and some stores do not require them to fill out. Pavel Chebotarev
In some types of operation name play a key role. Without their input in the admission card may be denied. When paying on some sites abroad additionally queried address. But, in most cases, the name is really not required for payment. Check the legitimacy of the use of the card (the fact that the cardholder is conducting the transaction) are other ways. — Can shop abroad to refuse to accept cards if the name in the passport and on the map differ by one letter? Pavel Chebotarev
Theoretically, you can, practically these cases in my practice was not. — As far as I know, payment systems, a division of Bank operations for CNP (card not presented), where the map is not required and those in which the map is required. Is there still some division of operations with Bank cards? Under what operations the risk of fraud higher? Pavel Chebotarev
The main graduation are as follows: CNP (Card not present) — Operation without the physical presence of the card CP (Card present) — operation physical presence of the card. The payment system also klassificeret operations on the amount, location, type, order of registration, etc. In each type of operation is optional and not mandatory rules for the protection and verification, starting from the rules data encryption, finishing hardware requirements for card acceptance. Payment systems together with banks are constantly improving methods to protect operations from fraud. — How secure payments via smartphones with NFC (Android Pay, Samsung Pay, an Apple Pay)? Is there any possibility that card data may leak via virus infected smartphone? Pavel Chebotarev
For payments through Pay-these cards do not participate in the transaction and is not stored in the phone. Payment system thought of private solution to protect such operations. Therefore, these payments are completely safe. Payment system Visa increased the limit on contactless card without the PIN to 3000 rubles. How risky is this? Pavel Chebotarev
Since the limit was not a significant time and it is too early to speak about any statistics. — Last question for a refund. Rumor has it that banks is not profitable to charge and soon cashback in the usual form will be gone. Is it really so? Pavel Chebotarev
If the mechanics of cash back was niewygodne did not affect customer loyalty and increase the volume of cashless payments, it would not.
Now we are seeing the transformation of the mechanics of cash-back from the simple return of funds to more complex mechanisms using elements of gamification, allowing clients to receive an additional bonus if you meet certain conditions.
This adds in a purely financial relationship between the Bank and the customer positive emotions. Thank you for your time participant interview! Pavel Chebotarev head of the Department for the development of initiatives in the field of financial technologies PJSC “Sovcombank”
Read more •••