Evaluating the Risk and Convenience of Card Payment
The convenience of online shopping with card services is becoming the order of the day especially in developing countries like Nigeria. However, that convenience comes with some risks and D-In-details, that gives a third party ability to authorise payment without your veto, especially when it has to do with an online services or subscription. Somehow down within the agreement an auto-renewal clause is ticked as default without you knowing. What this means is that, for a monthly service that specific will be debited from your account without your knowledge, you only receive a debit alert. Apparently, this payment has been authorised by the third party service and your bank that is suppose to protect your fund will just pay them with no prior notification, not even to ask if you truly you authorised the transaction. This now begs the question of what truly is function of the secured measures such as CVV, OTP and PIN? These are levels authorisation put in place to check unauthorised transactions and fraud.
MasterCard has successfully gotten a sizable portion of the cards service market in Nigeria, but one can arguably say since it is a global card the policy should be global as well but that is not the case for Nigeria market. However, looking at the MasterCard’s anatomy of transaction and credentials needed to authorise a payment gives room for security lapses because the credential needed has no layered security aside the CVV. So if someone has your card and knows the right home address used in opening the host bank account, the CVV is just behind the card, inevitably the person can make any ecommerce payment. Some browsers, websites and Apps are capable of storing your card details basically for future reference call up, so if your type that uses public computer or allow unrestricted access to your computer; you are most likely going to have your card details stolen.
MasterCard’s authorisation process starts with the Cardholder submitting the MasterCard account details to merchant; the Merchant’s bank asks MasterCard to determine cardholder’s bank; MasterCard authorisation system validates card security details, (card number, name on card, address and CVV) if correct and approval taken is sent to cardholder’s bank for purchase approval; Cardholder’s bank then approves purchase; MasterCard sends approval to merchant’s bank; Merchant’s bank sends approval to merchant; Cardholder completes purchase and receives receipt. These processes happen very fast, averaging 130 milliseconds per transaction.
Another way card details are stolen is via the use of malware. Malware is software used by hackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Hackers introduce malware into private networks by targeting systems that may be vulnerable to compromise due to weak data security controls. MasterCard suggests some security controls like installing File Integrity Monitoring (FIM) tools it monitors systems to identify if a file has changed or a new file has been installed. If malware has been installed on a system or saves card data to a file, FIM software can detect the change and alert on the behavior. Content filtering to inspect outgoing network traffic for sensitive information is another way to prevent hacker from removing card details. The installation of “heuristic” anti-virus software is often able to alert on custom malware based on the behavior of the malware. This type of anti-virus software watches for certain suspicious or unusual behaviors rather than a specific type of malware file.
Other ways to avoid being a card fraud victim is to avoid careless storage of your cards.
• Always click ‘No’ to browser pop-ups asking to store your card details.
• Always delete your card details from any online shopping site after completing the transaction.
• Always un-tick the Auto-renewal clause on every online subscription services.
• Always look out for the MasterCard SecureCode programme identifier on online shopping site.
• Never you provide card details to anyone asking for it by email or phone call claiming to be your card service or bank agent.