Know your credit card

Credit Card is no more a white elephant in India.  Just like having an account with a bank credit card  has become a common financial instrument among middle class. But,  do we know the mechanism of Credit Card finance as we do about banking ?  Obviously the answer will be “No”.   A wise usage of credit card would surely benefit us.  The advantage is you get a financial leverage without incurring any additional cost towards the same if you are able to settle the amount within the stipulated time.
According to the Bureau of Labor Statistics, for instance, last year Americans paid a record $16.3 billion in credit card late fees alone — little surprise , especially in view of the fact that the average American household is now juggling 14 credit cards. This is not to suggest that we Indians are better placed. One Mumbai family, which recently committed suicide, reportedly had 73 credit cards! RBI data suggests that there are now over 88 million cards in circulation in India compared to just 60 million in 2006-07, with the total outstanding balances till May this year having gone up by a whopping 87% to Rs 12,375 crore.
A small awareness about the card could save you lot of money.
What’s in a Credit Card?
1. Name. The full name of the account holder — the person who is responsible for paying the credit bill each month.
2. Issuer. The name of the company that is granting the credit and their logo. Issuers are usually banks and other financial institutions.
3. Type of Card. VISA, MasterCard, etc.
4. Account Number.
* First Six – Identify the issuer.
* Next four – Region/branch of issuer.
* Next five – Your account number.
* Final number – Digit for security.
5. Customer Service Number. This number is available if you should have any questions about your account or past transactions. There is also a number for lost or stolen cards. Write it down.
6. Magnetic Strip. This strip stores important information about your account such as name, account number, PIN, expiration date, and credit limit.
7. Expiration Date. Merchants require this information if you’re making a purchase by phone or the internet. It lists the date your card will expire in Month/Year. Most cards are valid for 1-3 years before they expire.
How does a Credit Card Work?
1. Purchase. When you purchase something with a credit card (MasterCard in this example), the merchant first checks to see if the amount you’ve charged will be approved — to make sure you haven’t exceeded your credit limit. They do this by sliding your card through an electronic device that is connected to an approval network. Once accepted, you’re given a printed receipt to sign. Both you and the merchant each keep a copy of the receipt.
2. Merchant and bank. The merchant deposits the credit card receipt with their bank, which credits their account in the amount charged. The bank then sends this transaction electronically to MasterCard.
3. MasterCard. MasterCard continues the transaction by crediting the bank and then charging the issuer of the card.
4. Card Issuer. The issuer of the card completes the transaction cycle by sending a bill to the card holder for the purchase amount. Hopefully, the card holder pays the bill in full thus avoiding any interest or finance charges.

credit card flow chart

Step 1: The merchant submits a credit card transaction to the Authorize.Net Payment Gateway on behalf of a customer via secure connection from a Web site, at retail, from a MOTO center or a wireless device.
Step 2: Authorize.Net receives the secure transaction information and passes it via a secure connection to the Merchant Bank’s Processor.
Step 3: The Merchant Bank’s Processor submits the transaction to the Credit Card Interchange (a network of financial entities that communicate to manage the processing, clearing, and settlement of credit card transactions).
Step 4: The Credit Card Interchange routes the transaction to the customer’s Credit Card Issuer.
Step 5: The Credit Card Issuer approves or declines the transaction based on the customer’s available funds and passes the transaction results, and if approved, the appropriate funds, back through the Credit Card Interchange.
Step 6: The Credit Card Interchange relays the transaction results to the Merchant Bank’s Processor.
Step 7: The Merchant Bank’s Processor relays the transaction results to Authorize.Net.
Step 8: Authorize.Net stores the transaction results and sends them to the customer and/or the merchant. This communication process averages three seconds or less!
Step 9: The Credit Card Interchange passes the appropriate funds for the transaction to the Merchant’s Bank, which then deposits funds into the merchant’s bank account. The funds are typically deposited into your primary bank account within two to four business days.
How are finance charges calculated?
If you expect to pay your balance over a extended period of time, you should understand how your creditor computes finance charges. New purchases accrue interest immediately and finance charges are actually added to your balance each month — you’re essentially paying interest on interest. This alone is a good reason to pay your balance in full each month. Let’s take a look at a few balance computation methods:
Average Daily Balance. This is the most common method used by creditors. You are charged interest on the average amount you owed each day during the billing period (minus any credits made on a particular day during the cycle). Depending on your credit agreement, new purchases may or may not be added to the balance — cash advances are usually included.
Previous Balance. The creditor uses the outstanding balance from the previous billing cycle. Payments, credits, or new purchases are not included. This is the most expensive method.
Adjusted Balance. This method is similar to “previous balance” except that payments or credits received during the current billing cycle are subtracted from the previous outstanding balance. New purchases during the current cycle are not included. Adjusted Balance costs you the least.

Internet Banking-Safety is in your hand

Use of Internet and ATM for banking is common nowadays.  Even a novice could operate internet banking interface with ease.

Yet use of ATMs and Internet banking for banking could be termed as a double-edged weapon.

If it is not handled properly you could end up in loosing your hard earned money.

We provide here various methods used by fraudsters to hoodwink the users of internet banking and ATMs.  We have also listed the safeguards suggested by bankers for safe use of internet banking and ATMs

Phishing

Phishing flow chart

Phishing is an attempt by fraudsters to ‘fish’ for your  Banking details. A phishing attempt usually is in the form of an e-mail that appears to be from your  Bank.

The e-mail usually encourages you to click a link in it that takes you to a fraudulent log-on page designed to capture your details.

Fraudsters send fake e-mails claiming that your information has been compromised, due to which your  Bank account has been de-activated/suspended.

They will ask you to hence confirm the authenticity of your information/transactions like credit card number, personal identification number (PIN), passwords etc.

In-Session Phishing

Typical fraudulent pop-up window

This fraudulent method is more sophisticated.  Even regular internet users could fall as prey.

In-session phishing is a method used by fraudsters where malware detects when the account holder enters into bank internet banking account by entering username and password.

After your open your bank website a pop-up window would open above your bank web page and would ask you type username and password.  This pop up window is not belonging to bank but to the fraudster who would steal your banking information.

Since the user has logged on to the  Banking website only a short while before, he is not likely to suspect the authenticity of this pop-up and is thus more likely to provide the requested details.

Spoofing

Spoofing Model for showing fake bank website

This is more sophisticated form of phishing.  Website spoofing is the act of creating a website, as a hoax, with the intention of performing fraud.

To make spoof sites seem legitimate, spoofers use the names, logos, graphics and even code of the actual website.

They can even fake the URL (website address) that appears in the address field at the top of your browser window and the Padlock icon that appears at the bottom right corner.

In this case just like phishing Fraudsters send e-mails with a link to a spoofed website asking you to update or confirm account related information.

This is done with the intention of obtaining sensitive account related information like your Internet  Banking user ID, password etc.

Fake Bank Login Page

Check for the Padlock icon: There is a de facto standard among web browsers to display a Padlock icon somewhere in the window of the browser For example, Microsoft Internet Explorer displays the lock icon at the bottom right of the browser window. Click (or double-click) on it in your web browser to see details of the site’s security.

Actual Bank Login Page

It is important for you to check to whom this certificate has been issued, because some fraudulent websites may have a padlock icon to imitate the Padlock icon of the browser.  Check the webpage URL. When browsing the web, the URLs (web page addresses) begin with the letters “http”. However, over a secure connection, the address displayed should begin with “https” – note the “s” at the end.

For example: if a bank’s login page url is http instead of https there is every possibility that the login page you have entered is not genuine.  Note here only login page will have this secured connection while the home page or other pages of your bank website addresses (URL) will start as http only.

Vishing

Vishing Model

Vishing is a combination of Voice and Phishing that uses Voice over Internet Protocol (VoIP) technology

In this method fraudsters would be feigning to represent Banks.  Usually a recorded voice would seek for your bank details.

It is an attempt to trick unsuspecting customers into providing their personal and financial details over the phone.

If the bank or credit details are entered though telephone system those details will converted into data by the machine and sent to fraudsters.

Skimming

Typical tampered ATM

Skimming is a method used by fraudsters to capture your personal or account information from your credit  or ATM card.

Your card is swiped through the skimmer and the information contained in the magnetic strip on the card is then read into and stored on the skimmer or an attached computer.

Fraudsters insert a skimming device to the ATM’s card slot. This device scans the card and stores its associated information.

While a customer keys in his PIN, the wireless skimming device transfers the data to the fraudsters.

This information is then used by the fraudsters for online shopping or to make counterfeit credit cards.

At restaurants and shopping outlets, the credit card is swiped twice, once for the regular transaction and the other in the skimmer that captures the personal information which is retrieved later by the fraudsters.

Money Mule

Once the fraudster has captured personal information using anyone of the ways mentioned above, they need an account to which they can transfer funds from the compromised account. This is where a “Money Mule” comes into picture. A Money Mule is an unwitting participant in the frauds who is recruited by fraudsters to launder stolen money across the globe.  Fraudsters contact prospective victims (money mules) with job vacancy ads via spam e-mail, Internet chat rooms or job search Web sites. Jobs usually are advertised as financial management work, and ads suggest that no special knowledge is required.  Once recruited, money mules receive funds into their accounts.  Mules then are asked to take these funds out of their accounts and forward them overseas.

Tips for safe internet and ATM Banking:

• Bank will never send e-mails that ask for confidential information. If you receive an e-mail requesting your Internet  Banking details, you should not respond.
• Always type in the URL yourself in the browser (say internet explorer) whenever you access bank site for internet banking. Don’t use bookmarks, links, shortcuts etc.
• Never click on any links or attachments present in an e-mail that seems suspicious.
• Do not open multiple browser windows when you  Bank online to avoid In-session phishing.
• Never type in your account details, user ID, password, etc. in any pop-up that may appear when you  Bank online.
• Always log off and close the Internet browser window after you have finished your online  Banking session.
• Never provide your bank details or credit card number over phone though the person talking on the other side is staff of bank or credit card company.  Also do not call and leave any personal or account details on any telephone system that you are directed to by a telephone message or from a telephone number provided in a phone message, an e-mail or an SMS especially if it is regarding possible security issues with your credit card or  Bank account.
• Sign on the reverse of your credit card as soon as you receive it.
• change ATM pin frequently to avoid skimming
• Keep a cap on the amount that you deposit in the bank, the ATM card of which you use to withdraw money often.  In other words, do not deposit your entire savings in the bank which you transact often though ATM card.  Instead you can deposit only the amount that is required for your monthly expenses in the account for which you use ATM card often.  Your savings could be made in the account for which you never use ATM card.
• Collect your receipts at ATM’s, restaurants and shopping outlets.
• Use your card with merchants that you know and can trust. Never allow a shopkeeper to take your card to a different shop/room for swiping.
• The law states that cardholders are not liable for fraudulent transactions as long as the original card is still in their possession.   The problems arise when a card is stolen or lost and is then used fraudulently.

Above all, always use reputed anti-virus and anti-spyware tools to keep your computer virus/malware/trojan free. Because these unwanted installations may prompt you to provide your personal and bank details, which will then be sent over internet to the fraudsters.