I’ve been using credit cards for about 6 years now and I’ve never faced a fraudulent activity on my card until a day back, when someone was trying to do series of charges all of a sudden on my American Express Platinum Travel card. There were three fraudulent charges attempted on the credit card, let’s see one by one,
American Express Fraud Prevention in Action – The full story:
Charge #1
One fine afternoon, i got a message from American Express that a charge of $1 was made on iTunes. I was wondering what’s happening because I haven’t added this card to my iTunes a/c and i was sure about it.
Fact: This transaction is more like a test charge by the “smart” guy to check if the txn is going through. Yes it passed.
Charge #2
While I’m still thinking how the past charge happened, another charge $16 happened somewhere else. But American Express security systems caught it this time and denied it. Amex also sent me an alert message & email.
Now I understood what’s happening. So I called up phone banking to block the card.
Charge #3
As soon as I mentioned the scenario to the Customer Care Rep., she understood the nature of issue and quickly connected me to security team. While this is happening, I got a message and I was sure what I’m gonna see.
Now another $5 charge was initiated on the card and this went through, maybe because it’s a very small amount. I mentioned this as well on call and just after few verification my card was blocked and replacement request taken.
I was also assured that these charges won’t be billed to my ac.
Peace. Of. Mind. !!Total call time: ~3 Mins
How does this work?
These fraudulent charges are covered under one of the Amex card benefit called “Lost Card Liability” that I explained on one my recent article: 5 Reasons Why You Should Have an American Express Credit Card , which I know is the boring part for most 😀
On digging more on how it works, I was said:
“American Express will dispute the txn with the merchant with the given information and fraud prevention intelligence data. Even if merchant proves/wins the case, we’ll absorb the loss for you”
That’s so nice isn’t it?!
Credit Card Chargeback and Disputes with other banks:
While this is the first kind of “fraudulent charge” I’ve ever faced, I have disputed couple of transactions in the past with other card issuers when I don’t get the service/product that I ordered.
That was more of a dispute on txn done by me, though it also works in similar way.
And I know how painful it is to do the dispute process with card issuers. For ex, with ICICI, once you raise the dispute, you need to download the dispute form and send the filled form with all details of the txn: why-what-how.
Only then the case will be considered and will be taken up for review that will take another ~60 days for final decision. You’ll get interim credit so you won’t be billed. Almost all banks work this way.
The most important thing with other bank cards is we’re not fully covered. We may win or loose the case. If we loose, we got to pay for it.
Now this is where American Express wins. The whole process is fast and smooth and you can be 99.99% sure that you’ll get the money back. American Express is known for this feature worldwide and this is the exact reason why I use Amex on foreign websites.
How to Prevent such fraudulent charges in future?
#1 Credit card cloning/reading is becoming very common. For ex, I had a quick meet up with one of our blog reader “SriKrishna” and he showed me how his android phone can read his contact-less card just with a tap. All the card details are now visible on his app, except CVV.
Moral: Your contactless cards are NOT secure!
Anyone can fetch your card details just by tapping on your wallet. FYI, some foreign payment gateways can charge your card even without your CVV number.
#2 Transacting Online: No matter how secure a website maybe, your card has every probability to get compromised one day or other. I believe my case falls in this category. I’ve used my Amex card in couple of websites and it seems somewhere the data leaked out.
I knew this would happen some day or other to me and so i purposely use Amex cards on new/less popular websites, knowing that i’m gonna loose a bit on Markup charges of Amex over other cards i have. However, i use only in places where the charges are small and when i feel paying few hundreds extra is okay for a peace of mind.
When the charges are high, i always prefer my other low markup fee cards and charge through PayPal wherever possible as its one of the most secure platform for foreign payments.
Pro Tip: Replace your card every year if you use them a lot.
Bottom Line:
American Express has one of the most friendly guys around when it comes to fraud prevention, handling disputes & card replacement anywhere in the world. This is possible because American Express deals directly with merchants as they themselves act as a card issuer/card network/bank, etc.
It seems many others experience the same as well when it comes to Amex as you could see one of the tweet here:
So if you travel a lot or spend on many foreign websites, go ahead and apply your American Express Credit (or) charge card and stay safe. Here are some of the Best Amex Cards:
Have you ever faced fraudulent transactions on your credit card? Feel free to share your experiences in comments below.
Hi sid
Thanks for sharing your experience. Hope all of us are vigilant and don’t ever have this issue.
A few tips from my experience:
1. Turn off international usage through netbanking if you don’t forsee usage for a few months. Also set limit on your credit card further lower than your actual limit through netbanking. You can always instantly turn it back on. You may do this for your second choice cards in your wallet keeping your go to card fully available.
2. Try using virtual debit cards online issued in net banking (I’ve used this from sbi) on websites which you may have a doubt. These are debit virtual cards issued by blocking an amount on your account which you load in the card. And can cancel as soon as the transaction is done. Balance amount is released instantly. Card is destroyed (virtually 😀). You can always get another virtual card instantly or hold multiple virtual cards at a time.
3. Avoid sites which you thing are not trust worthy altogether. Simply not worth it.
Virtual debit card is a good idea. At one point of time, i was a fan of HDFC Netsafe cards.
Thanks for the inputs, will update some of these points to main article 🙂
HDFC Netsafe cards are not available for Diners Card
dear sid ,
we can protect our contact – less card just by wrapping a peace of aluminium foil on it , if we wrap the aluminum foil on card the NFC chip embedded in card will not send or receive any signal , it is most cheapest way to protect our contact-less card.
It is there, but it can’t be practically put into use.
There are now sleves available to protect NFC cards from cloning. Just keep your card in the sleeve. It’s pretty thin. And does not add bulk to Ur wallet.
Hi,
For SBi credit cards there is a option of deactivate international usage. Will it stop online transactions also from fraudsters? Any info on this.
Regards
Yes it does. But it doesn’t work for those who actually do valid Foreign txn.
Had one fraudulent transaction with HDFC in the past and the process was to download the dispute form and send it to the concerned team. Mind you, this is after informing them. The transaction got reversed in the next statement but I still had to pay for it since it got billed in the current statement. In addition to that the tension of whether they’ll accept the dispute or I have to follow up again. Amex scores high on both these aspects.
Mine got credited to the HDFC card within seven days after mailing the dispute form.
Great to see such class of services from Amex.
I loaded Rs. 10,000 from my Mom’s HDFC credit card to Payzapp account which got declined. Payzapp also gave me a refund id and also told me to do a chargeback. Since than I am waiting waiting and waiting. After 3 months HDFC replied my e-mail and said I have utilized my Rs. 10,000. Same on them. I don’t know what to do ?
Escalate.
Citi and SC are pretty close in issuing chargebacks. Citi does it over an SMS. HDFC is worst in this regard.
BTW, for a charge that small, you’ll most likely never lose a case as the merchant might never fight back unless it’s a part of a coordinated theft card use on their website. It costs $15-20 for a merchant to fight back a chargeback case, they only do because if there are too many chargebacks they’ll lose their merchant account and forever be banned.
So for a $15 charge, don’t expect a fight back, especially if it’s a one-off theft issue.
Maybe Citi, but not SC as one of the reader said he was struggling to get back 1.5L on some txn.
To saveguard contactless credit cards, new money wallets coming with RFID block option which may help to prevent stealing our card number. But I’m not sure how much helpful it will be.
Here is some steps I follow to prevent fraud / cloning of cards …
1. Keep International Transaction OFF if your Card allows so….like Hdfc
2. In Indian sites, always use OTP option rather than Visa / MasterCard password to prevent recording of Keys input via KeyLoggers.
3. Only in case of a location, u have Weak Telecom signal that can’t assure OTP SMS, use the password system …. Even in that some cases, work with an option of Virtual Keyboard which has random Keyboard layout… ( This not tested but was suggested by a Frnd)
4. Cloning of Magnetic strip part will be over soon….as all Cards (Old CC or Debit ) are required to have chip based feature by next Fiscal year as mandated by RBI ..
Till now don’t have a ContactLess card…so can’t comment on that… Some users have mentioned few methods above..
got a refund through Amex dispute team for a transaction that went through with CIBIL. I was neither provided the CIBIL report nor a refund even after 2 weeks of payment. So, raised a dispute with Amex team and they credited it back to my card account.
This happened to me as well with CIBIL. CIBIL support is one of the worst in the planet i’ve ever seen. I didn’t get the report for more than a week despite lots of follow up. Not even a SINGLE email response. Their phone support is useless.
A dispute with HDFC made them reply within 48 hrs 🙂
Sid,
Let us assume we dont physically carry and cards but have them on Samsung Pay and we switch off data when out of home, apart from when using the cards, would that help?
Regards
It should. As long as Samsung Pay is not compromised 🙂
Samsung pay works even without data.
Citi is also good. I had a fraud transaction of Rs.1499 on one of its card. I called the customer care i was told to send the dispute charge form and not pay the amount in my statement. Mind you. They tell you that it may take 6 months to verify the transaction and if after that they found it is not fraud they will bill it. Anyhow i was not billed. They also immediately replaced my card but i was charge replacement fee.
6 Months!!
Btw, Amex don’t charge any replacement fee.
I have been using cards since 4 years now. I am lucky that till no I have not been subjected to fraud transactions. But yes, with the usage of cards increasing drastically, we ought to take steps to prevent it. The way, Siddharth and a few other readers have been boasting of these cool customer friendly tactics that AMEX shows, I’m more and more considering having an AMEX card. Will sure apply for one next year.
My strategy is very simple:
1. If I see PayPal as an option to pay, I ALWAYS use that. Services like PayPal, make the internet safer.
2. I NEVER risk using a card on a website if I don’t know if the website is a reputed one or not.
3. I NEVER use a debit card for International Transactions if I don’t get the PayPal option. (This is irrespective of how reputed or trustworthy the website is.)
4. If you go on a foreign trip, it is ALWAYS advisable to update your travel plan (country of visit and duration of stay) with the bank whose credit and debit cards you might use. Yesbank and HDFC Bank, both allow that. I’m sure most banks allow that.
5. Always use features like Netsafe from HDFC Bank. HDFC however doesn’t allow Netsafe Cards to be generated for HDFC Diners Card.
6. Avoid SMS based OTP as 2FA as they are inherently vulnerable to MITM attacks. Always use Password Managers and with that change the VbV/3D Secure passwords regularly (monthly/weekly) and use that to fill up the password. You don’t even have to type the password.
Steps that I’ll take from now on:
1. I’ll disable international Usage on cards which I don’t use for international transactions.
2. I’ll reduce the spending limit on the card if possible.
4. I did once with HDFC but they just didn’t listen to me or noted anything. Just got “okay okay”.
Btw, you should get AMEX if you travel often. They’ve good deals every now n then – both Domestic & International.
HDFC allows you to update your travel plans through Internet Banking. One of the most convenient ways to let a bank know. Do have a look at that feature. However, Yesbank executive told me whenever you go, call us and let us know the international number where we can contact you during your duration of stay.
Alright, let me try both during my next trip!
Hi Siddharth,
I also faced similar issue few days back, when my Citibank card was used by somebody from Central America. I called up Citibank line. Who immediately took action on it, blocked my cards and explained me everything and lastly that Citibank will not charge me anything.
But my only question is whether such friendly and fast action is taken by our Indian Bank Cards?
A big NO.
Would advise readers as well as Abhishek that options #1, #3, and #6 in Abhishek’s feedback are wrong.
PayPal is a big target for hackers. They get hacked every few months. Then you leave it to chance as to whether you were a part of the dataset that got hacked versus not. This is NOT a safe option.
And SMS based OTP being hijacked by hackers is a very targeted scenario that is also very difficult to perform. Therefore OTP IS ACTUALLY the safer option. For VbV password, being compromised by a keylogger is a MUCH easier attack to execute. In fact, many people have Trojans and keyloggers on their computers and never even come to know.
There is no financial organisation in the world that is not the target of hackers. Paypal too might be the target but that doesn’t mean they are unsafe. They have one of the most secured payment network in the world. I have been using their services for the last 7 years. Back then I didn’t have a credit card. Had to use debit cards with Paypal Account. I have never got my data breached trough a Paypal Network hack. Yes, as all social media websites, Paypal too has username and Password that is vulnerable to Scams and Frauds. But then those who don’t know the very basics of protecting their accounts online, shouldn’t even try online shopping or transactions. I’ll bet my money on PayPal rather than using my card naked on any third party website any day, who will have all the information to rob my money any day should that company’s website get breached.
Regarding Keyloggers- The very computer that has trojans, viruses and keyloggers is inherently unsafe to say the least. OTP based 2FA won’t prevent a thing. I’ll rather not suggest any user to use such a computer for any online transactions. Having said that, if you read my earlier comment, I never said, you’ll have to type in your VbV/3DSecure passoword. I said to use Password Managers like LastPass/1Password. You NEVER have to type in anything. Those programs fill up the password for you without any keystrokes. I have been using these kind of software for 3-4 years now. I know what I am saying. It’s a free world I understand. I respect your views too. A reader should do what he thinks is safe. But I assure you that the measures that I suggested are time and situation tested.
Hi guys,
I’m following your posts and replies for a while now.
As with fraudulent transactions I haven’t had any.
But off late after Samsung Pay launch in India, I’ve been a fan of the same and people ask is it possible to transact without physical card. They feel like it’s magic.
The best part is that it works even with airplane mode on in phone.
Today a fraudulent transaction happened on my SBI Card.
I woke up and saw a message saying:
USD11.99 was spent on your SBI Card no. ending XXXX at M & N Technologies on 11 Sep 17.
Called customer card and got the card blocked. Inorder to revert the charge, i need to download a dispute form itseems and send it to SBI by email. It would have been easier if complaint taken either in online or by phone.
And i rarely use my credit card other IRCTC website. Recently i used it on Amazon.
@Abhishek
Abhishek, you’re a doctor by profession and I’m a cybersecurity expert by profession. For a moment, think about how a doctor would consider medical advice from a patient or one who is trying to self-medicate. Secondly, in general, there’s nothing wrong about being wrong once in a while. It helps learning rather than living with a blind spot that leaves you exposed and unknown to dangerous misinformation.
Any case, the password managers you mention can be hacked with a 14 line script. In fact, if you were to go through reputable publications even they recommend against using those.
The OTP that you loathe is generally valid for only around 5 minutes and hence limits the time window of opportunity for the hacker. The idea in general is not to defeat the hacker, because you cannot. The battle is too tilted in the hacker’s favor. Therefore, no method is hack-proof. Rather you need to go with a method that limits the window of opportunity for the hacker as much as possible.
Further, there is no need to use card details directly on shady websites. You’re safer using a one-time card like one of the other readers suggested.
Lastly, do keep in mind what I said about Trojans, keyloggers, works, etc. They could be even on your computer without you knowing it for years. You might assume that you’ve not had a problem for 4-5 years and you might still have one on your computer. Hackers might not regard this current time and situation as the right time to strike so they like to stay hidden in the background until the time is right. For all you know, you might be too small a target for them as well and in that case would rather use your computer to participate in larger attacks against other high-value targets than simply steal your card and related details and set off an alarm that alerts you.
I am not disputing what you said. Yes, Password Managers can be hacked as I mentioned earlier that no organisation or application is immune to hacking, however I’ll like to believe that it would be only if you are a victim of targetted hacking. For most of them like me, Password Managers work just fine. It is totally an individual choice as to whether one prefers OTP or 2FA through a defined password. Each has it’s own pros and cons and thus the usage has to be prudently based on those points. Besides, the concept of 2FA through VbV/3D Secure/ProtectBuy/Safekey is only valid on Indian Websites. They don’t hold any significance on foreign websites as you are directly charged for that. So either way, the computers which have so called trojans and malwares are not protected by those 2FA through OTP as the information might have already leaked to the hacker I guess which can be used to do transaction on Foreign websites.
One time cards don’t work in websites where you have subscription models. The reason being, the moment you add the card, most of the websites initiate a charge that is for authentication purposes. The problem with OT Cards is that they are rendered useless once that authentication was done. So that won’t solve the purpose. Besides HDFC Bank doesn’t provide Netsafe or OT Cards for Diners Card holders. So it doesn’t solve MY purpose. Apart from HDFC Bank I don’t know of any other bank that I have credit card with, which allows the creation of One Time Cards. So, in almost all cases we have to use the original card itself. This is the reason I’ll anyday use PayPal.
Regarding Keyloggers, I do understand that they lie dormant for years together but the thing is for those people who have been unlucky in the first place, one can avoid the installation of these software by being a little more careful and I am sure, until you are a targetted victim, you can avoid most frauds via vishing or phishing. What I do is I personally format and boot a new version of OS every 1-2 years. These all steps might not be sufficient, but then the purpose was never to defeat the hacker, the purpose was to make the process difficult and unattractive for them.
Hi ,
I too faced one fraud transaction on my CITI bank credit card 3 years back.
Some one booked multiple flight tickets for Dubai from my card. It was booked around 3 AM in morning IST>
So i was not able to track it. Also i did not checked the SMS for next few days.
Buy when i come to know after 5 days i called CITI bank and they blocked the card and raised dispute of transaction.
Also they credited same amount to my card to settle the transaction for once.
I requested me to wait till 90 days ( Max ) to get it resolved. I also raised this case in cyber crime branch .
I was lucky enough that case was settled by citi bank itself in my favor, thats saved me any further trouble.
But i found out that citi bank was very active to handle this case and was supportive.
Thanks
Shashi Gupta
Hi All,
I had a fraud transaction on 6th september in my RBL cfun credit card. “A charge of USD 1046.09 has been initiated on your RBL Credit card ending with XXXX at PAYPAL +POWAHOWSE”. I blocked the card and then raised a police complaint. Attached the police complaint and the dispute form and sent an email to [email protected].
Initially they would provide temporary credit to your account and they would do the investigation. Until now they have not yet provided the temporary credit. Shall wait for another 3 days and escalate it to the grievance team.
When i went to the cyber crime office on 6th, the police person was mentioning that i was the 6th person to report the false transaction in RBL card that evening.
Kindly disable your internation spend option. Its a learning for me.
Hoping the issue is resolved at the earliest 🙂
I have Disabled International Transactions on my HDFC Credit Card via Netbanking Login.
I am not sure but could not find such option in ICICI
Just for Update…. there is INTERNATIONAL TRANSACTION – Enable / Disable option for YES Bank Credit cards in Netbanking…
This is an Important feature…. easily done in HDFC & YES based on my experience….
Others Bank need to provide this feature too
This is very common way of fraudulent charges..I work in cyber crime division of private bank and come across many such cases either in ATM or by online..best practice is to disable international transaction when you are in India as there is no second factor authentication
Yes.. I do agree that the AMEX guys are the most friendly when it comes to the quality of customer service; prompt & courteous response are their forte!
Now regarding the fraudulent experience; I have my cards protected with the CPP & with a nominal charge of around 1500 bucks a year it gives me a total mental peace. Few years back at midnight I got a SMS that my Citibank card has been used for US $ 2000 at a place in Nigeria; at that very moment I called the customer care & blocked the card & raised a dispute. I also contacted CPP & they sent some forms which I filled up & couriered at their Gurgaon office; within 5 days my account was credited from the insurance policy of CPP for 2000$. I paid my Citibank dues with that money. My followup went on with Citibank (though not a very quick one) but yes after almost 2 months Citibank agreed that it was indeed a fraud & the charge was reversed to my account. Once reversed I returned the money to CPP as well.
One more experience, though not of fraud but of excess payment (paid thrice, due to failure of payment gateway) through my IndusInd Iconia card. God.. had to chase them like anything for more than 2 months to finally get my excess payment back to my account. When I say about the AMEX customer service as the best one, should also iterate that the worst is IndusInd service.. have planned not to use the card ever !
I Have disabled my other cards for international transactions. Citi bank cust. care team told me they cannot disable usage on International E-Comm sites, as they dont have such provision. Sounds strange.
Some major issue with Amex Security it seems….
My friends Amex Card again hacked & fraud tranx done…
It has happened to him 3 times in last few months.
Yes, same happened to me. And it’s too frequent nowadays, 6 fraudulent transactions(including supplementary cards) in last 3 months and they just keeps replacing the card. The bad part is last fraudulent transaction happened on amazon.in(domestic), where no OTP required only postal PIN needed. Not sure, but it seems like card details getting leaked from their own staff. Few times fraudulent transaction is successful on old cards(which are replaced by new card).
What is with this PicCode system on Amazon ??
Why no OTP type system ?
Hey guys is there any way we could get points for LIC premium payments by using some other wallet site or through some other method? I’ve to pay premiums of about 4L and AMEX doesn’t give points on insurance payments.
There is a wallet option in payment gateway of LIC but it supports only wallets with limit of 20k like jio money, idea money, M-pesa, Airtel Money and jana money.
Anyone know any hack for it?
Same issue with my AMEX where i was charged 10.99$ for Amazon membership in US. I called AMEX and within 10 days i had reversal for full amount and replacement card in 2 days.
Had a fradulent transaction with my Indus iconia amex card a week back for around 53k! from Indonesia! Since the merchant has not claimed the amount till now credit limit is blocked and bank cannot accept the dispute form, after 30 days still if the merchant doesn’t claim then transaction will be reversed! Always better to disable international transactions to be safe, as bank tells no OTP or e secure password is required in some international websites. Amex co branded cards still has less security i feel!..
I would like to share recent experience….
I have been using Amex for more than 3 years. No problem at all.
Currently using Amex Platinum Travel Card, last month got an email from Amex fraud team to contact them immediately, this was at 3AM. I called them first thing in the morning when I saw the email.
Got to know there were some fraudulent transactions which they said they declined, which happened on my old card which was cancelled but not blocked, as I asked them to issue me a new card because of the wear and tear of the card.
So Amex security team, immediately cancelled my card and said will issue new card. Now I thought this will be regular procedure of issuance of a card. But NO, they said it will be new account all together..
Now what has happened, things like my credit review which was supposed to be done within 6 months,( was due in July) didn’t happen, as they treat this as new account all together.
Also they will be charging annual fee towards card , I was supposed to pay Rate 5000+ get as renewal fee ( I was thinking of waiver , as spent more than 16 lacs) , they say they will charge RS 3500+ tax as it’s First Year fee, and not renewal.
This fraudulent transaction certainly has complicated things for me for sure 😊