Skip to search.
Consumer_Voice_India · Voice of the consumers in INDIA
  • Members Only
  • Post
  • Files
  • Photos
  • Links
  • Database
  • Polls
  • Members
  • Calendar
  • Promote
  • Groups Labs (Beta)
  • Chat

Group Information

  • Members: 785
  • Category: Epinions
  • Founded: Oct 25, 2001
  • Language: English
? Already a member? Sign in to Yahoo!

Yahoo! Groups Tips

Did you know...
Message search is now enhanced, find messages faster. Take it for a spin.

Messages

   Messages Help
Message #
Search:
Advanced
VISA has no answer for security flaws in its Debit Cards   Message List  
Reply Message #855 of 3244 |
Ref: My earlier mail on security flaw in VISA debit cards.

Dear Consumers,

As suggested by one of you, I decided to follow up with VISA on
this. I wanted to get their side of the story on the obvious
security flaw. After much searching on their website, I came across
one email address where I could contact relevant VISA authorities.

Accordingly, I sent a mail to : 'CorpcomAP@...'. It is
pertinent to note that I have received no reply even after a week
(Perhaps they don't have an answer !)

Here is the text of my email:

I was issued a VISA Electron debit card by HDFC bank in India. I
hold an account in the Prabhadevi, Mumbai branch of this bank.

Recently, I lost Rs.25000 on account of a fraud committed on by VISA
debit card after it was lost. After numerous communications with
HDFC bank, who have refused to entertain my claim of disputing these
transactions, I have decided to take up this matter with the
consumer organizations, media and the Reserve Bank of India. Before
I go public with my findings, I wish to know your position on the
following comments that I have about the VISA debit cards:

1. VISA debit cards (VISA Electron, NCASH, etc) do not need entry of
a PIN at a merchant establishment in India. This means that anyone
can use a debit card (stolen, picked, found, etc) without any
authentication.

2. The merchant is "supposed" to verify the signature at the back of
the card. However there is no such obligation on part of the
merchant. Moreover, no one - neither the merchant, nor VISA, nor the
issuing bank assume any responsibility nor liability for any
verifying a signature.

3. So long as the merchant is able to produce a charge slip for the
transaction, there is no liability on part of the merchant (or VISA
or the issuing bank) even though the sign may be anything (not
necessarily matching that on the card). Meaning that VISA will not
do a "charge back" for any such disputed transactions.

5. What exactly is meant by "authentication" of a transaction for a
VISA debit card when no PIN is required? Anyone with a common sense
of security mechanisms knows that electronic authentication is
through a secret key or password. A login id or card id alone cannot
be the basis of authentication.

4. VISA and the issuing banks continue to issue misleading claims
that its debit cards are safe, knowing fully that numerous such
instances of fraud continue to occur daily in India.

Regards,
Bhavin Shah

PS: Thanks to Sucheta Dalal for forwarding the case to HDFC. I still
don't get it - when they openly admit that no PIN is required for a
VISA card, how do they claim that the transaction was "authorized"?
Tue May 10, 2005 6:40 am

Show Message Option
bhavein
Offline Offline
Send Email Send Email

Message #855 of 3244 |
Expand Messages Author Sort by Date

Ref: My earlier mail on security flaw in VISA debit cards. Dear Consumers, As suggested by one of you, I decided to follow up with VISA on this. I wanted to... 		Bhavin Shah
bhavein Offline Send Email 		May 11, 2005
5:38 am
< Prev Topic  |  Next Topic >
Message #
Search:
Advanced
Copyright © 2010 Yahoo! Inc. All rights reserved.
Privacy Policy - Terms of Service - Guidelines NEW - Help