One of my friend recently became a victim of phishing attack on credit card. Here is his experience. Recently I became victim a phishing attack in my credit card whereby $1000 were taken out from my card. I received an OTP for the transaction and immediately the amount was billed to my credit card. I have not revealed the OTP to anyone and the transaction was automatic to a vendor alias Emirates.
I have made the complaint to the bank immediately (within 30 minutes, the customer care are extremely hard to reach) and they have raised it to disputed transaction. My two questions, if you have been in similar circumstances :
1. My credit card was auto saved in renowned apps which I assumed safe Amazon, Flipkart, Big Basket, Grofers, Paytm and PhonePe. So does one or these app have compromised the security of my details or the Credit Card issueing Bank is at the fault as OTP was automatically read. (I use an Android mobile and also have Norton software installed for phishing, scams and virus)
2. What could be the resolution in this case from the banks point of view as the payment was made without my consent.
The amount is quite a big. RBI says that if reported within 24hrs the maximum liability of credit card less that 5 lac limit is ₹10,000. Since they have also added the amount in monthly statement, despite assurance that the amount shall not be billed.
Here the answer would be;
1) Contact emirates, tell them it is a fraudulent transaction and ask them to cancel it and refund amount, attach a copy of FIR. If it works, it is the quickest way to get your money back. No business wants to get stuck in disputed transactions.
2) If you’re on Visa, claim ‘zero liability’ (Google it). Visa also refunds money in case of fraud ( that’s why banks issue visa credit card and MasterCard debit cards). Please share your bank / card variant details for more precise information
3) Ask bank for protection coverage on disputed amount till dispute is resolved. They should entertain this request.
4) Reduce credit limit in cards
5) Do not save card information on apps. Dunzo database was leaked this year. Uber database gets leaked every now and then. These companies hide such leaks as long as they can.
Similar Stories of Phishing Attack on Credit Card
It is a not an new incident. Another friend of mine had a similar incident. Here what happened to him few days back. For him 2 transactions and no OTP. Transactions happened on international websites, it seems no OTP required.
By the time he checked my mobile there were 2 fraudulent transactions happened. He immediately called customer care and blocked my card. After 3 days 1 transaction was billed and raised dispute for the same and other was in pipeline for clearance I raised dispute on that transaction as well later. After ~10 days the billed amount was returned and after ~15 days the pipelined amount also removed. IMO It all depends on bank to bank how fast it will get clear.
When I shared these experiences to my friends, another also posted his issue that happened sometime back. “Same thing happened to me an year back with SC credit card ($1000 and $100). I raised a complaint. $1000 transaction did not pass through (not claimed by merchant) so no problem. $100 transaction was billed, I have paid the amount and it was subsequently accepted as a fraudulent transaction and amount was adjusted against the next month bill.”
Get Money Back from Phishing Attack on Credit Card
First of all Otp is an India thing, international transactions do not require any form of otp, they only need a cvv which many websites store automatically for future transactions. Credit Card or Debit Card if used in International Transactions then OTP not required and bank will say it is as per RBI guideline for international transaction when you question them then they will suggest you about blocking International Transaction on Credit and Debit cards.
First immediately call customer care and block card.
Then raise dispute for these transactions.
Keep all the details of the transaction along with times and amounts. Then you can jot down who all in the bank you had interacted in this regard.
After a week or so, initiate mailing them for resolution informing them that your card is indian and you were india at the time of transaction.
After one month, if the bank is not responding, you can put up your grievance to Ombudsman with all detail. You can send all copies of communication in this regards.
Before going to ambudsman, as a final chance you can write to bank telling that you will be approaching Ombudsman if the issue is not settled. Generally this works.
In fraud cases it is required to build your case file from ground up. So maintain copies of all interactions etc as proof as these will support your case.
Four Tips To Prevent Phishing Attack on Credit Card
First and foremost disable international transactions on your credit card immediately. Most companies have easy UI that enable you to do this with a simple click. You can set very minimal limit for the transaction and keep it locked. Before doing the transaction, just unlock for 20 seconds and then keep it locked, afterwards.You can use the options available in the credit card website/mobile app to block international transactions and keep all other domestic transactions to a very low amount.
Secondly set a transaction limit on your credit card with an amount you feel comfortable.
Lastly try and memorise your credit card information and make it a habit to enter them all the time.
Your card information with be safe with a PCI-DSS complaint client hence check for the same before saving your card information.
Don’t give sms read permission to any app specially app like truecaller etc. They can sniff your msgs without you getting it noticed.
You can remove your saved card details from any shopping websites such as Alibaba.
Read this book on Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground.