Nowadays, we are heading towards a cashless and contactless society. As usual, everything, there are pros and cons.
The pros are we no need to carry tons of cash and it is so convenient to make payments.
However the cons are that the authorities, broadband provider, telcos, and the relevant Apps (e.g. Apple Pay, Boost, Fave, GrabPay, MangoRebate, Samsung Pay and etc, etc, etc) know our spending pattern, location, etc. Basically all our electronic/digital transactions are captured and stored somewhere on planet earth. And if our personal information fall into the wrong hands, habis.
Well, I learned something new in the last few days at Alliance Website when I clicked on an announcement titled “Fraud Awareness Message: The Risk of “Double Swiping”.
“Double Swiping” is the capturing of payment card data encoded on the magnetic stripes of customer’s payment cards at a Point Of Sales (POS) or Electronic Cash Register (ECR) after the first swipe/insert has been made by merchants. Double swiping captures sensitive payment data from the card and exposes cardholders to fraud risk such as unauthorised transactions.
What the above means is:
It is okay for you to insert your credit card into the credit card terminal or use PayWave or PayPass
BUT IT IS NOT OKAY for the merchant to swipe your card with the Point Of Sale (POS) or Electronic Cash Register (ECR).
All retail merchants in Malaysia are prohibited by the Card Association (e.g. Visa, MasterCard) and Bank Negara Malaysia from capturing and storing sensitive payment card data/cardholder data encoded on the magnetic stripes of customers’ payment cards i.e. credit, debit or charge card.
By swiping the card at merchant’s own POS or a cash register, it is possible to get access and store all cardholder data and sensitive authentication data encoded on the magnetic stripe of a customer’s payment card. Cardholder data means any personally identifiable data of a cardholder or the customer. This includes the primary account number (PAN), cardholder name, expiration date and service code. Sensitive authentication data means full track data of the magnetic stripe or equivalent data on a chip, card verification codes and values (CAV2/CVC2/CVV2/CID) PINs, PIN blocks. Storing of sensitive authentication data by merchants after the authorisation of a card transaction is prohibited.
It is not that the merchant will use our data BUT fraudster can install malicious programmes on merchants’ POS readers/ECR to steal sensitive payment card data. The stolen payment card data can then be used to produce counterfeit cards or make fraudulent online purchases. As a result, cardholders may suffer financial losses. There is also the risk that the data stored by the retail merchant is stolen and misused.
So, if any merchant is Double Swiping, you should make known to them that it is prohibited to do so by Bank Negara Malaysa and you should report them.
OTHER RELATED MATTERS
Nowadays, it is not often that I find merchants double swiping. Most merchants’ credit card terminals allow us to perform contactless payments (PayWave and PayPass) for up to RM250.
Most of the time I would rather insert my credit card into the terminal and key in my PIN Number. Oh yes, you must always use one hand to cover the other hand so that others cannot see us inserting/keying in our PIN Number. Please note, there are CCTVs everywhere and your actions are being recorded and you never know, someone may be watching us keying in our PIN Number. Be Kiasu 🙂
However, nowadays, the newer credit card terminals are so freaking huge (as big as a mini Apple iPad) and kind of hard to cover using one hand!!!
I tell you, the best credit card issuer in Malaysia is Maybank. This is because they allow us to set our SMS Default Value to RM1. What this means is that whenever there is a transaction involving our Maybank credit card amounting to USD0.30, we will get an SMS! If you have yet to set your SMS Default Value to RM1, you better to do immediately by calling Maybank Customer Service.
As for other credit card issuers’, most of them won’t entertain our request that the SMS Default Value to set to RM1.
To learn more about Credit Card Security, please click here and read my article titled SMS Alert Updates for your own good.
Another Personal Financial Tutorial by GenX