It is about more than just protecting your PIN – Card Data Security
By Riaan Viljoen
Information Security Specialist at Capricorn Group
Payment card fraud has been around for as long as payment cards exit. Initially cards were stolen and used at Automated Teller Machines (ATMs) and shop check-outs or counterfeit cards were created. As a result, banks have traditionally advised customers to protect their Personal Identification Number (PIN) at all costs.
But since the Internet and online purchasing became a viable alternative to traffic, parking lots and long check-out lines, card-not-present fraud has escalated at an alarming rate.
According to a 2017 study, it is estimated that global losses relating to card-not-present fraud will reach more than 70 billion US dollars within the next three to five years.
Bank Windhoek prioritises the protection of payment card data and complies to industry best practice when it comes to information security standards. All our systems, web applications and business processes are constantly being monitored and upgraded or revised to align with our priority of protecting your payment card data.
In 2015 chip cards were introduced to replace mag-stripe only cards world-wide. This has helped in curbing the occurrence of counterfeit fraud, but unfortunately, at the same time it has stimulated card-not-present fraud on the internet, as this became the ‘easier’ way of conducting fraud. Fraudsters do not need to steal a payment card any more, they only need the information.
All that is required to conduct a payment transaction on the internet is the information on your debit or credit card – the full card number, known as the Primary Account Number (PAN), the expiration date on the front, and the three-digit Card Verification Value (CVV) on the back.
Websites have no way of confirming that the person entering the card information for an online purchase is the actual owner of the card. Therefore, it is important to keep the card information confidential. Even during card related queries with your bank, the full PAN should never be communicated in any format.
Sharing only the first six and the last four numbers of the PAN, known as masking the PAN, is key in protecting confidential card data. Below are more suggestions: Never allow your debit or credit card to be photocopied; when destroying an expired debit or credit card, make sure that it cannot be glued or pieced back together again; always keep your Bank Windhoek debit or credit card within view when transacting at any Point-Of-Sale (POS) device. Never allow yourself to be distracted; do not transact on any web site. Spend some time to research and confirm the validity of a web site as a legitimate online merchant with a secure track record and finally be wary of emails and telephone calls requesting personal or payment card information and never click on links in emails of unknown origin.