What is CVV Fraud?
Did you come across an instance where your transaction had gone through without entering the right CVV?
Why the banks are not acting on the CVV fraud even after so many users had complained?
Are the Credit Cards/Debit Cards are secured?
What was all the noise with tokenization if they are not able to validate these basic transactions?
Personal Experience
A week before the same thing had happened I had ignored or maybe I was too busy or distracted to understand what had happened. The reason was the trust factor. We are so much dependent on Tech and our innate nature of validating everything Technology might be the reason I had never thought that Tech will be wrong. I was of the view that I might be wrong or I might not have remembered it properly.
Then I came across a tweet in the last 4-5 days but again I chose to ignore it thinking of one odd case though my subconscious mind tried to relate it with the previous incident of CVV fraud which had happened before since I had less information I had again ignored this tweet.
The day before yesterday (11th Jan 2022) – I was trying to do a transaction. Lately, I was trying a lot of transactions via ICICI Bank Credit Card and naturally the CVV of ICICI Bank Credit Card I was able to remember at the tip of my tongue. While doing the transaction the IndusInd Bank Credit Card was saved in Licious, but I had entered the CVV of the ICICI Bank Credit Card, which was the wrong CVV for IndusInd Bank. I realized my mistake the moment I entered the CVV and I was expecting a payment decline message. Voila to my surprise the transaction went through.
Now, I am scared. The question is if this basic verification can be bypassed, all my Cards are at risk as I had saved my Cards across platforms. I tried digging a bit deeper and I found that this issue is with every other bank and every other vendor. Taken the screenshots from Twitter(publicly available platform). You name it, the brand will be there
Banks/Merchants/Portals/Marketplaces are charging so much as XYZ charges, this basic security check they don’t do, what all with 2-Factor, 3D authentication.
This is not happening with only Indian Banks, there were reports of happening this in UK via JustEat with a card of Barclays Bank
Banks & Entities where issues had happened
ICICI Bank , One Card, Axis Bank, Amazon, Citi Bank, VISA Card, Swiggy, SBM, PhonePay, HDFC Bank, Paytm, Flipkart, State Bank of India(SBI), Barclays Bank, JustEat UK, Zomato, IndusInd Bank, AU Bank, Bank of Baroda, Red Bus
Possible Solution
Best way to avoid this is testing which Cards are properly working with right verification. For this we need to keep on checking all our Cards. Also, if you come acoss some cards which are working with the wrong CVV, then try not to ignore those cards and discontinue the use of those particular set of cards. Avoid using such cards on websites/portals/Apps which are suspicious
Also, enable mobile sms OTP (3-Factor authentication) wherever it is available.
We wonder what RBI(Reserve Bank of India) is doing in such cases of fraud. This is a huge security risk that hackers and some bad merchants are definitely going to exploit.
After this incident, I am too much concerned to save our cards on various merchant sites. At a time, when Technology is upgrading, security risks are increasing. A basic check with CVV would have deterred the Frauds/hackers at the 1st level itself. Rather all the banks in spite of being aware of existence of such a breach, they are sitting on it. Banks and Fintechs had chosen to ignore this issue. If tomorrow money gets deducted from your account without your knowledge, you would know the gravity of this threat. Hope this issue is resolved soon.
Last but not least keep your money/card secure.
#Fintech #CVV #CVVFraud #Banks #Merchants #VISA #MasterCard #Rupay #DinersClub #WrongCVV