Friday, July 17, 2009

It’s illegal for vendors to collect credit card nos

Have you ever handed your credit card at a retail cash counter and noticed the executive jot down your 16-digit card number? If you have, the practice is illegal.
Drawing attention to it, S K Virmani, project manager at the Delhibased National Consumer Helpline, a project supported by the ministry of consumer affairs, says certain shopping outlets—not just local grocers, but even a few large retailers—collect customers’ card numbers. They supposedly store the numbers in their databank to recall them in a dispute, says Virmani, although all transaction details automatically get generated at the bank’s end.
“In my view,” says Virmani, “this is an unethical practice as it is not secure. Accordingly, the issue was escalated by NCH with credit-card issuers as well as merchants.” Virmani illustrates the security threat with an example. Suppose you buy a television set. Now, you would anyway list out your particulars for the warranty card, like your name, address and mobile number. Along with your card number, a lot of your sensitive information would be out there in the open.

Sanjeev Talwar, also of NCH, says the data could be misused for online transactions, which so far require the 16-digit card number and the three-digit card security (CVV) code.
It could be misused in other ways too. A senior Mumbai banker adds that the database could be sold to marketing agencies looking for consumer history. “Some agencies may collect (consumer) footprints. It could be useful for marketing research,” says the banker. All this, without the consumer’s knowledge, leave alone consent.
K Unnikrishnan, deputy CEO at the Indian Banks’ Association, says that earlier when one’s card was swiped on the point-of-sale machine, the printout generated would display the entire 16-digit number.
After online shopping took off, the printout started displaying just the last four digits of the card number as a security measure. “The 16-digit code is difficult to memorise,” says Unnikrishnan.
Senior Delhi and Mumbai bankers and a banking ombudsman official TOI spoke to, confirm that no retail outlet can ask for card details. Even card-issuing banks themselves are disallowed from sharing customer data collected for know your customer or KYC purpose.
RBI’s master circular on credit card operations of banks issued on July 1, 2009, specifies, “The card-issuing bank/NBFC should not reveal any information relating to customers obtained at the time of opening the account or issuing the credit card to any other person or organisation without obtaining their specific consent…”

Source: Times of India, Mumbai Edition

No comments:

Post a Comment