• Home
• Services
• Training
• Register
• R&D
• Community
• About
• Contact

Trainings

• Linux Training
• SSCP & CISSP
• CEH

Safe Use of Credit and Debit Cards Online

By ESecurity, 11 November 2018

---

Customers of a well known Pakistani bank came under cyber attack on 27 October 2018. The debit cards of these customers were used for withdrawal and transactions outside of Pakistan. It has been reported that debit card credentials of around 9000 Pakistanis were sold online just one day before the attack. A few days later, more data of customers belonging various other banks were also posted for sale. After the incidence, six major Pakistani banks have disabled foreign transactions for their customers. The cyber attack has therefore resulted in the loss of credibility of the Pakistani financial institutions, and as a result, online and e-commerce business may suffer for some time to come. This will also reduce online economic activity.

The hackers can steal the card details usually from the following sources:

• The customer himself. The hackers can steal card details using social engineering, phishing or skimming at cash machines (ATM). The computer or mobile device of the customer may also be compromised and intruded by the hackers to steal information. These are by far the most common methods by which the customers lose their debit card information.

• Rogue shopkeepers. If you hand over your card to a shopkeeper for a payment, he may copy the details of your card.

• Online shops. These shops store their customers' credit and debit card information in their database for convenience and use in future. An employee may go rogue or the hackers may intrude the shopping website to steal information.

• The bank's data center. This is usually well protected and it is less likely to be compromised.

While reporting the incident, electronic and print media have implied as if the data were stolen from the bank itself. However, according to an assessment and investigation by ESecurity, it is the bank customers who have lost their banking details to hackers either through phishing scams, rouge shop keepers or skimming. Furthermore, the media did not provide any safety guidelines for the public to help prevent such incidence in future. Below, ESecurity describes a few precautions that you should observe to avoid stealing of your financial and debit card, credit card or ATM card information.

1. ESecurity recommends to never use a public computer for any online transaction. Use your own computer or mobile device. Public computers may have malware which can steal your information.

2. The computer or mobile device that you use, should have software installed from the trusted source. Pirated software or software downloaded from unknown sources may have malware and should be avoided.

3. Avoid using computers used by children for play and games for your online banking.

4. You should update your operating system as soon as any new updates are available.

5. Purchase and install a good antivirus software and regularly scan your computer for viruses.

6. It is better that you have two browsers installed on your computer e.g. chrome and firefox. You can use one browser for your day to day browsing and the other for online banking. The banking browser should not have any extensions or toolbars installed.

7. Don't click website links in emails from people that you don't know.

8. While visiting your bank online, always know and type the bank's URL in the browser. Don't click any links to any banks in emails.

9. Only use those websites for online banking, payments, transactions and payments which use https with their website address.

10. Don't reply to any emails that seem to come from your bank. Never provide your banking details to anybody through email.

11. Don't reply and trust anybody who claims to be calling from your bank and asks for your banking details.

12. Use of a credit card instead of a debit card is recommended by ESecurity for online shopping.

13. Online shopping websites usually ask you to store your credit and debit cards online on the shopping website. ESecurity recommends against this and advises to never store your card details online.

14. ESecurity recommends to keep your savings account separate from your current account which you use for day to day transactions. The current account should have only minimum amount of money that you need to run day to day affairs. You can periodically transfer money to your current account from your savings account as per your day to day requirements. Only the current account should be used for online and banking transactions with third parties.

15. Most banks have an SMS service to send an alert in the case of a withdrawal or online transaction. Make sure you are subscribed to this service.

16. Be careful of skimming devices while using your debit card at ATM machines.

17. Know your bank's emergency phone and card blocking procedure. In case you lose your card or find a transaction that you did not carry out immediately call your bank to block your card.