Beware of Visa electron based debit cards

Posted on May 11, 2005 by Sandip Bhattacharya

Take a look at this post by Bhavin Shah talking about how insecure Visa Electron based debit cards (like my ICICI debit card) are. He has learnt this the hard way when HDFC bank refused to entertain any disputes on a fraudulent charging of Rs. 25,000 on his stolen card.

In short,

  1. You are not asked to enter your PIN while swiping these debit cards.
  2. There is no obligation on the part of the merchant to check the signatures with that on the back of the card.
  3. Banks are not entertaining any disputes on fraudulent transactions on these cards (unlike credit cards).

Apparently, this major security flaw is only in Visa Electron based debit cards. Mastercard’s Maestro requires the card holder to actually authorize the transaction by entering the pin.

As Bhavin rightly mentions in the post:

I still don’t get it – when they openly admit that no PIN is required for a VISA card, how do they claim that the transaction was “authorized”?

Bookmark and Share
This entry was posted in General and tagged , , , . Bookmark the permalink.
  • Anubhav Jha

    Yes thats true, even UTI bank is Visa electron based adn we do nto have any security

  • Anubhav Jha

    Yes thats true, even UTI bank is Visa electron based adn we do nto have any security

  • http://www.niyam.com/ niyam bhushan

    yeouch! even i have a visa electron debit-card, issued from corporation bank. have often wondered how come the only time i punch in my PIN is at the ATM, but never when i make the rare and occasional debit-card purchase. is this security-flaw by visa, by design?

    in any case, i strongly feel both creditcards and debitcards are so ugly-20th-century. ’tis a matter of time before we move on to better methods of transaction, hopefully within the next five years.

    hope. actually.

    regards
    niyam bhushan

  • http://www.niyam.com niyam bhushan

    yeouch! even i have a visa electron debit-card, issued from corporation bank. have often wondered how come the only time i punch in my PIN is at the ATM, but never when i make the rare and occasional debit-card purchase. is this security-flaw by visa, by design?

    in any case, i strongly feel both creditcards and debitcards are so ugly-20th-century. ’tis a matter of time before we move on to better methods of transaction, hopefully within the next five years.

    hope. actually.

    regards
    niyam bhushan

  • http://www.niyam.com/ Niyam Bhushan

    thank for the web, and for sandip’s smart SEO. i just googled for ‘visa electron’ and the *third* entry on the results page shows this entry, right below visa electron on wikipedia, followed by their home-page. i hope that gets them by their goat and propels them to fix this glaring vulnerability. meanwhile, am also going to write them.

    regards
    niyam

  • http://www.niyam.com Niyam Bhushan

    thank for the web, and for sandip’s smart SEO. i just googled for ‘visa electron’ and the *third* entry on the results page shows this entry, right below visa electron on wikipedia, followed by their home-page. i hope that gets them by their goat and propels them to fix this glaring vulnerability. meanwhile, am also going to write them.

    regards
    niyam

  • Anonymous

    Wow about the SEO part! You should search Google for “sify broadband india” and “tata indicom delhi” too. ;)

    And thanks for reminding me to clean up all my markdown text from the blog – wordpress.com doesn’t support markdown, one of my favorite markup languages.

  • http://blog.sandipb.net/ Sandip Bhattacharya

    Wow about the SEO part! You should search Google for “sify broadband india” and “tata indicom delhi” too. ;)

    And thanks for reminding me to clean up all my markdown text from the blog – wordpress.com doesn’t support markdown, one of my favorite markup languages.