Credit card risk - Dos and Don'ts on Phones: 5 critical points to note if you don't want to lose money
27.01.2024 - 09:27
/ tech.hindustantimes.com
(The Conversation) Credit card risk - Must Dos and Don'ts: Paying for things digitally is so common, most of us think nothing of swiping or tapping our credit card, or using mobile payments. While doing so is second nature, we may be more reluctant to provide card details over the phone. Merchants are allowed to ask us for credit card details over the phone – this is perfectly legal. But there are minimum standards they must comply with and safeguards to protect consumer data.
So is giving your credit card details over the phone any more risky than other transactions and how can you minimise the risks?
For a merchant to process card transactions, they are expected to comply with the Payment Card Industry Data Security Standard. This is a set of security requirements designed to protect cardholder data and the trillions of dollars of transactions each year.
Compliance involves various security measures (such as encryption and access controls) together with strong governance and regular security assessments.
If the information stored by the merchant is accessed by an unauthorised party, encryption ensures it is not readable. That means stealing the data would not let the criminals use the card details. Meanwhile, access controls ensure only authorised individuals have access to cardholder data.
Though all companies processing cards are expected to meet the compliance standards, only those processing large volumes are subject to mandatory regular audits. Should a subsequent data leak or misuse occur that can be attributed to a compliance failure, a company can be penalised at levels that can escalate into millions of dollars.
These requirements apply to all credit card transactions, whether in person, online or over the phone. Phone transactions are likely to involve a human collecting the card details and either entering them into computer systems, or processing the payment through paper forms. The payment card Security Standards Council has detailed guides for best practice:
A policy should be in place to ensure that payment card data is protected against unauthorised viewing, copying, or scanning, in particular on desks.
Although these measures can help to protect your card data, there are still risks in case the details are misplaced or the person on the phone aren't who they say they are.
If you provide card details over the phone, there are steps you can take to minimise the chance you'll become the victim of fraud, or get your details leaked.
a. Verify the caller
If you didn't initiate the call, hang up and call the company directly using details you've verified yourself. Scammers will often masquerade as a well-known company (for example, an online retailer or a courier) and convince you a payment failed or