Find Article by Date
Sun, 10 Apr 2005

JP/Plastic money omits hassle, create nuisance

Plastic money omits hassle, create nuisance

Urip Hudiono, The Jakarta Post, Jakarta

When credit cards first appeared, people eagerly applied for them, delighted with the concept of a single card replacing bills and coins.

But along the way, the downside of plastic money became all too clear, with complaints of debt-snaring interest-rate schemes, lousy billing systems, aggressive marketing and debt collection cases increasing by the day.

Another major headache for card holders, issuers and merchants as well, was the rising incidence of credit card fraud.

Data from the Indonesian Credit Card Association (AKKI) shows that losses from credit card fraud in the country amounted to some Rp 40 billion (US$4.3 million) last year. Although that figure is down from Rp 60 billion in 2003, an alarming number of cases continue to be reported to the association.

In light of this, major credit card issuers in the country have upgraded their security systems to protect their customers -- as well as their own businesses -- from fraud.

The central bank also issued Bank Indonesia (BI) Regulation No. 6/30/PBI/2004, requiring card issuers to take a number of security measures, apart from implementing a risk-management system.

The Hongkong Shanghai Banking Corporation Limited (HSBC) Indonesia, for example, implements an "early warning system" within its electronic transaction system to detect any possible "hits" against its customers.

The system, HSBC marketing manager Ichsan Tobing said, was constantly monitored and upgraded by the bank's global security analysis team.

"The team is always on guard for any novel fraud scheme and immediately adds that to our prevention system," he said.

Meanwhile, almost all card issuers request merchants to call up and verify, first hand, any suspicious transactions -- particularly those that involve the purchase of expensive items -- to the customer.

Nevertheless, even with such sophisticated systems installed, security measures are only as secure as their weakest link, which many experts say lies in the credit card holders and merchants.

"Security systems can be hacked and beaten, but it's much easier to manipulate the (credit card holder's) lack of knowledge and precautions," Yudi (not his real name), a former "carder", told The Jakarta Post.

"One of the most basic precautions, is that they should never let their cards out of their sight mid-transaction," Yudi said.

Transactions at a merchant with a doubtful reputation should always be avoided, he said, as its employees might be part of a credit card fraud ring.

If that was the case, Yudi explained, the customer would likely fall victim to a "skimming" scheme, whereby data in the magnetic strips of credit cards is read off using electronic equipment -- the size of which can be as small as the palm of one's hand.

Another scheme is "chipping", whereby a card reader is implanted with an electronic chip to record the data of any cards swiped.

Meanwhile, with the use of credit cards becoming more common for online transactions, fraudsters have also resorted to "phishing" techniques, whereby they claim to be card-issuer employees, contact unsuspecting card holders by phone or e-mail, and trick their way into obtaining personal data.

"Card holders can actually avoid phishing schemes by simply ignoring any such phone calls and e-mails, as card issuers and merchants never ask for card numbers, expiration dates, dates-of- birth, or mother's maiden names through phone or e-mail," he said.

Yudi said that if card holders needed to do online transactions, they should do it through a secure website -- which usually shows a lock on the browser -- and on a private computer.

"A public computer, like at an Internet cafe, might be installed with spyware that reads anything you key in," he said, adding that he used to obtain credit card data through such a scheme.

Meanwhile, on the part of the merchant, Yudi explained that they should use software that can verify that a card's country of issuance matches that of where an online transaction is made.

With the potential loopholes in the magnetic strip card, Bank Indonesia has required all card issuers in the country to gradually replace their customers' cards with smart cards that comply with the international EuroPay MasterCard Visa (EMV) standard.

Such smart cards are embedded with data encrypting microprocessors, ensuring a more secure transfer of data.

The AKKI, however, estimates that only 25 percent of 20 issuers are ready to migrate from magnetic strip cards to smart cards.