HYDERABAD: If you thought your credit and debit card details are in safe hands, you’re probably wrong. Many websites offer such data, and one of them, accessed by Express, sells this information for anything between $5 and $30 (Rs 350-Rs 2,140) depending on whether the card is a Visa, Rupay, Mastercard and so on.
Cardholders’ locations are segregated based on pincodes, and a quick check for five localities of Hyderabad brought offers to buy data of at least 30,000 cards. This means more than one lakh Hyderabadis’ card details could well be up for grabs.
The five localities checked for on the site were Banjara Hills, Madhapur, Somajiguda, Begumpet, and Afzalgunj. Express is withholding the name of the website keeping public interest in mind.
The details displayed on the site included the type of card, expiry date, and price. The CVV is provided when one buys a card. Most cards are pegged at $30, and payments are accepted in bitcoin, which is untraceable.
What about OTP?
One would think most transactions require an OTP, thus providing ample security against fraudsters. But that is not the case, says security researcher Rajshekhar Rajaharia. “Hackers can use these cards on some international gateways that don’t require an OTP. Someone can make a transaction using just the card number, expiry date and CVV. Majority of them use these cards for online advertising websites.”
As for how the hackers get this confidential information, Rajaharia said, “The security infrastructure in our country’s retail chains is vulnerable. They add malicious card readers to ATMs and in retail stores. Many of these websites also leak financial data.”
Besides selling credit and debit card details, the website accessed by Express even provided tutorials on how to clone a card. Rajaharia urged the government to ban these types of websites.
When contacted, IT and Industries Principal Secretary Jayesh Ranjan said, “It is well known that the banking sector keeps facing malicious attacks. Since it is a pan-India issue, we will wait for the Central government to give us an advisory on the matter.” A few weeks ago, the Reserve Bank of India (RBI) told banks to ensure customers’ debit and credit card data were secure, and asked them to investigate reports that said details of 1.3 million accounts were available online.