The 10 Commandments of Payment Security

If we want to beat the fraudsters, we need to all pull together to help reduce any ‘chinks in the armour’. There are a number of things that consumers can do to help protect themselves from being the targets of criminals.

Here are the ’10 Commandments of Payment Security’:

1. Thou shalt not give away your PIN to anyone, ever

It might sound like the most obvious piece of advice but it’s remarkable how much fraud takes place because people are lax with their PIN. Nearly half (47 per cent) of consumers in the US have told someone else their PIN, while globally it’s around four in ten, according to research conducted last year. Never reveal your PIN over the phone or in an email from anyone purporting to be your bank – a genuine communication from your bank will never ask for your PIN.

2. Thou shalt browse carefully and not open suspicious emails

Malware is a growing problem as more and more of your banking goes online. Figures from Financial Fraud Action UK show online banking fraud hit 32.35 million dollars (£29.3 million) in the first half of 2014, a 71 per cent year-on-year increase. Malware can enable the fraudster to use a number of ways to steal money from you and the key is not allowing the program onto your devices in the first place. This requires vigilance, using secure browsers, not opening suspicious looking emails and being careful with pop-ups; all of which could let a rogue piece of software onto your device.

3. Thou shalt not carry out a test transaction on behalf of anyone

An example of the kind of ‘vishing’ scams that are a growing threat. Consumers can be called up by criminals who will say there is something wrong with their account and a ‘test transaction’ is needed. Your bank would never ask you to do this and you should report any such requests to your provider immediately.

4. Thou shalt not hand over personal or banking information

While your PIN should never be revealed to anyone, you should also keep all your Personal Identifying Information (PII) safe. Emails and cold calls requiring you to hand over information should be treated suspiciously.

5. Thou shalt only use the bank’s official mobile app

Browsers are inherently less safe than a secure app, so it pays to access your mobile banking services via the app and not through the browser. Even then, however, consumers must be vigilant and not assume the app will be 100 per cent secure. Research from software analysis group CAST warned of deep structural flaws with the actual coding in mobile banking apps, revealing that almost three-quarters (69 percent) of financial services apps have data input validation violations. Also be cautious that the app you are
downloading is actually from your bank – look out for the publisher and also how many people have downloaded it and reviewed it.

6. Thou shalt not let your card out of your sight

The days of waiters wandering off with your card in a restaurant may be long gone in some countries, but it’s not unusual elsewhere. Particularly if there is no EMV in place, you may find that people take your card away to swipe it. If your card is EMV, it should be impossible to use in an EMV country, but if it is skimmed the details could still be used abroad or for fraudulent card-not-present transactions. It’s important to stay vigilant and try not to let the card out of your sight.

7. Thou shalt shield your PIN at ATMs and POS devices

Stand close to the cash machine or point of sale terminal to stop your PIN being seen. “Always shield the keypad with your free hand and your body to avoid anyone seeing you enter your PIN. This will protect your PIN from anyone who might be looking over your shoulder, and also help to keep your PIN safe if a fraudster has set up a hidden camera that is filming the keypad,” advises Finance Fraud Action UK. But as we looked at earlier this year, a simple infrared camera device attached to an iPhone is enough for some fraudsters to find out your PIN after you’ve used an ATM or POS.

8. Thou shalt keep the check book safe

Checks are used less and less, but that doesn’t take away from the threat they pose. In fact as we use checks less frequently, we are not as likely to spot when the book has gone missing. Check fraud is an old sort of crime, but it is no less of a worry because of that.

9. Thou shalt check statements

One way consumers can really play their part in the security cycle is to check statements regularly. You can play your part by helping to identify any fraudulent transactions, and it means you can report it to your bank or credit card company before the losses start to mount. If you use a mobile banking app, check it a few times during the month to look for anything out of the ordinary.

10. Thou shalt report any suspicious activity immediately

Following on from this, consumers have a duty to report fraud as soon as they spot it. It helps financial institutions locate points of compromise more easily, and plays a vital part in building up our dynamic fraud picture which we use to prevent future incidents. Ask your bank if they have any of the modern applications that allow you to actually report fraud to them via their mobile app, or even set your own risk limits for how you choose to use your card. These can give you the extra protection of knowing your card can only be used how you deem acceptable – i.e. no large online purchases.

Written by David Divitt