2

Many websites ask for payment by entering information from Credit card such as VISA card/ Mastercard etc. Now, till date I knew that I should never tell anybody about these numbers. Then why these websites ask for credit card details and if (suppose) any of them have a malicious intent, then what can they do with these numbers?

Basically my question is, how it is being ensured that they will take the specific amount of money/ cost upon my consent; and without my consent they will not take money? Will the bank send me some verification code to my phone?

I never yet used online transactions and I am very confused to understand its steps, do's and don'ts etc. I have searched Google and Quora but I didn't find anything helpful.

I would be thankful if anyone can explain how this specific online transaction mode (by entering credit/debit card number) works and how an without-consent-transaction is prevented, preferably via a flow chart.

Many thanks in advance.

Always Confused
  • 145
  • 6

1 Answers1

4

Credit card fraud is a risk managed primarily by two things: chargebacks and anti-fraud monitoring.

A chargeback is when you say "Hey, I didn't buy this." Your credit card will generally refund you the amount immediately and open a chargeback investigation, which is difficult for the merchant to win unless they have a signed receipt. The assumption that the cardholder is right is a powerful tool against merchant fraud.

Similarly, the card brands have invested significant resources into the automated detection of fraudulent patterns. If a merchant you visit does make fraudulent charges, or even just sells/gives your card details to someone else, the card brands can pinpoint the source of the leak by correlating fraudulent card usage against common purchase points. That merchant then faces consequences including fines and revocation of card processing privileges.

The whole credit card ecosystem is about providing reassurance and convenience to both cardholders and merchants. In doing so there are trade-offs - such as your card details being re-usable - but the system works well enough to get along.

gowenfawr
  • 71,975
  • 17
  • 161
  • 198
  • 1
    So its not the bank but the card brand (Visa/mastercard) will take the action? – Always Confused Jun 10 '20 at 18:14
  • 2
    In the case of a chargeback, your credit card provider (the "issuing bank") will investigate and take action. When a card brand detects fraudulent patterns, they will work with the Processor and the Merchant to investigate the cause, and may issue fines. – gowenfawr Jun 10 '20 at 18:19
  • Okay thank you. – Always Confused Jun 10 '20 at 18:20
  • it seems like you are giving your card# to a site or person you don't trust. You might consider an "e-escrow" process for something like that. That's a third party that collects the payment, ensures delivery of product/service, and then pays. – pcalkins Jun 10 '20 at 18:54
  • @AlwaysConfused privacy.com is another good option; create unique one-time or recurring use card numbers with strict limits as to the amount that can be charged. Uses your bank account as a backend. – gowenfawr Jun 10 '20 at 19:09
  • (At least in US) many issuers have an _option_ to text you on all or some transactions (e.g. over $10), allowing you to detect and dispute false charges almost instantly (unless you're asleep or busy). Of course cellphones and SMS aren't very secure either; criminals can easily divert your texts so you don't receive them, and can send you a fake text that tricks you into giving them your password(s). – dave_thompson_085 Jun 11 '20 at 02:52
  • 1
    I suppose the practical takeaways are: if in doubt between credit and debit and bank transfer, always use credit. keep an eye on your statements, report fraud as soon as you find it. report lost or stolen cards as soon as you spot it. you'll be fine. – Pedro Jun 11 '20 at 08:47