Online Transaction Security

(Disclaimer : This post is not meant to promote any specific financial institution, but through the text ahead I plan to brief you regarding banking security features which can be used to your advantage. If you belong to the clientele of any of the below financial institution, please use their security features. These are meant for safety of your hard earned money. The list of features is not exhaustive and more details can be obtained from your respective relationship manager at the financial institution)

It is almost everyday that we come across a news wherein someone or the other, or sometimes a group of people have been defrauded by hackers and fraudsters who hack people’s credit cards or bank accounts, transfer the money and do a Houdini. Sends chill down the spine while we make a beeline to check our accounts. Banks have been adding layers upon layers of securities to ensure that online transactions done by you are secure and you do not end up loosing confidence in online transaction, which will be very bad for bank business as they have to maintain resources to serve customers at their branches. Certain security features if you understand and follow, you should be safe.


I personally carry out lot of transactions online. The very first thing I check is whether url for the transaction page starts with https://. The ‘s’ in https denotes layering of http over SSL/TLS(all the communication protocol jargons which we need not fully understand) which ensures security of the website. If you are on a page which asks for your details for any monetary transaction, stop; check; go ahead only if you find https in the address bar.

Which brings me to the next point

Type the web address

If you intend to carry out any transaction(banking/financial/shopping) from any website, type the url yourself. Do not click on any link that might have been sent by some third party sender. It happens a lot of times that you get an email from certain financial institution asking you to click on a link to access their website, and you do not recognize the source of the email, do not click on such links. The display text of the link might be showing a bank address but the link may actually be pointing you to a fake page which might be developed for phishingFake Site

eg. check the picture

when you place the mouse pointer on the any link in the browser, on the bottom left hand side of the browser window you will get the url to which the link directs. Check what’s displayed if you are not sure about the link.

If you have typed the url yourself then you can be sure that any link leading to transactions page from within that site is authentic. But again check for https.

3 digit security code

The initial security feature introduced in credit and debit cards was a three digit security code which had to be punched in while carrying out transaction online.  But over time, fraudsters came up with ways to capture cards details while you carrying out transactions online. Even at point of sale terminals, credit/debit cards details are very much visible to anyone who’s handling the card and it doesn’t take a maths wizard to memorize few combinations of numbers to be used online later. Security features have been enhanced to overcome this. Even still, avoid letting the card out of your sight as the 3 digit code is one of the authenticator for the online transactions.

Virtual Keyboard

Most of the banks provide virtual keyboards. This ensure that key loggers which may have been setup on your computer do not skim your information while you type on your physical keyboard. Use virtual keyboard wherever available.

Transaction Passwords & Debit card matrix

ICICI bank offers the feature of additional password which is required for transactions like fund transfer. For carrying out such transactions on ICICI bank sites, you will need to have a transaction password and will also need to key in 3 sets of double digit numbers out of the grid provided on the back of their debit card. So make sure that you do not show the numbers anyone else

Verified by Visa/Mastercard Secure Code

Any Visa card which is being used for online transaction has to be registered at verified by visa(vbv) website to generate a vbv transaction password. After you enter the visa card details online on the secure https url and press the pay button, the  website redirects to vbv authentication page which asks you to enter either the password or generate a one time authentication password on your registered mobile number. for this the mobile number has to be registered on vbv website. Similar feature has been implemented by mastercard payment gateway. Another security layer to ensure you are performing a secure transaction.

Virtual Cards

Before the implementation of the secure codes and vbv codes, Visa had implemented a feature called as virtual card which still exists. Once the card is registered on vbv website, the user can logon to the the website and create a virtual card of the exact amount for which he needs to transact. The set of numbers for the card will be different in case of each virtual card created and once the transaction is complete, the card is no longer valid. If you have created a card of higher value, the balance gets refunded after a certain short period of time. The limit of exposure in this case is only of the amount for which the card is prepared and only for the duration of the validity of the card. There is a provision to cancel this card if prepared mistakenly or not utilised.

One Time Password

This is a one time password received either on phone or on email while carrying out the transaction. Though one time password, if shared accidently, does not have that much effect, losing your phone will be unsafe. In this conditions if its established that the phone is stolen, its better to get the SIM card blocked.

Credit Card Limit/Enable-Disable

It is common practice now to issue an international credit card to almost everyone applying for a credit card. And though we do not shop on international sites more often, we maintain a risk of being defrauded at international level. HDFC bank has come up with feature reducing the spending limits on the credit card for international usage. The process is very quick. You just need to logon to your HDFC account and on the left hand menu select change international limit. You can also disable the international usage or enable it as per requirement. These change requests are authenticate by one time password sent on mobile and email. So if you are not planning to use your card on international sites, better disable it. Whether other banks have implemented this security feature is yet to be known.

Mobile Application Usage

If you are carrying out the transactions on your smartphone, stop at once and ensure that the application downloaded by you is authentic and the one which is released by that particular financial institute. due to vast number of mobile applications  on store for downloads, its difficult to know which application is the one released by the financial institution and which one if developed out of knowledge of the financial institution. Its always safe to navigate to the download link through the website of the financial institution.

Do not save any id/passwords on mobile in any format on the mobile phone.

General Rules

Do not disclose your personal details on community sharing sites as some of these details are used for resetting passwords. Most important details are dates like birthday/ anniversary, or parents names, place of birth etc. Just think of a situation wherein a bag containing your credit card and your mobile was stolen by someone who knows what you’ve kept in the bags. The person just has to access your social networking profile and crack your password.

All said and done, once in a while do a physical check of your accounts and transactions. Ensure everything is in order. If something found amiss, inform the concerned institution immediately. If you are strictly following these rules, no hacker can defraud you.

Happy Christmas Shopping!!


Leave a Reply