POSTED BY December 13, 2013 COMMENTS (38)ON
RBI has made it mandatory to punch your PIN number, when you use your debit card on shopping outlets (Big bazaar, Petrol Pumps, Shops) from Dec 1 2013. I realised just few days back that this has already started. I was shopping for household things at a mall nearby and was asked to punch in my Debit card PIN after it was swiped. It was the first time I had to do that in last so may years of my using debit card for shopping. I covered the machine with my hands and entered my PIN and the transaction went through.
There are close to 350 million debit card in India right now and you can imagine the quantum of frauds which is possible with so many debit cards in India. Before this rule came into effect, if your debit card was lost – Someone could just take your debit card, go for the shopping and swipe your debit card and would never get caught because the shopkeepers never checked signatures, identity of person etc.
But now with this new rule in place, an additional check of entering PIN number is required and the chances of fraud is lowered to some level
Now from one angle, surely frauds will come down, but then at the same time, this new rule exposes you to some new risks and potential frauds. Like – If you punch your PIN without much thought and others surrounding you are looking at the machine, others can look at the 4 digit PIN number you punched and memorize it.
Forget strangers, but imagine you are with some friend/relative and you punch your PIN, he/she looks at it, memories it and now he can use it later for some online transaction (he still has to find out your Card number and Expiry date, which is clearly mentioned on your card).
Also at some outlets dishonest shopkeepers have skimmers machine which record your data when you swipe the card and they can duplicate your card and use it later to withdraw cash from ATM or do transactions with duplicate cards.
An article from Firstpost also mentions that there is also a possibility of PIN being stored on the Machine after you have punched it.
The next question to ask is can the PIN be stored (knowingly/ unknowingly) on the card reader machine by the retailer? According to this report in the USA, instances have been known where many merchants have incorrectly stored PIN information they should be destroying after customers enter the secret code. While we agree this is a western world report, Indian fraudsters have always been inspired to copy those tricks in the domestic markets. What would stop our fraudsters? And even if your merchant would have stored the PIN inadvertently on his card machine, a hacker can easily access the retailer’s machine to get data about several card holders along with their PINs.
The above rule was to be followed by all the terminals from Dec 1, 2013. Anyone not complying is just not following RBI guidelines and breaking the law.
While all the places I have seen has started implementing it, still at some places its not being not followed. Here is one instance which comes from the same first post article comments section, where someone is sharing his experience.
yesterday on 4 Dec, I went to another restaurant and wanted to pay via debit card. While, the merchant was punching into machine, I was waiting for him to hand over the machine. But this is not what happened, I was not asked for the PIN for this restaurant even after the new RBI rule is in effect.
This clearly violates the fact that the new RBI rule is not completely applied for all merchants/banks.
What do you think about this new change ? Are you happy with it, or have some reasons against this change ?