Secure payment through RuPay card
Original Issue Date: December 21, 2016
The India Pay scheme renamed RuPay(i.e. rupee and payment), is an Indian domestic card scheme initiative by National Payments Corporation of India (NPCI). It is very similar to international cards such as Visa/Master. It is an alternative to the MasterCard and Visa card schemes to consolidate and integrate various payment systems in India. RuPay has certified 29 major banks in India to accept the RuPay card at their respective PoS terminals located at different merchant locations.
NPCI has rolled out its chip card for high security transactions using EMV (Europay, MasterCard and Visa) chip technology, which is a global standard for debit and credit cards. RuPay chip cards have an embedded microprocessor circuit containing information about the card holder and because transactions are PIN-based rather than signature-based.
Banks in India are authorized to issue RuPay debit cards to their customers for use at ATMs, PoS terminals, and e-commerce websites. In addition to the ATMs and PoS terminals, RuPay cards are accepted online on e-commerce websites with the same PIN which they use for ATM transactions.
Threats to RuPay card
- Phishing/Smishing/Vishing Attack: An attacker attempts phishing on to a ecommerce websites/mobile phone either through SMS (Short Message Service),text message, telephone call, fax, voicemail etc. or through phishing or malicious software with a purpose to convince the recipients to share their sensitive or personal information.
- Channel breaking attack (CBA): CBA involves intercepting the communication
between the client side and the banking server, by masquerading as the server to the client and vice versa.
- MiTB attack: A content manipulation also called man-in-the browser (MiTB) attack, it
takes place in the application layer between the user and the browser. The adversary is granted with privileges to read, write, change and delete browser's data whilst the user is unaware about it.
- Outdated OSs and Nonsecure Network Connections: Risk factors such as out-dated operating system versions, use of nonsecure Wi-Fi network in mobile devices allow cybercriminals to exploit an existing online banking session to steal funds and credentials.
- Unauthorized usage of a credit card as a result of it being lost or stolen.
- Counterfeit: duplicating/cloning legitimate credit cards which are then used for fraudulent activities.
Best Practices for Users
- Install anti-spyware security software against those programs that monitor, record and extract the personal information you type in your PC (passwords, card numbers, ID numbers, etc.)
- Install personal firewalls to protect your PC against unauthorized access by hackers
- Keep your operating system and internet browser up to date, checking for and downloading new versions/security enhancements from the vendor's web site
- Do give the mailing address, residential or office address, where you are sure as to who will receive the Card/PIN
- Inform the Bank immediately about change in your mailing address to ensure correct delivery of your Card/PIN
- Before using Cards, please ensure that there are no strange objects in the insertion panel of the ATMs/PoS
- Cover the PIN pad while entering PIN at ATMs/PoS
- Destroy the transaction receipts securely after reviewing
- Change ATM PIN on a regular basis
- Keep a close eye on bank statements, and dispute any unauthorized charges or withdrawals immediately
- Shred anything that contains credit card number written on it. (bills etc)
- Notify credit/debit card issuers in advance for change of address
- Do not accept card received directly from bank in case if it is damaged or seal is open
- Do not write PIN number on credit/debit card or on a paper which you carry along with the card.
- Do not disclose Credit Card Number/ATM PIN to anyone.
- Do not hand over the card to anyone, even if he/she claims to represent the Bank.
- In case of any suspected transactions or loss of cards, contact the service provider / bank immediately
- When you dispose your Card at the time of renewal/up gradation, please make sure that you cut it diagonally before disposal
- Please keep your Card in a safe place. Treat it as carefully as you would treat your cash
- Please make sure you conduct any ATM transaction in complete privacy
- Please remember to take your Debit Card back after completing your ATM transaction
- Please sign your Debit Card as soon as you get it
- Please check your Card periodically to make sure it is not missing
- Please do not provide any financial/personal/Debit Card related information to unknown websites or respond to emails seeking such information
- Emails or text messages asking the user to confirm or provide personal information (Debit/Credit/ATM pin, CVV, expiry date, passwords, etc.) should be ignored.
- Ignore and delete immediately suspicious fraudulent (phishing, spoof,hoax) e-mails that appear to be from Bank, asking you to urgently click a link to a fraudulent (spoof) website that tries to mimic the Bank's site and to lure you into giving out your sensitive personal information (PIN, account or card numbers, personal identification information etc.)
- Use an online verification scheme(e.g. OTP etc.) for online purchases
- Contact your bank immediately , if you think someone knows your security access code or in case of theft of your code/ money or in case you have forgotten your credentials.
The information provided herein is on "as is" basis, without warranty of any kind.
Email: email@example.com Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003