Credit cards and identity theft

Last month the Reserve Bank of India (RBI) has finally brought all credit card operations of banks under the purview of the Banking Ombudsman.  Good!  Some of the marketing practices of banks have ramifications that are frightening.

Consider the experience of X [name suppressed].  A Direct Selling Agency (DSA) representative approached X on behalf of a very large private sector Indian bank and asked him if he wanted a free-of-cost (FOC) lifetime credit card from the bank.  X had already been using a credit card, but knew that his old credit card invited annual renewal charges; here was an opportunity of getting a ‘life-time’ free credit card. So why not?

<>He was asked to fill in a form and to provide, as proof of his identity, photocopies of his electricty bill and his housing society maintenance receipts.  He was then asked to provide a photocopy of the front and reverse sides of his existing credit card.  The first warning bells chimed loudly. X refused to submit to the representative a photocopy of the reverse side of the existing credit card, as this would allow anyone to have the secret security code which is used when making a credit card transaction over the Internet. <> 

The demand was dropped.  The forms were then completed, and the representative assured X that he would hear from the bank within 10 days.  The call did not come.  Then came another DSA representative from the same bank, and offered X an FOC lifetime credit card.  X informed him that he had already filled in his form and submitted the same to another DSA representative. This second representative went back to his office, made a few enquiries, and then informed X that the bank had no record of his application. <> 

X was perplexed, but later forgot about the incident.  Six months later, he received a call from the Bank itself, not from a DSA, informing him that it had received his application.  The bank requested him to furnish the latest copies of the electricity bill and the housing society maintenance receipts, as the ones on their record were six months old.  X could have sent them over, but something told him that he should check out the details himself.  He went over to the bank, asked to see the application form he had filled in earlier. The bank official was co-operative and showed it to X. <> 

X was horrified.  The form was the one he had filled in, all right.  The documents (photocopies of the six month old electricity bill, and the society maintenance receipts) were also the ones he had submitted.  But the signature at the bottom of the application form was different!  Someone had filled in another form, with the details relating to X (his residential address, phone numbers etc) and had appended his own signature instead of X’s. Another modification was the alternation in the address for communications.  It was different from the one X had given. <> 

X wanted the form back, but the bank explained that it could not allow the form to be taken out.  But the bank official allowed him to copy down the details, and promised X that the form would be cancelled and not used. <> 

X promptly wrote out a letter of complaint to the bank’s management explaining what had happened.  That was four months ago.  Nothing has happened to date. <> 

What X had just witnessed was a case of identity theft, where someone takes your details, your address, telephone number, previous credit card details and later copies out all these details on another form and puts his own signature instead.  The bank would then issue a credit card in your name to another person, keep your address and telephone numbers on its records, and accept another person’s signature as the one that would allow transactions to take place. <> 

This way, the Bank, the Income Tax department and even shopping establishments would believe that all transactions on the new card were being done by X, when actually someone else had stolen his identity.  And, should the imposter default on payments, the Bank’s collection officers and the police would land up at X’s doorstep and he would be hard pressed to prove that he was not involved. <> 

Can banks prevent identity thefts like this one?  Yes.

Ø    Ensure that all DSA representatives are vetted and vouched for by the bank

Ø    Maintain a centralised database of all DSA’s and their staff members – preferably with the RBI. 

Ø    Provide all customers copies of the forms they fill in, duly acknowledged. 

Ø    If the DSA does not issue the prospective customer a copy, the customer should insist on a photocopy of the form, and the DSA representative should sign on the photocopy to acknowledge his receipt of the same (the form’s serial number is proof of the form actually filled in by you; the substitute form would have another serial number). 

Ø    Never ask customers for the photocopies of their credit cards – that is danggerous.  Instead ask for a photocopy of the latest credit card statement. There is less chance of that being misused.

Ø    Assure customers that if the application is not considered, he will receive a letter from the bank within a month informing him of the rejection of his application. 

<> 
Now the original application form cannot be misused.  If the customer does not receive such an intimation, he should send in a complaint which should trigger off warnings about a potential identity theft. <> 

Unfortunately, no bank has done this to date.  And nobody knows how many ‘benami’ cards are floating round.  And this is only one of the ways in which potential frauds against credit cards can take place.  The Ombudsman’s arrival on the scene was sorely awaited.