Credit card holders in India might have noticed of late that they’re receiving SMS alerts on their mobile phones each time they use their cards. I’m not sure if this is a bank/card-specific initiative or the outcome of some new government regulation applicable
across the industry, but I’ve been receiving these notifications from the issuers of both my Visa credit cards since the middle of June.
At the outset, let me thank both banks for this new ‘product’.
Since these alerts occur in realtime, I imagine they’re meant to help cardholders to detect fraudulent transactions rather than serve as a budgeting / expense tracking tool. I can’t be sure of their true purpose since I haven't received any communication
from these two banks when they launched this product.
As I’d pointed out in my personal blog previously, a little extra effort by banks to reach out to their customers can go a long way in fostering customer retention and customer delight. However, I won’t complain if these banks have chosen to stay silent
about their new product either because they're humble or because they wish to fly under the radar of one CNSC. This Miami, FL-based company sued
Visa for launching a few pilots of something similar in the USA last year, claiming that it infringed upon its patent on the underlying technology. (I don’t know how something like SMS alert can qualify for a patent, but I’ll let that one pass for
Assuming my guess is right, let’s see how these SMS alerts help cardholders detect fraud in realtime.
First, let’s look at a couple of recent alerts I received from BANK1, a large multinational bank that has been active in India for several decades.
Alert1: Thank you for using your credit card for INR 2370.00 on 21-Jul-2011.
Alert2: Thank you for using your credit card for INR 320.38 on 24-Jul-2011.
Since I’d handed over my credit card at a store for a purchase of INR 2370.00 on 21-Jul-2011, I could be sure that the first transaction was genuine.
Now, when I received the second alert, the card was tucked away safely inside my wallet. I’d neither handed it over to anyone nor used it online. However, for all I knew, this could’ve been an alert for one of many genuine card not present transactions
put through by a merchant on the back of a recurring mandate issued by me before. Such recurring transactions based on a one-time approval are very common among American and European merchants (e.g. Hostgator for website hosting, Skype for monthly calling
plans) and have recently started entering India as well (e.g. Regus for office rentals). Since they don’t require case-by-case approval, such transactions don’t always ring a bell at the exact instant that I receive the alert. Exacerbating the ambiguity is
the fact that, while the mandate amount would be a constant figure in US$ or some other foreign currency (say US$ 8 every month), the amount displayed on the SMS alert is in INR and varies from transaction to transaction depending upon the USD:INR prevalent
on that day. If this alert notified one such transaction arising out of a pre-issued mandate, it didn’t signal a fraud.
On the other hand, the alert could equally well have been triggered by a card not present transaction initiated by a con artist who had stolen my credit card details or a fraudulent merchant to whom I have not issued a recurring mandate.
Point is, without the merchant’s name in the SMS alert, it’s difficult – well-nigh impossible for someone who has several recurring CNP transactions – to figure out the authenticity of a transaction.
Now, let’s look at the following alert from BANK2, which is a Top3 Indian private sector bank.
Alert1: Thanks for using your credit card for INR 1800.00 in PUNE at KUMARAUTO on 2011-07-20 21:05:53.
Alert2: Thanks for using your credit card for INR 465.00 in 123-456-7890 at HOSTGATOR.COM on 2011-07-14 03:10:33
As you can see, these alerts from BANK2 provide extra information compared to those from BANK1 viz. the merchant name and the time of transactions. Using these additional details, it’s much easier to differentiate between genuine and fraudulent transactions: Since
I’ve never dealt with anyone called KUMARAUTO, I could conclude that the first transaction was fraudulent the moment I received the SMS alert. Whereas, since I’ve signed a mandate with HOSTGATOR for auto debit of monthly website hosting charges, the second
transaction was genuine.
In Part-2 of this post, I’ll treat these SMS alerts as ‘products’ and see how well they work for the customer towards detecting and preventing fraudulent credit card transactions. Spoiler Alert: One bank’s product rocks, the other one’s product sucks,
and the difference is in the details.