Major flaw HDFC credit cards (DCB)

[birususama]

Hello everyone,
I was trying to pay through DCB in an international website which asked my card details, Expiry and CVV and transaction went through instantly without second level of authorization which is PIN/OTP.
Called HDFC phone banking immediately and the answer was "Some merchants do not have the PIN/OTP requirement hence the transaction went through". How can this be allowed by the bank?
Do you really think this flaw has to be rectified immediately by HDFC? What is your opinion guys?

 

[Asmic]

There is no flaw in this. For most of the international transactions, you do not need to enter a Pin/OTP for your Credit card payments.

 

[SoggypastA]

All international transactions doesn't ask for OTP for confirmation CVV is last step for it.

 

[drmsiva]

This has happened with Citi CC and HDFC Infinia previously to me as well. Some foreign websites / companies don't require OTP to complete the transaction.

 

[ltf4ever]

All international transactions doesn't ask for OTP for confirmation CVV is last step for it.

I thought this was a regulatory requirement for banks in India. I didn't know that merchants were in control of adding this extra layer of security.

 

[SoggypastA]

I thought this was a regulatory requirement for banks in India. I didn't know that merchants were in control of adding this extra layer of security.

Payment Gateway outside India are not bound by the RBI mandate hence they not require OTP authentication.

 

[Tejo]

Hello everyone,
I was trying to pay through DCB in an international website which asked my card details, Expiry and CVV and transaction went through instantly without second level of authorization which is PIN/OTP.
Called HDFC phone banking immediately and the answer was "Some merchants do not have the PIN/OTP requirement hence the transaction went through". How can this be allowed by the bank?
Do you really think this flaw has to be rectified immediately by HDFC? What is your opinion guys?

This is the reason, the card number and cvv are called to be sensitive.

The international sites/Merchant which doesn't have base in india won't follow 3d secure (otp) transaction.

As @ltf4ever otp was added by rbi to eradicate fraud transactions.

 

[kkk]

Hello everyone,
I was trying to pay through DCB in an international website which asked my card details, Expiry and CVV and transaction went through instantly without second level of authorization which is PIN/OTP.
Called HDFC phone banking immediately and the answer was "Some merchants do not have the PIN/OTP requirement hence the transaction went through". How can this be allowed by the bank?
Do you really think this flaw has to be rectified immediately by HDFC? What is your opinion guys?

Happens with oher card as well.

 

[anishaga]

This is the reason, the card number and cvv are called to be sensitive.

The international sites/Merchant which doesn't have base in india won't follow 3d secure (otp) transaction.

As @ltf4ever otp was added by rbi to eradicate fraud transactions.

Not all heros wear capes #rbi

 

[birususama]

Yes I do understand it is not required but cant the card issuer do something about this?

 

[Tejo]

Do you really think this flaw has to be rectified immediately by HDFC?

Yes only can be fixed by network issuer like visa, mc, amex.

Sending a otp every time for a transaction will be burden and entering otp is burden (People in usa). In India without otp means it will be burden, even with otp's, fraud transactions going on.


Thanks to RBI

 

[srichaitanya]

It's better to keep international transactions off on your credit cards. Whenever necessary, you can just switch on the international transaction, complete the transaction and switch off once transaction is done.

 

[bonheur]

Hello everyone,
I was trying to pay through DCB in an international website which asked my card details, Expiry and CVV and transaction went through instantly without second level of authorization which is PIN/OTP.
Called HDFC phone banking immediately and the answer was "Some merchants do not have the PIN/OTP requirement hence the transaction went through". How can this be allowed by the bank?
Do you really think this flaw has to be rectified immediately by HDFC? What is your opinion guys?

Then you'll be shocked to know that some POS machines abroad (I can speak for France) don't even ask your PIN on international cards, they immediately authorise the transaction. I was horrified the first time this happened with me earlier this year.

 

[SSV]

Hello everyone,
I was trying to pay through DCB in an international website which asked my card details, Expiry and CVV and transaction went through instantly without second level of authorization which is PIN/OTP.
Called HDFC phone banking immediately and the answer was "Some merchants do not have the PIN/OTP requirement hence the transaction went through". How can this be allowed by the bank?
Do you really think this flaw has to be rectified immediately by HDFC? What is your opinion guys?

1) It happens with all cards not just HDFC cards for all international transactions.
2) RBI can't regulate foreign initiated transactions
3) Keep international transactions disabled all the times except when you use them
4) In some foreign countries, you just need card no, expiry and CVV only for successful transactions . No need of physical card also.
I myself did so many transactions in Australia by just telling them the required info over the phone call.

I think this is enough info

 

[simplegarv]

Hello everyone,
I was trying to pay through DCB in an international website which asked my card details, Expiry and CVV and transaction went through instantly without second level of authorization which is PIN/OTP.
Called HDFC phone banking immediately and the answer was "Some merchants do not have the PIN/OTP requirement hence the transaction went through". How can this be allowed by the bank?
Do you really think this flaw has to be rectified immediately by HDFC? What is your opinion guys?

Happens with Axis Bank Cards in India too.

 

[shubhamosy]

Yes only can be fixed by network issuer like visa, mc, amex.

Sending a otp every time for a transaction will be burden and entering otp is burden (People in usa). In India without otp means it will be burden, even with otp's, fraud transactions going on.


Thanks to RBI
View attachment 28439

WTF 🫣 🫣

 

[deepcards]

It happens on some sites, and in some cases, it asks for otp.
Best is to use paypal wherever possible for international transactions, but paypal has its own fraudsters as well.

 

[amitr29]

Please be careful. I was saved last week due to OTP. Someone tried to do a transaction of 6 lacs on my Axis card and I received OTP. After sometime ,card was blocked due fraudulent activity. Someone was trying to do a transaction on Qatar Airways in Pakistani Rupiah.

OTP is a boon. Keep International transaction off all the time. Switch it on whenever traveling.

 

[deepcards]

Please be careful. I was saved last week due to OTP. Someone tried to do a transaction of 6 lacs on my Axis card and I received OTP. After sometime ,card was blocked due fraudulent activity. Someone was trying to do a transaction on Qatar Airways in Pakistani Rupiah.

OTP is a boon. Keep International transaction off all the time. Switch it on whenever traveling.

Are u having a limit open for 6 lacs? Best practice is to have a small limit allowed for daily/per transaction. And whenever u are doing a high value transaction, increase the limit. Unless of course 6 lacs is a small amount for someone, then they shud be fine even if someone fraudulently does that amount of transaction.

 

[amitr29]

Are u having a limit open for 6 lacs? Best practice is to have a small limit allowed for daily/per transaction. And whenever u are doing a high value transaction, increase the limit. Unless of course 6 lacs is a small amount for someone, then they shud be fine even if someone fraudulently does that amount of transaction.

Agree, I am not in a habit of changing limit dynamically. Will start doing it