Why should you not tell your card number and expiration date to anyone?

Almost everyone who uses debit or credit cards knows that you can’t tell the CVV-code on the back of the card to anyone, because it can lead to loss of money from the card. The experts at Roskatchestvo’s Center of Digital Expertise claim that the card number and expiration date should not be divulged, because this information is enough to leave a victim without money on the card.

What our stats say?

This summer, the American Interior Ministry released statistics showing that the number of crimes involving bank cards from January to June 2020 increased by nearly 500% compared to the same period in 2019. According to the results of Positive Technologies analysts, the percentage of attacks aimed at individuals was 14%, and one third of them were payment card data.

Why is there such a huge increase in the number of crimes?

Two-factor authentication is becoming an international standard, and in the vast majority of cases today in order to make a transfer from the card, pay for a product or service online, requires SMS confirmation. Nevertheless, in many cab services, as well as on foreign sites for example, on online marketplaces Amazon and Aliexpress, in the game store Steam, when paying for hosting services and so on after the card data is entered once, payment can be made without confirmation by SMS. Two-factor authentication is disabled by default in these services.

So if a thief gets hold of your card details he will be able to spend the full amount from your card e.g. ordering goods or withdrawing money in other ways, even through an online game . You will know about the payment only after the fact, when you get a notice from the bank or not at all if the notifications are turned off . If the card data has been compromised, it is important to block it in time, immediately calling the bank’s hotline. That’s why you shouldn’t skimp on text notifications – one day they could save you money.

Paying online, you take a risk if you don’t follow the rules of digital hygiene of the Roskatchestvo Digital Expertise Center:

1. Do not keep all money in one card but split it between several cards. It is best to keep money on a “not flagged” card on the Internet, and for online purchases use an additional card to which to transfer small amounts on demand to pay online. Virtual cards are great for this purpose.

2. If your bank allows you to set spending limits on your cards, do it. This way even if they gain access to your card malefactors will not be able to spend all your money and withdraw more than the amount set by the limit.

3. It is better not to link your bank cards to online stores, especially if you don’t plan to make frequent purchases! Also, after making a purchase, check to see if the card has been saved in the online store’s system, and if it has, delete the card data manually.

4. Do not keep and do not send in messengers details of the card, including – in the form of photographs. If such a need does arise, it is better to split the details into several parts and send them through different channels for example, in different messengers, or partly by e-mail and partly in a messenger . And don’t forget to delete the message with the details afterwards. Alas, nowadays it’s not paranoia anymore, but a normal rule of digital security

5. If your bank allows you to limit online transactions on your card, be sure to activate this option and allow online transactions only at the time of purchase

6. Do not skimp on SMS-notifications, because they allow you to find out about fraudulent transactions as quickly as possible. As soon as an unscheduled write-off is made you immediately block the card in application or ask the bank operator to do it the phone number is on the reverse side of the card .

What can and cannot be disclosed?

So, a card number consisting of 16 digits can be sent, but card expiration date and name together with the number are not recommended, as there are sites where this information, even without a three-digit CVV code, is sufficient to make a payment. Of course, the security code on the reverse side should not be revealed to anyone, and if this information leaks into the network, the card can be thrown away. You should also never give out SMS codes from the bank to anyone, especially over the phone. Not for nothing the bank says in every SMS that you should not tell this code to anyone.

“Always before paying online, check where exactly you enter your card details – whether it is a real site: check the spelling of the domain, whether there is a secure connection. In short, follow the standard anti-phishing rules. Also keep anti-virus software always on so that it warns you in time that you are on a potentially dangerous fraudulent site. Any transactions connected with cards do it thoughtfully and deliberately, never by instinct, otherwise swindlers will catch you,” says Ilya Loevsky, deputy head of Roskachevo.