Overview of Payment Card Security in New Zealand | Instant News


As a result of the COVID-19 pandemic, “there is a 62% increase in buyers over 60 years of age. More than 170,000 New Zealand adults shop online for the first time during the first six months of 2020. “In this essay, I would like to dig deeper into the payment card security controls used in New Zealand from the victim’s perspective.

Recently, I suffered from credit card fraud, and was thinking about how this happened and how a similar situation could be prevented in the future. I have a habit of checking my credit card transactions through my bank’s mobile app on a regular basis, the reason is that my payment card issuing bank (i.e. Bank of New Zealand), will never allow me to set up text notifications to my registered mobile number whenever there is one. is any transaction that exceeds a predetermined amount. It’s kind of weird for me to go back to a few years ago when I just migrated to New Zealand, because I previously received the instant transaction text notification.

On the night of November 27, 2020, I checked my routine transactions through the mobile banking application, and it turned out that there were two surprising transactions with the United Airlines merchant code, which until now I have never bought tickets / services / airline goods. from. It charged me twice for NZD $ 1905.48 with a code reference of USD130430 (I guess this implies that it is a foreign currency transaction of USD $ 1304.30). I called the bank’s 24-hour hotline to immediately report this fraud case. Another surprise came when the hotline officer told me that he could do nothing, as the current payment status was displayed as “DELAYED” and the bank would only take action if the transaction had been “PROVIDED”. As a security consultant, I think that could imply that some more serious criminal activity may have occurred in addition to this “simple” fraud, which could be linked to more serious criminal activity including irregular immigration, human trafficking, drug smuggling and terrorism. according to what i remember from a The INTERPOL report was published in 2019. The hotline clerk was friendly and told me to be calm, informing me that the bank will file a dispute for the reported transaction within 30 calendar days, and my current card will be suspended and a new replacement card will be sent to me within five working days. . He also reminded me that I still have to pay for the transaction in the meantime.

Another surprise came to me the next morning when I received an email with the subject “Bank of New Zealand – Your BNZ Visa card has been added to Apple Pay”.

I didn’t have any knowledge of the card number suffix mentioned in the email and I called the bank hotline again to try and understand what happened. The clerk informed me that the card with the unknown suffix is ​​my new card and the customer’s Apple Pay or Google payment will automatically reconnect with the new card to minimize inconvenience due to the absence of a physical card. I expressed my security concerns about such an arrangement, but he gently reminded me that bank security is very advanced and nothing to worry about. I tried my best to accept it and asked if it was possible to ensure Visa Secure would be activated on my new card. The officer informed me that it is enabled by default, but the adoption of the security feature is up to the merchant (from my personal online shopping experience in New Zealand, I never encountered Visa Secure checks when using my BNZ credit card). I then tried to explain what the second factor of my Visa Secure check was, and the answer was another surprise: the last three digits of your access number, printed on the back of your credit card! That means the two factors needed to authorize online transactions for merchants that support Visa Secure coexist in the same medium, the credit card itself.

At the time of writing, I still don’t have any updates from my card issuing bank.

I can’t change what happened, but I want to do something to prevent a similar situation from happening in the future.

The My card issuing bank mobile app provides several good functions to control card security. For now, I always deactivate the overseas online shopping and shopping functionality and will only activate it right before the actual online shopping check-out, deactivating it as soon as the online transaction is complete. This can be a good solution for protecting yourself under the security controls available today.

I also checked information about 3D Secure Authentication (an additional layer of security to make online shopping transactions more secure by authenticating the cardholder’s identity at the time of purchase, one of which is Visa Secure) from one of the common payment gatewaysUsed by many New Zealand merchants, only ASB and Westpac merchants are required to enable this security feature.



image source

to request modification Contact us at Here or [email protected]