Credit card holders in India might have noticed of late that they’re receiving SMS alerts on their mobile phones each time they use their cards. I’m not sure if this is a bank/card-specific initiative or the outcome of some new government regulation applicable across the industry, but I’ve been receiving these notifications from the issuers of both my Visa credit cards since the middle of June.
At the outset, let me thank both banks for this new ‘product’.
Since these alerts occur in realtime, I guess they’re primarily intended to help cardholders to detect fraudulent transactions rather than to serve as a budgeting / expense tracking tool. I can’t be sure of their true purpose since I never received any communication from these two banks when this product was launched.
As I’d pointed out in this post a few months ago in a different context, a little extra effort at communication on the part of banks can go a long way in fostering customer retention and customer delight. However, I won’t complain if these banks have chosen to stay silent either out of humility or the desire to stay below the radar of one CNSC. This Miami, FL-based company sued Visa for launching a few pilots of something similar in the USA last year, claiming that it infringed upon its patent on the underlying technology. (I don’t know how SMS can qualify for a patent, but I’ll let that one pass for now).
Assuming my guess is right, let’s see how these SMS alerts help cardholders detect fraud in realtime.
First, let’s look at a couple of recent alerts I received from BANK1, a large multinational bank headquartered in the UK and active in India for several decades.
Since I’d handed over my credit card at a store for a purchase of INR 2370.00 on 21-Jul-2011, I could be sure that the first transaction was genuine.
Now, when I received the second alert, the card was tucked away safely inside my wallet. I’d neither handed it over to anyone nor used it online. However, for all I knew, this could’ve been an alert for one of many genuine card not present transactions put through by a merchant on the back of a recurring mandate issued by me before. Such recurring transactions based on a one-time approval are very common among American merchants (e.g. Hostgator for website hosting, Skype for monthly calling plans) and have recently started making an appearance in India as well (e.g. Regus for office rentals). Since they don’t require case-by-case approval, such transactions don’t always ring a bell at the exact instant that I receive the alert. Exacerbating the ambiguity is the fact that, while the mandate amount would be a constant figure in US$ or some other foreign currency (say US$ 8), the amount displayed on the SMS alert is in INR and varies from transaction to transaction depending upon the USD:INR prevalent on that day. If this alert was the result of transaction coming out of some such pre-issued mandate, it didn’t signal a fraud.
On the other hand, the alert could equally well have been triggered by a card not present transaction initiated by a con artist who had stolen my credit card details or a fraudulent merchant to whom I have not issued a recurring mandate.
Point is, without the merchant’s name in the SMS alert, it’s difficult – well-nigh impossible if you do a lot of CNP transactions like me – to figure out the authenticity of a transaction.
Now, let’s look at the following alert from BANK2, which is a Top3 Indian private sector bank.
As you can see, these alerts provide valuable extra information viz. the merchant name and the time of transactions. Using these additional details, it’s much easier to differentiate between genuine and fraudulent transactions: Since I’ve never dealt with anyone called KUMARAUTO, I could conclude that the first transaction was fraudulent the moment I received the SMS alert. Whereas, since I’ve signed a mandate with HOSTGATOR for auto debit of monthly website hosting charges, the second transaction was genuine.
In Part-2 of this post, we’ll look at these SMS alerts as a ‘product’ and see how well they work for the customer towards detecting and then preventing fraudulent credit card transactions. Spoiler Alert: One bank’s product rocks, the other one’s product sucks, and the difference is in the details.