{"id":6712,"date":"2022-04-18T16:14:39","date_gmt":"2022-04-18T10:44:39","guid":{"rendered":"https:\/\/sketharaman.com\/blog\/?page_id=6712"},"modified":"2022-05-15T16:02:56","modified_gmt":"2022-05-15T10:32:56","slug":"pin-otp-2fa-bs-protects-banks-not-consumers-https-qr-ae-pvsshi","status":"publish","type":"page","link":"https:\/\/sketharaman.com\/blog\/archive-my-content-amc360\/pin-otp-2fa-bs-protects-banks-not-consumers-https-qr-ae-pvsshi\/","title":{"rendered":"PIN OTP 2FA BS Protects Banks &#8211; Not Consumers. https:\/\/qr.ae\/pvsSHi"},"content":{"rendered":"<p class=\"q-text qu-display--block qu-wordBreak--break-word qu-textAlign--start\"><strong>In my axis bank credit card fraudulent Transaction done by fraudsters without receiving any OTP or text messageis this possible?<\/strong>*<\/p>\n<p class=\"q-text qu-display--block qu-wordBreak--break-word qu-textAlign--start\">Sure why not.<\/p>\n<p class=\"q-text qu-display--block qu-wordBreak--break-word qu-textAlign--start\">Because very few countries in the world use 2FA BS like PIN \/ OTP for credit card payments.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">US credit card gets declined in India less due to decline by US Issuer Bank &amp; more due to decline by Indian Acquirer Bank. To make credit card payments absolutely frictionless, USA does not use 2FA \/ PIN \/ OTP BS that&#39;s required in India.<a href=\"https:\/\/t.co\/MKqardcsPV\">https:\/\/t.co\/MKqardcsPV<\/a><\/p>\n<p>&mdash; Ketharaman Swaminathan (@s_ketharaman) <a href=\"https:\/\/twitter.com\/s_ketharaman\/status\/1510551529140285442?ref_src=twsrc%5Etfw\">April 3, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p class=\"q-text qu-display--block qu-wordBreak--break-word qu-textAlign--start\">The average credit cardholder in countries with 2FA mandate (e.g. India) naively thinks that he enjoys great security for credit card payments. Sadly, he does not realize that their stolen credit card info can be used to make fraudulent purchase in other countries that do not have 2FA.<\/p>\n<p class=\"q-text qu-display--block qu-wordBreak--break-word qu-textAlign--start\">When that happens, they go to their banks to get the fraudulent charge reversed. Instead of fulfilling their request immediately, the bank will fob them off by telling them, \u201cOnly you know PIN \/ OTP, so you only must have made the payment, get lost\u201d. The poor credit cardholder will need to run from pillar to post between the merchant, law enforcement and half a dozen other parties involved in a credit card transaction in order to recover their money.<\/p>\n<p class=\"q-text qu-display--block qu-wordBreak--break-word qu-textAlign--start\">That&#8217;s when people will realize that PIN and OTP are there to protect the interest of banks &#8211; not credit cardholder.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">This is a standard feature of credit cards. Amex is able to tout it as a USP b\/c banks have kept it under wraps in India. <a href=\"https:\/\/t.co\/RxEFAoU81j\">pic.twitter.com\/RxEFAoU81j<\/a><\/p>\n<p>&mdash; Ketharaman Swaminathan (@s_ketharaman) <a href=\"https:\/\/twitter.com\/s_ketharaman\/status\/844843818398564352?ref_src=twsrc%5Etfw\">March 23, 2017<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p class=\"q-text qu-display--block qu-wordBreak--break-word qu-textAlign--start\">OTOH, if credit cardholders in countries without 2FA (e.g. USA) encounter a similar fraud, they will get their fraudulent charge reversed with a single call to their bank. Ironically, those are the countries that really protect credit cardholder interest even though they don&#8217;t have 2FA.<\/p>\n<p class=\"q-text qu-display--block qu-wordBreak--break-word qu-textAlign--start\">On a side note, it\u2019s these gullible public in 2FA regimes that let their countries become Digital Colony of the West, especially USA. As I highlighted in <span class=\"q-inline\"><a class=\"q-box qu-cursor--pointer qu-hover--textDecoration--underline Link___StyledBox-t2xg9c-0 KlcoI\" title=\"gtm360.com\" href=\"https:\/\/gtm360.com\/blog\/2019\/12\/20\/better-a-digital-colonizer-than-digital-colony-be\/\" target=\"_blank\" rel=\"noopener nofollow\">Better A Digital Colonizer Than Digital Colony Be!<\/a><\/span>\u00a0:<\/p>\n<blockquote class=\"q-relative qu-color--gray qu-borderWidth--retinaOverride\">\n<p class=\"q-text qu-display--block qu-wordBreak--break-word qu-textAlign--start\">Foreign companies unleash security technologies on India and other unsuspecting countries, watch them impede the adoption of digital payments in these countries because of bad user experience, then come back a few years later with frictionless solutions that solve the UX problems created by their own security products in the past, and take over the market.<\/p>\n<\/blockquote>\n<div class=\"q-absolute qu-borderRadius--pill QTextBlockQuote___StyledAbsolute-an1wlz-0 dHUDep\"><\/div>\n<p class=\"q-text qu-display--block qu-wordBreak--break-word qu-textAlign--start\">*<em>: This is the original question I answered. I\u2019m repeating it to help me make sense of my answer in case it\u2019s moved to \/ merged with some other question that I didn\u2019t answer.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In my axis bank credit card fraudulent Transaction done by fraudsters without receiving any OTP or text messageis this possible?* Sure why not. Because very few countries in the world&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":3722,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-6712","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/sketharaman.com\/blog\/wp-json\/wp\/v2\/pages\/6712","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sketharaman.com\/blog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sketharaman.com\/blog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sketharaman.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sketharaman.com\/blog\/wp-json\/wp\/v2\/comments?post=6712"}],"version-history":[{"count":4,"href":"https:\/\/sketharaman.com\/blog\/wp-json\/wp\/v2\/pages\/6712\/revisions"}],"predecessor-version":[{"id":6797,"href":"https:\/\/sketharaman.com\/blog\/wp-json\/wp\/v2\/pages\/6712\/revisions\/6797"}],"up":[{"embeddable":true,"href":"https:\/\/sketharaman.com\/blog\/wp-json\/wp\/v2\/pages\/3722"}],"wp:attachment":[{"href":"https:\/\/sketharaman.com\/blog\/wp-json\/wp\/v2\/media?parent=6712"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}