Information Security Asked on October 28, 2021
I’m in the UK. In order to top up a pay-as-you-go SIM card, I had to first ring the mobile network to associate my bank card with the SIM before asking them to credit £10 to it (future top-ups don’t require a phone call). The mobile network’s technician instructed me to input my debit card’s full card number using my phone’s keypad, followed by the CVV. This felt intuitively insecure to me at the time, but I had no way of knowing for sure.
Is this a secure or even common practice, and does it put me at risk of having my credit card details stolen?
Is this a secure or even common practice, and does it put me at risk of having my credit card details stolen?
This is common practice, and if done properly, is secure. This is what's referred to as a CNP (Card Not Present) transaction.
Securing card transactions over telephony is challenging and there is a PCI Security Standards document dedicated to this topic - Protecting Telephone Based Payment Card Data.
Unfortunately, you have no way of verifying how securely your mobile network provider has implemented their call center - just as you have no way of verifying most of the web sites you submit your card to, or the restaurant around the corner. But you can trust that your card provider has chargeback mechanisms allowing you to dispute fraudulent transactions; the security carrot with credit cards is not that they'll never be defrauded, but that the cardholder will be reimbursed if fraud occurs.
Answered by gowenfawr on October 28, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP