My card was fraudulently used to make an online purchase. CIMB bank that issued me the Mastercard managed to only stop some of the transaction by calling me to verify but a couple of others went through and now CIMB is saying that I am fully liable for the amount charge. Its a few thousand ringgit.

They claimed that I am the one that made the transactions because the password and question was correct. This is using their Mastercard Secure code. However I did not make those transactions and neither did I tell anyone about my password or written them down anywhere. But CIMB insist that everything is secured and therefore I am liable.

Upon checking around the Internet, I found out that these 3D Secure methods are not safe and the only reason why banks implemented them to is safeguard themselves from chargebacks and to pass the blame to consumers.

Here you can read more about it - read especially the last pdf document
http://www.xomba.com/verified_visa_and_mas...are_they_really

http://www.schneier.com/blog/archives/2010...e_creditde.html

http://www.cl.cam.ac.uk/~rja14/Papers/fc10vbvsecurecode.pdf

Obviously this 3D Secure is not safe! I can tell you first hand that it is not safe. I check all my several years of records with CIMB card and I have only made 6 online transactions with this one card. And only two of the transactions uses Mastercard Secure which happens to be TMOnline (telekoms). Most online store especially in the USA havent even use 3D Secure features yet.

To sign up for 3D Secure, you need to signup online on the Internet which we know is not a safe place. Anyway if you havent signup for this security feature, I ask you not to cause once you sign up and if there are any fraudulent charges, the liability is all yours.

I have now block all Internet transactions from my CIMB card and will never sign up for 3D Secure.

This post has been edited by idoblu: Aug 13 2011, 01:18 PM

Maybank has changed its MSOS to MSOS code which it'll be sent to your registered mobile phone effective July 2011:

http://www.maybank2u.com.my/mbb_info/m2u/p...sonal/CRD-Cards

You are right. The banks have been experiencing losses from online fraud cases and by claiming that we are the only ones that know the password, it must be us that made the charges. But we all know that Sony was hacked and so was many government agencies where user info was obtained.

Below, post taken from Maybankard 2 Cards Thread

To All: Made a police report immediately if your card is lost and if you are aware of fraud cases with you card. This is to state on records so that it may come handy one day.

Gen-x please highlight this in your blog to warn others

idoblu. Thanks for sharing your case and warning others. But I cannot highlight your case on your behalf or based on hearsay since I cannot verify if for myself. Hope you understand.

I did write about a stolen card case in my blog which was reported in the media and the case went to court. But that case is for stolen card. Not sure if if Bank Negara ruling on maximum liability of RM250 is applicable to online cases and particularity to cases when the bank can confirm the purchases where made with the cardholders "secure" password that is deemed to be only known to the cardholder.

idoblu, why don't you bring up your case with BNM and get their feedback.

To All:

Click here to read my artilce titled Credit Card Fraudulent Charges - SMS Notificaton from 1st January 2012.. In this article I have given links to media report on the RM250 max liability.

Click here to read my article titled Mobile Online Fraud at Ringgit Wise Fool.In this article I mentioned about how bank staff can get out contact numbers when we pay by cheques. I so kiasu that I my registered hp number with the bank system is different from that I write behind my cheques and for other purpose. I even have a separate email account just for online banking.

Also I recommend that maybe for those who are into online banking, it is better to use a Debit Card instead of our Credit Card. My 16 years old daughter has Public Bank Electron Card and she has no problem signing up for pal pal and buying stuff from overseas. With Debit Card, at least we can control the maximum damage should our card be used by others. I myself try not to pay or purchase anything online if I have the option not too.

This post has been edited by Gen-X: Aug 13 2011, 06:12 PM

Not write about my case but write about the dangers of 3D Secure like MasterCard Secure and Verified Visa

maybe your pc is hack with key logger?

I've just received the good news that my case is now cleared. I was also informed that they had similar cases from the same online merchant.
So what they told me about MasterSecure and Visa Verified cant be hacked is not true. This is proof.

I urge you all never to apply for these two security features as not only they are not safe but you will be totally liable for them. Another alternative is
use your Amex card to shop online. Their exchange rate is a couple of percent higher but at least you are not liable for any fraudulent charges.

Good to know your case settled. Can name the merchant? Or maybe give hint.

the merchant is in Finland. I think the name is called GSM Store

Thanks for the reply.

Finland! Thinking to myself - why the guy(s) go thru all the trouble to get passwords for CIMB cards and then only transact at one place. Wonder what they bought - Nokia phones?

You mean all AMEX cards inc MBB2AMex are safer for online purchase even without 3D secure?

yes, read here under Online Fraud Guaranteed - http://www.americanexpress.com.my/amx_info...CB-CardBenefits

Fantastic info. Just bought Airasia air ticket using MBB2Amex and somemore get 5xtreatpoint plus all the travel benefits stated.
Thank you idoblu.

if u don't register, you can't buy from websites which support verified by visa/mastercard secure code then

You're welcome

---

Added on September 29, 2011, 3:34 pmSo far I've only come across local site and Japan using 3D secure. US sites I never had to enter any password.
From now on, if a site requires it, I rather not buy or use Amex or Paypal. One time kena this, is enough for me.

This post has been edited by idoblu: Sep 29 2011, 03:34 PM

Ya, somehow I have to agreed with you this point.... I tried not to sign-up but I couldnt purchase any deal from everyday.com.my or groupmores.com.my because they support verified by visa/mastercard secure code.... unless you using the credit card then they send the pin to ur hp.... if u using debit card like me, then no choice....