Avoid Card Double Swiping for the Sake of Your Personal Data Safety
Do you prefer to use a card as a means of payment compared to cash?
“Of course, yes! No hassle with change, more practical, comfortable, efficient, and some stores often offer profitable product promotions!”
Well, you have to be more careful when you use a means of payment in the form of a card. Now, many merchants have been facilitated by the bank with Electronic Data Capture (EDC) machines, such as a machine with buttons and a small screen that are usually placed on the cashier’s desk. A merchant should swipe a card and payment transaction in the machine. Some merchant cashiers yet swipe a card for the second time.
Double swipe is an activity of a cashier at the store who swipes a customer’s credit card or debt card twice for payment of goods or services they consume.
First, swipe is made in the EDC machine belonging to an acquirer (bank/non-bank institutions) to authorize a card (identification, authentication, and authorization) by the payment card issuing institution.
Second, swipe is made in the store’s card reader/skimmer that is integrated with the cash register system to reconcile non-cash payments.
In Indonesia, this double swiping has long since occurred and been practiced by many stores, both large and small, to accept payment using card payment instruments (APMK), credit cards and debit cards.
“But it’s usually true, and so far nothing has just happened.”
That’s the mistake. Many customers are still unmindful of it as they think such an act isn’t dangerous when card double swiping is in fact an act that shouldn’t be committed by merchants. When the card is swiped through the cash register, your data as a bank customer will be stored in the merchant’s database which is usually used for business purposes.
Double swipe is expressly banned by Bank Indonesia under Bank Indonesia Regulation Number 18/40/PBI/2016 concerning Payment Transaction Processing, which provides that payment system services providers, including banks and merchants, are prohibited from taking or using data other than for the purpose of payment transaction process through a merchant cash register (double swipe).
Double swiping is in anyway harmful to customers as the crucial data such as the customer’s name, card number, expiration date, three-digit security code (card verification value (CVV)/card verification code (CVC)), service code, etc. are stored in the card magnetic stripe. If the data is found by irresponsible parties, the data is susceptible to misuse for crime such as theft, or your data is liable to sale.
A criminal can make several online transactions using a credit card only by means of name, card number, expiration date and three-digit CVV/CVC. A transaction with a debit card still requires a PIN/One Time Password (OTP).
If so, what should we do as consumers?
- Avoid handing over the card to the cashier as soon as you can when making a payment transaction. If really needed, make sure the transaction is only made in the EDC machine, and reject it firmly if the cashier makes a gesture to swipe a card for the second time through the cash register.
- If once or almost falling victim, you can report it to the bank customer service to act on. In response to this harmful practice, the bank is encouraged to take harsh measures against merchants who are desperate to double swipe by, one of which, terminating the partnership.
Crime may occur anytime and anywhere. Make sure you protect the security of your personal data properly by, one of which, not allowing the cashier to double-swipe when you make a transaction. Let’s be a smart consumer!