----- Original Message ----- From: Vikas Kapoor To: [email protected] Sent: Friday, July 15, 2016 11:28 AM Subject: Saving Card Details without the Consent of Buyers
Sir/Ma'am, My name is Vikas kapoor and I'm writing this to you from Delhi to bring to your attention about a commonly and widely followed practice over many Indian and foreign websites of various merchants, which amounts to breach the security and privacy of the credit/debit cards of thousands of customers. While performing a transaction over various websites, such as, snapdeal.com, flipkart.com, amazon.in, ebay.in, freecharge.com, (hundreds of them may be sighted), they store the card details without giving the customers an option whether they are willing their card details to be available on third party sites. Although many of them would claim that they don't store the CVV code while saving the card details, I personally think even storing the 16 digit number is a clear case of violation of the privacy of customers. Further, one can argue, as most of the websites often do, in the present age, when an extra security layer is provided in the form of OTP, no security risk is involved while storing the card details, however, I'd like to inform you that this option of generating OTP is applicable only on the websites that operate in India, and, on all other foreign sites, one can complete the transaction without having to generate any OTP. So my argument is: while you may not have any control over the foreign websites, the card data stored on the Indian websites may be leaked to other foreign sites, in which case, we would render ourselves completely helpless. Furthermore, when we all customers are advised by the respective banks to keep our card details confidential, how can various websites openly store your card details when you perform any transaction? Needless to mention that without exercising the option to save the card details with the merchants' sites, the transactions will not be completed. I'd therefore, strongly urge you to kindly look into this issue on urgent basis as these instances quite often go unnoticed, and come up with a strong and general circular asking the websites and other merchants not to store any portion of the cards entered on their sites. Thanking you. Vikas Kapoor, Mobile: (+91) 9891098137, 9013354994 Skype Id: dl_vikas Register at the dedicated AccessIndia list for discussing accessibility of mobile phones / Tabs on: http://mail.accessindia.org.in/mailman/listinfo/mobile.accessindia_accessindia.org.in Search for old postings at: http://www.mail-archive.com/[email protected]/ To unsubscribe send a message to [email protected] with the subject unsubscribe. To change your subscription to digest mode or make any other changes, please visit the list home page at http://accessindia.org.in/mailman/listinfo/accessindia_accessindia.org.in Disclaimer: 1. Contents of the mails, factual, or otherwise, reflect the thinking of the person sending the mail and AI in no way relates itself to its veracity; 2. AI cannot be held liable for any commission/omission based on the mails sent through this mailing list..
