Societe Generale Expressbank COO Advises on Bank Card and Online Banking Risks
Societe Generale Expressbank COO Yvan Mirochnikoff. Photo by Societe Generale Expressbank
What are the potential risks connected to the use of bank cards and the use of Internet banking? We asked Yvan Mirochnikoff, Chief Operating Officer of Societe Generale Expressbank, to define the main dangers that threaten the users of bank cards and to share the best measures that the users can undertake in order to protect themselves and people close to them.
Yvan Mirochnikoff is a graduated engineer form the specialized school in mechanics andelectronically technologies Sudria. He holds a degree from the University Paris I - Sorbonne, major in Foreign markets and a degree in Audio visual techniques and tele math form University Paris ХІІІ. He graduated from the University of Aerodynamics and constructions of automobiles E.S.T.A.C.A.
Yvan Mirochnikoff joined Societe Generale France in 1997 as a project manager and he developed the internet site of Societe Generale. In 2004, he became auditor Information systems and manager of the audit of the information systems in PAEN (BDDF)/AUD/SPE – Retail banking in France; he was responsible for the audit over the information system and the security.
Since the beginning of 2008 Yvan Mirochnikoff was appointed as Chief Operating officer and member of the Management board of Societe Generale Expressbank. Yvan Mirochnikoff is a former volleyball player and an honored professor from University ХІІ – responsible for the master education of on-line commerce.
What are the most common problems with internet banking security and how do banks deal with them?
Most of alerts related to Internet banking websites are related to phishing (attempt to capture the access codes of a customer, in order to reach its online account), or attempts to interrupt the website activity.
What should customers do if they suspect that they are a victim of phishing/fraud?
First, it is very important to check whether the Bank really send a message, through an unusual way. E-mails are generally unsecured and should not be sent by the Banks for subjects related to the security, to the access codes. The best way is to contact the usual Account officer, which may stop the online access, or confirm whether a fraud is possible.
What are the most used ways for illegal draining of customers' bank accounts?
Sending a message to the customers to request the access codes, or to use fake Bank website home page are the most usual techniques. There are also new threats, as the so-called "social engineering" aiming at capturing the confidence of a customer or a bank employee, in order to get sensitive information (account numbers, card numbers). The key risk is also on the merchant side, when you pay with your card on unsecured terminals or ATMs (when chip-reading is not necessary).
What measures does the bank undertake in order to avert such deeds?
First, it is important for the Bank to communicate and inform its customer through standard ways: publications about frauds on the website, alerts about recent techniques used by fraudsters, prevention measures. The best way is also to push the customers to update antivirus programs and all protection systems on their workstations, not under control of the Bank.
What are the things of which each customer of SGEB or any other bank, should be aware when using an ATM/POS?
The key point is to protect the number of the card and all elements which are used for authentication (not store the access code with the card, try to remember by heart and avoid to put it on paper). We recommend the customers to change their access code (this is free on all our ATMs) to remember it easily. It is important the operations with the cards on POS to be performed in front of the customer. Furthermore, some cards (like V-Pay) include higher level of security (no use of magstripe) and protection (for instance, for online banking after free registration to 3D-secure on the ATMs). SGEB also added specific insurance for these cards.
On the ATMs, customer should also checked that no additional equipment have been installed (like small cameras or skimming devices), This is very difficult to identify the latest model of such fraudulent equipment, as they are miniaturized.
In which ways does the bank compensate its customers that happened to be a victim of illegal draining of their cards?
Depending on the nature of the fraud (like skimming cases), the Bank may reimburse a part or the total of the fraudulent operations. The investigations are long, and may require support from the Police authorities, with whom Banks are cooperating actively to decrease number of frauds.
Unfortunately, some cases cannot be covered by the Bank, when this is a commercial dispute with a merchant, or when the online website used strong authentication or is certified against frauds. But, in these cases, risks of frauds are limited.
The use of online payments is constantly increasing. In such situation we should respect different types of rules. What are these rules?
First rule is to check the references of the website, and avoid categories like gambling or litigious websites when cards information is requested.
Second, it is important to use certified card (like V-Pay) and certified websites.
Third, it is important to check that exchanges themselves are secured (SSL protocols are visible in most cases, as a first level of protection). Apart for that, the online payments may be also processed by using other channels for confirmation of payments (web callback). Fortunately, the number of not-fraudulent websites increased, and should help the customers in their daily life. Despite the economical crisis, more and more merchants are ready to go online, and Societe Generale Expressbank offers secured solutions for them, as for the customers.
Which is the safest (as a technology) card at the moment on the market? Why?
All the cards with EMV-compatible chips can be considered as secure. When no information is located on the magstripe (like V-Pay card), it provides higher level of security. New technology are also emerging, based on new algorithms or new authentication techniques (a code included in the card itself, biometrics). The key principle is to guarantee the card (or its number) not to be used easily by another user than its proprietary.
If a Bulgarian citizen purchases on-line some goods from a shop in another country, the rules and regulations of which of the two countries are to protect this person from possible theft?
Usually, the system used are linked with international regulations on cards. Larger acceptance network (like Mastercard and Visa) are ruled under American law, but other aspects may enter into application, like the location of the merchant, of the servers, or even the country from which the purchase was performed. For example, some countries forbid some goods to be purchased online (like alcohol, drugs or arms), some other even forbid advertisement or free-access to the websites. Each case is specific, and needs the support of the Bank in case of issues.
That is why SGEB provides a 24h/7 days free-support to its customers and its merchants (just call : 0800 19 333).
Is there on the market a developed technology for easy parents' control in case they wish to take a debit-credit card for their children?
The best way is to use services like SMS-banking, generating alerts after each purchase, even performed online. We recommend in that case to apply the lower limit (1BGN) to be informed by SMS. The second level of controls is the limit on the card itself (daily limit, or limit for withdrawals). This is not related to the card technology, but preferably the risk-assessment methods banks are using to protect their customers against frauds.
We need your support so Novinite.com can keep delivering news and information about Bulgaria! Thank you!