Friday, December 21, 2012

HDFC's NetSafe Card - Quite Secure! Really?

HDFC Bank Limited is one of the largest banking institutions in India, and in fact the first largest bank by market capitalisation as of Nov. 2012 (Wikipedia, 2012).

HDFC NetSafe card is a unique online secure payment solution from HDFC Bank, it allows HDFC Bank customer that have either a credit card or a debit card to generate a virtual card that can be used for online payments.

All HDFC Bank Credit Card customers or those who have a HDFC Bank Debit card are allowed to use this service absolutely for free and can sign up on HDFC NetSafe website.

Here is an example of what a virtual card looks like generated through HDFC NetSafe service

The virtual Card uniquely allows you to select the card limit for which you want to do the transaction so that the card can only be used for the exact amount. and this card doesn't require you to punch in your actual credit card number, meaning, you are saved even if there is a theft on merchant's website, and credit card info is leaked. as the credit card number shown in that case would no longer be valid after the actual transaction.

If you are a HDFC Infinite & Regalia credit card holder you can generate a maximum of 5 virtual cards and each virtual card can have a maximum limit of Rs. 150,000, and for all rest of the credit card / debit card holders you can generate a maximum of 3 credit cards with a limit of Rs. 75,000 per credit card.

However, there is one drawback to this service, your NetSafe account is secured only through a password, i.e. if someone gets your credit card number / user id (or if its stolen or lost) and can guess your password or get access to it somehow, your account is all leaked and open to all sorts of possible theft / fraud.

There is no extra verification implemented by HDFC Bank before you could login to your NetSafe account like SMS code verification or by use of any extra devices such as dongles (once issued by HSBC) or offline Credit Card PIN reader (issued by Barclays, UK to its UK customers).

Hence, there is definitely a scope for improvement as far as security is concerned, specially considering the amount of online thefts / hacks that are happening all around the world in recent times.

So, if you can regularly monitor your netsafe account or keep changing passwords or have your mobile number registered so that you receive a transaction alert for each transaction, this is a really good service.