With the rise of digitalization, consumers are increasingly turning to online commerce. Among the main reasons why people prefer online shopping is the ease and speed of the process. With all the advantages that online payments offer, they can also imply particular risks. The National Bank of Moldova, in partnership with the Independent Think Tank “Expert-Grup”, say how to make online payments safely and without risks. This information is provided as part of a set of informative materials on various topics in the financial field, intended for consumers of all ages, IPN reports.
In Moldova, the number of e-commerce platforms (solutions that enable to accept online payments) in 2023 increased by 57.0%, and the number and value of cashless transactions carried out through e-commerce increased by 15.2% and 17.2%, respectively. Also, in the same period, the number of online payments in Moldova (without the physical presence of the card) grew by 12.5%, while the value of online payment transactions rose by 25.6%, respectively. Currently, an inhabitant of the Republic of Moldova makes an online payment on average, while the average monthly value of online payments per capita is 764 lei.
With all the advantages that online payments offer, they can also pose particular risks. Taking into account the fact that about 15 million card transactions are carried out monthly in Moldova, the value of registered frauds is insignificant (0.01% of the total value of card transactions).
The fraud techniques in online payments are varied. Among them is the theft of the victim’s security elements (phishing). Usually, it is done through a cloned (fake) internet banking or payment initiation page, the reference to which is sent to the victim by email, SMS or messaging.
Another fraud technique is the imitation of authorities or trusted people (social engineering). In this type of fraud, the scammers do not steal the card data, but manipulate the victims so that they transfer the money to them. In the case of advance payment (commission/fee) fraud, the victim is asked to make a small advance payment in order to later receive a large amount of money.
Selling fictitious products/services. Sometimes, after the person has placed an online order and paid for it, the ordered good is not delivered or the service is not provided. The remote access attack (malware) is another fraud technique. Browsing the Internet, the users “catch” a virus that they install without knowing. These are malicious applications for intercepting the transmitted data or obtaining administration rights over the workstation.
In order for people to be able to make online payments safely and risk-free, they must comply with particular security rules from the moment they receive the card from the bank. Thus, it is recommended to read the conditions of the contract that is issued when the card is handed over. If suspicions arise related to fraud, the person must immediately call the bank or block the card directly from the application installed on the mobile device.
It is also recommended to change the automatically generated PIN to a PIN that is easy to remember but difficult to guess for third parties. When creating a new PIN, obvious combinations such as date of birth, last digits of the phone number and others should be avoided. If the person has more than one card, it’s not recommended to set the same PIN on them. The personal card is not offered to other people to use it, not even to family members.
It is recommended to set maximum limits for various types of account transactions (for example, through the mobile banking application), in order to reduce losses if the card and PIN have been stolen. When the person buys online, it is recommended to make sure that the web address of the store starts with: https://. The letter “s” in https:// informs that the web page is secure.
If, for example, the person paid online for products that were not delivered, the person can try to contact the store administration or initiate a dispute on the respective commercial platform. If the problem has not been solved, one can try to recover the money with the help of the bank, through a chargeback procedure. Chargeback is a procedure to dispute a bank card payment that the customer does not agree with. It is used if a seller of goods or a service provider fails to fulfil their obligations.
If, however, the person has become a victim of fraud, they should immediately contact their bank to block the card, when the PIN codes or passwords have been revealed to third parties, if the card has been lost or stolen, or if fraudulent transactions have been made. They can also notify the authorities about the fraud or attempted fraud with his card (e.g. the 112 Service).
In the Republic of Moldova, the rights and obligations of payment service users are defined by the Law on Payment Services and Electronic Money. As regards payment security, the payment service provider (bank) must inform customers about the protection requirements and payment security measures. If the customers have not ensured the security of the personalized security elements of the card, they bear responsibility for the losses related to any unauthorized payment operation up to the maximum amount agreed between them and the provider, but not more than 2,500 lei. The client will bear all losses in connection with any unauthorized transaction if such losses result from fraud or willful non-compliance, or from gross negligence of one or more of the obligations. In such cases, the maximum amount mentioned above does not apply.
The National Financial Education Campaign is carried out with the support of USAID (MISRA).