I have done a lot of online purchases within Pakistan through credit cards. I was also a Product Manager for a company that used to route all these transactions on the internet in Pakistan. Hence let me explain both sides of the story.
90% people fear that their credit card data is not secured and someone or the website itself will get access to it and might abuse it in future. 10% fear that their purchase will not be completed successfully i.e. what they purchase will not be given/delivered to them.
Credit Cards & Security
To address the first part of the problem, the biggest problem in Pakistan is lack of 3D security which means that VISA and MasterCard can only verify your credit card details on the internet and not the person using it. Generally online fraud is due to this. If 3D security is being used then the VISA/MasterCard network actually directs you to the bank where they ask you to register (once) and enter a security key which you know. Afterwards, everytime you are purchasing online, the 3D security mechanism verifies the information with you. All websites that use 3D security will have Verified by Visa or MasterCard SecureCode logo or seal on it.
UBL credit cards provide 3D security through Verified By Visa (VBV) which makes it a good credit card to use on any website with VBV.
To circumvent the above problem, Bank Alfalah, devised the solution of blocking their cards by default for internet. You can get them activated for Rs. 100 before making a transaction. Personally, I prefer this and have used it effectively. I have never been surprised by any transaction.
For all websites, you need to ensure that the security trifecta is in place when you are entering credit card information. This is:
- Browser address bar display HTTPS and the website shows Verisign (or Norton Secured) logo.
- The website displays the VBV, MasterCard SecuredCode logo or simple card logos.
- There is a box for 3 digit security code.
Any website in Pakistan that is routing transactions via ECXS.biz or CyberNet is secure because these are two authorized Commerce Service Providers in Pakistan. Citibank provides the gateway and keeps a check on the two providers. Both websites display a Verisign Seal which confirms their identity, they also display the Visa and MasterCard logo. Till 2011, Citibank had not implemented the 3D security in their gateway hence from what I know, they do not support the added mechanism provided by UBL however, I can safely confirm the following:
- Websites that display Verisign Seal (soon to be Norton Secured) do not save your card information in plain text nor do they transmit it in plain text. The information is encrypted via SSL and transmitted over the internet in a secure tunnel linking to gateways which are the same used for physical credit card transactions. If the information is saved within a database then it is in an encrypted format. No one can query the Database and get plain text replies, unless they decrypt the fields first. And mind you there is generally only one or two people in the entire company who know how to do this hence it remains very secure as any theft or illegal use can be traced back to these individuals.
- Similarly, for internet transactions the security code (at the back of your card) is always required which is NEVER SAVED ANYWHERE. Without this no one online accepts a credit card.
- Expiry date is also not saved in most instances.
- All the above information is never taken on the website you are shopping for e.g. Liberty books will take your order information and details however, when you need to pay, you are redirected to Liberty Book’s page on Cybernet’s secured website where they take your credit card information and give you a reply (success or decline). This way, Cybernet has your credit card info however not your personally identifiable information and Liberty has your information but no card details.
There are other websites that were unable to get an account with Citi (it is a nightmare) and hence decided to use international providers such as Authorize.net, WorldPay, SagePay etc. They all work under the same principle I have described and replace the role of ECXS/CyberNet.
The only difference is that transactions done via ECXS/CyberNet are in PKR while the others will charge in USD after conversion. Your bill will reflect this.
You need to ensure that the security trifecta is in place when you are entering credit card information. You might have access to VBV / MasterCard SecureCode however, you will always get charged in USD. If for some reason your transaction is being done in GBP or Euro then you will get a double whammy with the conversion and may end up paying about 5% more by the time your transaction is billed in PKR.
Online shopping that I have done while in Pakistan:
- Books via www.libertybooks.com
- Donations for TCF
- DSL bills to MaxCom
- Gifts via TCS Sentiments
- Books via Amazon
- iTunes gift gards (send to US or UK address)
- Sweaters from Woolovers.com (UK based)
- Kaspersky Internet Security licenses
- Nero Software license
- ACCA exam fee
Till year end 2011 Bank Alfalah had no extra fee for international transactions except for the charges to activate a card for internet use. HBL and UBL charge easily around 3% more of the international exchange rate
It is safe as long as you make sure that you are being informed at every step of the way. A website with nobel intentions will always inform you before sending you to another website, about security, about its data protection procedures and will have all the relevant logos.