In early September, the Government through Bank Indonesia, stated that the practice of double swipe credit cards and debit cards was now banned. This is done not without reason, but in order to maintain the protection of the personal data of the customer concerned.
BI Regulation that Regulates Double Swipe Credit Cards
The ban on double friction aims to protect the public from theft of data and card information. Regulations that prohibit double friction of credit cards and debit cards on EDC machines and cash registers have been regulated in Bank Indonesia Regulation No. 18/40 / PBI / 2016 concerning the Implementation of Payment Transaction Processing. In Article 34 letter b, Bank Indonesia prohibits payment system service providers from misusing customer data and information as well as payment transaction data and information in addition to the purpose of payment processing transactions. Included in it is a ban on data collection through the cash register at the merchant. (quoted from sec Finance)
“How do you mean the practice of double swipe itself?”
Often we meet in several shopping places, both department stores, superstores, as well as in some shops that serve payment facilities with credit and debit cards. It is not uncommon for us to find out that the cashiers in that place made two swings: one at the EDC (Electronic Data Captured) machine and one at the cash register. Even though it turns out this is what leads to danger because it is related to the insecurity of the card owner’s data.
Danger of Double Swipe Credit Card
Insecurity of Cash Register Cash Machines that are not Monitored by Regulators
The practice of double swipe credit cards is prohibited by the Government because it can have an impact on the security of customer data of credit card and debit card owners. This could be related to the potential for theft or misuse of card data and information. Actually what must be avoided is when the card is swiped to the cash register, because the bank cannot guarantee the security of confidential data held by the customer. Cash registers / cash registers that are spread in various department stores or supermarkets, as well as other shops usually do not have security as found on an EDC machine.
The Bank is not responsible for the data recorded by the merchant’s cash register
Usually the practice of double swiping on a credit card or debit card to the cash register is not done for reporting to the bank, because it is only for recording internal data for the merchant only. This is what makes the practice of double swipe in dangerous transactions, because the potential for misuse or theft of data by irresponsible individuals appears.
Used for Online Transactions
With all data that has been recorded in the transaction and stored in the cash register, it is not impossible that the data is used to shop online . When shopping online, credit and debit card data can be used for shopping. This is what sometimes makes the card customers / owners suddenly approached by a very high bill, even though they have never used it to shop at all.
Data Moved to Fake Card
With potential insecurity in this case, irresponsible individuals can see all personal information on credit and debit cards available in the cash register. If double friction is carried out, data such as card number, customer name, card expiration date, up to 3 digit CVV code ( Card Verification Value) listed on the back of the card will also be recorded. Through these data, it is not impossible that the person moves it to a fake card by using an encoder card writer.
What to do?
In order to avoid the practice of double swipe a credit or debit card, you must remind the cashier who works not to double swipe credit or debit cards. Reporting from CNN, Agus DW Martowardojo, Governor of BI, also appealed to the entire community to immediately refuse if the cashier / merchant concerned starts to make a friction to the cash register, especially if you have already seen that the cashier / merchant has made a shift to the EDC machine.
You can also report to Bank Indonesia if there are still violations. You can report it to Bank Indonesia Contact Center (SPEAK) 021 – 131, stating the merchant’s name and managing bank name that can be seen on the EDC machine sticker.
Consequences If There Are Still Violations
Back from detikFinance, the General Manager of the Indonesian Credit Card Association (AKKI), Steve Marta, said that decisive action is needed so that merchants adhere to the standard operating procedures provided by the bank. Of course the BI also has actions to be taken if this practice continues. Merchants anywhere who have access to EDC machines or payments using credit & debit cards, must obey the prohibitions issued by the Government.
In this case, the acquirer / bank usually cooperates with the merchant , must ensure merchant compliance with the newly issued ban. Later, acquirers / banks will be asked to take firm action. It is not impossible if the bank will terminate cooperation with rogue merchants who still practice double friction. This is also done based on Bank Indonesia (BI) rules so that merchants adhere to applicable laws. Another way that can be done is by using an electronic cash register (ECR) machine from the bank, because this machine can also be used by merchants to reconcile data. So, merchants can directly record casters credit / debit card data for bank purposes as well as the merchant’s data collection needs .