Install

Manage your account on the go with the SBI Card Mobile App

Card Security
Security – Protect your Card | SBI Card

How to Prevent Frauds

Do’s

  • Make sure the welcome kit that you receive along with your new SBI Card is sealed. If not, please call SBI Card Helpline immediately.
  • Destroy the PIN mailer after memorizing your PIN to ensure your SBI Card PIN is safe.
  • Do not store sensitive personal data like card number, CVV, PIN, username, or password on your device.
  • Ensure your card is swiped in your presence every time you make a transaction. Make sure to collect your card after you have completed the transaction.
Click to learn more

Don’ts

  • Never leave your card unattended.
  • Never write down your PIN or disclose it to anyone.
  • Do not lend or handover your credit card to anyone including company representatives.
  • Do not disclose your login ID or password to anyone and change your password periodically.
  • Never save your SBI Card password at places where it could be accessed by anyone without your knowledge.
Click to learn more

Types of Frauds

Protect your SBI Card from frauds
Malicious Application/APK File Fraud
What Is It?
Fraudsters create fake apps that look like genuine apps. These are shared via unofficial app stores, phishing links, or fake websites. Once installed, the app can steal personal / financial details, track activities, or install malware.
How Does It Work?
  • Fraudsters create fake apps / APK files that look like genuine apps and share them over SMS, E-mail and WhatsApp communication.
  • Once downloaded, the fraudsters steal sensitive data (e.g. financial details, login credentials, etc), track user activity, or install harmful malware on the device.
Impersonation Fraud
What Is It?
Impersonation fraud occurs when fraudsters pose as representatives of government institution and agencies and try to gain access to your personal information and card details.
How Does It Work?
  • Fraudster contact you through Voice or WhatsApp calls and usually pretend to be members of government agencies
  • They create a convincing but false scenario to manipulate victims into sharing personal, financial, and credit card details
Social Engineering Fraud
Social Engineering Fraud encompasses a variety of deceptive techniques used by fraudsters to manipulate victims into divulging sensitive information. These tactics include phishing emails, phone calls, SMS, and other methods.
Phishing
Phishing is an act of attempting to acquire information such as usernames, passwords, and credit card details by disguised entities with malicious intent. It can be in the form of an email, SMS, website screen or pop-up that appears to be from your bank or card issuer.
Vishing
Vishing, short for voice phishing, uses fraudulent phone calls to trick victims into providing sensitive information, like login credentials, credit card numbers, or bank details.
Smishing
Smishing is a social engineering attack that uses fake mobile text messages to trick people into downloading malware, sharing sensitive information, or sending money to cybercriminals. The term “smishing” is a combination of “SMS”— or “short message service,” the technology behind text messages—and “phishing.”
Skimming Fraud
Skimming is the act of illegally copying data from the magnetic strip of a credit, debit, or ATM card. The card number and/or details are procured using a small electronic device called skimmer to swipe and store hundreds of such credit card numbers. Skimming can be done at restaurants, bars, gas stations and retail counters where the physical use of card is done.
Identity Takeover Fraud/application Fraud
What Is It?
Identity takeover fraud or identity theft occurs when someone gains unauthorized access to your personal information, your identity and using it for malicious purposes. This include stealing the individual’s KYC information.
How Does It Work?
  • Scammers can exploit Unverified or incomplete KYC documents to fraudulently apply for loans or credit cards.
  • The fraudster can steal your mail or personal information from the internet and then use it for fraudulent activities.
Account Takeover Fraud
What Is It?
In Account Takeover Fraud, fraudsters contact the victims through calls, messages or emails, and influence victims to share their credentials. They gain access to the mobile app/website by creating a new user ID or re-setting password followed by demographic details change, unauthorized transactions or booking of cross-selling products like Encash /BT/BT EMI etc.
How Does It Work?
  • The Fraudster influences customers to share OTP (One Time Password).
  • The fraudster uses the customer’s credentials to initiate a login to their online account (Mobile/Email Change or set up New Device without change).
  • As soon as the login credentials change, the account gets logged out from other signed-in devices.
  • The Fraudster then uses the account to make unauthorized transactions or book cross-sell products.
Card, Mobile Handover
What Is It?
It involves the unauthorized use of a physical credit or debit card or a mobile device. The fraudster first gain trust of the victims and then manipulates them to share the physical card or mobile. Fraudster gains access to a victim’s card or mobile and uses it for fraudulent transactions.
How Does It Work?
  • The fraudster physically steals the victim’s credit card or debit card.
  • They may also use a lost or stolen card that belongs to the victim.
  • In some cases, the fraudster manipulates the victim through distraction or deception to hand over the physical card or mobile device.
Social Media Fraud
What Is It?
Social media fraud encompasses deceptive or fraudulent activities that occur on social media platforms. These schemes aim to deceive individuals, steal personal information, manipulate users into specific actions, or achieve financial gain for malicious purposes.
How Does It Work?
  • Fraudsters create fake profiles: They often befriend innocent people and send spam messages or links. These links may lead to malicious websites or prompt users to reveal personal or financial details.
  • Fake Advertisements and Store Approach: Create ads using social media tools. Target users based on age, interests, and past purchases.
Juice Jacking Fraud
What Is It?
The USB charging points at public charging stations, provide an unauthorized access to cyber attackers to our mobile phone data during the charging process, leading to data theft. This is known as Juice Jacking.
The attack could be as simple as extracting all your contact details and private pictures or can be an invasive attack of injecting malicious code directly into your device which can then copy all your passwords or financial data.
A regular USB connector has five pins, where only one is needed to charge the device. Other pins are used for data transfer.
A hacker can easily tamper with a USB charging port at a public charging station to steal passwords and export data.
How Does It Work?
  • Fraud originates from USB charging ports installed at public places such as airports, cafes, bus stands, etc.
  • Once the device is plugged-in and connection is established, it either installs malware or secretively copies sensitive data from your device.
Sim Swap Fraud
What Is It?
SIM Swap Fraud involves an account takeover where a fraudster gains unauthorized access to your personal and financial details by obtaining a duplicate SIM card associated with your mobile number.
How Does It Work?
  • Manipulating the Mobile Operator: The fraudster tricks the mobile operator into initiating a request for a duplicate SIM card linked to the victim’s mobile number.
  • Lost or stolen SIM- The fraudster may use victims lost or Stolen SIM to generate new SIM.

How to Report Fraud

To Dispute Transactions or Report Suspicious calls/E-Mail/SMS: Please reach out to us:
You can call the SBI Card helpline at: 39 02 02 02 (prefix local STD code) or 1860 180 1290 /1800 180 1290.
You can also report such incidents at customercare@sbicard.com
You can also raise a dispute transaction request on mobile app/website. To know more click here
To Report Lost or Stolen card:
You can block your card instantly either on IVR or our website sbicard.com or through PULL SMS (Simply SMS). To block your lost or stolen card through Simply SMS - SMS BLOCK XXXX to 5676791 from your registered mobile number, where XXXX = last four digits of your lost SBI Card number.
If you do not receive a confirmation SMS from us within 5 minutes of your request, do not consider the card to be blocked. Please call up the SBI Card help line to get your card blocked immediately and to avoid any misuse.
To view the RBI Guidelines against Fraud Prevention, please click here
Download Mobile App