Security

How we ensure the safety of your transactions

- SBI Cards follows a strong password and online security policy to ensure our customers have a safe online experience.

- We have 256 bit Secure Sockets Layer (SSL) encryption technology to secure your online transactions.

- You can check the Security Certificate by clicking on the padlock icon that appears with the URL in the browser bar when you type the URL.

- Once you have registered for SBI Card Online, your password is not generated immediately but the ‘One time password’ (OTP) is sent across to your registered e-mail id / mobile no. You can access your account the first time using the OTP and re-set your password subsequently.

- When selecting the password, we ensure your password is hard to break with our password policy that ensures-

• a minimum length of 8 characters
• a minimum of 1 alpha character [a-z]
• a minimum of 2 numbers which must be embedded (i.e. the number cannot be the first or last character of the password)
• Not contain the username, or the username in reverse
• Allow, but not enforce, the use of Special characters [@,-,_,Space,]) and uppercase alpha characters [A-Z

- We also indicate how strong or weak your password is basis the character combination you opt for i.e. combination of Alphabets in small case & caps, Numerals and Special characters.

- Last ten passwords are disallowed by the system while re-setting passwords.

- Virtual Keyboard has been provided as an additional security measure and should always be used.

- The SBI Card Online account gets automatically locked if incorrect password is typed 3 times in succession.

- The SBI Card online account gets automatically logged off after an inactive period of 7 minutes.

- When you log in to your SBI Card online account, your last log in date and time is displayed in the header bar so you can check your account for any unauthorized activity.

- Only the last 4 digits of your Credit card no. are displayed in all our communication to you to ensure any unauthorized usage of your card.

Your Card Safety –

- At the time of receiving your SBI Card, make sure that the welcome kit is sealed. If not, call SBI Cards Customer Care immediately.

- Sign on the reverse of your card as soon as you receive it.

- Credit Card PIN Safety – Destroy the PIN mailer after memorizing the PIN.

- Never write down your PIN or disclose it to anyone.

 - Ensure the card is swiped in your presence, including at restaurants and petrol pumps. Check your charge-slip before signing.

- Check all details and the total on charge slip before signing it. Draw a line through blank spaces on charge slips above the total to prevent any changes in the amount.

- Ensure that you get your own card back after every purchase.

- Review your credit card statements on a timely basis; Report disputed transactions with the Call Centre immediately.

- Do not courier your credit cards along with letters incase of cancellation.

- Do not issue signed blank cheques towards your credit card payment.

- Do not lend your credit card to anyone.

- Destroy your credit card receipts before discarding it.

- Cut the credit card diagonally into pieces before disposal at the time of renewal, upgradation or cancellation.

- Do not handover your SBI Credit Card to anyone including company representatives.

- Never give a photocopy of your card or statement to anybody.

- Switch your magnetic stripe card to EMV chip card for enhanced security against counterfeiting and skimming.

- Make a list of card numbers, card expiry dates and help line numbers of your credit card companies. Keep this record in a safe place, separate from where you keep your cards. Use this information if you ever have to report your card lost or stolen.

- Please keep the customer service help line number handy with you, so that you can contact them immediately in case your card is lost or stolen and avoid misuse.

Alerts –

- Ensure that your mobile number is updated and registered for instant transaction alerts. Check transaction SMS alerts regularly and report disputed transactions immediately.

- Ensure your mobile number, contact address and email id are always updated in our records.

- For safety reasons, an intimation of a mobile number change in our records will be sent  to your new as well as old mobile number.

How to report Lost or Stolen card –

- Report lost or stolen card immediately. You can block your card instantly either on IVR or our website www.sbicard.com or through PULL SMS.

- To block your lost/stolen card through PULL SMS,  just SMS BLOCK XXXX to 5676791 from your registered mobile number. (XXXX = Last 4 digits of your Card number). If you do not receive a confirmation SMS within 5 minutes of your request, please do not consider the card to have been blocked. Please call up the help line to get your card blocked immediately and to avoid any misuse.

- SBICPSL is neither liable nor responsible for any transactions incurred on the card account prior to the time of reporting of the loss of the card, and the card member will be wholly responsible and liable for the same. For more details click here.

Protect your SBI Card Online Account

- Choose a strong password, one that cannot be guessed.

- Do not disclose your Login ID or password to anyone.

- Change your login password periodically.

- Never save your SBI Cards password.

-If you suspect your username or password has been compromised, change them immediately.

- Do not use cyber cafes to access online banking.

- Always use the virtual keyboard to log in.

- SBI Cards will never request for your PIN, One Time Password (OTP) or any personal information on emails or pop-ups.

- Always Log-out and then close the browser window after completing your online transactions.

- Always check the last log-in date & time details in your online account.

- Check your statement regularly for suspicious transactions. Report unauthorised transactions immediately.

- Do a full virus scan before using any online banking service if you suspect your computer is affected.

- Do not disclose your CVV, PIN, One time password (OTP), Online account access ID & password or any other sensitive information to anyone.

- Keep your computer system updated with a licensed anti-virus.

- Always type the URL https://www.sbicard.com into your web browser when you want to access the SBI Card website.

- Delete suspicious emails from people you do not know immediately and do not click on any link shared in such e-mails.You can also report such incidents at feedback@sbicard.com.

- It is advised to keep changing your online account access passwords after every 3 months

Protect your Computer

It is important to secure your computer properly-otherwise you may be putting yourself and possibly your family and friends at risk of being defrauded. If malicious software infects your computer it can stop it working properly, can delete or corrupt your files and can allow others to access your computer and your confidential information. Backing-up your data can also help you recover your information if a virus destroys your files, or your computer is stolen or damaged.

- Install and activate anti-virus and anti-spyware software and update it regularly. You may also consider installing a firewall.

- Turn on automatic updates so all your software receives the latest fixes to ensure that your software is up-to-date and can detect new threats.

Protect your card while shopping online

- Ensure you register your mobile number with SBI Card so you can receive the One Time Password (OTP) for all your online transactions.

- Always shop from reputed online shopping sites.

- Check the site for Secure symbols like https:// or the padlock icon.

- Do not update your account details in any pop-up window.

- Always type the URL of the site concerned in the browser bar and avoid accessing the site through links sent in e-mailers.

- Beware of sites/ offers that ask you to verify the confidential account details.

- Do not respond to phishing e-mails or SMS attacks asking for your SBI Card details

- Please do not respond to any communication which seeks your online account access id, password, etc.

- Beware of sites asking to enter your card number for authentication. These could be dummy sites asking for your card number for stealing information

- It is advisable to use a virtual keyboard if available while entering your personal information at the time of transacting online. Virtual keyboards are uniquely designed to provide secured online transactions

Mobile Security

The features that make your mobile device (phones, tablets, etc) 'smart' also make it susceptible to viruses and malicious software. If your device is not secure and it is lost or stolen, your personal information, including passwords, banking details, emails and photos could be used to access your money or to steal your identity.- Always shop from reputed online shopping sites.

Secure your Mobile

- Put a password on your device.

- You can also check the security settings on your phone to put a Security PIN on your SIM Card Setup your device to lock automatically

- Consider installing security software from a reputable provider.

- Access and download only reputable websites and mobile applications (Apps).

- Be careful when allowing third party unsigned applications to access your personal information.

- Do not click on unsolicited or unexpected links.

- Check your bill for unusual data charges or premium call rates.

- Check for updates to your device’s operating system regularly.

- Be smart with Wi-Fi and Bluetooth – try to use an encrypted network that requires a password, and avoid online banking or financial transactions in busy public areas.

- If you recycle your device, make sure you delete all your personal information first.

Give all your SBI Card IVR & Mobile Transactions an additional layer of security check with IVR One Time Password (OTP).

You will need to generate this 6 digit numeric IVR OTP before every IVR or mobile transaction. The OTP will be sent on your registered mobile number and will be valid for 1 transaction or 30 Minutes whichever is earlier.

You can generate the IVR OTP by any of the following 3 ways-

• SMS OTP XXXX to 5676791 from your registered mobile number. XXXX= Last 4 digits of your Card number.
• Log on to our website- www.sbicard.com using your user id & password
• Call our OTP Helpline at 1860 180 1291

Click Here for FAQs

Safe Social Networking

- It is recommended not to use the same user name and password to log in social networking sites that you use to access your SBI Card Online account
- Never share personal information such as : User ID, PIN, CVV , Credit Card number on social media sites.

Safe Collection Practices

- Please check the identity card before making a payment to a collection agent.
- Please ask for a customer receipt copy from a collection agent for a payment done towards your credit card.

Credit Card Safety

Q - What should I do if my card is lost or stolen or damaged?
A  - Please call and inform our customer service helpline immediately or SMS BLOCK XXXX to 5676791 (XXXX= last 4 digits of your Card no.). Your card will be blocked instantly and a new card will be delivered to you within 7 days. You can also block the card through the IVR and our website www.sbicard.com

Q - What should  I do if my credit card is declined while transacting online?
A - Please check if the OTP (One Time Password) entered is correct; Check the Caps lock status on the keypad and try again. If the card is declined despite all the requisite checks, Please call our helpline immediately.

Q - What should I do if my credit card is declined at a Point of Sale?
A - Wait for few seconds and try again. If the card is declined after the second attempt, please call our helpline immediately.

Q - What should I do if  I have  received an SMS alert from SBI Card stating that your card has been blocked for security reason?
A - Please call our customer service helpline or on the phone number mentioned  in the SMS received by you immediately.

Q - I keep receiving transaction alert SMS from SBI Card. What should I do?
A - SBI Card sends a transaction alert SMS on your  mobile number updated in our records for all transactions done on your  SBI Card. Always check for the transaction amount and date updated in the SMS. Incase these transactions have not been done by you, pls. call up our customer service helpline and report the disputed transactions immediately. Hence it is important to keep your existing mobile number updated in our records.

Q – How do I ensure safekeeping of the One Time Password (OTP) Passwords?
A – Please read and delete/destroy the message, through which the OTP is communicated to you by SBI Card, after using the same for Online/IVR transaction or any other purpose. Please do not share any OTP with anybody.

Q – I received an email from an unknown source asking to share my personal and card details to avail some benefits. What should I do ?
A – SBI Card strongly advises you not to share your personal as well as credit card details in response to such emails. Please do not download or open any link / attachment in an email sent to you by an unknown source. These could be  a Phishing email. Phishing is an act of attempting to gather personal information such as PIN, CVV number, Date of Birth etc.  by sending a fraudulent e-mail or creating a forged screen or pop-up.

Resources for you

- RBI’s Financial Education Initiative

- Credit Bureau FAQs

- Visa risk initiatives

Phishing

What is Phishing?

Phishing is the act of attempting to acquire information such as user names, passwords, and credit card details by disguised entities. It can be in the form of an Email, SMS, Website Screen or Pop up that appears to be from your bank / card issuer.
Please note that SBI Card will never ask for any confidential data like Login credentials, Password, One time Password, CVV or PIN.

Follow these simple steps to protect yourself -

- Do not disclose your CVV, One time Password (OTP), Online account ID & Password or any other sensitive information to anyone including SBI Card representatives.

- Always type the web address in the browser. Do not use links received in emails sent from unknown resources.

- Change all your passwords frequently and only from your computer.

- Never use cyber café for online transactions.

- Always use the virtual keyboard to login.

- Always log out and then close the browser window after completing your online transactions

- Always check the last login date & time details in your online account

- Register for email and mobile alerts to check your account regularly

- Check your card statement for suspicious transactions. Report unauthorized transactions immediately.

- Install effective antivirus / anti spyware / personal firewall on your computer / mobile phone and update it regularly.

- Do not open attachments from strangers as they may contain virus / trojan which transmit keyed-in details to phishers.

- Check the transaction site for secure symbols like https:// or the padlock icon.

How to report a Phishing attempt?

Forward the original email to us at feedback@sbicard.com

Skimming

What is Skimming ?

Skimming is the theft of credit card information used in an otherwise legitimate transaction
The victim’s credit card number and/or details are procured using basic methods such as photocopying receipts or more advanced methods such as using a small electronic device (skimmer) to swipe and store hundreds of victim’s credit card numbers. Skimming may be commonly employed at restaurants, bars, gas stations and retail counters where the physical card is handed over.

How to prevent your card from getting skimmed-

- Review your credit card statement on a timely basis. Report disputed transactions with the customer care centre immediately

- Ensure that you get your own card back after every purchase

- Do not handover your SBI Card to anyone including company representatives

- Cover your keypad – Always use your hand and body to cover your keypad when operating a handheld pinpad or a payment processing machine like an ATM. This will prevent shoulder surfers and pinhole cameras from observing your PIN number

- When dining at restaurants, ask to pay at the terminal instead of giving your card to a waiter for payment processing

Vishing

What is Vishing?

Vishing is a combination of Voice and Phishing that uses Voice over Internet Protocol (VOIP) technology wherein fraudsters feigning to represent real companies such as Banks/credit card companies and attempt to trick unsuspecting customers into providing their personal and financial details over the phone

Please note that SBICard will never ask for any confidential data like Credit Card CVV, PIN,  Login credentials, Password, One time Password (OTP)
Follow these simple steps to protect yourself -

- Beware of spurious callers who claim to be SBI Card employees/ associated with SBI Card and asking for your credit card CVV, PIN, OTP, Online user id and password. SBI Card will never ask you for this information. If you are suspicious about the request, call up the helpline to confirm the request

- If you suspect fraudulent activity in your account call our SBI Cards help line on 39 02 02 02 (prefix your city code) or 1800 180 1290(only for MTNL and BSNL users) immediately.You can also report such incidents at feedback@sbicard.com.

- To update your email id or mobile number, please contact our helpline.