Security of your SBI Card

Our commitment to provide secure online account experience

We are committed to ensuring complete safety of your SBI Card online account. - We follow a strong password and online security policy to provide you a safe online experience.

• We use 256 bit Secure Sockets Layer (SSL) encryption technology to secure your SBI Card online transactions.
• You can check the security certificate on our website, sbicard.com by clicking on the padlock icon that appears with the URL in the browser bar when you type the URL sbicard.com
• We enable you to secure your SBI Card online password from fraudulent use. Once you have started the registration process on SBI Card online and provided your card details, we send you a One Time Password (OTP) to your registered email ID and mobile number as an additional factor of authentication You can complete the registration process and set your user ID and password only after entering the correct OTP.

We help you choose a password that is secure and tamper-proof. In the interest of security, we ensure that your password is:

• a minimum length of eight characters
• a minimum of one alphanumeric character from a-z
• a minimum of two numbers embedded in the middle of the password, i.e. the numbers cannot be used at the beginning or end of the password
• different from the  username, even in the reverse format

We allow the use of special characters, e.g. @,-, _, Space,], etc., and uppercase alpha characters, A-Z.

• We also indicate the strength of your passwords, on the basis of your chosen character combination, i.e. combination of alphabets in small case and caps, numerals and special characters.
• We make sure that you are not reusing any one of your last ten passwords while re-setting your password.
• We provide a virtual keyboard as an additional security measure and encourage you to use it.
• Your SBI Card online account gets automatically locked to prevent any misuse, if you have typed in an incorrect password 3 times in succession. You can either unlock the account online by generating a One Time Password that would be sent on your registered e-mail ID  or by calling our helpline.
• The SBI Card online account gets automatically logged off after an inactive period of seven minutes.
• When you log in to your SBI Card online account, your last log in date and time is displayed in the header bar so you can check your account for any unauthorised activity.
• We only display the last four digits of your credit card number in our communication to you to safeguard your card from unauthorised usage.
• We send you a One Time Password (OTP) (Do not share your OTP with anybody) for every online purchase or transaction that you do with your SBI Card. This OTP that is sent only on your registered mobile no. is specific to a particular transaction and cannot be used for any other transaction. Also, it is valid only for 10 minutes or one successful use.

The safety of your card

• Make sure the welcome kit that you receive along with your new SBI Card is sealed. If not, please call SBI Card Helpline immediately.
• Sign on the strip given at the back of your SBI Card as soon as you receive it. By doing this, you reduce the chances of your card getting misused. In case of suspicion, the merchant can check the signature behind the card with that received on the payment receipt and identify if the card has been used by the rightful cardholder or not.
• Destroy the PIN mailer after memorising your PIN to ensure your SBI Card PIN is safe.
• Never write down your PIN or disclose it to anyone.
• Ensure your card is swiped in your presence every time you make a transaction. Check the amount in your charge-slip before signing.
• Check all the details and the final amount on the charge-slip before you sign it. Draw a line through blank spaces on the charge slips above the Total Amount to prevent any changes in the amount after you have signed it.
• Make sure to collect your card, after you have made any transaction.
• Review your credit card statements on a timely basis. Report disputed transactions with the SBI Card helpline immediately. Please call:
  • 39 02 02 02 (prefix local STD code)
  • 1860 180 1290
• Do not courier your credit card.
• Do not issue signed blank cheques towards your credit card payment.
• Do not share or lend your credit card to anyone.
• Destroy your credit card receipts before discarding them.
• Cut the card diagonally into pieces to dispose of your old credit card at the time of renewal, up-gradation or cancellation.
• Do not handover your SBI credit card to anyone including company representatives.
• Never give a photocopy of the reverse of your credit card to anybody.
• Switch your magnetic stripe card to EMV Chip and PIN card for enhanced security against counterfeiting and skimming.
• Make a list of card numbers, card expiry dates and help line numbers of your credit card companies. Keep this record in a safe place, separate from where you keep your credit cards. Use this information if you ever have to report your card as lost or stolen.
• Keep the customer service helpline number handy with you, so that you can contact them immediately and avoid misuse, in case your card is lost or stolen.
• You can call SBI Card helpline at:
  • 39 02 02 02 (prefix local STD code)
  • 1860 180 1290

Alerts

• Ensure that your mobile number is updated and registered for instant transaction alerts. Check transaction SMS alerts regularly and report disputed transactions immediately.
• Ensure that you have updated your mobile number, contact address and email ID in our records. Whenever you update or change your mobile number in our records, we send the intimation of the same to your new as well as old number. Please call SBI Card helpline immediately if you have not initiated any such change.

How to report Lost or Stolen card

• Report lost or stolen card immediately.
• You can block your card instantly either on IVR or our website sbicard.com or through PULL SMS.
• To block your lost or stolen card through Simply SMS
  • SMS BLOCK XXXX to 5676791 from your registered mobile number, where XXXX = last four digits of your lost SBI Card number.

  If you do not receive a confirmation SMS from us within 5 minutes of your request, do not consider the card to be blocked. Please call up the SBI Card help line to get your card blocked immediately and to avoid any misuse. You can call SBI Card helpline at:

  • 39 02 02 02 (prefix local STD code)
  • 1860 180 1290

SBICPSL is neither liable nor responsible for any transactions incurred on the card account prior to the time of reporting of the loss of the card, and the card member will be solely responsible and liable for the same. Please click here for more details.

Protect your SBI Card online account

• Choose a strong password that cannot be guessed easily.
• Do not disclose your login ID or password to anyone.
• Change your SBI Card online password periodically. It is advisable to change your password every 3 months.
• Never save your SBI Card password at places, where it could be accessed by anyone without your knowledge.
• Change your username or password immediately, if you suspect any fraudulent activity on your account or if you think your credentials have been compromised.
• Avoid using cyber cafes or public kiosks for accessing your SBI Card online account.
• Use the virtual keyboard to log in, as much as possible.
• Log out and close the browser window, after you have completed your online transaction. - Make a habit of checking the last log in date and time on your account every time you log in to report any unsolicited access to your account.
• Check your SBI Card statements regularly for any suspicious transactions. If you observe any unauthorised transactions, please report the same to us immediately.
• Keep your computer system, on which you access your account, updated with a licensed anti-virus solution.
• Do a full virus scan of your system, before you use any online banking service on it particularly if you suspect that your computer has been infected by any virus or malware.
• Do not disclose your CVV number- the three-digit number given at the back of your credit card, PIN, One Time Password (OTP), user ID and password or any other sensitive information to anyone. At SBI Card, we will never ask you to disclose such information with us.
• Delete suspicious emails from people you do not know. Please do not click on any link shared on such emails. Also, you can report such incidents to customer.care@sbicard.com

Protect your computer

It is important that the computer you use to access your account is malware free to check the risk of fraud and information theft. The malicious software can infect your computer, delete or corrupt your files and allow others to access your confidential data. We also recommend that you should keep a back-up of your important data, in order to protect your vital information in case of virus infection, damage or theft of your computer.

• Install and activate anti-virus and anti-spyware software and update them regularly. We also recommend that you also install a firewall.
• Choose automatic update option for your software so that they are always up-to-date and can handle newer threats.

Protect your card while shopping online

• Ensure that you have registered your mobile number and email ID with SBI Card. We send you a One Time Password (OTP) for all your online transactions on your mobile no. and email ID registered with us. Please do not share the One Time Password(OTP) with anybody.
• Always shop, pay your bills or make any other kind of transaction on reputed e-commerce sites only
• Check all e-commerce site for secure symbols like ‘https://’ or the padlock icon before transacting. The presence of these features tells that that particular site is following the necessary standards of safety, needed for secure online transaction.
• Type the URL of the site you want to browse in the browser bar and avoid accessing it through links sent in emails.
• Never update your account details in a pop-up window.
• Beware of sites or offers that ask you to verify the confidential account details.
• Do not respond to emails or SMS asking for your SBI Card details. Also, beware of sites that ask you for your card details or online credentials.  These could be a phishing attempt aimed at getting your card details and other sensitive information by posing to be from a credible source.- 
• Use a virtual keyboard, if available, while entering your personal or credit card information while making any online transaction. Virtual keyboards are uniquely designed to provide secured online transactions.

Secure your mobile

• Keep your mobile device, password protected.  You can also check the security settings on your smart phone to put a Security PIN on your SIM Card. Setup your device to lock automatically.
• Install the security software from a reputed provider.
• Access and download websites and mobile applications that are reputed.
• Be careful when you allow a third party unsigned application to access your personal information.
• Do not click on links, you find unsolicited, unexpected or strange.
• Check your mobile bills properly for unusual data charges or premium call rates.
• Update your mobile operating system regularly.
• Understand the Wi-Fi and Bluetooth modes of connectivity. To access your bank or credit card account on your mobile, use an encrypted network that is password protected. Avoid online banking or financial transactions in busy public areas.
• Ensure you have deleted all your personal information from your mobile phone, when you recycle your device.
• The features that make your mobile device (phones, tablets, etc) 'smart' also make it susceptible to viruses and malicious software. If your device is not secure and it is lost or stolen, your personal information, including passwords, banking details, emails and photos could be used to access your money or to steal your identity Always shop from reputed online shopping sites.

Additional layer of security with OTP

Provide all your SBI Card IVR and mobile transactions, an additional layer of security check with IVR One Time Password (OTP).

Before every IVR or mobile transaction, you need to generate a six-digit IVR OTP. This OTP(Do not share your OTP with anybody)is sent on your registered mobile number and email ID and is valid for one transaction or 30 minutes, whichever is earlier.

Do not share your OTP with anybody.

Follow any of these three ways to generate the IVR OTP.

• Logon to our website- sbicard.com using your user ID and password and generate OTP in five simple steps:
  • Step 1: Click on ‘Request’ on left hand navigation bar
  • Step 2: Under the Request section, click on ‘IVR OTP’
  • Step 3: Select the SBI Credit Card, for which you need the OTP
  • Step 4: Your registered mobile number and e-mail ID will be prepopulated
  • Step 5: Click on ‘Generate OTP’

Your new OTP will be sent to the registered mobile number and email ID

• SMS OTP XXXX to 5676791 from your registered mobile number, where XXXX = last four digits of your credit card number.
• Call our SBI Card OTP helpline at 1860 180 1291

Click Here for FAQs

Keep your SBI Card online account information safe

• It is recommended to keep different log in credentials for your social networking sites and SBI Card online account.
• You must never share your personal information such as, username, PIN, CVV number given on the back side of your credit cards, etc. on social media sites.

Stay alert while making payment to a collection agent

• While making payment to a collection agent, please check the identity card of the person.
• Please ask for a customer receipt copy from the collection agent for the payment done towards your credit card.

Credit Card Safety FAQs

Resources for you

RBI’s Financial Education Initiative

Credit Bureau FAQs

Visa risk initiatives

Protect your SBI Card from frauds

INVESTMENT FRAUD:

WHAT IS IT ?
Investment fraud generally refers to a wide range of deceptive practices that scammers use to induce someone to make investing decisions. These practices include untrue or misleading information or fictitious opportunities usually resulting in losses. Investment fraud may involve stocks, bonds, notes, commodities, currency or even real estate.

HOW IT WORKS ?

• Social media ads, Phishing/Vishing techniques are used to entice and lure consumers
• Scammers often target investors who have lost money in a risky investment. They will contact the investor with an offer to help recover their losses. They may say they will buy or exchange the investment at a substantial profit to the investor, but the investor must first pay a “refundable” fee, deposit or taxes
• Consumers are led to unauthorized/unrecognized sites and are lured to give away payment card information, including One-Time Password.
• Fraud usually take place at overseas merchants and involves investment such as Cryptocurrency purchase or Binary Options
• Since these are fully authenticated 3D transactions, the fraud liability falls with the credit cardholder.

SAFETY TIPS:

• Ask questions !
• Research every investment opportunity thoroughly before you invest.
• Refuse to be rushed ! A legitimate investment will still be available tomorrow as well.
• Avoid unsolicited links and sales pitches, such as related to investment for vaccines.
• Be extremely suspicious of schemes that offer ‘guaranteed’ returns with no risk.
• Be Wary of “Everyone is buying it” pitches & offers that sound “too good to be true”.
• Carefully read the merchant name in the OTP message & wherever possible.
• Be cautious when dealing with individuals/companies from outside your own country.

JUICE JACKING FRAUD

WHAT IS IT ?
The power/data cable at public charging stations, provides an unauthorized access to cyber attackers to our mobile phone data during the charging process, leading to data theft. This is known as Juice Jacking.

The attack could be as simple as extracting all your contact details and private pictures or can be an invasive attack of injecting malicious code directly into your device which can then copy all your passwords or financial data.

A regular USB connector has five pins, where only one is needed to charge the device. Other pins are used for data transfer.

A hacker can easily tamper with a USB charging port at a public charging station to steal passwords and export data.

HOW IT WORKS ?

• This Fraud originates from USB charging port installed at public places such as airports, cafes, bus stands, etc.
• Once the device is plugged-in and connection is established, it either installs malware or secretively copies sensitive data from your device.

PREVENTION TIPS:

• Keep your devices fully charged or carry personal charger/power bank with you
• Go to settings and disable data transfer while charging.
• Use USB condom/data blockers which cuts off the connection of data transfer pins of the USB port electronically and permits only the power supply thereby preventing Juice Jacking.
• If It’s inevitable and you must charge your device, then first switch off/shut down your device and then consider using a wall socket instead of a kiosk. Data cannot transfer between your device and a regular AC wall outlet.

SCREEN SHARING FRAUD:

WHAT IT IS?
Screen Sharing or Mirroring App Fraud is a new scam where Fraudsters ask users to install a third party screen-sharing application in order to assist you online or to update some documents. These apps may or may not be malware, but they do grant complete access of your device to the scammer.

There are hundreds of free screen-sharing application available all over the internet. These apps were originally used by engineers to fix issues on a phone/computer from a remote location. These apps allow full access and control to the user’s device.

HOW IT WORKS?

• Fraudster approaches the user imposing to be from a financial institution/bank or an online service provider.
• They will ask user to download a third party screen-sharing application on their device to solve an issue immediately.
• Instead of asking user to share their card, bank details, UPI PIN or OTP, fraudster will ask users to type in the details.
• While user thinks they are being helped, fraudster use the opportunity to record the user’s card number, CVV code and send an OTP for transferring funds into their own account through an SMS.
• Remember, screen-sharing apps allow access to your device. Fraudsters view the OTP received on the user’s device and use it for transferring funds to their own account.

SAFETY TIPS:

• Do not download any unknown/unauthorized application on your device.
• Do not permit any third-party application to be installed on your device.
• If you see any notification asking you to allow a particular application to make changes to your device immidiately 'Deny' and decline.
• Report any such call/suspicious activity on the helpline number mentioned at the back of your credit card.

ALWAYS REMEMBER:
SBI Card will never ask you to install any third-party application on your device.
Do not install an application on anyone's request. It may be used to grant full control of your phone/laptop/desktop/tablet to the person on the other end
and help him/her view your personal and financial information such as card credentials/account details/personal photographs from a remote location.

Vishing

What is Vishing?
Vishing is a combination of Voice and Phishing that uses Voice Over Internet Protocol (VOIP) technology, wherein, fraudsters attempt to collect your personal data, pretending to be calling on behalf of your bank or credit card company.

Please note that we will never ask you for any confidential data like credit card CVV, PIN, login credentials, password, One Time Password (OTP), etc.

If you have any suspicions about any such request being made to you, please call up the helpline to confirm the request.
You can call the SBI Card helpline at:

• 39 02 02 02 (prefix local STD code) or 1860 180 1290
  
  Contact us if you suspect any fraudulent activity or transaction in your account, please call our SBI Card helpline.
• You can also report such incidents at feedback@sbicard.com.
   

  Phishing

  What is Phishing?
  Phishing is an act of attempting to acquire information such as user names, passwords, and credit card details by disguised entities with malicious intent. It can be in the form of an email, SMS, website screen or pop-up that appears to be from your bank or card issuer. Please note that we will never ask for any confidential data like login credentials, password, One Time Password (OTP), CVV or PIN.

  Follow these simple steps to protect yourself:

  • Do not disclose your CVV, One Time Password (OTP), online account ID and password or any other sensitive information to anyone, including SBI Card representatives.
  • Do not open attachments in emails coming from strange or unknown sources, as they may contain virus or Trojan, which transmit keyed-in details to phishers.
  • Type the web address in the browser whenever you intend to visit the SBI Card online account. Do not use links provided in emails sent from unknown resources.
  • Change all your passwords frequently and from your personal computer.
  • Avoid the use of cyber cafés and public kiosks for online transactions or for accessing your SBI Card online account.
  • Prefer the use of virtual keyboard for logging into your SBI Card online account.
  • Log out from your account and then close the browser window, after completing your transaction.
  • Check the last log in date and time details in your online account everytime you log in.
  • Register your email and mobile number with SBI Card so that you can get regular alerts about your account.
  • Check your SBI Card statements properly for any suspicious transactions. If you ever notice any unauthorised transactions, immediately report the same to SBI Card helpline.
  • Install effective antivirus, anti-spyware and personal firewall on your computer and mobile phone and update them regularly.
  • Check the site you want to transact on for secure symbols like https:// or the padlock icon.

  How to report a Phishing attempt?
  If you ever get an email, which you suspect has been sent with intent of phishing, please forward the original email to us at feedback@sbicard.com

   

  Skimming

  What is Skimming?
  Skimming is the act of illegally copying data from the magnetic stripe of a credit, debit or ATM card.

  The card number and/or details are procured using basic methods such as photocopying receipts or more advanced methods such as using a small electronic device called skimmer to swipe and store hundreds of such credit card numbers. Skimming can be done at restaurants, bars, gas stations and retail counters where the physical use of card is done.

  How to prevent your card from getting skimmed:

  
  
  • Review your credit card statements properly and regularly. If you ever observe a disputed or suspicious transaction, report the same to our helpline immediately
  • Remember to collect your card after transaction.
  • Do not handover your SBI Card to anyone including company representatives
  • Cover your keypad while you are typing in your PIN number. Use your hand and body to cover your keypad when operating a handheld pin-pad or a payment processing machine like an ATM. This will prevent shoulder surfers and pinhole cameras from observing your PIN number
  • Always ensure that your card is swiped in your presence. Pay at the terminal instead of giving your card to a waiter for payment processing, after dining at restaurants.

Fraud Awareness

Fraud Awareness in English

Fraud Awareness

Fraud Awareness Video/ Gujrati

Fraud Awareness Video/ Bengali

Fraud Awareness Video/ Kannada

Fraud Awareness Video/ Marathi

Fraud Awareness Video/ Tamil

Fraud Awareness

Fraud Awareness Video/ Tamil

Fraud Awareness Video/ Marathi

Fraud Awareness Video/ Malayalam

Fraud Awareness Video/ Kannada

Fraud Awareness Video/ Hindi

Fraud Awareness Video/ Telegu

Fraud Awareness Video/ Gujrati