Kredi Kartlarï¿½yla ATM Nakit Avans ï¿½ï¿½lemlerin Gï¿½venliï¿½i

Genel Giriï¿½

Bu dokï¿½man ATM'den kredi kartï¿½ ile Nakit Avans ï¿½ekme ile ilgili genel gï¿½venlik bilgileri iï¿½ermektedir. Yazï¿½daki bilgiler kiï¿½isel deneyimlerimden derlenmiï¿½tir, dolayï¿½sï¿½yla eksikler olabilir. Bu yazï¿½dan bu tï¿½r iï¿½lemlerle ilgili detaylarï¿½, sorumluluklarï¿½nï¿½zï¿½, bankanï¿½n sorumluluklarï¿½nï¿½, alï¿½nabilecek ï¿½nlemleri ve dolandï¿½rï¿½lï¿½nca yapï¿½labilecekleri bulabilirsiniz.

Kredi Kartï¿½ ï¿½ï¿½lemleri

Kredi kartï¿½ iï¿½lemleri genel olarak birkaï¿½ tiptir:

ï¿½ube Nakit Avans
Nakit ï¿½ekme 'Cash Advance' (ATM)
Alï¿½ï¿½veriï¿½ 'Purchase' (POS)
Kredi kartï¿½ numarasï¿½ iï¿½yerine verilerek yapï¿½lan iï¿½lemler 'Mail Order / Telephone Order'

Bu sï¿½ralama gï¿½venlik sï¿½rasï¿½na gï¿½re yapï¿½lmï¿½ï¿½tï¿½r. En yaygï¿½n olanlarï¿½ 2 ve 3 olmakla beraber Elektronik Ticaret 'E-commerce' iï¿½lemlerini 4 numaralï¿½ kategoriye sokabiliriz.

Fiziksel Kart (Manyetik Bant) ve ï¿½ifre

Konuyu daï¿½ï¿½tmadan bu yazï¿½nï¿½n iï¿½ine dï¿½ï¿½tï¿½ï¿½ï¿½ 2 numaralï¿½ duruma gï¿½z atalï¿½m: Sadece ATM ile yapï¿½lan nakit avans iï¿½lemlerinde ï¿½ifre/PIN (Personal Identification Number) ZORUNLUDUR, diï¿½er iï¿½lemlerde ise kesinlikle KULLANILMAZ. ï¿½ifre kontrolï¿½ olmadan para ï¿½ekilmesi mï¿½mkï¿½n deï¿½ildir. Doï¿½al olarak buda sizin nakit avans iï¿½lemlerinize yaptï¿½ï¿½ï¿½nï¿½z itiraza karï¿½ï¿½ bankanin savunmasï¿½ olacaktï¿½r. Kaldï¿½ ki ATM Nakit Avans iï¿½lemlerinde Chargeback sï¿½z konusu deï¿½ildir.

Teknik aï¿½ï¿½dan bakarsak, kartï¿½n manyetik ï¿½eridinde kartï¿½n numarasi, son kullanma tarihi, PVV (Pin Verification Value) ve CVV (Card Verification Value) bulunur. Bu bilgi ATM tarafï¿½ndan okunur ve ï¿½ifrenizin baï¿½ka ï¿½ifrelerle gizlenmiï¿½ hali bankanï¿½za yollanï¿½r. Bankanï¿½z ï¿½nce bu manyetik ï¿½eridi kontrol eder, daha sonrada PVV ve bir ï¿½ifre ile yapï¿½lan iï¿½lemden ï¿½ï¿½kan sonucu sizin ï¿½ifrenizle karï¿½ï¿½laï¿½tï¿½rï¿½r. Bï¿½ylece kart kopyalansa da para ï¿½ekmek ï¿½ifresiz mï¿½mkï¿½n olmayacaktï¿½r.

ATM kartlarï¿½ndaki manyetik ï¿½erit bilgileri TRACK1, TRACK2 ve TRACK3 tï¿½r. Bunlar iï¿½inde yaygï¿½n olarak kullanï¿½lanï¿½ TRACK2 dir. TRACK2 de standart bilgiler vardï¿½r, bu standartlarï¿½ kartï¿½n tipi belirler. Mesela tï¿½m VISA kartlarï¿½n TRACK2 bilgisi aynï¿½ formattadï¿½r. Bu bilgi her ne kadar gï¿½venlik amacï¿½yla halka aï¿½ï¿½k deï¿½ilsede bulunmasï¿½ ï¿½ok zor deï¿½ildir. Manyetik ï¿½eritli kart prensipte herhangi bir bankada "kart basï¿½m" bï¿½lï¿½mï¿½nde basï¿½labilir. Fakat bu iï¿½i yapacak cihazlar tedarik edilip kart kopyalama da yapï¿½labilir. ï¿½alï¿½ï¿½ma prensibi kaset mantï¿½ï¿½ï¿½dï¿½r. ATM ve POS bu baï¿½lamda aynï¿½ iï¿½i yapar. Kopyalama yï¿½ntemiyle dolandï¿½rï¿½cï¿½lï¿½k uzun zamandï¿½r vardir.

Bu tï¿½r bir dolandï¿½rï¿½cï¿½lï¿½ï¿½ï¿½ farketmenin ï¿½esitli yï¿½ntemleri vardï¿½r, mesela TRACK2 ile gelen iki yakï¿½n sï¿½reli iï¿½lemin mï¿½mkï¿½n olmadï¿½ï¿½ï¿½ teorik olarak farkedilebilir. Diyelim ï¿½stanbul'dan TRACK2 gelen bir iï¿½lem var, daha sonra ï¿½spanya'dan da TRACK2 olan bir iï¿½lem gelirse banka bï¿½yï¿½k bir performans maliyeti karï¿½ï¿½lï¿½ï¿½ï¿½ bunu farkedebilir ve kartï¿½ yut mesajï¿½ gï¿½nderebilir.

Sonuï¿½ #1 : Kart + ï¿½ifre olmadan ATM den Nakit Avans ï¿½ekilemez.

Dolandï¿½rcï¿½lï¿½k ihtimalleri :

Kart sahibi dolandï¿½rï¿½cï¿½dï¿½r, inkar ediyor olabilir, kartï¿½ kopyalamï¿½ï¿½ olabilir. (Bankalarï¿½n ilk verdiï¿½i ihtimal)
Dolandï¿½rï¿½cï¿½ kart sahibinin (ï¿½ifreyi bilecek kadar) yakï¿½nï¿½dï¿½r.
Bankadaki ï¿½alï¿½ï¿½anlar dolandï¿½cï¿½dï¿½r, kartï¿½n kopyasï¿½nï¿½ basmï¿½ï¿½tï¿½r, fakat ï¿½ifrenizi deï¿½iï¿½tirirseniz bu madde geï¿½ersiz olur.
Dolandï¿½rï¿½cï¿½lar ATM makinesinin (veya POS - POS cihazlarï¿½ da manyetik ï¿½eridi okuyabilir) tam kontrolï¿½nï¿½ ele geï¿½irmiï¿½lerdir veya bankanï¿½n aï¿½ï¿½na sï¿½zmï¿½ï¿½lardï¿½r, kartï¿½n manyetik ï¿½eridini hatta ï¿½ifresinide kaydediyor (ATM lerde ï¿½ifreleme vardï¿½r ama iï¿½ini bilen birisi tarafï¿½ndan kolayca aï¿½ï¿½labilir), daha sonra kartï¿½ basï¿½p kullanï¿½yordur.

Bu ihtimaller dolandï¿½cï¿½lï¿½ï¿½ï¿½n profosyonellik sï¿½rasï¿½na gore sï¿½ralanmï¿½ï¿½tï¿½r.

Dolandï¿½rï¿½lmamak iï¿½in yapï¿½labilecekler:

Asla ve asla ï¿½ifrenizi ATM harici biryere girmemelisiniz.

Internet'te elektronik ticaret (e-commerce) yapareken asla ï¿½ifre kontrolï¿½ yoktur, ancak kartï¿½n arkasï¿½ndaki numara (CVV2) istenebilir.
POS makinalarï¿½nda ï¿½ifre kontrolï¿½ mevcuttur fakat sadece POS makinesine baglï¿½ olan cihazdan (pinpad) kartï¿½n sahibi tarafï¿½ndan girilmelidir.
Telefonda veya mektupla (MO/TO) yapï¿½lan alï¿½ï¿½veriï¿½lerinizde kesinlikle ï¿½ifrenizi sï¿½ylememelisiniz ï¿½ï¿½nkï¿½ bu tï¿½r durumlarda zaten ï¿½ifre kontrol edilmez. (yani karï¿½ï¿½dakï¿½ dolandï¿½rï¿½cï¿½dï¿½r)

Bazï¿½ durumlarda CVV2 sorulabilir bu numara kartï¿½n arkasï¿½nda vardï¿½r yanlï¿½ï¿½lï¿½kla sakï¿½n CVV2 yerine ï¿½ifrenizi vermeyiniz.
0000, 1111, 1234, 1978 gibi kolay ï¿½ifreler kullanmayï¿½nï¿½z.
Kartï¿½nï¿½zï¿½ bankadan nakit avans iï¿½lemlerine kapattï¿½rï¿½n. (en kesin yï¿½ntem budur)

Sonuï¿½ #2 : Kartï¿½n kopyasï¿½ basï¿½labildiï¿½ine gï¿½re ï¿½ifrenize mukayet olmalï¿½sï¿½nï¿½z.

Dolandï¿½rï¿½ldï¿½m ï¿½imdi ne yapacaï¿½ï¿½m ?

Bankadan soruï¿½turma, aï¿½ï¿½klama isteyeceksiniz

Hatali ï¿½ifre denemeleri dahil olmak ï¿½zere her iï¿½lem kaydedilir. Bu iï¿½lemlerin ne zaman nereden yapï¿½ldï¿½ï¿½ï¿½ vs. bellidir.
ATM'lerin ï¿½oï¿½unda kamera vardï¿½r. Zaman bilindikten sonra kimin ï¿½ektiï¿½i bulunabilir.
Unutmayï¿½n bï¿½yle bir durumda banka asla sizi gï¿½z ardï¿½ edemez, haklï¿½ysanï¿½z baskï¿½ yapï¿½n.

Kartï¿½n aynï¿½ anda baï¿½ka bir yerde olduï¿½unu ispatlamalï¿½sï¿½nï¿½z. Mesela o kartla o tarihlerde yapï¿½lmï¿½ï¿½ uzaklarda bir alï¿½ï¿½veriï¿½ ï¿½rnek olabilir.
Bï¿½yï¿½k bir ihtimalle parayï¿½ tï¿½pï¿½ï¿½ tï¿½pï¿½ï¿½ ï¿½deyeceksiniz.

Sonuï¿½ #3 : Herseye raï¿½men size bankanï¿½zï¿½n dolandï¿½rï¿½cï¿½lï¿½k (fraud) servisi yardï¿½mcï¿½ olabilir.

Sonuï¿½ #4 : Kredi kartï¿½ iï¿½i riskli bir iï¿½tir ve bu riski banka gï¿½ze almï¿½ï¿½tï¿½r, bu tï¿½r bir iï¿½te dolandï¿½rï¿½cï¿½lï¿½k olabilir, bu bankanï¿½n ve sizin ortak riskinizdir. Burda sorumluluk geï¿½me 'liability shift' noktasï¿½ vardï¿½r, bu her tï¿½r iï¿½lem iï¿½in sorumluluï¿½un kimde olduï¿½u heryerde aï¿½ï¿½k aï¿½ï¿½k yazar.

ATM iï¿½in konuï¿½ursak ï¿½ifre biliniyorsa sorumluluk aynen mï¿½ï¿½teride demektir, bu yï¿½zden buyuk bir ihtimalle kredi kartï¿½nï¿½zdan nakit avans ï¿½ekildiyse bu parayi odemek zorunda kalï¿½rsï¿½nï¿½z.

Gï¿½venlik sï¿½rekli arttï¿½rï¿½lmaya calï¿½ï¿½ï¿½lï¿½yor, nisan ayï¿½nda BKM tarafï¿½ndan Turkiyedeki bankalarda MO/TO ve E-Commerce iï¿½lemler iï¿½in CVV2 mecbur kï¿½lï¿½ndï¿½. Bu gï¿½venlik dertleri ancak ve ancak kredi kartlarï¿½nï¿½n SMARTCARD haline dï¿½nï¿½ï¿½mesiyle ï¿½ï¿½zï¿½lebilir. VISA mesaj formatï¿½nï¿½ geniï¿½letti ve chipcard desteï¿½ini yakï¿½nda yï¿½rï¿½rlï¿½ï¿½e sokacak. Internet ï¿½zerinde SET (Secure Electronic Transaction) standardï¿½ bu gayeye hizmet vermek ï¿½zere hazï¿½rlandï¿½ ve yavaï¿½ yavaï¿½ oturuyor.

Bu noktada bir pazarlï¿½k var. Dï¿½nya ï¿½zerindeki tï¿½m kartlarï¿½ smartcard haline dï¿½nï¿½ï¿½tï¿½rmenin maliyeti bu tï¿½r dolandï¿½rï¿½cï¿½lï¿½klarï¿½n sigorta bedelinden cok cok daha fazla, bu yï¿½zden dolandï¿½rï¿½cï¿½lï¿½k (fraud) kabul ediliyor. Kimse zannetmesinki teknoloji bu tï¿½r dolandï¿½rï¿½cï¿½lï¿½klarï¿½n ï¿½nï¿½ne geï¿½emez, ikisininde ï¿½nï¿½ne geï¿½en bir tek ï¿½ey var : MALï¿½YET

Bu konuda vereceï¿½im kï¿½sa bilgiler bu kadar, bu yazï¿½daki maddelere bir ï¿½ok yeni madde eklenebilir, eï¿½er biraz yardï¿½mcï¿½ olabildiysem ne mutlu bana.

Levent Karakas <levent at mektup dot at>

Son gï¿½ncelleme : 12.07.2001