On asking them how (on earth) they would find out if the card was used by me or by any of their executives, they declined to give me the information saying it was confidential. Thus, I finally got the card cancelled (with a lot of difficulty since they initially refused to believe that I had submitted the card for cancellation in one of their branches - wonder where the application went along with the broken pieces of the card - another security risk - when they had refused to give any receipt/acknowledgement at the branch). So much so for the standards of a "foreign" bank. The more serious problem is: This is the problem with almost all the banks, whether Indian or foreign, operating in India. Had I not had choices (other cards at that moment), I might have been forced to give out such privy information without complaint.
The executives refused to help me although I clearly asked them to send the info to the address registered with them (something they verified). Therefore, I asked them to cancel my card. I argued with at least five executives (some of who were reportees to the others) but none of them were ready to accept that what they were doing posed severe security risks. I asked them to automate their systems. They said there were no such plans. All of them wanted me to TRUST them. They were not convinced when I told them that trust is based on security and not the other way round. They all harped about the integrity of their employees and I had to point it out that today's employees can be tomorrow's tricksters. It is a strange thing: people being asked for (what is essentially) a password that can be used for Internet transactions anywhere in the world. Instead, they said that they could misuse my card even if I didn't give them the CVV number, thus acknowledging that they were privy to whatever was needed to commit a fraud. They assured me that they would never charge me if I declined having made such and such purchase, after investigation.
A very pointing set of thoughts. Funny that it had to come after a serious incident. In fact, in India, there is this tendency of authorities trying to escape having to educate the public. Now, I would like to share an incident. I had a credit card from a very glamorous bank in India which also provides free coffee for customers. Now, I had their card in November but even after many days had passed, I did not get their PIN number. Although I don't think I will EVER use the cash withdrawal facility provided for credit card holders, it was still a security risk since the information could have gone to a third person who could use it maliciously. Therefore, I gave a call to their customer care centre and asked for a new PIN number to be sent to the "address registered with them" (which I confirmed). But, not only was I asked my card number in voice, I was also asked my CVV number in voice. Although I gave my card number, I declined to give my CVV number since I thought it was confidential information and did not feel it necessary for the executive to identify me (Ideally, they should have a customer number and verify details against that. They should never ask the card number).
