Preventing Identity Theft and Credit Card Fraud?

carefulCredit asks: "I just checked my AMEX balance, and found around $13k in fraudulent charges. Fortunately, AMEX makes it relatively easy to get a new card and the charges revoked, but this is the second time I've had this type of problem. It's clear to me that the steps I've taken to prevent fraud are inadaquate. (reduced number of cards, restricted availability of some funds, increased vigilence in not allowing CC slips to display the full card #, etc). What measures have any of you taken, or can you suggest, to help put a lid on this problem and to help prevent repeats?"

Receipts

[Jodrell]

A big problem that's had very little attention (at least here in the UK) is the habit of POS hardware manufacturers to print all the credit card data on the receipts produced by a transaction. Have a look in your wallet for a receipt from a card transaction - there's a good chance that it's got your full card number, your name, the expiry date - everything needed to make a transaction using that card account.

So, make sure you know what happens to your receipts - don't just throw them away, make sure they're destroyed. And hassle retailers that still print the full card details on those bits of paper. A lot of companies are beginning to work out how dumb it is, but POS hardware turnover is slow, and a lot of stores are still reckless with your personal information.

Re:Receipts

[MarkGriz]

This was quite common in the US as well a few years back. However, lately it seems many of the POS manufacturers have modified their software to only print the last 4 digits of your credit card number, replacing the rest of the digits with X's.

Re:Receipts

[jon+doh!]

when signing the credit slip a friend of mine usually takes his pen and scratches out all but the last four digits if they're showing before handing the slip back to the merchant.

i personally went to the extreme measure of having horrible credit, so potential identity theft is usually stopped when the thief realizes they wouldn't be able to get a card in my name.

Paper Shredder

[speedy1161]

I shred every receipt after entering it into MS Money. Those few that I keep are stored in my filing cabinet. I also exclusively use only one card for online purchases, minimising the impact of an 'owned' card. Sounds like your just having some really crappy luck.

Re:Paper Shredder

jolly good thrashing u gave him old chap! box him around the ears!

Re:Paper Shredder

[ichimunki]

In addition to having a single card for online use (great idea, btw). NEVER use a debit card for an online transaction or in any other store you don't trust.

While you will likely be made whole by Visa/MasterCard, a debit card is a direct link to your checking account. This means that your actual money will be fraudulently taken from your account, and it could take you a while to get it back (as in, "how the hell do I pay my rent now?!"). Much different than a credit account, where the worst that can happen is you'll have to refuse to pay and have a blight on your credit report.

Re:Paper Shredder

What about the old credit cards? The darn things are about indestructible!

My solution so far is to cut up the cards and mix it in a box with other old cards bits. I throw away some in the trash when I think about it. There must be a better way!

Re:Paper Shredder

[unitron]

Just set up a checking account with a debit card and keep the balance near zero, only transferring funds into it when you're getting ready to use it.

To whom are you giving your account info?

[Evro]

It seems to me that the weakest link in an e-commerce transaction today (or perhaps always) is the company itself. It's doubtful that somebody is intercepting SSLv3 or TLSv1 128-bit communications, but if the company is storing this data in a MySQL db with no firewall, no password, et cetera, you may as well be posting your account info in you Slashdot sig.

The problem is that there's really no way for you to determine this beforehand. If you portscan www.store.com or whatever it is you might end up in some trouble, depending how much of an ass the sysadmin is.

Another risk factor for which you're totally unable to account is the employees at the company. You have no idea whether or not Joe Schmoe that's reading your order is honest or dishonest. Maybe he's a disgruntled employee and is sending himself all of the customers' account info to later blackmail the company.

Like I said, there's really nothing you can do to determine this stuff in advance. Of course, everything I've said here assumes that your CC info was stolen from an e-commerce store, which may or may not be the case. But similar problems exist for brick-and-mortar stores -- if they toss their copy of the receipt right into the trash or have a disgruntled employee, you're at just as much risk, and have just as little chance of knowing so beforehand.

Re:To whom are you giving your account info?

[seann]

When I got my first retail job at Radioshack, we had to manualy enter the credit cards into the computer. After awhile I knew some of the regulars card numbers off hand, and ocasionaly their expirey date.

Another thing was they kept the recipts in two boxes behind the counter, and they always had the credit card number which no numbers blinked out, if I was a dishonest lad I could of been in cuba.

Re:To whom are you giving your account info?

If you portscan www.store.com or whatever it is you might end up in some trouble,

Just go to the park, plug in the wireless card, and test out their security. Enjoy nature and have peace of mind at the same time!

Re:To whom are you giving your account info?

[Beryllium+Sphere(tm)]

True, and it's even worse.

A company you don't do business with might run a credit check on you and get account information.

I've read reports about car dealerships where dishonest employees kept browsing credit records until they found people with great credit ratings, then pulled an identity theft.

Those reports must have been incorrect because car dealers hire only honest people...

Re:To whom are you giving your account info?

[Robert+S+Gormley]

Are you kidding? Generally it's the end-user. A doctor here had $30,000 transferred from his online banking accounts. Everyone screamed bloody murder at the banks for their "shockingly incompetent" security - until the bank pointed out that the doctor had Back Orifice installed on his PC...

Re:To whom are you giving your account info?

[jmccay]

Actually, I would sayt he you are more likely to have you number stolen by an ATM machine hack (to trap the card) or a Credit Card machine hack. ATM involve methods of trapping the credit card and then having someone watching over the shoulder as you type in the PIN, and credit card hacks usually involve reading the card into a computer (located under the conter).

Beware of ATMS the have something like "Type you PIN number three times if your card gets stuck" and ATM machines with a second number pad on top of the actual number pad (these one usually work similar to the credit card hack).
As far as credit cards, I always make sure I can see a store clerk scanning the card. 99% of the stores have it in plain view, so there is no reason to "go under the counter to swipe the card". I also only keep a couple credit cards and I keep the credit limit low. I avoid AMEX.

I also don't shop online. There is no 100% safe way to shop online, and it is harder to return items (or complain about service quality) with e-merchants.

Don't buy online.

[Spudley]

Number one rule if you want to avoid fraud: Don't buy online. Simple as that.

Re:Don't buy online.

[rf600r]

That's simplistic, moronic and just plain wrong. I'd go into the 'why' in more detal, but other more intelligent posts here have explained it. The technology of online transactions is by far NOT your weakest link. Mod this crap down.

Re:Don't buy online.

[erasmus_]

While I won't go as far as the other person who replied to this post, you are indeed somewhat misguided. Although not buying online is perhaps the only 100% solution, akin to abstinence for some people, the use of single-card credit card numbers has made me feel significantly safer about purchasing items online, which I do often.

Sites that I trust (big vendors with reputable histories) get my real credit card number, so that I can buy things instantly from them, but that's only a select few. All of the rest get single-use numbers that are no good for any transactions but that one. Both Visa and Discover support this technology - Visa's version is ShopSafe, while Discover's is Discover Deskshop, both of which are free tools.

Although I buy things frequently, my buying patterns have so far never resulted in my cc info being compromised, and I hope to keep it that way. The biggest scare I ever got was when Egghead admitted to having had cc's stolen, if anyone remembers that story. But mine must not have been one of the ones that they got.

Re:Don't buy online.

That's just dumb.

I had my AMEX card number stolen (not the physical card) in Decemeber. I hadn't bought anything online with that card at all.

As a previous poster mentioned, the credit card slips you get at a brick-and-mortar place has everything you need...most don't even mark out the card # like XXXX XXXX XXXX 3450, they put the whole thing there. And that's how mine was stolen, a busboy picked it up off the table after I left the restaurant.

Most thieves are low tech and dumb; they lack the technical prowess it would take to knock over even bad computer security.

Know how the busboy got caught? He made long distance calls billed back to my card #. These calls were from St. Louis (where I live) to his friend in New Jersey. The dolt actually made the calls FROM HIS OWN HOUSE! Oh, and he put a singles ad in the local free paper (with his phone #) and stayed at a really nice hotel ($400/night) downtown on New Years Eve (video camera at the front desk got him too).

Why doesn't AMEX make it harder? I can understand that it doesn't make business sense to spend more to solve it (like implementing biometrics) than they actually lose through fraud. But I don't understand why they don't require merchants to mask out the card # and other sensitive info on the credit card slips. I now just mark it out with a pen before I leave the restaurant. Getting my card replaced didn't cost me any $$$ but it was a pain in my ass (because I also had to deal with ATT's fraud department directly; they suck!) that I don't wish to have the experience again.

And, for the love of God, why can't waiters/cashier's actually look at the signature on the back of the card and compare it to what I write? I watch how often this happens now, and it has happened exactly once (out of probably 50-0 transactions) since January.

Re:Don't buy online.

[Spudley]

Thanks for the stinging reply. :-/

The problem with online trading is simple:

All transactions (of any sort, and since time began) are based on trust - "I trust that what you're giving me is worth what I'm giving you in exchange"; "I trust that the money you're paying with isn't forged"; "I trust that you won't write down my card number and buy stuff with it yourself."

Unfortunately, over the internet it becomes much harder to know who to trust, and much easier for crooked individuals to make themselves appear trustworthy.

In addition, current credit cards have only one (very weak) barrier against unauthorised use - the signature - and this is bypassed in online trading. In short, once someone has your name and card number, they can buy anything online, especially if the things they're buying don't need to be delivered (some stores will check the delivery address, but not everyone does this).

The bottom line is that as long as you trust the person or company you're dealing with, no problem. But are you sure they really are trustworthy? As I said already, this applies in all arenas of trade, but the lack of personal contact makes it much harder to judge.

Re:Don't buy online.

[jeffy124]

But I don't understand why they don't require merchants to mask out the card # and other sensitive info on the credit card slips.

IIRC, this topic came up a few months ago. California consumer protection laws require merchants to shield all but the last 4 digits. Dont know what other states (if any) mandates this. I do know that a lot of merchants already do this on their own, often out of a desire to protect their customers, but others are national chains with stores in CA.

You could send a letter of complaint to the restaurant you were at when the busboy got your CCN, telling them about your experience and recommending a system that hides the first 12 digits. Find out if your state has a law like CA's, and if so, mention that. If it turns out there is a law, consider pressing charges for negligence of that law, or inform the state if you dont want to go through with a suit and let them handle it. You might be surprised how they handle it given that $13k was put at stake here.

Re:Don't buy online.

[jon+doh!]

Why doesn't AMEX make it harder?

i used to work as a cashier and i know that every time amex or another of the cc companies tried to force ID checking or something like that, there was always a large percentage of customers who would complain that they didn't have to show ID at the other stores, why should they show it at this one?

I've even been guilty of it myself everytime i gave my cc to my girlfriend to buy something at the corner store and she wasn't asked for ID, i'd wonder how much i could get taken for if my wallet got lost and i didn't realize it. but then when i go shopping at that same store i used to work at they now require that i actually pull out my driver's license to show it to them, and i get annoyed at the inconvenience of it all..

Re:Don't buy online.

[Tower]

Right, when I was home from college (breaks, summer), my mom would send me on errands - go pick up such and such at the store, gas up the car... here's my card. I was never asked for ID at the pump (in NJ all gas is full serve, so someone else did handle the transaction) or in the store... maybe they thought I was just a really ugly woman (with really hairy legs) and felt bad about questioning me, but my guess is they didn't care... my signature sure didn't match either.

At Walmart, though - I go buy a couple bags of water softener salt, and my card and signature get scrutinized so closely I wondered if I was wearing an orange 'Department of Corrections' outfit...

Re:Don't buy online.

[sphealey]

Unfortunately, over the internet it becomes much harder to know who to trust, and much easier for crooked individuals to make themselves appear trustworthy.

All transactions are based on trust. Except perhaps those between neighbors of 50 years standing in a village of no more than 100 residents. Nope; those too.

Do you eat in resturants? Read George Orwell's Down and Out in Paris and London for a description of the amount of trust you are putting in the kitchen. If you want something more recent, I could tell you some stories about when I worked at the grocery store. Maybe better not.

Personal anecdotes are not a substitute for statistics, but I have not observed a greater percentage of bad transactions on-line compated to in person.

sPh

Re:Don't buy online.

My DOC clothes were a purplish brown, although the county jail clothes were orange. Dammit prison sucked.

Re:Don't buy online.

[ShaunC]

That's a ridiculous suggestion. I've purchased hundreds of products and services online over the past few years and I've only had a single instance of fraud (someone got my number and racked up over $600 in charges from Victoria's Secret of all places). Considering the number of times I've given out various credit card numbers online, versus a single incident of fraud, I'd say that avoiding online shopping is going seriously overboard.

Shaun

Credit card security model is inherently flawed

[lightspawn]

Let's see: the world is divided into two groups: those who have my credit card details and can help themselves to as much of my money as they want, and those who don't.

This, of course, is completely ridiculous. I should be able to authorize a transaction without implicitly trust the other party until the credit card expires.

It seems that right now the system works "well enough" that the credit card companies are quite content to sit on their laurels and deal with fraud when it occurs, rather than trying to prevent it.

And why can't I specify something like "when I'm billed by a certain service provider, mail me the amount and authorize the payment automatically unless less than 28 days have passed since the last one or the amount is over $75"? Let's turn the rainforests into billions of paper bills and envelopes.

World wide problem

Credit cards are an extremely vunerable medium, this type of credit card fraud is extremely easy to perform. Such types of CC fraud have been used for over 20 years and it is a well known problem amongst banks, which are very embrassed about the problem. I have heard figures of around 3-4 billion dollars world wide in losses per year due to this type of fraud.

One word for you.

[Neck_of_the_Woods]

CASH!

Re:One word for you.

Yep... Cash. Just stick them greenbacks in your computer's cupholder, and Amazon will be happy to ship you the latest and greatest Roadkill Cafe recipe book.

Don't buy from a shady or grey-market vendor

[duffbeer703]

It's probaly the same place using your card. Make sure to file a complaint with your local police department and stop shopping at porn sites or shady vendors.

For online purchases, use one-time cc numbers -- American Express and most Mastercard/Visa banks allow you to do this.

Single-Use Card Numbers?

[RobKow]

Does your card issuer provide single-use card numbers for "risky" transactions? I know my Discover Card does. Not only does it make fraud that much more difficult, it also prevents vendors from "subscribing" you to anything.

Doesn't help very much with meatspace transactions, but for that just make sure you get all your receipts and stay away from shady businesses.

A laundry list

[xyzzy]

- check your credit report 1x per year. This may be free in the state you live in. This is vital, and the most worthwhile thing you can do.

- keep control of all credit card receipts

- shred any promotional mailings you get for credit cards, or, better

- call the relevant credit agencies and have a lifetime "promotional block" put on your file so you won't be sent them

- keep control of your SSN. Don't give it to anyone who doesn't need it for employment or credit purposes. If someone is being a jackass, simply use "078-05-1120", which was a sample number printed on cards throughout the 40s. If you're in school, ensure they don't print it all over creation. - If you're really paranoid, you can tell the credit agencies to put your file on a "fraud watch". This will tell any lender who pulls your flie to verify your identity much more closely. Unfortunately, this burdens you.


Experian: 1-866-200-6020 http://www.experian.com

Equifax: 1-800-685-1111 http://www.equifax.com

Transunion: 1-800-888-4213 http://www.transunion.com


Global opt-out (promotional block): 1-888-5OPTOUT (888-567-8688)

Re:A laundry list

[Beryllium+Sphere(tm)]

You might also see if you can get the same service that celebrities do, which requires a passcode before credit info can be released.

how it may be happening - skimming

[martin]

IMHO CC fraud is still happening as its always done, manually. Ie you give you card to pay for something and a tellor then swipes the card on the till and also his small collector under the desk. They then sell on the details...

The problem is ALL the details for the CC are on the mag stripe. Until we can make sure that smart card readers are available everywhere (including computer keyboards for on-line stuff) you'll always be able to snarf to details and make a duplicate card.

Also check your statements carefully everytime you have one. Then you'll spot any misuse ASAP and be able to report it.

Just my 2 pence worth

Re:how it may be happening - skimming

[joe52]

I can attest to the fact that manual theft in the real world is still alive and well. I recently had to replace a card that was only two months old because of fraudulent use.

In the months I was using that card I used it online once to pay my wireless phone bill. I also used it many times in restaurants, shops, and a hotel. I never lost the card and I still have my copy of the receipt for everything I charged on it. The fraud was in the form of people making long-distance calls using obscure phone companies with my card. I assume that someone got my cc number and expiration date and that these companies allowed them to make phone calls with that information.

Based on where the card was used I assume that someone working at one of the businesses I patronized stole my credit card number. With the current US system of a simple name, number, and date being enough information to use a credit card there isn't much that can be done to prevent this kind of theft. The use of PIN codes would help, but the entire US credit card system would have to be overhauled (new cards, new card readers, lots and lots of consumer education) at massive cost. I'm sure that we will move to a more secure system at some point in the future, but I'm guessing that the cost of the current levels of fraud to the credit card companies may not be high enough to make investing in a new system a high priority.

joe

Re:how it may be happening - skimming

[seann]

You know, thats what I love about debit, it's kinda secure. Hook it up to your visa account, "hey.. I need 600$ for this.." and you can just take the money from your visa account, throw it into checking, and pay by debit!

Re:how it may be happening - skimming

[aaarrrgggh]

Be careful... you don't have the same consumer protections from a debit card that you do on a credit card!

The reason credit card companies are not worried about providing a more secure system is that they don't stand to loose anything if someone uses a fraudulent card... the cost is borne by the merchants and the consumers.

The same caution goes for the electronic fund transfers (sometimes initiated by a merchant "scanning" your check now)! These aren't checks anymore, and you are not afforded the same protections.

Read the disclosures from your bank... when it comes to electronic transfers, you don't have ANY real protection... think before lighting up the debit cards and electronic bill payments!

Re:how it may be happening - skimming

[seann]

^--- Has a very good point.

Another Reference

[mpath]

Clark Howard (a financial radio show host) has a good summary on his Web site.

Good luck!

Cut your losses...

[cybermace5]

...don't use a credit card. I use a check card for all online purchases, which means that all anyone can get is what I have in that checking account. You may have a huge amount of difficulty proving that you didn't make those charges, and you could be saddled with $10,000 of debt and years of bad credit, even bankruptcy.

The worst anyone can do to your check card number is overdraw your bank account. If you only transfer in money as you need it, they can't buy anything at all.

If you really need to spend money you don't have, plan ahead and get a small loan. Credit cards are a huge risk to your financial situation, and you don't have complete control of how merchants handle your credit card information.

Re:Cut your losses...

[headchimp]

With a credit card you can dispute any item you want and you don't have to pay until the dispute is cleared up. Most of the time the customer will win the dispute. No signature=no guarantee the charge is valid.

Please read the fine print on using a check aka debit card vs a credit card to make sure you are covered for any fruad.

Local news did a story on people using check cards when buying gas. Even is is the purchase was for $20 they will place a hold charge of $50-$100 on the account to make sure the money is there so they will get paid. With a credit card, they can only tag the card for $1 to make sure it is a legit card.

Re:Cut your losses...

[cybermace5]

Yes, you can dispute charges. But you've put yourself in the situation of assumed "guilt" (you made the charges yourself) until you can prove "innocence" (someone else made the charges). There is always the risk that you'll never be able to prove you didn't make the charges.

Plus, you've put yourself through a lot of hassle trying to straighten out a huge mess. The point about using a debit card is that you're not losing much to begin with, so you can absorb the loss and remember to keep the balance lower next time. If you lost 200 dollars from your checking account, how does that compare to hours spent on the phone and writing letters, and possibly still ending up with thousands in losses?

And what is the problem with check cards and gas...just because your local news did a story on it doesn't mean the gas stations are doing something wrong. People's checking balances might be zero or less. If you authorize the card, someone pumps their gas, and then the balance is not enough to pay, what happens? I've only seen this at a few gas stations anyway, and they have this information posted on the pumps. The charge is there only while pumping the gas, and then it's corrected when you quit pumping. With credit cards, they don't have to take those precautions because most people don't try to use a maxed-out card to buy gas with.

Virtual account numbers

[waytoomuchcoffee]

Citibank offers virtual account numbers. Don't know if it works under WINE.

Basically, you have an app with a secure connection, and everytime you want to use your card you can generate a one-time number. You can set a limit on it too. Even if the merchant's security sucks, no one can use that number again.

Having had to replace my cards after that Egghead fiasco a while back, this gives me at least a little more peace of mind.

What about when it's an inside job?

[phillymjs]

I had some serious problems with American Express a couple years ago. In late 1999, I applied online for one of their then-new Blue cards, and my first bill included over $12K in balance transfers from accounts that weren't mine.

AMEX dutifully blew off about seven months of phone calls and letters (complete with photocopies of the entire paper trail) from me, trying to get this rectified. I have never in my life encountered more rude, hostile, and unhelpful CSRs. They were actively attempting to thwart me at every turn, and when they finally forced me to do my own legwork and look into the accounts the balances had come from, I found they had lied to me quite often as well.

For all that lethargy, though, AMEX was mighty quick to release the 'trademark infringement' hounds when a web site at amexblew.com was created to relate my experience to others (The story that was there will become a part of my personal site in the very near future, if it was online right now I'd link to it).

I was preparing to sue them in anticipation of my credit being screwed when I finally managed to get this resolved in July of 2000 in the most bizarre way possible... an AMEX employee read my posts on another anti-AMEX web site, contacted me, and took care of almost everything. AMEX still insisted I pay a little under $40 that I absolutely did not owe, so I did. In pennies. Mailed to their CEO, with my pulverized card and a nasty, nasty letter.

To this day, I still don't know how those balance transfers managed to find their way into my brand-new account at the moment of its creation. You would think that if it had been just a really stupid data-entry mistake on their part, they'd own up to it and apologize for it-- but AMEX representatives said they would only disclose what happened if they were subpoenaed, which leads me to believe there were some internal monkeyshines going on.

Do yourself a favor and cancel your AMEX cards now, if you like having good credit.

~Philly

Re:What about when it's an inside job?

[smatthew]

I've been an Amex member since i was 18. I have never had any problems with them. A single phone call is all it takes to dispute any charge or problem i've had.

Last year, I was traveling across the country paying for all my gas with my amex. I didn't bother to call AMEX before i left so they called me on the road (they have my cell number) to make sure that I did in fact still have my card.

Sorry you had problems, but in my experience AMEX has been the best.

Re:What about when it's an inside job?

[seann]

I try to take what anyone says with a grain of salt, but if you've went through all that shit.

You rock.

Re:What about when it's an inside job?

[jjshoe]

more power for you

however i work retail, and had i been the ceo when i received your mail i would send it right back being an equal ass. the penny is not legal tender.

Re:What about when it's an inside job?

[sphealey]

however i work retail, and had i been the ceo when i received your mail i would send it right back being an equal ass. the penny is not legal tender.

That turns out not to be the case.

The penny is legal tender. You are not required to accept legal tender, but if you don't state up front you won't, you are going to have a hard time justifying your position.

sPh

Re:What about when it's an inside job?

[phillymjs]

All the AMEX payment coupon said at the time was, "Please do not send cash." That's a far cry from "Cash will not be accepted." It was more of a pleasant request. Well, I denied that request.

Furthermore, if they sent back my pennies, I would have then paid with a check written on a pair of underwear that were worn daily for one week, specifically for the purpose of getting them funky. And yes, it is possible to write a check on pretty much anything, before you dispute that, too.

It is generally not wise to *really* piss me off, and AMEX did it in spades... first by screwing up my account in a way that could have damaged my credit, then by providing very poor customer service, and then by threatening legal action over my website without the apparent thought, "Gee, how did we anger this person so much that he went to the trouble to make this whole website to complain about us? Maybe we should talk to him and try to rectify the situation." No, they just did the typical, uncaring-huge-company routine and pointed the lawyers at me. My understanding that "these things happen" was gone by about the second month of trying to get them to straighten everything out.

~Philly

Re:What about when it's an inside job?

[jjshoe]

you'll find in any retail situation, be it mcdonalds or neiman marcus

the more of an ass you are the shittier the treatment you'll get.

Re:What about when it's an inside job?

[phillymjs]

I got shitty treatment from the word go. It was only after I became King of the Assholes that I got any results.

My supermaket POS credit card experiance

[SomethingOrOther]

heh
I had a part time job in a supermarket here in the UK. You wouldn't belive the number of customers that would leave thair shopping recipt and credit card recipts in the shopping trollys [ US'ians --> shopping cart] once they had packed up thair shopping.

Chasing after the customers and giving them thair recipt expaining why this was a bad thing just got you a black look. (One fuckwit even thought I was having a go at him for littering the shopping trolly with his credit card recipt!)

The reason most supermarkets now dont print all the didgits of the card number is because people were collecting CC recipts from shopping trollys and from around the car parks after closing time. Most other retailers (to my knowlage) havent yet followed suit.

Re:My supermaket POS credit card experiance

Hey, I like you too !

Re:Using Check Card for Online Purchases

Please, do a little research before you use a debit card or check card, for any purchases! While federal U.S. law limits your liability for fraudulent credit card purchases to $50, there is no legal limit for fraudulent use of your debit/check card. If you keep more than $50 in your checking account, you stand to lose a lot more than with a credit card. Also, if you have overdraft protection for your debit/check card, the perpetrator can not only wipe out your account but also put you into deep debt. Check with your bank about exactly what your liability is before using a debit/check card for any purchases.

And since I'm posting anonymously only because I'm too lazy to create an account: linux1@williamrice.com

Re:Using Check Card for Online Purchases

[cybermace5]

Exactly why you have a checking account set up for this purpose, with no overdraft protection. No one should be stupid enough to keep their life savings in a checking account, anyway.

It would be like keeping all your money in your wallet, and then walking down a dark city street on the bad side of town.

Re:Using Check Card for Online Purchases

[cybermace5]

Not to mention that most checking accounts don't offer enough overdraft protection to put you into what I would consider "deep debt."

Yup, that's what I do.

I use my ATM card to draw cash, then I pay cash. I find that here in the urbanized East of the USA I can get anything I need without online purchasing.

So, I avoid dozens of problems associated with card purchases including identity theft and most types of CC fraud. Been doing it twenty years now with no problems.

And, my propensity for carrying large wads of cash around made it easier to get my carry permit (for you non-USA readers, that means I have legal papers that document my right to carry a .45 caliber pistol concealed on my person.)

Use cash...

[seigniory]

Use cash. Don't write checks. Don't link your accounts to a card. Visit the bank once a week.

An answer to credit card fraud

[Locke!Erasmus]

I remember reading a while back, probably on Slashdot, that AMEX was experimenting with providing one-use credit card numbers to its customers for use on internet purchases, etc. I forget exactly the details of how all this would work.

I think something like this would be awesome to stop fraud. If the number is only valid for one transaction and then you get a new one, then the number sitting around waiting to be sponged off the internet by unscrupulous sorts wouldn't be of any use by they time they got their paws on it. Your transaction would have been completed and your real account information would be safe.

Drop credit cards

[afidel]

whenever possible. When I realized that by simply including your picture on your credit cards almost 100% of in person theft could be eliminated, and yet visa and mastercard had not mandated them I came to the conclusion that they were not serious about stopping theft. The cost per card can't be more than $2 max, and probably more like 50 cents to add a small picture, yet it is not mandatory. There would still be online and telephone fraud, but those are easier to catch.

Re:Drop credit cards

[MemRaven]

I saw a bit on local news once where somebody was wandering around with a card that wasn't theirs, and had a picture that wasn't them on it, and they were actually able to use it quite a few places. And then the TV crew would follow through after at those places that allowed the stolen cards (some of the time the fraudster gave excuses like "it's my mom's card", sometimes they just didn't bother) and interview them to find out why they accepted an obviously fraudulant transaction to go through. Pretty cool, actually, because it just goes to show that a lot of people really don't care about whether you're using a fraudulant card, because after all they're going to get paid (where "they" might be the person working the line, often times who's paid on commission, where that commission doesn't change if all the cases are fraud).

Of course, this was the US. I know that in the UK at one point they had a policy where if you caught someone using a card fraudulently you got a reward, and there some people are pretty strict about checking.

stop blindly subscribing to pr0n and warez sites

half of them are fake and will just use your card for better purchases.

Note: "THAT" checking account

[Fencepost]

Talk to your bank about setting up a second checking account that you'll use for online items (including PayPal). You don't even need to get actual checks - just get from them the number that will go in the MICR line at the bottom of the checks. As noted above, be sure they don't turn on overdraft protection.

If your bank wants to charge you for an account, get another bank.

Re:Using Check Card for Online Purchases

[pthisis]

Please, do a little research before you use a debit card or check card, for any purchases! While federal U.S. law limits your liability for fraudulent credit card purchases to $50, there is no legal limit for fraudulent use of your debit/check card.

Please do a little research of your own--the Electronic Funds Transfer Act limits consumer liability for ATM, debit, or check cards to 1) $50 if the card is lost or stolen and reported as such within 2 days; 2) $500 if the card is lost or stolen and reported as such within 60 days; 3) $500 for fraudulent purchases if they are reported within 60 days.

Moreover, Mastercard and Visa both limit check-card losses to the same $50 max as credit cards as a matter of corporate policy.

HR 445 is a bill in congress to limit liability to $50 in all cases of fraud; it's been tabled since 1999 as far as I know.

Sumner

Multiple cards....

In lieu of cash or accounts generating one time use numbers.......

I've heard of people using multiple cards in the past. Request to the issuing company to lock the maximum limit unless a password/pin is given. For example, 5 cards with $750 maximum limits. Use 1 regularly, keep the other 4 elsewhere. If the one gets owned, your liability is low.

For large purchases, most places will accept online 2 cards to make that purchase, e.g. Dell, or allow you call in 2 or more cards. I would label the cards in sequence, so you are always using as the same second (or third, etc.) card when needed.

Also, go with vendors with good liability and fraud protection. Likewise, those with reputed security systems that check for suspcious activity (I've heard citibank has a rather overzealous one).

If you have a high credit limit, request to the company to put a max one time purchase limit. And to watch for suspicious activity for purchases reaching those limits.

In the US, "Opt Out" for all financial accounts

[sphealey]

Since I started filling out the "Opt Out" (of data sharing) cards (or sending Ralph Nader's version for those entities whose standard card defeated even my willingness to read fine print), I have received much less financial junk mail. Fewer unwanted credit card offers, in particular.

I figure if I am receiving fewer offers, my information is going fewer places, and therefore can be abused in fewer places as well.

Not a huge gain, but at least it helps reduce the exposure a bit.

sPh

Looks like discover does it as well.

[Nate+Enderle]

http://www2.discovercard.com/shopcenter/deskshop/m ain.shtml

I haven't used it yet, but it looks like a pretty good deal. One time numbers, and it even fills them in for you. Now if only my Discover card was everywhere I wanted to be.

CC nubmers on statements

[Webmoth]

Two of my credit card issuers include the credit card number as the account number on my statement. They also want me to write the account number (that is, the credit card number) on my check. So when Vinny comes and rifles thru the mail, not only does he get the CC#, he gets my bank account along with it.

The other issuer smartly uses an account number that is different from the CC#, and the CC# appears nowhere on the statement. Any transactions using the account number must be confirmed with a password which only I and my bank know.

Why can't ALL credit card companies do this?

Ha haaha easy....

I would feel sorry for the people that would steal my identity and credit card. Since I don't have no money nor a credit line.... Can't get anything from a dry well....

Yeah, but...

if you use cash only, you'll probably carry around more cash than if you use credit cards. Then, if your wallet/purse/backpack/whatever gets stolen, you have no way to recover that cash. With debit and credit cards, at least you can dispute the charges.

This happened to me in 1999- I had left my purse unattended in what I thought was a safe area (an occupied office). It was stolen. I was able to cancel all the credit cards and the ATM card, and wasn't charged anything for it, but the $60 in cash (not insignificant when you're in grad school as I was) was just gone. Ever since, I try to minimize the amount of cash I have on me.

Re:Using Check Card for Online Purchases

[Thu+Anon+Coward]

check YOUR sources first. Mastercard and Visa may cover that but a LOT of financial institutions issue cards of their own that are not affiliated with V/MC. and some regions/states do not allow for limitations on losses.

Re:Using Check Card for Online Purchases

[pthisis]

check YOUR sources first. Mastercard and Visa may cover that but a LOT of financial institutions issue cards of their own that are not affiliated with V/MC. and some regions/states do not allow for limitations on losses.

The EFTA is federal law. See, in particular, the U.S. Code Title 15, Chapter 41, Subchapter VI, Section 1693g, "Consumer liability". and the rest of 15.41.VI.

In the U.S., "regions" or states can't override it, it applies everywhere and limits debit/check card liability as stated (for all cards, Visa/Mastercard or not).

The Visa/Mastercard policy obviously only applies to cards affiliated with those institutions.

Sumner