Slashdot Mirror
What Can Be Done About Security of Debit Cards?
JumpDrive writes "I have been the victim of (Visa) debit card theft. I do not know where they stole or got the number, but it was used one day on the other side of the country and the next day it was used in Europe until they cleaned out my account. I had been monitoring my account online and immediately went to the bank and filed a claim. I was told at that time it would be 3 to 5 weeks for them to investigate the claim before they could return my money. Recently I tried to make a purchase with a debit card and was told that they couldn't use the card since it wasn't a Visa or MasterCard check card; this led to a discussion of why I no longer have a Visa or MasterCard check card. Which then led to the question of 'What can be done about it?' Currently I have a separate account for debit usage for my personal safety. But I also think that those producing these check cards should be required to advertise the hazards of having one of these cards (not in small print and maybe required in advertisement of these cards, similar to what is required with pharmaceutical drugs on television) and/or that if a debit or check card is issued a separate account should be required for its use, and users informed of the issues of placing all of their money in the same account that their debit card has access to. What other precautionary measures should be required or taken?"
The short answer? The banks will do nothing for you today.
The long answer: Nobody will do anything for you tomorrow, either.
Why? Because Visa does two things, only one of which makes money. First, they are in charge of defining financial card security through the PCI council, and they own and operate the secure network VisaNet, which carries authorizations from retailers to banks. Guess which one makes them money?
If Visa were to design and offer a cryptographically secure solution, one based only on smart cards for the customers and Hardware Security Modules (HSMs) at the banks, then I could safely route my charge authorizations over the plain ol' Internet. I wouldn't need to use the charge-per-transaction VisaNet. Visa would stop making money.
So instead of offering a secure solution, Visa and the PCI council say, "Merchants must lock down their systems, protect this data, follow these 12 steps, acknowledge that you are powerless over alcohol (oh wait, wrong 12 steps), and if you don't, we'll loudly blame you for allowing someone to see our non-existent security."
Visa owns the protocols used between merchants and banks. They could strengthen the protocols. They could prescribe encryption. They could require the deployment of chipped banking cards. But they do not, and have not for many, many years, despite a pathetic track record of security.
If you want the banks to be safe with your money, you ironically have to take charge of your own security. If you switch to using the green paper stuff, your losses will be finitely limited to what you carry on your person. If you want a more achievable answer in today's plastic world, DO NOT CARRY DEBIT CARDS. Debit cards do not offer you protection against loss. Credit cards are limited by U.S. law to a maximum of $50 liability to the cardholder. Debit cards losses are usually covered by the bank, but they are under no legal obligation to do so. For ATM access, most banks will honor your request for an ATM-only card instead of accepting their default ATM/Debit card. Of course, the use of credit cards requires personal discipline to always pay the debt on time, but otherwise you would see little difference.
John
http://badmoneyadvice.com/2010/04/the-usefulness-of-id-theft-fear.html
-- up-modding policy: make a good point, write self-contained.
If it gets stolen, it's not your money. Also, you got skimmed.
How the banks advertise it: "Use your own money to shop online!"
What it actually means: "Expose the cash you need to live on to fraud."
The banks like it because you're putting your money at risk, not theirs.
How we know is more important than what we know.
Step 1: Cut DEBIT "check" card in half
Step 2: Just use a CREDIT card. You're protected. Problem solved.
In Canada you need an ATM PIN to use a debit card linked to a bank account, but the PINs can still be skimmed by compromised payment terminals. I only pay by credit card.
Shop around for a bank that actually values you as a customer. I believe Bank of America will give you your money back within 24 hours. I'm not a fan of theirs but at least they do that for you. I personally use US Bank.
Work Safe Porn
The've actually stopped me from using my own card. A minor inconvenience for peace of mind.
1) Get a bank that lets you put your picture on your card (in case your card is physically stolen)
2) If it's possible (not sure on this one), get a card that can't be used without a PIN
3) If it's possible (not sure here either), get a bank that allows you to configure your card to only be used online if the security code on the back is also used. MANY places online still don't ask for this, for some reason. The payment systems DO know the difference between whether a card is being used in person or not, so there's no technological reason this isn't possible.
4) Encourage laws to make these things available where they aren't, with the 'default' settings set to maximum safety.
But I also think that those producing these check cards should be required to advertise the hazards of having one of these cards
NO, NO, NO. No stupid, pointless warnings. Make the financial institutions solely liable for all identity theft. They're the only ones with the ability to stop it, and they should be the ones that bear the full economic incentive for managing fraud.
But I didn't say it first, Bruce Schneier did:
The actual problem to be solved is that of fraudulent transactions. Financial institutions make it too easy for a criminal to commit fraudulent transactions, and too difficult for the victims to clear their names.
[...]
It's not that financial institutions suffer no losses. Because of something called Regulation E, they already pay most of the direct costs of identity theft. But the costs in time, stress and hassle are entirely borne by the victims.
The whole article is +5 Insightful, well worth reading.
Nothing can be done to improve debit card security beyond what already has been done. The best thing anyone can do is avoid using it anywhere other than an ATM or some place you trust. If you can, use a credit card and just dont over spend.
And the really sucky part of your troubles is that any checks that get bounced because of this, you're responsible for the fees - all of them.
And banks love to tally up all your withdraws before all deposits just so they can hit you up for charges. They're junk!
The best way to protect yourself from debit cards is not to use them.
When Visa and Mastercard say that you have the same protections with a debit card as you do with a credit, they're full of it.
There's only one way I know to protect yourself if you really need to use one of those things ("Piece of trash Visa or Mastercard" as Howard says). I opened a checking account a few years ago and my own bank said that I should open anther account just for debit transaction (totally free of course) just to protect myself an my money. They even admitted that they're crap - WaMu before the Chase takeover.
RIP America
July 4, 1776 - September 11, 2001
One day I found that my bank account had been cleaned out. There were a massive number of $50 charges from one vendor -- essentially they kept charging $50 until they got a decline. The charges had occurred after 11:00 PM and before 5:00 AM local time, which made me think that time zones were involved.
I called the bank immediately and reported it, had the card frozen but by that time there was only about $20 left.
I did some research from the transaction information -- the company had an address in California that appeared to be fake, an 800 number that was disconnected, and the domain was owned by a different company in Korea.
I printed all this out, took it to the credit union. They had me fill out some forms, and gave me access to some money (I was pretty much broke) while they worked on it.
Within 3 days all my money was returned to me. It's possible that the credit union fronted me the cash while they worked with the authorities -- they never said. But as far as I was concerned, the event was over in less than a week.
Maybe it makes a difference which bank you use. Or maybe it's the difference between a bank and a credit union. I dunno.
I never did figure out how they got my numbers.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Debit cards are EVIL. Don't use one.
With credit cards, the onus is on the BANK to prove that a transaction is real. When theft occurs, you dispute the charge, and it's the bank and/or merchant that is left holding the bag and dealing with the police.
With debit cards, the onus is on YOU to prove that a transaction if false. When theft occurs, YOUR MONEY IS STOLEN, and it's you dealing with the police trying to get your money back.
In both cases, normally fraud gets cleared up eventually, but debit is a much bigger hassle.
The only possible reasons to use debit instead of credit:
- your credit history sucks and no one will give you a credit card
- you can't control your spending with a credit card
Unless you're in one of these categories, NEVER, EVER USE DEBIT.
If they are resolving it, but just not as fast as you like that is one thing.
If they are choosing to look the other way that is another and that will not work in the long run.
I think 3-5 weeks is a reasonable amount of time given the often complex nature of the problem.
How long do you think it takes the bank to recover or catch the parties involved?
Do they often recover the lost money?
Personally I would like it if I had a remote that I press that allows my debit card to be used for the next half hour and only when it is activated.
Hard currency is on its way out of style so whoever designs the next big sec measure for debit will be laughing to the bank.
... to limit where, when, and how much the card can be used. How about instant notification for user approval on your mobile phone? That'd be really cool.
I have set up my acct such that if there is an access made more than a certain amount of money and/or out of my local area, they call me/text me to call them and verify the transaction. I am not a frequent traveller, so this works out for me. Look up if such a facility is available with your bank too. Another thing, see if they offer some sort of fraud protection mechanism. Some banks do that. That takes off some of the time-delay/processing worries too. If you choose to use your debit card and not credit card mostly, also, move your money from checking to some savings account and keep very little ( subjective) money in checking. That may help too.
You know the saying about having a single point of failure, all of the eggs in the same basket, etc... Have enough cash on hand to see you through the time it takes to get something like this resolved. An 8 to 12 week supply is probably prudent, as well as a reasonably robust safe to keep it.
CDs are also useful, though someone could conceivably take those as well.
The society for a thought-free internet welcomes you.
I won't use a debit card untill they make crediting the account just as fast as a debit action. In other words, never.
zenray
zenray
Guess what folks? Some people still -- yes, in this "any identity thief can get credit" age -- can't get a credit card.
For my part, I got tickled a year ago, on the debit card I got from the hole of the Great Unbanked: ACE Check Cashing.
They shut it off immediately, and refunded the $4.78 (to wanadoo.fr, a French Webhost)... but it took over a week to get me a new card *and I have direct deposit*.
My solution? Got a *second* new card.
Direct deposit goes to one, locked up in a safe place and *I never use that card for anything*. It has Virtual account numbers, and I've set those up for my car insurance and a couple recurring bills.
The second card is what I use to buy things, in person, online, and via PayPal... but that card almost never has more than $50 on it, unless I transfer money to it to buy something specific...
which transfer I can do via SMS. Average delay? 60 seconds.
Works out nicely for me.
What's usually expected of the bank is to return the money out of their own pocket while they're investigating.
You want my advice? Move to a civilized country. One where banks are required by law to secure debit card transfers, just like credit card companies are required to secure credit card transfers. Seriously, I've never met anyone who's had a problem with a debit card -- a credit card, perhaps, but never a debit card.
Just one more part of US legislation that is severely broken, I guess.
Debit cards are functionally useless, since they give you nothing that using credit card which you pay off every month wouldn't while costing you quite a bit.
If you have a credit card you pay off every month, you get an interest free loan for a month. You earn points for rewards. You get protection against fraud. You often get warranties on things you wouldn't normally get.
You get NONE of this with a debit card. The only reason a debit card is preferable is if you don't have the self control to spend an amount you can pay off every month, or you have such a bad credit rating you can't get a credit card with a grace period.
I spent 12 years working in law enforcement. For several years, I specialized in "High Technology Crime", Identity Theft, and white collar crime. I learned many things doing that. One thing I learned is this: A True ATM card with a strong PIN is fine. A True CREDIT card is fine. A DEBIT card should be avoided. If a CREDIT card is compromised it is the banks money and not yours. One thing that I do not understand is why people with good credit use a debit card. Why not use a credit card (the banks money) and then pay the bill in full each month. My NEW bank and I have an understanding. The FIRST time that they try to upgrade me to a DEBIT card over a true ATM card, I take my money elsewhere.
I have been telling people for YEARS how unwise it is to have or use a "debit" card with a Visa/MC logo on it. My bank kept INSISTING that I use one, and I would have to send it back and tell them to please send me a regular debit/ATM card. Many of the same people that thought I was "paranoid" and "obsessive" or just plain strange don't think so anymore. I know more than one person who has had money taken from their account and then it is up to THEM to try and get their money back, meanwhile checks are bouncing, fees are accumulating, credit scores are plummeting. Hours and hours of work to "fix", and then not really know if it is "fixed".
The whole idea of taking a perfectly good ATM card and then linking a Visa logo to it so someone can take JUST YOUR NUMBER (not even have the card) and wipe out your actual account, live, without even a PIN code, is just crazy. Get a CREDIT CARD and let *THEM* take the risk!!
Interestingly enough, a Australia's largest shopping retailer (Woolworths) has just stopped the use of debit cards in their store - citing excessive bank fees. Instead, customers must use EFTPOS - which goes directly through the banking network and not Mastercard or Visa.
In Soviet Russia the insensitive clod is YOU!
This is something I've never understood. Why on earth would you ever use a debit card when a credit card can be used instead? As long as you keep your account balance at zero, you have nothing to lose by using a credit card. And you gain a few legal protections against fraud; your own money generally isn't exposed.
Do debit cards have any advantages at all?
I dunno if places do it with debit cards, but it should be just as easy... but with some (dunno if all) credit card companies flag "suspicious" activity - and your card being used in Europe would be one such instance... in those cases, they'd call you up to verify the purchase.
Your bank could at least do that sort of thing. Like seriously.. Europe? duh!
As someone who has just been stung by a £10000 scam. Someone somehow persuaded my bank to to allow them to to do telephone banking on my account. He did not have my passport, driving licence or birth certificate. How the branch and the bank's fraud dept thought it wasn't possible however 2 days ago the fraudster phoned the bank's phone line to see why he couldn't steal any more money. All true BTW I never checked statements too closely you need to. Got about 7 grand back so far.
Did you know to accept a credit card roughly costs the merchant about $1.05 (US) per $50.00 spent? Why do you think you see ATM's in all kinds of small businesses? A debit card cost a merchant much less, though the merchant may not realize this because they have been sold an account that charges about as much to them. The Independent Sales Organizations (ISO's) and third party processors have to make a buck somehow. As consumers - were already paying this $1.05 fee, passed along to us as the the "insurance" to cover identity theft and credit card losses - namely in higher fees for products we purchase.
Cash is the best way to handle identity theft, though it places the merchant at risk for possible theft, as well as the cost in handling the physical money - so be it.
I wish that product prices were lower and customers would have to read a sign on display that expressed they had to pay 5% a surcharge to use their VISA card.... which of course is against "Visa's" rules. You know.. for identity theft purposes.
IAABG (I am a banking geek).
The rules for provisional credit on debit cards is very well established. They fall under Regulation E, section 205.11. The bank has ten days to get you a provisional refund, and can take up to 45 days in certain circumstances to complete their investigation and finalize the credit.
Make sure you get them a notice in writing! Once you do, they have ten days to credit you, and many banks will do it much faster. If the bank drags their feet, just tell them "I want provisional credit within the mandated timeline per Regualtion E".
Here's more on this topic:
http://www.bankersonline.com/technology/guru2008/gurus_tech022508c.html
http://usa.visa.com/personal/security/visa_security_program/zero_liability.html
http://finsolinc.com/Reg%20E%20EFTA%20Error%20Resolution%20Flowchart.pdf
The protection for misuse of debit cards is strong, you just need to know what to do. If your bank isn't responsive, Move Your Money to a smaller institution that cares.
1. Get a Bank or Credit Union that gives a damn. Investigate before you choose one. A good one will monitor your activity and shut it down and call you when something goes wonky (like charges from all over the place or charges from known fraudulent organizations). When it does go wrong a good one will either fix it quick or possibly give you provisional credit to get you buy until they do fix it.
2. Use a real Credit Card for most items and have the discipline to pay it off each month. Credit Cards are held to a higher standard than debit because it's *their* money and not *yours*. If you challenge a charge they have to credit you right away while they research it, and the burden of proof is on them. As a side benefit you might get mileage or an annual rebate.
3. Use your debit card for small ticket items -- lunch, gas, etc. Don't keep more than you're willing to lose in the account, a few hundred maybe.
Real programmers use "copy con program.exe"
I have a separate account with debit card that stays zero. When I know I'm going to pay a bill online or use for some other purchase, I move just however much I need into that account to cover the purchases or debits. In this way, if some one gets ahold of the number, there isn't a lot they can do with it.
Also I don't have overdraft protection on that specific account so that again, if someone gets my number(s), there isn't much they can do about it. Sure I may get nailed for a hundred bucks - if they catch it at the right time - otherwise, they just don't get my money.
Beer is proof that God loves us and wants us to be happy.
"and users informed of the issues of placing all of their money in the same account that their debit card has access to." Ever heard of not putting all of your eggs in one basket? I keep enough money in my checking account to cover me and the rest securely in a savings account. People shouldn't have to be told to have common sense.
A common theme I hear is that credit card companies don't care enough about fraud to do any investigation whatsoever. I'm loath to pay any fees at all on my credit card, but I'd probably pay, say, 50$/year to get a card where, in the event of my card being used fraudulently, the criminals are hunted down and prosecuted / persecuted to the fullest extent available in the country in which they're found. (Rather than it just being written off as a cost-of-business expense and raising everyone's interest rates)
"What other precautionary measures should be required or taken?"
You are asking a bank CEO who makes $40 million per year + bonuses and stock to care.
The U.S. government is controlled by those who profit from a corrupt financial system, by those who profit from making war, and by those who profit from a number of other manipulations.
"What can be done? Nothing."
What can be done? Reform campaign finance. That will help eliminate government corruption. Now those who pay the most get the politicians they want.
It is no longer a question of if your card will get stolen, but when will it get stolen.
I keep my daily limit low on my debit card. Around $250-$300 is my daily max. When I want to purchase something over that I call the number on the back of the card and have it raised. After the purchase, I call back and lower it again. The few times I need to make that call are worth it.
Once I was calling back to get it lowered and the lady was so confused as to why anyone would want such a low daily limit. Once I explained it to her, she thought it was a good idea.
I use this card every day. So if someone runs it to its max, I will find out about at lunch time. If I am out that 300, its a manageable loss.
What if you could get back every dollar that they take from your account from the bank (or some type of insurance)? Lets just say you have a high daily limit and they are able clean out your account in 1-4 days. How long can you survive while you wait to get it back. Thats the scariest thing about it comming directly out of your account. It is money you are missing while you try to get it recovered. When it is on a normal credit card, you can still make your house payment. There is no way they could get that back to you over night. It would take days or months while they investigate.
The most common theft of credit card numbers are from family members or someone you know. When charges are local to you, the investigations require more time and take more work.
Im a gamer, not a grammer major. This post is full of spelling and grammer mistakes.
On the flip side of that argument, someone stands to make a lot of money by entering the market and challenging Visa with the selling point of increased security.
Theoretically true but it would take someone with VERY deep pockets. Visa and the other large credit card vendors have a the very powerful asset of network effects on their side. Virtually every merchant takes Visa and Mastercard. Somewhat fewer take Discover and Amex. Very few merchants have the equipment to handle more secure cards. This means that even though there are safer cards available, there is no network to handle them and it would cost a sizable fortune to get enough merchants to carry them. From the consumer's point of view there is little incentive to carry a card that is not widely accepted especially if they are protected against loss anyway. Visa can simply promise to cover any losses which makes it uneconomical for someone to build a more secure network. In other words, ain't gonna happen.
Only way I can see a secure card network being installed in the US is if it is mandated by Congress. I've seen some efforts by Amex and some others but unless somehow we can convince Congress to get involved (unlikely in my opinion) I just don't see it happening any time soon.
Just yesterday, I got a replacement debit card from VISA -- after my account was one of an unknown (to me) number of accounts that might have been "compromised" in VISA's words.
I was astonished to read that their new security features include a limit of $2,500 for a single purchase (or $1,000 for a single cash withdrawl) WITHOUT the PIN. Yes, WITHOUT the PIN!
As others are going to point out, short of a miracle you'll have a hard time persuading banks to move to anything more secure, but...
Currently, if I order online, I give the retailer my credit card number, expiry date, the security number off the back, my name and address. I might as well just post them my passport, in terms of giving them things that can be mis-used. So, better plan; I attach a trusted (as in I trust it, not to be confused with Intel's idea of giving you hardware the MPAA trusts) hardware device, in to which I insert my card. My web browser says "I want to pay $100 to " to the device, the device flashes this onto its own independent screen, and asks for my PIN to confirm the transaction. If I confirm, it generates a one-time usable token for payment of $100, usable only by the named retailer, and sends it to the web browser, to go on to the retailer. If it's intercepted, it's useless. If someone manages to persuade you to pay the wrong person (say a site that calls itself fBay and you don't notice it's not eBay, I don't know), at least they can only take as much as you've agreed to, there's no way they can take more.
For shopping day to day... I don't know, maybe the little hardware device does short range Bluetooth to do a similar transaction sequence with the till?
Yeah, so, not going to happen, but that's what could be done.
It sounds counterintuitive but the real solution is to just never use a debit card. Have a separate ATM card and credit card.
When you're using a credit card, you're protected automatically when things like this happen. If you claim that a charge is fraud, it is up to the merchant to actually prove that it is a legit charge. This means that your credit card company will remove the money from the merchants account immediately. If they fail to prove (usually by signature or some other means) that you made the charge, they take the hit.
The other thing that sucks about using a debit card is that they do absolutely nothing to help you build your credit. If you're looking to get lower APRs one of the best ways to do that is to use an actual credit card to buy things and then pay off most of the balance every month. When you use a debit card it doesn't register as a balance. If you bought tens of thousands of dollars on a credit card it could do wonders for your score if you pay it off and keep the balance low. Doing that same thing on a debit card does absolutely nothing.
Debit cards also suck because if you use them for things like Hotel Reservations, the Hotel will actually put an AUTH on your card for more than the price of your room. As long as that AUTH is there you don't have any access to those funds in your checking account. Hotels, etc will routinely AUTH you for more than the price of a room, in some cases 1/3-1/2 as much.
HSBC, the chinese bank, has been handling my money for a long time. I use a debit card and quite freely, I might add. I had never had a problem until about 6 months ago, when I saw a transaction which I hadn't made.
... ... ... Ok, sir, your money is back in your account. You can use it right away."
I called the bank immediatly and told the nice lady my problem. What she said was "Are you sure you didn't buy anything from companyname on that date? Alright. Do you agree to pay any charges that could arise if the company has the signed voucher for that purchase? You do?
It made me feel kind of dizzy to see a company treat me, their client, as a human being. I checked right away and just as she said, the money was back in my account.
A few months later I had some issues with an internet transaction. I clicked the "pay now" button at the end of the process and after a few seconds, the page gave me an error and I just left it there. However, the site did make the charge (even though the company had no record of the transaction when I called them). I had to call the bank again. This time the call took 30 minutes, but the money was back in my account by the end of the week.
Say what you will about the Chinese bank, but they treated me greatly those two times.
I work as a network admin for a small community bank, so I have a passing knowledge of these matters. First, fully investigate your rights under Reg E if you are in the US.
http://www.federalreserve.gov/bankinforeg/regecg.htm
There are rules that govern reporting unauthorized transactions and the providing of "provisional credit" by the financial institution. Make sure you read and understand your rights. Hold your institution's feet to the fire, and make sure they act within this framework.
Second, understand that it is difficult to protect your debit card information. It can be stored (and stolen) from so many places. Any online purchase may result in your card info being stored on a server somewhere. Once that server's back end database is compromised, your data is exposed. Or you shop at a store with a POS system that is not well secured. Or your server at the restaurant last night cloned the mag stripe on the card. Ad infinitum.
Now, it's easy to say "make the financial institution liable for all fraud". But keep in mind the sheer volume of ACH payments processed by some of these banks. There's no way in hell that a bank can know for sure, 100%, that you did or did not initiate a particular transaction. However, please know that most banks' core providers have heuristic/behavioral analysis that does in fact look for behaviors that don't match yours. Companies like Fidelity National Information Services (FNIS), for example, actively send out "fraud alerts" that monitor ACH and debit activity on their networks. For example, if your card is used to purchase a product from a country or a domestic location that doesn't match your activity history, your bank can be alerted and the card can be "hot carded". I know it seems like we, as banks, drop the ball a lot, but keep in mind there is a lot going on that customers are not even aware of.
One piece of advice I would give is to just keep enough in the DDA account to which the card is tied to not go into an overdrawn status. Keep the bulk of your funds in a NOW or savings account with nothing electronic tied to it. No debit card, no automatic bill pay, etc.
How the banks advertise it: "Use your own money to shop online!"
What it actually means: "Expose the cash you need to live on to fraud."
The banks like it because you're putting your money at risk, not theirs.
Which is why I've used AMEX for my daily expenses for close to ten years now. It's a charge card, not a credit card, so you don't get deep in the debt hole... you have to pay the balance at month's end. But it has all of the standard protections of full credit cards. Someone, probably a clerk at a store somewhere, used my number for fraudulent purposes, and as soon as I noticed it on my bill, AMEX froze the charge, and launched and investigation immediately. They kept me up to date the whole time. Also, if "suspicious" activity occurs on your account,,,, say, an all-night Ebay binge... they'll temporarily freeze the account and call you just to be safe.
Life is hard, and the world is cruel
They encourage the use of signature cards instead of PIN cards, even though PIN cards cost them much less to process. That's because they can add their cut on top of that price, and pass the cost on to you.
Signature debt card fraud is about 15 times as high as PIN debt fraud. When was the last time somebody checked your signature on a card?
So, it's more wasteful, and enables vastly more fraud, but the banks love it. But I guess that makes sense; bankers are, after all, parasites and crooks under the protection of law.
Let me give another example of how they don't care about real security. USbank's online banking service now interrupts the standard username/password entry process by asking you a "security question." These questions are things that you could find about most people in a couple of minutes, by looking at Facebook/google, knowing them casually, guessing, etc etc. The answers are shown in the clear. So where, on every other site you've ever used (including, until recently, this one) you'd expect to be typing your password into an obscured field (********), you instead are typing into a box that anybody near you can read. Awesome. And in exchange, the security you get is... a trivial question, and a picture from a handful of pictures you're allowed to set as your "security image". Which anybody within 50 feet can see.
[Reviews comment in case caffeine has led to unfortunate or controversial comments. Nope, looks good!]
One issue is whether the banks or legislation can protect you or not since like bankgeek told us, there are resolution mechanisms in place that CAN be accessed (Regulation E).
Another issue is what can you do, in addition to all of this, to protect yourself.
Step 1. Switch to a pure debit card (not debit/credit). This means that you can only spend what is in your account since the transaction never goes through a card merchant (PIN-based interbank transactions).
Step 2. Add another account at your bank that is not tied in to this debit card. Keep your money there.
Step 3. Move money to debit as you need it on the net.
Smart-style Cards loaded with one-time pad data that are recharged from time to time. No reason why a credit card number should ever work twice.
This is EXACTLY why I refuse to carry a debit card. With one swipe, your account is empty and your mortgage bouncing.
With a credit card, you argue with the bank about THEIR money.
With a debit card, you argue with the bank about YOUR money.
Guess which sort of inquiry receives more attention?
SirWired
Visa requires that a provisional credit for any losses be issued within 5 days. Tell your bank that the 3-5 week time-frame is unacceptable and inconsistent with Visa guidelines.
But this feels a bit much like an overreaction. I do feel bad for you, but... This is like saying I'm going to buy a car, and the window sticker says that, since I run the risk of, even if I roll up the windows and use the locks, that my vehicle could be stolen. It then says that I should not keep anything of any noteworthy value in the car, that all CDs I have inside should be a second copy purchased for my car, and that I should inject quick-set cement in the keyholes and take out the battery when I park it. Or... well, there are plenty of metaphors for it. The truth is, even with some of the most clever ideas in the world, bad things happen, one way or another. And most people are willing to run the risk of not having certain precautions in place in order to enjoy the convenience of not having those bogging things down. Having a separate account just for your debit card would be one of those obtrusive precautions, and still puts you in a lame spot if you encounter an emergency expense.
Pretty much every financial institution seems completely opposed to things that are REASONABLE and would actually WORK.
I run two checking accounts, one of which all my money goes into that does not have an ATM or a Debit card attached to it, and does not have any checks. The second which does. I transfer what money I need from the first into the second as required. So even if they steal my card details and clean out the second account they won't get more than a few hundred dollars.
I never use the 1st acount directly with the public. The money doesn't stay in that account for very long anyway as it heads out in all directions to various saving accounts and mutual funds, leaving just what I need to live through out the month.
The other is that I never do any online banking except from a sterile laptop at home, that is not used for anything but banking. Passwords and user names get changed a couple of times a year.
A bit over kill I know, but then again I've had zero problems with my money.
The Original Poster above is right that Visa & Co will do fuck all for you, but you can do something for yourself: compartmentalize. Create a separate account that is *only* for debit card and nothing else. Put in exactly what you need into this account. If someone steals your pin and number, you'll be (hopefully) getting back any bounced check / overage fees, but otherwise you'll be limiting your risk. As someone who works for a company that has a retail bank line of business (i.e. that's not all we do) I *REALLY* don't understand why some overachieving junior executive isn't trying to drive losses from theft to zero. If -hypothetically speaking- you could negotiate Visa into using a more secure system, you should also then be able to negotiate a better rate for clearing transactions as surely part of that transaction fee has fraud and loss management built into it.
I know that my check card can only access my checking account, so I would have just transferred everything in it to my savings until I got a new card issued. Also, I'd really be surprised if my bank acted this way - they've always been extremely helpful to me (it's a credit union though).
I have been pretty lucky with the banks I use. Years ago, I suddenly had some transactions from Ireland show up on my card. I went to a local branch and talked to someone. I simply filled out a form, they gave me a new card and refunded the money right there. More recently, I went on vacation and made one transaction with my debit card. About an 30 minutes later I got a call from a strange number, so I let it go to VM. The next time I tried to use the card it was declined. Annoyed I listened to my Vm and it was the bank (TD bank) asking me to call them back. I did and they asked me to confirm the area I was at and what my recent transactions were, once I confirmed them, they reactivated the card. Actually pretty nice of them.
So many injustices..so little time..
Sorry to inform you, yes they originated in Hong Kong, but they're a British bank, headquartered in London.
http://en.wikipedia.org/wiki/HSBC
I thought the USA and perhaps other countries had what canada has for pretty much all Debit Cards... Interact
http://www.interac.ca/consumers/security_fraud.php
From the first paragraph of that FAQ
What we're doing about fraud
In 2009, $142 million was reimbursed to victims of fraud as a result of debit card skimming. Victims of debit card fraud are protected and will not suffer any financial losses resulting from circumstances beyond their control.
While debit card fraud represents a fraction of one percent of all transactions, Interac Association takes significant steps to prevent debit card fraud and protect cardholders. Interac Association works together with members and business partners to ensure that the Interac services remain among the most secure in the world. Following are some of the initiatives that Interac Association is involved with.
You must master your joystick like a fisherman masters bait! - Gimpy
I have two credit cards, neither of which is attached to a bank that has any of my money. And the ATM card is only an ATM card.
So you think you have an inalienable right to protection of your money by a private bank, such that the government needs to regulate it? The bank currently provides you with a service of storing your money, 99.9% of the time completely safe and sound, paying you interest, giving you access to it at thousands of locations across your country (And across the world), and will even give it back to you when it is stolen (even with a possibility of it being your fault), yet you feel it is necessary that the government step in and require banks to point out to you that "Yes, with all this convencience, there is a (very) small possibility that your money may, temporarily, be stolen".
Let me suggest this: if you are unhappy with the service the banks are providing, then why don't you withdraw all your money, close your accounts, and manage your money yourself. No one requires you to store your money in a bank afterall. Compare the level of protection you receive when storing your money under a mattress, as compared to storing it in a bank.
Note that I'm not against banks coming up with better ways to protect our money, they surely are trying to, only that the government need not regulate it.
The whole point of a bank (at least originally) was to keep money safe by making it difficult to access. Through the years we have demanded that banks make it easier and more convenient to access our money, and now we are paying the price. Security and convenience are inversely proportional to one another. It is a mystery to me why we, as a civilization can't seem to grasp this basic concept.
Look it up.
Visa are doing something about it, so much so that they are enticing people to use it by accepting the liability of fraud themselves - rather than leaving it firmly with the merchant as it is today.
The problem is an existing system that works worldwide with millions of users is BLOODY HARD TO CHANGE.
You will probably see it introduced at about the same pace as IPv6 (which suffers from the same 'migration issues')
I always use a debit card. I asked for a special version that doesn't work offline (the VISA electron), the card-reader terminal must be connected to internet. I also requested that the balance must not go below zero.
How am I secure? I don't leave much money on the account of this card, just the daily necessary. If I lose it or it gets stolen, they won't get much.
For big payments between trustful people, I always use bank transfers. For Internet payments, I always connect over a VPN (if I'm using a public WiFi) and use virtual VISA cards which are one-time use with a upper user-defined limit.
A debit card is a fool's device. It has all of the disadvantages of a credit card without the free use of a months worth of money. Pay the messily $55 for an American Express card. It has all of the advantages of a credit card without any of the disadvantages. The money is worth it and you can make it up in a years worth of whatever point system you like (I like ONE, because it pays cash quickly.)
excitingthingstodo.blogspot.com
I often hear people from US Bank and other large banks having problems where things like this happen and they get screwed...
I happen to use a local bank, many of the people there know me, they know my accounts and are always happy to see me. I have had a couple instances where my check/debit card (which can be used for Visa transactions) was compromised. I went to the bank, they gladly discussed the issue with me. I made a sworn statement about what happened (or didn't happen... like me not even being in florida at the time). Within two weeks they were clear about me not being where the transactions were made and reversed the charges.
I hear from people using larger banks that they just get screwed over. The banks don't make the effort and just pass the loss off to the client. My bank cares about me and they know if they don't protect me and reverse wrongful charges, that I will share my sentiment with others.
------
Anyway.... Large banks are somewhat impervious to complaint/criticism. I will *never* bank with US Bank after what I've heard from people close to me, but they will still thrive.
My point is that local banks are much more likely to care about you and do their best to protect you.
You don't need to check your balance every day, only that you still physically possess your plastics. If you make sure everyday before you go to bed (or do it first thing in the morning) that you still have your credit cards, you can just check your balance once a month.
I once had a signature.
Bingo. Check/Debit cards are fraud magnets by design. Heck, when they were first introduced, Visa actually ran ads showing how easy it was to commit fraud with them. They would show how hard it was to use a check because you had to prove who you were, but with a Visa check card, you can buy whatever you want without any evidence of who you are. Check cards have all of the lack of security of a credit card, and all of the risk of an ATM card. It is simply an ATM card without a pin. Who in their right mind would think that issuing ATM cards where using the pin is optional is a good idea?
Best advice? If using a visa check card, use a second account. Do not link it to overdraft protection to your main account (or in any other way, such as a "loan" to cover overdrafts at high interest rates). Keep a low balance, using online banking to transfer money as needed into the "spending" account. Then make sure your bank does not provide a check card for your main of "bills" account. This way, if you ever get hit with a scam you loose a minimal amount. Case and point. I had such an account, and all the sudden it went from $25 to -$75 due to a fraudulent paypal billing. We contacted the bank first, and they said "oh, that... don't worry, we'll take care of it". Apparently, fraudulent paypal billings are extremely common with my bank. We got the $25 back and immediately closed that account, and since it was totally separate for us it meant that none of our important bills went unpaid (though I wasn't able to get some takeout that week). The point? The only option is for you to be a smart consumer and figure out how much you are willing to risk at any given moment. Otherwise, get a real credit card that you pay off every month and gives you virtual account numbers for purchases. That will also minimize risks.
These charges were fraudulent. This may or may not affect your ability to pay your bills, buy food for your family, put gas in your car to get to work, and so forth. It could wind up costing you significantly more than just the charges in late fees and a damaged credit rating (which affects everything from loan rates to car insurance payments). These will haunt you for years to come. There are ways to minimize risks, but it sounds like you're saying to the family of someone murdered "stop being such a cry baby, people die all the time... its just the risk we take for living". In other words, maybe a little more empathy for the crime victim and a little less blame along with a dash of constructive advice would have been ... tactful.
Banks must roll differently stateside, here in Australia my visa debit card has been compromised twice. Both times I was contacted by the bank (different banks in each case) before I even knew what was going on. They had a new card and number out to me in 3 days and the dodgy charges were refunded by the time I logged on to my internet banking to check.
Another time I was on my honeymoon and the resort we were staying at put a rather large hold of funds on my visa debit card. My bank rang me and said they had a large charge on my card and asked if it was ok.
Impressive all round.
I got a letter in the mail today from Monoprice, saying that they had recently been hacked, and that a transaction I had with them feel within the window of lost data (credit card number, name, address, AND phone number??? Seriously, there is NO REASON for them to be storing this data "in their database"). I immediately called my bank to cancel my debit card, and while I was on the phone had them check to see if there were any pending transactions. Lo and behold, there were over 20 transactions TODAY for Blizzard Entertainment, for amounts ranging from $14.99 to $25. Also a couple of $1 charges to the Apple Online Store, probably to verify that the card was still good.
So I assume some criminal gang stole the CC numbers, then planned to rack up a bunch of WOW time to re-sell? Or something?
The back has assured me I won't be liable for any of it, but I'll believe it when it's over...
There would be no implementation costs as its just a printed pattern on a transparent region of the cards and the online authentication security exceeds the vast majority of electronic tokens, even being able to do transaction authentication to defeat MITM attacks.
My boyfriend had this happen to him with his National Australia Bank visa debit card, except someone just withdrew it from an ATM somewhere down here in Tassie. He was told 21 days, but in reality it was closer to 7 days. Since then I've mainly been using Paypal for online transactions except on sites I trust (and I always check URLs and whatnot), I'm very careful about covering my hand when typing in my pin at ATMs, and I always check for skimmers. Hmm.
All of my accounts will alert me by text and/or email of any transactions exceeding $500, or if the monthly transactions exceed $2000. I don't need to monitor my accounts daily, because the most anyone can take without triggering an alert is usually $500.
That being said, I check my accounts on a weekly basis, which is a good habit to get into. I get my balance and recent transaction history emailed to me on monday mornings, again using the banks' own systems.
Account alerts are wonderful tools. Use them!
Vote every one of them holding office now, out.
6 out of 8 transactions at WhaaaMooo were fradulant not dangerous... ILLEGAL!
The Senate is supposed to provide oversight this crap. They actively encourage it!
They are domestic financial terrorists, throw them out of the fucking office.
This needs to be addressed from two angles 1) Write a letter to your local representative in government explaining the situation and how difficult it is to deal with the banks and some solutions that are well though out and can be instituted. Do this as a real letter not an email, the truth is as much as banks have lobbies you get the right person at the right time (say right when his best friend was hit with identity theft) and it will make a real impact and make the representative less receptive to the bank lobby. After you finish step one there are a few options for step 2 depending on the tech you have and if you travel out of your country allot. The best option is you travel rarely out of your country, you have a smart phone and don't like to use credit cards a) Get a bank that works with said phone online b) make sure the bank offers a pre-paid debit card and same day fund availability when you transfer with no fees and such nonsense c) put $50 on the card as a base d) anytime you want to make a larger purchase transfer funds with your phone and use your card If you travel out of the country increase the amount to say $200 and replenish as needed from internet cafes or hotel. This way if your wallet is lost or stolen you are temporarily out the money (the per paid cards are debit cards so have the same protection as debit cards) and they are better then carrying around a wad of cash. The other option as people have said is use a credit card normally a quick search online will reveal if people had a very hard time with a given card or bank and you will find better support from a smaller bank but not always better award points and so on.
I know this may not be popular, but debit cards are dangerous if lost, especially if a branded debit card. (I think that's the "proper" term for a Visa/MC/Discover debit card. It's what our treasury and acquirer/processor folks use, anyhow.)
I have a branded debit card issued by my bank, but it expired two years ago. I use it to get cash out of their ATMs. Because it expired it's unusable as a Visa card.
For my day to day purchases, I use a proper MasterCard - a credit card. Everything goes on it - I've gone weeks without touching cash.
I pay it off every month. I don't charge things I can't afford. If I lose it, at most I'm out $50.
More likely, Chase will phone me and ask if I really ordered a computer to be shipped to Nigeria, and I'll say no.
The ONLY problem I've EVER had was that Chase didn't get my profile right for a while last year - they were shutting down my card and calling me once a week to confirm things I really did.
So I used my Citi card for 6 months, let Chase cool off, and now I'm back to Chase. So far so good.
And I earn points. Lots of points. Points I can use to get free stuff. Do you get that with cash?
The preferred solution is to not have a problem.
The original poster had a stolen debit card number, not a full identity. True identity theft opens credit lines in the person's name. Those unpaid loans result in much worse than an empty bank account. Identity theft is much harder to track than a missing card.
Well this is why I have 2 different credit cards and bank accounts at two separate institutions.
1. I use my credit cards, they caught suspicious activity once, killed the card and called me immediately. I got a new card within a few days, in the meantime I had my other card.
2. I had trouble with my bank once, just walked over to my other bank and they gave me a small Line of Credit on the spot. I never plan on being tied to a single institution again.
Personally I don't touch debit cards, I only use it to go and deposit paychecks or occasionally withdraw money. For almost everything I simply use my credit card. I don't understand why anyone would choose to use a debit card over a credit card.
Credit card gives me money back, I know fraudulent transactions are caught, and I get a free 30+ day loan on everything I buy.
Legally.
In most countries a bank account is legally a loan to the bank. Legally it isn't a safety deposit box where they store your money for you.
This means the money is theirs to do with as they please and they are graciously allowing you to use their credit instead, with the attached terms and conditions.
Deleted
Think about the fundamental reason we use banks - they protect and secure our money. Think back to the Gold Rush era, they upped the security until the robberies stopped. This problem (and it's solution) lies solely with the banks. I hypothesize that it mustn't be costing them as much to pay out on Fraud claims as it would cost to implement effective security countermeasures. A couple of things they are already doing: Verified by Visa: http://www.anz.com/personal/credit-cards/security/verified-visa/ Security Chips: http://www.anz.com/personal/credit-cards/security/chip-cards/ 2 suggestions of mine: compulsory presentation of Photo ID for every CC transaction, and biometrics.
I got a Visa Debit card for a new account which I opened this week on Monday. I've kept the limit freakishly high for now because I need to purchase some stuff online. Once my credit cards arrive, I'll go back to a low limit on the debit card.
For online shopping, the bank says I get a self-typed personal message when I try a transaction, which I need to answer for it to work. It's not activated yet but I presume that if my card is stolen, they still wouldn't be able to use it online.
For retail shopping, I thought all debit cards need you to enter your PIN number when shopping? Which means any theft requires the thief to also know your PIN. Personally, I think they should let you create an ATM PIN which is different from your Shopping PIN for added security. But if the visa debit card works just like a credit card (sign and that's it) that's bad. What about presenting the signature/signed receipt? If you use your debit card like a credit card, then it should be required for the retailer to show your receipt. If they can't produce it, then the charge is reversed and your bank takes your money back from their bank and gives it to you. Except for that last step, should be how it works for credit cards as well.
Agreed, faked signatures are an issue as well. PINs are a good option for all debit cards...and credit cards. No manual signature checking involved. Paranoid option 2: carry an RSA key thing (which some banks use for online banking, along with one-time-passwords sms-ed to your mobile) as an added security to knowing your PIN.
This is all becoming a security compromise for the sake of convenience - something, we, as a generation of species, need to move past.
You could start using one-time use, or temporary debit cards. They aren't linked to your bank account, and you'd be able to set an amount you'd like to use for the week or whatever time period. This has the added benefit that if it were stolen, they wouldn't be able to take all of your money.
I believe there are various companies, including some banks, that will generate them for you.
cards need to have a blizz authenticator like chip/screen implanted in them that verifies you are who you are whenever a purchase is attempted to be made by your account.
http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&sid=635f26c4af3e2fe4327fd25ef4cb5638&tpl=/ecfrbrowse/Title12/12cfr205_main_02.tpl
I work IT in a community bank. I work very closely with our Operations and Fraud department. Here is what I can tell you about VISA debit card fraud. If you are a consumer, you are totally protected IF you report your debit card being lost, stolen, or compromised within 3 days that you became aware of it being lost, stolen, or compromised. The bank will also have a hard time proving when you found out you had a problem with your card. The bank HAS to give you your money back. VISA and Washington D.C. make all of these rules. The little known secret is that banks take huge losses on debit card fraud because the regulation coming from Washington D.C. totally protects the consumer. Most of the time in a fraud case, the bank isn't able to recover the money from the merchant and they have to refund the money to the consumer. Therefore, the banks lose money on VISA debit card fraud. As consumers, you really have nothing to worry about when it comes to VISA debit card fraud. You are totally covered. If you have a VISA business debit card though, you are not covered by the regulation and you are subject to taking losses in a fraud case. If you are a business owner, you better be REALLY CAREFUL when it comes to who has business debit cards tied to your accounts. In your case when the bank said 3 - 5 weeks to return your money, you should change banks. Go to a good community bank or credit union in your area. Somewhere that will recognize you as a person and not a number. Stay away from the large nationwide banks and regional banks. Especially the ones that are having loan trouble. They are trying to stay afloat by sticking all of their good customers with lots of account fees. I use my VISA debit card everywhere and never worry about fraud. You should do the same. I do suggest that you be careful using it on the Internet. As a computer security professional, I do recommend that you practice good computer security.... AV, Web Filtering, OpenDNS, Patching, etc....
I know that sounds ridiculous, but the current system really doesn't prevent this kind of theft. Maybe this is a sign that we need to get back to a budget life - where we plan everything ahead; if you don't spend $ unexpectedly, you shouldn't have much problem having the cash on hand. This kills spontaneity, yes, but that's probably a big reason why we (in the US at least) have a negative savings rate. Hell, if you're clever, you can get discounts for paying cash (since you're saving the store 2-3% that they'd pay to process a card, or the wait on checks).
For online purchases, maintain a prepaid card with limited funds, or use PayPal - honestly, I have a high degree of confidence in their system, or at the worst, it isn't any lower than the confidence I feel towards the plastic in my wallet. If an online vendor doesn't take PayPal, well, there's always another one that does.
The best thing about a boolean is even if you are wrong, you are only off by a bit.
I only uses the card as a debit card at Barnes and Noble and at Costco. Someone duped my card and did max withdrawals over a period of 4 days, using a series of ATMs at Chase banks in Southern California. My bank replaced the funds within days. Got police reports started immediately but haven't heard a peep from the SoCal police. Freaking annoying and makes me want to go Gordon Freeman on the thieves with a crowbar. Your mileage with your banks Customer Service may vary.
I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own.
You know debit cards are insecure. Get a credit card and get over it.
Debit cards are nothing more than a great way to screw you. The banks know this and now you know it.
If you have a credit card, you're protected by the Fair Credit Billing Act, which means you're liable for up to $50, although in practice, the banks often waive this as a "card benefit". I have absolutely no clue why any sane person would use a debit card since the liability is nearly infinite.
That's not to say any given Bank might not be better than any given Credit Union but, on the whole, I have WAY more trust in my local credit union than my now non-existing bank.
I'm wondering what the risks are in using verbal checks (paperless ACH transfers). I pay my monthly electricity bill that way since my power company adds a "convenience charge" for using a credit card. As far as I know, the only thing needed for a verbal check is the account number and bank routing number. What's to stop anyone who knows the account number from issuing a verbal check to themself? The routing number for any bank is available online or by calling the bank. If I dispute a verbal check is the bank required to reverse the charge?
This is what an American Express card is for, you use it for your daily purchases, and you pay it off at the end of the month, no interest or fees. (other than annual fee). You get up to 20 days of float on your money also if you were to keep a money market account that you write just your mortgage payment out of etc, and use your Amex to pay everything else. If place doesn't accept Amex, then I'd recommend Paypal's Mastercard debit card, you transfer money into it, so you're never going to overdraft it, and their fraud dept is really good, and they are prompt on their security investigations. Plus again, it pays you interest on any balance, and cash back on (credit) purchases. For my business I made my merchant account (credit card processing) account a totally seperate account than my primary checking, I siphon money off every morning to the business account. But, that way if someone does a chargeback for a a large purchase and they put an investigatory hold on my account, I don't have vendor, payroll, mortgage checks bouncing... then again, I don't anyway, because I deal with a local regional bank (only 10 branches) that calls me anytime there is any problem, and gives me a few hours to make it right. This is why you don't deal with the bank of america's of the world. With a small bank all money deposited (including checks for anywhere) are available for withdrawl immediately, any overdrafts are recorded at night, and you have until 11am the next morning to make them good without paying any sort of fee, should you overdraft, they will go ahead and pay the item, and nearly all the time refund your overdraft fee if you talk to them. This is one way to get small loans, as they will let you overdraft your account and pay it back a couple days later for just a $30 fee... yes $30 might be alot on a $2500 loan but comes in handy in an emergency. This is why you get off your lazy a$$ and go to the bank and make deposits, INSIDE the branch, not the drive through. You get to know your bankers, and they get to know you. My bank offers free remote deposit capture, including they will give you all the hardware, but I still go into the bank about 4 times a week, just to make myself known.
I know, the title is trolling. Regulating banks is one thing that the constitution expressly allows. However, since 2 stays, Deleware and one of the dakotas are the only 2 exceptions to states reasonably regulating consumer banks, there's been no huge needs to do this to a greater extend then recently. Also note that MBNA owns the vice presdient and has for 30 years. Nothing will change.
As for non-profits, they're called credit unions. Ditch your usurious bank and go with a credit union. https://www.cusc.net/
"told that they couldn't use the card since it wasn't a Visa or MasterCard check card"
That's called 'steering'. Lots of reasons for that:
- Avoiding higher-cost forms of payment or perfering lower-cost forms; Losts of places that honor American Express try to steer customers to another card, as Amex often has the highest discount rate. Sometimes merchants avoid signatures and ask for the pin number to avoid the slightly higher discount for signature transactions. The issuers like higher discounts, so they run promotions like double points for signing for a purchase, etc. Oh, and rewards cards almost always cost the merchant more. You thought those points were free? All of these tactics are steering, by the merchant or the issuer.
- Some cards are more 'unreliable'. Those 'check cards' are always tied to an account. A 'debit' card might be pre-paid, and if something isn't quite right about the authorizaiton process, a merchant might not get paid if the funds are exhausted before they settle. It's not supposed to happen, but there are situations...
- Some merchants have agreements that kick back fees for certain cards, especially for larger volume or larger dollar-value transactions. That encourages steering, just another reason.
- Some card type are subject to more fraud than others, and merchants that understand that can either avoid those cards or treat them with extra caution. Address verification or matching the signature to another form of ID, for instance.
- It's not impossible that some merchants have agreements that expose them to more risk for certain card types. Online gambling outfits suffer huge losses, and are thrown under the bus by card issuers all the time. It's a dirty business. Any business where they don't have the card there (card-not-present) are usually more exposed and have to take more precautions. Even other fairly normal industries suffer more fraud. Fast-food restaurants for instance, etc. Some of these industries don't even bother to challenge chargebacks, as it's too small a portion to worry about. I'm regularly surprised at how merchants don't handle risk well at all.
Almost all issuers have agreements with merchants that prohibit steering, as well as charging more for card transactions than for cash, or requiring a minimum purchase for a card transaction. It can be hard to prove, but not impossible.
It would be interesting to ask one of these merchants why they don't accept a 'debit' card. I would not be surprised if they concoct some bs story, though the clerks may be told anything by the boss to get his way.
deleting the extra space after periods so i can stay relevant, yeah.
I had a very similar situation happening to me and just in the past year several of my friends and colleagues had their credit card info stolen and their account cleaned out. While credit card theft is rampant, many people still don't seem to realize in how many ways credit cards can be compromised and that there is no such thing as a "secure transaction" since 128-bit SSL has been broken or at least CA certificates are being spoofed like crazy. Unlike what credit card companies claim in their commercials, in most cases they may block your card right away but may still charge you and put the burden of proof that fraud has occurred on your end. The best things you can are paying with good old cash (both, merchants and people waiting in line behind you prefer that anyway) and use ordinary money orders for online purchases (no risks of "check washing" etc.). The risks of falling victim to credit card fraud and suffering losses or at least major inconveniences are simply too high nowadays.
Well, almost.
I didn't so much have my ATM Debit Card card stolen as I did my identity.
What they (the criminals) actually did was electronically "skim" my card, thereby obtaining not only all of my bank account information (account number, etc -- all the stuff recorded on the magnetic strip of the card) but also my pin number. (Their keypad where you enter you pin number into was connected to another box that saved the two pieces of information together so they has everything they needed to clone and use the card).
We noticed it on the next bank statement. There were transactions for places in California and we live in Seattle, WA and we don't travel.
The next day I went to the bank to deposit a check and asked the teller what I should do. She immediately asked me whether I happened to make any purchases recently at the store across the street. Surprised that she would know I answered yes. She then told me the cops has just arrested the owner for fraud/identity theft. Apparently there were many dozens of victims, all in this area and many of them also customers of the same bank as mine (Bank of America).
Long story short, the bank refunded the entire amount (over $900) while the investigation was underway since it was likely the investigation would complete in my favor (and since they obviously had the resources to recover their losses better than I did to cover mine).
I'm surprised your bank isn't handling the situation similarly, unless your card was indeed stolen and not simply used as part of a much larger across-state-lines wide-spread identity theft ring (which the feds (FBI) took over investigating/prosecuting).
"Fish" (David B. Trout)
About 15 years ago I ended up with an unauthorized $150 charge to my credit card from DirectTV. The quickly issued me a refund and there wasn't any other fraudulent activity. I wasn't a customer of theirs and had never given them my card number so it seemed this was just a random error of an incorrectly entered card number. This made me think about similar mistakes that could happen with debit cards and the trouble I'd be in if my checking account was suddenly emptied. I've insisted on having only an ATM card from my banks since then and this post reminds me why that was such a good practice. Using a credit card as a charge card is much lower risk.
If fraud DOES occur, even if your bank has a zero-liability policy for PIN-based debit transactions (non-signature) -- which is unlikely -- with a credit card, you just dispute the charges and DO NOT HAVE TO PAY and don't lose ANY money even temporarily. Unlike a debit card where your account is missing the money until the bank finishes and refunds it. As long as you can control your spending and pay off your credit card in full every month, credit cards will remain the superior plastic money.
Seriously, you must be 18 like I used to be. I got a few credit cards, didn't understand them, and for a while blamed them for my poor decisions. Sure, I should have not signed up for them, but I also didn't read the fine print. No matter how shitty small the print is, its worth it to read it or pay a lawyer/notary/editor to read it and summarize it. You sign an agreement, you know what you're getting in to. If you don't read it, you can't hold anyone else responsible. At first it sounded like you were talking about the theft of your card by technical means worthy of discussion on Slashdot - instead, you're whining about the bad decisions you made yourself.
I have debt. I'm working and paying it off. I should have known better, known what I was getting into, known it was a bad idea - but since I didn't, I got shafted. It doesn't take a scam to drain your bank account, and you can't force regulation on something like that.
My South African bank has a nice, highly effective, easy to implement, widely available, cheap, and easily solution that doesn't eliminate fraud, but certainly minimises its effects. Whenever I use my (VISA) debit card, I get an SMS with the date, time, amount and location. I, maybe, in a week, make 20 card transactions, so the cost is 50c/week max to the bank buying in bulk. If I see a transaction I don't recognise, I phone the bank. compared to all the mostly wasted investment in PCI (including all the requirements that weaken rather than strengthen your website's security), the phishing friendly bullshit of Verified by VISA etc, it works like a dream.
Did you know that someone with your checking account number can also empty your account without your permission?
So, no checks, no check-cards ... no ATM cards, leaves you with just cash and Visa if you want to avoid having your cash drained.
I run a separate account with a small amount of cash for ATM use. I haven't figured out what to do about the checking account draining potential. So far, I've been lucky.
Oh, and definitely shut off all internet-access to your banking and investment accounts. When I called Vanguard, the customer service folks were confused as to why I'd want to shut off on-line access. I simply asked them what would happen if our kids or babysitter downloaded a password sniffer on our home PC and someone drained my account using my credentials. They said they guaranteed my accounts against losses due to hacking of their systems. I said "yes, I know that, but it's not your system that's been hacked, it's mine." and they had no answer. As far as I know, right now US law doesn't protect me when someone uses my PIN/Password to drain my accounts. So, for now, I use paper-based statements and phone-based transactions.
Man that guy must be stupid.
Why didn't you take all your money out of that account or just canceled the card?!
"Naw, I'm just going to sit down here watching the thieves travel on my money. Oh joy! Where will they go next?"
unbelievable...
A credit or debit card has NO security at all, it's just a number.
Almost every European country is using the chipped bank cards, I've been using online banking for almost 10 years now, completely secure (in Europe you get a token device for online banking)
On top of that, if you choose the right bank, transactions costs are very small.
I run my own company, and I only use a credit card when dealing with American or UK companies, and I only deal with companies I know, I ask them to destroy my card number after the payment, and I get my card replaced every 3 months.
You just have to, when the limit on the card is 50000 euro.
I tried to use what Americans call "wired" transfers (that's what we use in Europe for all transactions), and then I noticed that American banks charge enormous costs for "wired transfers", why? Because they really don't want normal transfers from one account to another, the US banks want to lend money (CC card) as much as possible, so they can charge interest.
the UK and the US bank systems are at least 10 years behind compared to the rest of the world.
I avoid using a debit card wherever possible for just this reason. The exception is with retailers (scum) who charge extra for paying by credit card - if I'm forced to deal with one such, I always change the PIN number immediately afterwards. UK banks have been ripping people off with this debit card thing ever since Chip & Fraud was introduced - they share your PIN with retailers, you get the blame for fraud!
I've had money taken from my account twice in 10 years. Both times I phoned my bank, reported the transactions as fraudulent and they credited me the money back by the next day. A week later they sent me a legal form to sign declaring that I didn't make the transactions, and that was the last I ever heard about them.
What does annoy me is the way they automatically block my card every time I use it abroad. Last time I went to the US they blocked my card after I used it to pay for my hotel room, then their automatic security system phoned me at 4am local time to ask if the transactions were legitimate.
Check cards draw money directly from the account they are tied to.
What more needs to be said? I understand that you're upset your money got stolen, but how much more clear than "Check cards draw money directly from the account they are tied to" can one get? This isn't even a common sense thing. This is a "here, we have explicitly told you what is going on, and if you can't understand what that means you really shouldn't be given a bank account in the first place."
-- 'The' Lord and Master Bitman On High, Master Of All
Unless you area trader of some kind or you own a shop selling groceries, you will not be paid in cash.
Salaried people everywhere (I have worked in Mexico, Malaysia, Thailand, Vietnam, Germany, UK and US if you must know) are paid with an electronic deposit to their bank account.
So then what? Are you seriously saying that you are going to queue in a bricks and mortar bank once a month to make a big withdrawal? Or even worst, several times a month to make smaller ones?
Lets assume you have your wads of cash, now everybody and his dog in your community knows your the lunatic that is carrying cash with him. Good luck with that one.
As for cheques, well, here in the UK they will be pahsed out in a couple of years, and I don't know elsewhere, but in the UK they were never a guaranteed from of payment, banks or payees could come after you years later demanding payment if something irregular has been found. THat does not really matter, tha fact is that you will not have cheques anymore in 2 or 3 years time.
So many comments, so little common sense.
EMV is the answer, it works and is perfectly safe despite what the media whores in Cambridge tell you.
I am an adult and act responsibly.
I have been using credit cards for 20 years and have rarely paid anything but the amount I owe due to my purchases.
The bank is providing you with a credit facility, if one does not learn to use it the cardholder is the only person to blame.
The card is only half the problem. The terminal is equally to blame.
one solution;
1. chip and PIN
2. liability transfer to non-compliant party (acquirer or issuer)
3. remove mag stripes
This type of fraud is going to hit the US BIG time in the next 2-3years, why? the rest of the world is moving to EMV. Skimming will cripple US payment systems within 5years if nothing is done NOW.
Here in Denmark, if I dispute any charges the bank has to transfer the money back immediately. This is consumer protection law regulated.
If their investigations shows that I need to pay, they can get the money back at that time + normal interests + a fee of around $50.
So I don't see any risk in using debit or credit cards.
... would never be used by the banks because it requires them to become technically competent and to lose a nice revenue stream of milking victims even more by charging overdraft fees and late fees. But here goes, anyway ...
For online purchase, once you check out, the merchant sends the amount to their financial service provider. The FSP connects to a central clearing house and generates a unique transaction code. The CCH stores a description of the transaction and the ID of the merchant. The transaction code is sent back to the merchant. The merchant provides this code to YOU, the buyer.
You go to your bank web site and select the CCH payment screen. It has a place for the transaction code which you cut and paste from the merchant site, and submit. The bank connections with the CCH and obtains full details of the transaction and displays it for you. You verify that it looks familar. The bank tells you if you have enough money to pay it or not. When you choose to pay it, the bank tells the CCH that it is now paid. The CCH tells the merchant's bank that it is paid. The merchant's bank tells the merchant that it is paid. If this isn't done by a transmission push, then at least it can be done by the merchant pulling a status on the transaction code they generated. Back at the merchant web site, you can query the transaction and see that it is now know as paid (after the process finishes, which might take longer during Christmas).
Your account is NOT exposed to the merchant or the merchant's bank. Optionally, you can include your previously stored shipping address (or pick one from several) with the payment and the merchant can use that.
Offline, this is harder to do. Cash may be better there. But it is still doable by having a portable device YOU TRUST with the right software. This could be integrated into other portable devices, like a phone or music player, if you trust that. The mechanism would involve an infrared communication between the vendor (via their cash register) and your device. The vendor sends your device the transaction code, and provides a channel for you to send data to/from banks (and only banks) via a central bank connection. Your device establishes a secure encrypted connection to the CBC using the CBC public key. It then tells the CBC the identity of the bank (the merchant will not get this info). Over that secure channel a 2nd channel is forwarded to the bank. Now the device establishes a secure encrypted channel to your bank using the bank's public key. It logs in to your account at the bank, tells the bank what the transaction code is (the bank now goes back to the CCH as above). You see the amount of the transaction on the device and choose whether or not to pay it. If you pay it, that info gets back to the merchant and you can walk with the merchandise.
Additional security will be needed within the device and your home computer. Your bank will have to manage your account safely (e.g. not let others log in to your account). But those are mechanisms YOU have some control over (change banks if you have one that is sloppy with security). You do not have to depend on a merchant being secure, or the merchant's choice of bank being secure. At the same time, because your identity may not be included with the payments, once payments are made, they are likely not reversible. So it will be like paying in cash.
now we need to go OSS in diesel cars
What a dangerous clause. Who is supposed to force whom to do something? So you want some larger authority (our beloved government, in this case?) to force the debit card companies to spend their money, manpower, and advertising space with no compensation; nay to cause harm to their own business model? Are there not enough warnings out there about the dangers of debit cards already? Weren't you already aware that these cards are not safe? Your ... somebody should do something... comes from your own frustration at shown to be an idiot, doesn't it? Hurts, don't it?
Don't trust corporations or government. Use cash and/or 'credit' cards. Have you learned these lessons now? I think not. You've already started up another 'debit' card account with the same rules that applied last time. Sheesh!
My wife and I both had our debit card data stolen. Her account, with Bank of America and mine with Wachovia/Wells Fargo were both credited back within two business days. Basically both banks credited the disputed transactions back, then got the paperwork in order and investigated. I've plenty of complaints about big banks and how they don't care about customers. but in this case, I thought both banks were outstanding in their handling of our cases.
Just a reminder, for anyone who has not been on the business side of it: the credit card companies would prefer that you used credit cards. That way, instead of a flat fee of a few cents, they take a percentage of the gross. This either cuts into the merchant's margin, or else they will pass it on to you in the form of higher prices. Either way, the credit card companies make out like bandits.
Enjoy life! This is not a dress rehearsal.
but credit cards have far more protections than debit cards and are used in an identical manner (well, except for signature vs pin)
The "except" is a big difference. The debit card pin is fundamental. You can charge a credit card with any old scrawl that is never verified by anyone. A debit card pin number is verified electronically, never known to anyone except you and the card issuer. No one holds my debit card except me, making it more challenging to get the number on my card (hardly the pin). I never use my debit card over the internet.
This is why debit card fraud happens less frequently than credit card fraud. It is why retailers typically get charged about $0.25 + 2% for every credit card transaction, but only $0.15 for every debit card transaction. Note that retailers don't just eat these fees, costs get passed along to the consumer. When you use a credit card, you increase costs for everyone.
I don't know about the US but in the UK this type of theft tends to end up at the retailers door.
At least you will, hopefully, eventually get your money back.
If the thief has used the card to buy goods from a retailer - then what happens is:
1. Thief steals card details
2. Thief goes on spending spree
3. You report card stolen
4. Visa/Mastercard/Card-company take back the money from the retailer
5. You get money back
6. Retailer is left having sold an item for, say £2,000 - but no item, and now no money.
Even when the item has been sent to the account holders registered address, and all the security checks match - the retailer still looses out.
Back to the point.
In terms of physical card use, all credit/debit cards should have a photo of the owner lasered onto them - so the cashier can easily 'check' that the person giving them their card is in fact the owner of the card.
This would help stop stolen/cloned cards from being used at cashier points, but wouldn't help with them being used at ATM's or online. But at least it would help and would be very easy to implement.
Alternatively, use a finger-print double-check based system for all transactions (this would work at ATM's, but then falls over for on-line purchases).
For Bank of America customers, this service is available as well.
Reply to That ||
I can't see any value in using a debit card. It just seems like a way for banks to shift more liability onto the user w/o providing anything of value.
Blar.
don't use a debit card. use a ATM card = cash.
you don't need to give the ATM card to anyone else,
unlike with a credit or debit card.
-
IF you use a debit card, make a separate
account. figure out how much you "normally"
use per month with the debit card.
have the bank transfer said X amounts
from another bank account to debit account every month.
like so you can minimize your maximum loss.
There's another perspective on this, and another reason to do as you do - the credit card tax.
Everyone is up in arms about taxes these days - longer than just that really. People give up their days to protest taxes in various places. But I'll be that those very same people think nothing of using their credit cards to pay for that day's expenses. Or even if they don't, they don't realize that they're paying for the privilege of others using their credit cards.
The credit cards get a transaction fee - typically somewhere in the 3-4 % range. Years ago, I remember some places used to charge a slight premium for using a credit card. I'm not sure if it was through legislation or other pressure, but that practice stopped, in favor of "same price, cash or credit." What that really means is that EVERYONE is paying for the credit card transaction fee, whether you're paying cash or credit.
What do you call it when there's an extra percentage fee tacked onto your purchases? One word might be "tax", except this one isn't collected by any government, but by private agencies. Nor is it voluntary, like a "free market" thing, because it's tacked onto your purchases, whether you use credit or not.
I have a lot of sympathy for small, local businesses. I try to have a premium I will pay to buy locally, knowing that that money stays in my area, though I can't always do it, and I have my limits. But one thing I try even harder to do is avoid using my credit card with local businesses. They have to set their prices to account for the transaction fees, or else they go out of business. But by paying them in cash or check instead of credit, that piece of transaction fee goes to them instead of to some far-off bank. I can't get the "tax" back for myself, but at least I can give it to a local business.
The living have better things to do than to continue hating the dead.
With online usage, the bank could issue temporary numbers with a spending limit you set. The number works once, for one online purchase, then evaporates. That way if someone steals it, it won't work. They could even handle this transparently by setting up an application that behaves like paypal, where you click the link and it autogenerates the temporary card number for the merchant to charge against.
The trickier problem is malware infected atms and man in the middle attacks between atm and bank.
With either, the numbers can be sent to a card fabricator, who can simply recreate your card for a thief.
The bank has to take responsibility for this one since ultimately the security of their network and ATM kiosks is their problem.
You can ultimately take ownership of your own security by opening up a checking account with no atm card. Open a second one with an ATM card and transfer money to it as you need it via phone call or by using a smartphone application provided by the bank.
While this is a royal pain in the ass, it would work.
I've been in the US for 10 days or so (longer now thanks to the Iceland volcano) and not once have I had my PIN or signature checked while purchasing goods. I get handed the goods and card before I finish my signature.
In the UK I have to enter my PIN for each purchase, and get occasional signature spot-checks.
So I suppose you guys have to start actually checking credit card security first before complaining.
I'm too cool for a sig.
I've had the same experience though I wound up not actually losing the money after the bank did their investigation thing, and it's darn lucky that the guy who did it to me didn't realize that the debit card in question was for a payroll account and had a ton of money in it. Just some junkie who knew how to make up card numbers the first time (the algorithm is published including the checksum info!), and the second time a dumpster diver getting info from a legit company I deal with who got sloppy. I now just have several check accounts for various uses that have the attached plastic, and only put money in them when needed -- any attempt to rip them off won't get much if anything. And it works fine -- no more problems after that move. You can't just use cash -- my wife will pickpocket it (!), and the internet doesn't allow it for online ordering.
Why guess when you can know? Measure!
In Brazil it is a common financial crime. Its called card clonning. The solution was replace all magnetic cards with smart cards. http://en.wikipedia.org/wiki/Smart_card. In these cases (card clonning) the Visa machine is replaced by an altered machine that records data about your card and password (if necessary). With smartcards, clonning is not possible, like GSM phones. Banks have inssurance. When they start to spend more money with inssurance than the cost of replace all cards by smart ones, they will start replace.
So you picked up a sharp object from the wrong end and cut yourself. Hopefully you didn't cut yourself too badly. In addition, you should have learned which end to hold onto.
Moral, don't blame someone else for the problem you encountered. Demanding that "something be done" is where excessive government comes from. Learn what the risks are, determine how much of those risks you are willing to take, and adjust what you do accordingly. Even using an armored truck to haul your cash around and using armed guards to make your purchases are no guarantee someone won't still make off with your money.
Additionally, where you "go" to spend your money, determines how likely there might be someone there who wants to take it from you, other than the merchant, bar, club, website that you intended to spend it at.
Check http://en.wikipedia.org/wiki/3-D_Secure#Criticism for just some of the problems.
Visa are doing something about it, so much so that they are enticing people to use it by accepting the liability of fraud themselves - rather than leaving it firmly with the merchant as it is today.
If only this were true it might be worth it. However, the terms of the agreement presented to me whenever Verified by Visa tries to force me to join require that I, personally absolve both Visa AND the merchant of any responsibility for fraudulent charges and agree to pay any and all such charges while waiving the fraud limits on my current "unverified" card.
-- The reader anything less than completely failing to not misunderstand this sig is cursed.
It's not in the bank's interest to make Debit card fraud easy.
options seem to be:
Use Cash
Use CREDIT card, paying balance in full each billing cycle (Works if credit Ok)
Use a checking account you transfer just enough into, and a debit card
Use one time numbers
Why?
Credit card, you just don't have to pay, it's not your money that they have, it's theirs. That is likely to be cleaned up far faster, and if it isn't, it's just not your problem once reported. Most real cards waive the 50$ federal limit, too.
Debit card, the longer they wait to clean it up, the more fees they accumulate, and the less interest they pay, less money out of Their pockets. So usually in the Bank's best interest to NOT clean it up quick. Yes, some banks do consider the ease, but it's entirely a customer service game, it costs them to do it. When cost > Benefit, they won't be so nice.
If the bank gives you a Debit card, you may request that it be deactivated. I was auto-issued one, and made an explicit request to NOT have a debit card, but Only a ATM Card. I didn't want to deal with cleaning it up, and I've already had my identity stolen.
I once had an employer reverse a direct deposit 3 days after it had gone in, resulting in a dozen overdraft fees on small purchases. I got it straightened out and the credit union was good enough to forgive the fees, but I learned a valuable lesson.
Turns out nearly every banking institution will reverse direct deposits up to 10 days after they go in. So now I have to worry both about mistakes on both ends (deposits and ATM cards).
My solution: direct deposits go into account A, ATM card is account B, "real" money goes into account C, Paypal comes out of account D, payments over the Internet come out of account E, and payments by check come out of account F. And a wholly separate bank has a single savings-only account for long-term savings.
It's absurd, but I've got no assurance than ANY pool of money can't be gotten into and my life fucked trying to fix it.
The risks with cards are 'common knowledge'
If you did not know your card code be abused, you are beyond any doubt a complete and total moron, as is Timothy for posting this story.
Putting a warning like you're talking on every card would be just like the cancer warnings in California. You'll still be retarded and ignore them anyway.
Now, lets get down to facts and things that can help you.
All bank cards in America require that the proof of sale be on the seller. Your bank should immediately halt the funds at worst, and in general should return them to you until the seller proves you bought the items. It doesn't have to be a Visa or a MasterCard. Don't get me wrong, if you go by a prepaid visa or something from some random refill over the phone place, good luck getting your money back. With a real bank however, its generally a lot easier to just threaten to call the feds and report them.
You've probably already seen it, but here is an excellent comment with proper links to what you want:
http://ask.slashdot.org/comments.pl?sid=1620370&cid=31866498
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
You are correct, but it is also true there are more legal protections on credit card transactions than on debit card transactions. So I guess the real question is, how much do you trust your bank to do the right thing, vs. what they are minimally legally required to do, without having to call their regulators or file a lawsuit against them.
First, I think he'd tell you he'd never use his ATM/PIN in ANYTHING but an ATM machine. If you want cash without going to a teller, there is no cheaper or safer way to do it. Debit cards or credit cards would all work the same as an ATM card, or would be more expensive. This makes the issue of PIN transactions being harder to refute irrelevantly equal. And no retard should give their PIN to anyone they don't accept as an authorized user of the card for any purpose.
Also while Visa provides virtually equal protections for credit and debit cards, that doesn't give it the force of law, only the force of contract that may have to be litigated. I believe debit card transactions still have somewhat fewer legal protections than credit cards. But even that doesn't really matter.
The real issue is if your debit card is rooted, the money is gone until the bank chooses to return it whether they do it in a couple hours, a couple days, or a couple weeks, whether that is legal or illegal, contractual, or in violation. If your credit card is rooted, you still have all your money. And if worse comes to worse and you can't agree with the bank on whether it is a valid charge, and you choose to sue or not, you can just not pay your bill. You credit score might go to crap, and they might choose to sue you, but you still have your money until you choose to give it to someone else.
Like I posted farther up, my bank did the exact same thing that the GP describes.
If you don't trust your bank, why are you banking with them?
Karma: Poor (Mostly affected by lame karma-joke sigs)
My credit card signature is blurred to the point of uselessness. Several places don't require a signature for smaller transactions.
I'm not sure how much legal weight the signature actually has.
I bank with a small national bank and a community credit union that I somewhat trust. They have never done anything to me, or anyone I know of that I deemed inappropriate.
But I also don't 100% trust any company to always do the right thing. You can always get a jerk employee, or just get unlucky after a misinterpreted policy change. When it is my money, I will always err on the side of caution, and the side of having more protection in regulation, rather than in contract or marketing language.
The "except" is not a big difference, in fact it's not a difference at all when comparing fraudulent use (with possession of the card) of the two types. A debit card can be used with a signature, exactly as a credit card can. If they're not going to check an ID with one, they're not going to check an ID with the other. The "nobody holds my debit card ... internet use ..." has no bearing as the argument can be used just the same for credit cards. If it's never lost it doesn't matter.
Increased security measures have increased costs. The average prices are built-in, and credit cards aren't going away. Smart shoppers get the average merchant costs lowered by debit card users, so like most things a higher percentage of burden is on the backs of those who pay less attention to the ramifications of their actions. I'm perfectly fine with all that.
The only time any of that comparison would be valid is with a debit card that cannot ever be used as a credit card. I wish you the best in finding one of those that is accepted at all standard terminals. If you have, you're lucky.
Verifiedbyvisa which will add an extra layer of security by demanding an OTP to be generated with the smart card of the VISA card; making fraud virtually impossible unless the card reader & code has been used.
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
You think warnings are going to help? They made a whole big hype about putting warnings on cigarette packs. Raised the price to do it.
Sorry, I don't know you. But this is asinine feel-good legislation. A debit card is an electronic checkbook. It contains, in one way or another, your account information.
You know that. Unless you're one of the people in 1990 that didn't know nicotine was addictive.
I fully agree they have a responsibility to protect their customers -- as much as is financially and practically feasible. But please. Signs don't solve problems. Or make a damn bit of difference in anything.
"But I also think that those producing these check cards should be required to advertise the hazards of having one of these cards (not in small print and maybe required in advertisement of these cards, similar to what is required with pharmaceutical drugs on television) and/or that if a debit or check card is issued a separate account should be required for its use, and users informed of the issues of placing all of their money in the same account that their debit card has access to."
Your argument is that you didn't know someone could steal your money? You were not aware of the hazards of carrying money (in whatever sense) in the modern world?
I'm sorry your account got cleaned out, identity theft is hardcore and there needs to be a lot more support and it needs to be treated like a much bigger crime than it is. I used to work in the check-authorization industry. It was awful to see these poor people getting their identity stolen and their life ruined.
But please. This is feel-good, 'blame the company'/lawsuit mitigation crap. It doesn't actually do anything. And it isn't anything that people shouldn't know already.
If we want to make a difference, we need a separate government bureau that is devoted to preventing/tracking/prosecuting/educating/defending citizens from/to/about identity theft. Smoke and lights aren't going to solve the problem. And they'll just make it more obnoxious and 8th grade-level instructions to do business with my bank. I hate that.
Again, it's not my intention to attack the OP personally. But those are the last things that are going to actually do any thing to help the problem. They will, though, cause the government/banks/credit card companies to spend a little bit of money, make a lot of noise, not make the situation any safer, and triple the hassle of doing through daily life. Airport security anyone?
K.
I have worked with the same bank for years now, and there have been six attempts on my debit cards, all taken from either ATM machines that had "readers" attached, or hacked from places like gas stations. Each time the questioned transactions were cancelled with no question by the bank. In one case, the security was so tight that I had trouble getting money from an ATM because I had gone on business to the Bahamas and they considered the transaction "out of pattern". Get a different bank.
I've never understood why anyone would use a debit card over a credit card. There are federal laws protecting this sort of thing for credit cards. For debit cards the banks can set whatever policy they want. Including doing nothing. Credit cards have other benefits, like doubling product warranties, allowing bill disputes BEFORE paying, etc., etc. I can't think of a single benefit to a debit card, short of someone not being able to qualify for credit.