Slashdot Mirror
What Can Be Done About Security of Debit Cards?
JumpDrive writes "I have been the victim of (Visa) debit card theft. I do not know where they stole or got the number, but it was used one day on the other side of the country and the next day it was used in Europe until they cleaned out my account. I had been monitoring my account online and immediately went to the bank and filed a claim. I was told at that time it would be 3 to 5 weeks for them to investigate the claim before they could return my money. Recently I tried to make a purchase with a debit card and was told that they couldn't use the card since it wasn't a Visa or MasterCard check card; this led to a discussion of why I no longer have a Visa or MasterCard check card. Which then led to the question of 'What can be done about it?' Currently I have a separate account for debit usage for my personal safety. But I also think that those producing these check cards should be required to advertise the hazards of having one of these cards (not in small print and maybe required in advertisement of these cards, similar to what is required with pharmaceutical drugs on television) and/or that if a debit or check card is issued a separate account should be required for its use, and users informed of the issues of placing all of their money in the same account that their debit card has access to. What other precautionary measures should be required or taken?"
The short answer? The banks will do nothing for you today.
The long answer: Nobody will do anything for you tomorrow, either.
Why? Because Visa does two things, only one of which makes money. First, they are in charge of defining financial card security through the PCI council, and they own and operate the secure network VisaNet, which carries authorizations from retailers to banks. Guess which one makes them money?
If Visa were to design and offer a cryptographically secure solution, one based only on smart cards for the customers and Hardware Security Modules (HSMs) at the banks, then I could safely route my charge authorizations over the plain ol' Internet. I wouldn't need to use the charge-per-transaction VisaNet. Visa would stop making money.
So instead of offering a secure solution, Visa and the PCI council say, "Merchants must lock down their systems, protect this data, follow these 12 steps, acknowledge that you are powerless over alcohol (oh wait, wrong 12 steps), and if you don't, we'll loudly blame you for allowing someone to see our non-existent security."
Visa owns the protocols used between merchants and banks. They could strengthen the protocols. They could prescribe encryption. They could require the deployment of chipped banking cards. But they do not, and have not for many, many years, despite a pathetic track record of security.
If you want the banks to be safe with your money, you ironically have to take charge of your own security. If you switch to using the green paper stuff, your losses will be finitely limited to what you carry on your person. If you want a more achievable answer in today's plastic world, DO NOT CARRY DEBIT CARDS. Debit cards do not offer you protection against loss. Credit cards are limited by U.S. law to a maximum of $50 liability to the cardholder. Debit cards losses are usually covered by the bank, but they are under no legal obligation to do so. For ATM access, most banks will honor your request for an ATM-only card instead of accepting their default ATM/Debit card. Of course, the use of credit cards requires personal discipline to always pay the debt on time, but otherwise you would see little difference.
John
http://badmoneyadvice.com/2010/04/the-usefulness-of-id-theft-fear.html
-- up-modding policy: make a good point, write self-contained.
If it gets stolen, it's not your money. Also, you got skimmed.
How the banks advertise it: "Use your own money to shop online!"
What it actually means: "Expose the cash you need to live on to fraud."
The banks like it because you're putting your money at risk, not theirs.
How we know is more important than what we know.
Step 1: Cut DEBIT "check" card in half
Step 2: Just use a CREDIT card. You're protected. Problem solved.
In Canada you need an ATM PIN to use a debit card linked to a bank account, but the PINs can still be skimmed by compromised payment terminals. I only pay by credit card.
Shop around for a bank that actually values you as a customer. I believe Bank of America will give you your money back within 24 hours. I'm not a fan of theirs but at least they do that for you. I personally use US Bank.
Work Safe Porn
The've actually stopped me from using my own card. A minor inconvenience for peace of mind.
1) Get a bank that lets you put your picture on your card (in case your card is physically stolen)
2) If it's possible (not sure on this one), get a card that can't be used without a PIN
3) If it's possible (not sure here either), get a bank that allows you to configure your card to only be used online if the security code on the back is also used. MANY places online still don't ask for this, for some reason. The payment systems DO know the difference between whether a card is being used in person or not, so there's no technological reason this isn't possible.
4) Encourage laws to make these things available where they aren't, with the 'default' settings set to maximum safety.
But I also think that those producing these check cards should be required to advertise the hazards of having one of these cards
NO, NO, NO. No stupid, pointless warnings. Make the financial institutions solely liable for all identity theft. They're the only ones with the ability to stop it, and they should be the ones that bear the full economic incentive for managing fraud.
But I didn't say it first, Bruce Schneier did:
The actual problem to be solved is that of fraudulent transactions. Financial institutions make it too easy for a criminal to commit fraudulent transactions, and too difficult for the victims to clear their names.
[...]
It's not that financial institutions suffer no losses. Because of something called Regulation E, they already pay most of the direct costs of identity theft. But the costs in time, stress and hassle are entirely borne by the victims.
The whole article is +5 Insightful, well worth reading.
Nothing can be done to improve debit card security beyond what already has been done. The best thing anyone can do is avoid using it anywhere other than an ATM or some place you trust. If you can, use a credit card and just dont over spend.
And the really sucky part of your troubles is that any checks that get bounced because of this, you're responsible for the fees - all of them.
And banks love to tally up all your withdraws before all deposits just so they can hit you up for charges. They're junk!
The best way to protect yourself from debit cards is not to use them.
When Visa and Mastercard say that you have the same protections with a debit card as you do with a credit, they're full of it.
There's only one way I know to protect yourself if you really need to use one of those things ("Piece of trash Visa or Mastercard" as Howard says). I opened a checking account a few years ago and my own bank said that I should open anther account just for debit transaction (totally free of course) just to protect myself an my money. They even admitted that they're crap - WaMu before the Chase takeover.
RIP America
July 4, 1776 - September 11, 2001
One day I found that my bank account had been cleaned out. There were a massive number of $50 charges from one vendor -- essentially they kept charging $50 until they got a decline. The charges had occurred after 11:00 PM and before 5:00 AM local time, which made me think that time zones were involved.
I called the bank immediately and reported it, had the card frozen but by that time there was only about $20 left.
I did some research from the transaction information -- the company had an address in California that appeared to be fake, an 800 number that was disconnected, and the domain was owned by a different company in Korea.
I printed all this out, took it to the credit union. They had me fill out some forms, and gave me access to some money (I was pretty much broke) while they worked on it.
Within 3 days all my money was returned to me. It's possible that the credit union fronted me the cash while they worked with the authorities -- they never said. But as far as I was concerned, the event was over in less than a week.
Maybe it makes a difference which bank you use. Or maybe it's the difference between a bank and a credit union. I dunno.
I never did figure out how they got my numbers.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
If they are resolving it, but just not as fast as you like that is one thing.
If they are choosing to look the other way that is another and that will not work in the long run.
I think 3-5 weeks is a reasonable amount of time given the often complex nature of the problem.
How long do you think it takes the bank to recover or catch the parties involved?
Do they often recover the lost money?
Personally I would like it if I had a remote that I press that allows my debit card to be used for the next half hour and only when it is activated.
Hard currency is on its way out of style so whoever designs the next big sec measure for debit will be laughing to the bank.
... to limit where, when, and how much the card can be used. How about instant notification for user approval on your mobile phone? That'd be really cool.
I have set up my acct such that if there is an access made more than a certain amount of money and/or out of my local area, they call me/text me to call them and verify the transaction. I am not a frequent traveller, so this works out for me. Look up if such a facility is available with your bank too. Another thing, see if they offer some sort of fraud protection mechanism. Some banks do that. That takes off some of the time-delay/processing worries too. If you choose to use your debit card and not credit card mostly, also, move your money from checking to some savings account and keep very little ( subjective) money in checking. That may help too.
You know the saying about having a single point of failure, all of the eggs in the same basket, etc... Have enough cash on hand to see you through the time it takes to get something like this resolved. An 8 to 12 week supply is probably prudent, as well as a reasonably robust safe to keep it.
CDs are also useful, though someone could conceivably take those as well.
The society for a thought-free internet welcomes you.
I won't use a debit card untill they make crediting the account just as fast as a debit action. In other words, never.
zenray
zenray
What's usually expected of the bank is to return the money out of their own pocket while they're investigating.
Debit cards are functionally useless, since they give you nothing that using credit card which you pay off every month wouldn't while costing you quite a bit.
If you have a credit card you pay off every month, you get an interest free loan for a month. You earn points for rewards. You get protection against fraud. You often get warranties on things you wouldn't normally get.
You get NONE of this with a debit card. The only reason a debit card is preferable is if you don't have the self control to spend an amount you can pay off every month, or you have such a bad credit rating you can't get a credit card with a grace period.
I have been telling people for YEARS how unwise it is to have or use a "debit" card with a Visa/MC logo on it. My bank kept INSISTING that I use one, and I would have to send it back and tell them to please send me a regular debit/ATM card. Many of the same people that thought I was "paranoid" and "obsessive" or just plain strange don't think so anymore. I know more than one person who has had money taken from their account and then it is up to THEM to try and get their money back, meanwhile checks are bouncing, fees are accumulating, credit scores are plummeting. Hours and hours of work to "fix", and then not really know if it is "fixed".
The whole idea of taking a perfectly good ATM card and then linking a Visa logo to it so someone can take JUST YOUR NUMBER (not even have the card) and wipe out your actual account, live, without even a PIN code, is just crazy. Get a CREDIT CARD and let *THEM* take the risk!!
Interestingly enough, a Australia's largest shopping retailer (Woolworths) has just stopped the use of debit cards in their store - citing excessive bank fees. Instead, customers must use EFTPOS - which goes directly through the banking network and not Mastercard or Visa.
In Soviet Russia the insensitive clod is YOU!
This is something I've never understood. Why on earth would you ever use a debit card when a credit card can be used instead? As long as you keep your account balance at zero, you have nothing to lose by using a credit card. And you gain a few legal protections against fraud; your own money generally isn't exposed.
Do debit cards have any advantages at all?
As someone who has just been stung by a £10000 scam. Someone somehow persuaded my bank to to allow them to to do telephone banking on my account. He did not have my passport, driving licence or birth certificate. How the branch and the bank's fraud dept thought it wasn't possible however 2 days ago the fraudster phoned the bank's phone line to see why he couldn't steal any more money. All true BTW I never checked statements too closely you need to. Got about 7 grand back so far.
IAABG (I am a banking geek).
The rules for provisional credit on debit cards is very well established. They fall under Regulation E, section 205.11. The bank has ten days to get you a provisional refund, and can take up to 45 days in certain circumstances to complete their investigation and finalize the credit.
Make sure you get them a notice in writing! Once you do, they have ten days to credit you, and many banks will do it much faster. If the bank drags their feet, just tell them "I want provisional credit within the mandated timeline per Regualtion E".
Here's more on this topic:
http://www.bankersonline.com/technology/guru2008/gurus_tech022508c.html
http://usa.visa.com/personal/security/visa_security_program/zero_liability.html
http://finsolinc.com/Reg%20E%20EFTA%20Error%20Resolution%20Flowchart.pdf
The protection for misuse of debit cards is strong, you just need to know what to do. If your bank isn't responsive, Move Your Money to a smaller institution that cares.
1. Get a Bank or Credit Union that gives a damn. Investigate before you choose one. A good one will monitor your activity and shut it down and call you when something goes wonky (like charges from all over the place or charges from known fraudulent organizations). When it does go wrong a good one will either fix it quick or possibly give you provisional credit to get you buy until they do fix it.
2. Use a real Credit Card for most items and have the discipline to pay it off each month. Credit Cards are held to a higher standard than debit because it's *their* money and not *yours*. If you challenge a charge they have to credit you right away while they research it, and the burden of proof is on them. As a side benefit you might get mileage or an annual rebate.
3. Use your debit card for small ticket items -- lunch, gas, etc. Don't keep more than you're willing to lose in the account, a few hundred maybe.
Real programmers use "copy con program.exe"
I have a separate account with debit card that stays zero. When I know I'm going to pay a bill online or use for some other purchase, I move just however much I need into that account to cover the purchases or debits. In this way, if some one gets ahold of the number, there isn't a lot they can do with it.
Also I don't have overdraft protection on that specific account so that again, if someone gets my number(s), there isn't much they can do about it. Sure I may get nailed for a hundred bucks - if they catch it at the right time - otherwise, they just don't get my money.
Beer is proof that God loves us and wants us to be happy.
"and users informed of the issues of placing all of their money in the same account that their debit card has access to." Ever heard of not putting all of your eggs in one basket? I keep enough money in my checking account to cover me and the rest securely in a savings account. People shouldn't have to be told to have common sense.
A common theme I hear is that credit card companies don't care enough about fraud to do any investigation whatsoever. I'm loath to pay any fees at all on my credit card, but I'd probably pay, say, 50$/year to get a card where, in the event of my card being used fraudulently, the criminals are hunted down and prosecuted / persecuted to the fullest extent available in the country in which they're found. (Rather than it just being written off as a cost-of-business expense and raising everyone's interest rates)
It is no longer a question of if your card will get stolen, but when will it get stolen.
I keep my daily limit low on my debit card. Around $250-$300 is my daily max. When I want to purchase something over that I call the number on the back of the card and have it raised. After the purchase, I call back and lower it again. The few times I need to make that call are worth it.
Once I was calling back to get it lowered and the lady was so confused as to why anyone would want such a low daily limit. Once I explained it to her, she thought it was a good idea.
I use this card every day. So if someone runs it to its max, I will find out about at lunch time. If I am out that 300, its a manageable loss.
What if you could get back every dollar that they take from your account from the bank (or some type of insurance)? Lets just say you have a high daily limit and they are able clean out your account in 1-4 days. How long can you survive while you wait to get it back. Thats the scariest thing about it comming directly out of your account. It is money you are missing while you try to get it recovered. When it is on a normal credit card, you can still make your house payment. There is no way they could get that back to you over night. It would take days or months while they investigate.
The most common theft of credit card numbers are from family members or someone you know. When charges are local to you, the investigations require more time and take more work.
Im a gamer, not a grammer major. This post is full of spelling and grammer mistakes.
On the flip side of that argument, someone stands to make a lot of money by entering the market and challenging Visa with the selling point of increased security.
Theoretically true but it would take someone with VERY deep pockets. Visa and the other large credit card vendors have a the very powerful asset of network effects on their side. Virtually every merchant takes Visa and Mastercard. Somewhat fewer take Discover and Amex. Very few merchants have the equipment to handle more secure cards. This means that even though there are safer cards available, there is no network to handle them and it would cost a sizable fortune to get enough merchants to carry them. From the consumer's point of view there is little incentive to carry a card that is not widely accepted especially if they are protected against loss anyway. Visa can simply promise to cover any losses which makes it uneconomical for someone to build a more secure network. In other words, ain't gonna happen.
Only way I can see a secure card network being installed in the US is if it is mandated by Congress. I've seen some efforts by Amex and some others but unless somehow we can convince Congress to get involved (unlikely in my opinion) I just don't see it happening any time soon.
Want to know why you can't get a credit card? Because you don't have a bank. Seriously, stop using those ghetto check cashing shops and get a bank account. Wasn't it embarrassing to tell you employer that your bank is "ACE Check Cashing"?
Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
As others are going to point out, short of a miracle you'll have a hard time persuading banks to move to anything more secure, but...
Currently, if I order online, I give the retailer my credit card number, expiry date, the security number off the back, my name and address. I might as well just post them my passport, in terms of giving them things that can be mis-used. So, better plan; I attach a trusted (as in I trust it, not to be confused with Intel's idea of giving you hardware the MPAA trusts) hardware device, in to which I insert my card. My web browser says "I want to pay $100 to " to the device, the device flashes this onto its own independent screen, and asks for my PIN to confirm the transaction. If I confirm, it generates a one-time usable token for payment of $100, usable only by the named retailer, and sends it to the web browser, to go on to the retailer. If it's intercepted, it's useless. If someone manages to persuade you to pay the wrong person (say a site that calls itself fBay and you don't notice it's not eBay, I don't know), at least they can only take as much as you've agreed to, there's no way they can take more.
For shopping day to day... I don't know, maybe the little hardware device does short range Bluetooth to do a similar transaction sequence with the till?
Yeah, so, not going to happen, but that's what could be done.
It sounds counterintuitive but the real solution is to just never use a debit card. Have a separate ATM card and credit card.
When you're using a credit card, you're protected automatically when things like this happen. If you claim that a charge is fraud, it is up to the merchant to actually prove that it is a legit charge. This means that your credit card company will remove the money from the merchants account immediately. If they fail to prove (usually by signature or some other means) that you made the charge, they take the hit.
The other thing that sucks about using a debit card is that they do absolutely nothing to help you build your credit. If you're looking to get lower APRs one of the best ways to do that is to use an actual credit card to buy things and then pay off most of the balance every month. When you use a debit card it doesn't register as a balance. If you bought tens of thousands of dollars on a credit card it could do wonders for your score if you pay it off and keep the balance low. Doing that same thing on a debit card does absolutely nothing.
Debit cards also suck because if you use them for things like Hotel Reservations, the Hotel will actually put an AUTH on your card for more than the price of your room. As long as that AUTH is there you don't have any access to those funds in your checking account. Hotels, etc will routinely AUTH you for more than the price of a room, in some cases 1/3-1/2 as much.
HSBC, the chinese bank, has been handling my money for a long time. I use a debit card and quite freely, I might add. I had never had a problem until about 6 months ago, when I saw a transaction which I hadn't made.
... ... ... Ok, sir, your money is back in your account. You can use it right away."
I called the bank immediatly and told the nice lady my problem. What she said was "Are you sure you didn't buy anything from companyname on that date? Alright. Do you agree to pay any charges that could arise if the company has the signed voucher for that purchase? You do?
It made me feel kind of dizzy to see a company treat me, their client, as a human being. I checked right away and just as she said, the money was back in my account.
A few months later I had some issues with an internet transaction. I clicked the "pay now" button at the end of the process and after a few seconds, the page gave me an error and I just left it there. However, the site did make the charge (even though the company had no record of the transaction when I called them). I had to call the bank again. This time the call took 30 minutes, but the money was back in my account by the end of the week.
Say what you will about the Chinese bank, but they treated me greatly those two times.
I work as a network admin for a small community bank, so I have a passing knowledge of these matters. First, fully investigate your rights under Reg E if you are in the US.
http://www.federalreserve.gov/bankinforeg/regecg.htm
There are rules that govern reporting unauthorized transactions and the providing of "provisional credit" by the financial institution. Make sure you read and understand your rights. Hold your institution's feet to the fire, and make sure they act within this framework.
Second, understand that it is difficult to protect your debit card information. It can be stored (and stolen) from so many places. Any online purchase may result in your card info being stored on a server somewhere. Once that server's back end database is compromised, your data is exposed. Or you shop at a store with a POS system that is not well secured. Or your server at the restaurant last night cloned the mag stripe on the card. Ad infinitum.
Now, it's easy to say "make the financial institution liable for all fraud". But keep in mind the sheer volume of ACH payments processed by some of these banks. There's no way in hell that a bank can know for sure, 100%, that you did or did not initiate a particular transaction. However, please know that most banks' core providers have heuristic/behavioral analysis that does in fact look for behaviors that don't match yours. Companies like Fidelity National Information Services (FNIS), for example, actively send out "fraud alerts" that monitor ACH and debit activity on their networks. For example, if your card is used to purchase a product from a country or a domestic location that doesn't match your activity history, your bank can be alerted and the card can be "hot carded". I know it seems like we, as banks, drop the ball a lot, but keep in mind there is a lot going on that customers are not even aware of.
One piece of advice I would give is to just keep enough in the DDA account to which the card is tied to not go into an overdrawn status. Keep the bulk of your funds in a NOW or savings account with nothing electronic tied to it. No debit card, no automatic bill pay, etc.
How the banks advertise it: "Use your own money to shop online!"
What it actually means: "Expose the cash you need to live on to fraud."
The banks like it because you're putting your money at risk, not theirs.
Which is why I've used AMEX for my daily expenses for close to ten years now. It's a charge card, not a credit card, so you don't get deep in the debt hole... you have to pay the balance at month's end. But it has all of the standard protections of full credit cards. Someone, probably a clerk at a store somewhere, used my number for fraudulent purposes, and as soon as I noticed it on my bill, AMEX froze the charge, and launched and investigation immediately. They kept me up to date the whole time. Also, if "suspicious" activity occurs on your account,,,, say, an all-night Ebay binge... they'll temporarily freeze the account and call you just to be safe.
Life is hard, and the world is cruel
They encourage the use of signature cards instead of PIN cards, even though PIN cards cost them much less to process. That's because they can add their cut on top of that price, and pass the cost on to you.
Signature debt card fraud is about 15 times as high as PIN debt fraud. When was the last time somebody checked your signature on a card?
So, it's more wasteful, and enables vastly more fraud, but the banks love it. But I guess that makes sense; bankers are, after all, parasites and crooks under the protection of law.
Let me give another example of how they don't care about real security. USbank's online banking service now interrupts the standard username/password entry process by asking you a "security question." These questions are things that you could find about most people in a couple of minutes, by looking at Facebook/google, knowing them casually, guessing, etc etc. The answers are shown in the clear. So where, on every other site you've ever used (including, until recently, this one) you'd expect to be typing your password into an obscured field (********), you instead are typing into a box that anybody near you can read. Awesome. And in exchange, the security you get is... a trivial question, and a picture from a handful of pictures you're allowed to set as your "security image". Which anybody within 50 feet can see.
[Reviews comment in case caffeine has led to unfortunate or controversial comments. Nope, looks good!]
Smart-style Cards loaded with one-time pad data that are recharged from time to time. No reason why a credit card number should ever work twice.
This is EXACTLY why I refuse to carry a debit card. With one swipe, your account is empty and your mortgage bouncing.
With a credit card, you argue with the bank about THEIR money.
With a debit card, you argue with the bank about YOUR money.
Guess which sort of inquiry receives more attention?
SirWired
Visa requires that a provisional credit for any losses be issued within 5 days. Tell your bank that the 3-5 week time-frame is unacceptable and inconsistent with Visa guidelines.
But this feels a bit much like an overreaction. I do feel bad for you, but... This is like saying I'm going to buy a car, and the window sticker says that, since I run the risk of, even if I roll up the windows and use the locks, that my vehicle could be stolen. It then says that I should not keep anything of any noteworthy value in the car, that all CDs I have inside should be a second copy purchased for my car, and that I should inject quick-set cement in the keyholes and take out the battery when I park it. Or... well, there are plenty of metaphors for it. The truth is, even with some of the most clever ideas in the world, bad things happen, one way or another. And most people are willing to run the risk of not having certain precautions in place in order to enjoy the convenience of not having those bogging things down. Having a separate account just for your debit card would be one of those obtrusive precautions, and still puts you in a lame spot if you encounter an emergency expense.
I know that my check card can only access my checking account, so I would have just transferred everything in it to my savings until I got a new card issued. Also, I'd really be surprised if my bank acted this way - they've always been extremely helpful to me (it's a credit union though).
I have been pretty lucky with the banks I use. Years ago, I suddenly had some transactions from Ireland show up on my card. I went to a local branch and talked to someone. I simply filled out a form, they gave me a new card and refunded the money right there. More recently, I went on vacation and made one transaction with my debit card. About an 30 minutes later I got a call from a strange number, so I let it go to VM. The next time I tried to use the card it was declined. Annoyed I listened to my Vm and it was the bank (TD bank) asking me to call them back. I did and they asked me to confirm the area I was at and what my recent transactions were, once I confirmed them, they reactivated the card. Actually pretty nice of them.
So many injustices..so little time..
I thought the USA and perhaps other countries had what canada has for pretty much all Debit Cards... Interact
http://www.interac.ca/consumers/security_fraud.php
From the first paragraph of that FAQ
What we're doing about fraud
In 2009, $142 million was reimbursed to victims of fraud as a result of debit card skimming. Victims of debit card fraud are protected and will not suffer any financial losses resulting from circumstances beyond their control.
While debit card fraud represents a fraction of one percent of all transactions, Interac Association takes significant steps to prevent debit card fraud and protect cardholders. Interac Association works together with members and business partners to ensure that the Interac services remain among the most secure in the world. Following are some of the initiatives that Interac Association is involved with.
You must master your joystick like a fisherman masters bait! - Gimpy
The whole point of a bank (at least originally) was to keep money safe by making it difficult to access. Through the years we have demanded that banks make it easier and more convenient to access our money, and now we are paying the price. Security and convenience are inversely proportional to one another. It is a mystery to me why we, as a civilization can't seem to grasp this basic concept.
Look it up.
Visa are doing something about it, so much so that they are enticing people to use it by accepting the liability of fraud themselves - rather than leaving it firmly with the merchant as it is today.
The problem is an existing system that works worldwide with millions of users is BLOODY HARD TO CHANGE.
You will probably see it introduced at about the same pace as IPv6 (which suffers from the same 'migration issues')
A debit card is a fool's device. It has all of the disadvantages of a credit card without the free use of a months worth of money. Pay the messily $55 for an American Express card. It has all of the advantages of a credit card without any of the disadvantages. The money is worth it and you can make it up in a years worth of whatever point system you like (I like ONE, because it pays cash quickly.)
excitingthingstodo.blogspot.com
You don't need to check your balance every day, only that you still physically possess your plastics. If you make sure everyday before you go to bed (or do it first thing in the morning) that you still have your credit cards, you can just check your balance once a month.
I once had a signature.
Bingo. Check/Debit cards are fraud magnets by design. Heck, when they were first introduced, Visa actually ran ads showing how easy it was to commit fraud with them. They would show how hard it was to use a check because you had to prove who you were, but with a Visa check card, you can buy whatever you want without any evidence of who you are. Check cards have all of the lack of security of a credit card, and all of the risk of an ATM card. It is simply an ATM card without a pin. Who in their right mind would think that issuing ATM cards where using the pin is optional is a good idea?
Best advice? If using a visa check card, use a second account. Do not link it to overdraft protection to your main account (or in any other way, such as a "loan" to cover overdrafts at high interest rates). Keep a low balance, using online banking to transfer money as needed into the "spending" account. Then make sure your bank does not provide a check card for your main of "bills" account. This way, if you ever get hit with a scam you loose a minimal amount. Case and point. I had such an account, and all the sudden it went from $25 to -$75 due to a fraudulent paypal billing. We contacted the bank first, and they said "oh, that... don't worry, we'll take care of it". Apparently, fraudulent paypal billings are extremely common with my bank. We got the $25 back and immediately closed that account, and since it was totally separate for us it meant that none of our important bills went unpaid (though I wasn't able to get some takeout that week). The point? The only option is for you to be a smart consumer and figure out how much you are willing to risk at any given moment. Otherwise, get a real credit card that you pay off every month and gives you virtual account numbers for purchases. That will also minimize risks.
These charges were fraudulent. This may or may not affect your ability to pay your bills, buy food for your family, put gas in your car to get to work, and so forth. It could wind up costing you significantly more than just the charges in late fees and a damaged credit rating (which affects everything from loan rates to car insurance payments). These will haunt you for years to come. There are ways to minimize risks, but it sounds like you're saying to the family of someone murdered "stop being such a cry baby, people die all the time... its just the risk we take for living". In other words, maybe a little more empathy for the crime victim and a little less blame along with a dash of constructive advice would have been ... tactful.
Banks must roll differently stateside, here in Australia my visa debit card has been compromised twice. Both times I was contacted by the bank (different banks in each case) before I even knew what was going on. They had a new card and number out to me in 3 days and the dodgy charges were refunded by the time I logged on to my internet banking to check.
Another time I was on my honeymoon and the resort we were staying at put a rather large hold of funds on my visa debit card. My bank rang me and said they had a large charge on my card and asked if it was ok.
Impressive all round.
There would be no implementation costs as its just a printed pattern on a transparent region of the cards and the online authentication security exceeds the vast majority of electronic tokens, even being able to do transaction authentication to defeat MITM attacks.
All of my accounts will alert me by text and/or email of any transactions exceeding $500, or if the monthly transactions exceed $2000. I don't need to monitor my accounts daily, because the most anyone can take without triggering an alert is usually $500.
That being said, I check my accounts on a weekly basis, which is a good habit to get into. I get my balance and recent transaction history emailed to me on monday mornings, again using the banks' own systems.
Account alerts are wonderful tools. Use them!
This needs to be addressed from two angles 1) Write a letter to your local representative in government explaining the situation and how difficult it is to deal with the banks and some solutions that are well though out and can be instituted. Do this as a real letter not an email, the truth is as much as banks have lobbies you get the right person at the right time (say right when his best friend was hit with identity theft) and it will make a real impact and make the representative less receptive to the bank lobby. After you finish step one there are a few options for step 2 depending on the tech you have and if you travel out of your country allot. The best option is you travel rarely out of your country, you have a smart phone and don't like to use credit cards a) Get a bank that works with said phone online b) make sure the bank offers a pre-paid debit card and same day fund availability when you transfer with no fees and such nonsense c) put $50 on the card as a base d) anytime you want to make a larger purchase transfer funds with your phone and use your card If you travel out of the country increase the amount to say $200 and replenish as needed from internet cafes or hotel. This way if your wallet is lost or stolen you are temporarily out the money (the per paid cards are debit cards so have the same protection as debit cards) and they are better then carrying around a wad of cash. The other option as people have said is use a credit card normally a quick search online will reveal if people had a very hard time with a given card or bank and you will find better support from a smaller bank but not always better award points and so on.
I know this may not be popular, but debit cards are dangerous if lost, especially if a branded debit card. (I think that's the "proper" term for a Visa/MC/Discover debit card. It's what our treasury and acquirer/processor folks use, anyhow.)
I have a branded debit card issued by my bank, but it expired two years ago. I use it to get cash out of their ATMs. Because it expired it's unusable as a Visa card.
For my day to day purchases, I use a proper MasterCard - a credit card. Everything goes on it - I've gone weeks without touching cash.
I pay it off every month. I don't charge things I can't afford. If I lose it, at most I'm out $50.
More likely, Chase will phone me and ask if I really ordered a computer to be shipped to Nigeria, and I'll say no.
The ONLY problem I've EVER had was that Chase didn't get my profile right for a while last year - they were shutting down my card and calling me once a week to confirm things I really did.
So I used my Citi card for 6 months, let Chase cool off, and now I'm back to Chase. So far so good.
And I earn points. Lots of points. Points I can use to get free stuff. Do you get that with cash?
The preferred solution is to not have a problem.
Well this is why I have 2 different credit cards and bank accounts at two separate institutions.
1. I use my credit cards, they caught suspicious activity once, killed the card and called me immediately. I got a new card within a few days, in the meantime I had my other card.
2. I had trouble with my bank once, just walked over to my other bank and they gave me a small Line of Credit on the spot. I never plan on being tied to a single institution again.
Personally I don't touch debit cards, I only use it to go and deposit paychecks or occasionally withdraw money. For almost everything I simply use my credit card. I don't understand why anyone would choose to use a debit card over a credit card.
Credit card gives me money back, I know fraudulent transactions are caught, and I get a free 30+ day loan on everything I buy.
Legally.
In most countries a bank account is legally a loan to the bank. Legally it isn't a safety deposit box where they store your money for you.
This means the money is theirs to do with as they please and they are graciously allowing you to use their credit instead, with the attached terms and conditions.
Deleted
Think about the fundamental reason we use banks - they protect and secure our money. Think back to the Gold Rush era, they upped the security until the robberies stopped. This problem (and it's solution) lies solely with the banks. I hypothesize that it mustn't be costing them as much to pay out on Fraud claims as it would cost to implement effective security countermeasures. A couple of things they are already doing: Verified by Visa: http://www.anz.com/personal/credit-cards/security/verified-visa/ Security Chips: http://www.anz.com/personal/credit-cards/security/chip-cards/ 2 suggestions of mine: compulsory presentation of Photo ID for every CC transaction, and biometrics.
You could start using one-time use, or temporary debit cards. They aren't linked to your bank account, and you'd be able to set an amount you'd like to use for the week or whatever time period. This has the added benefit that if it were stolen, they wouldn't be able to take all of your money.
I believe there are various companies, including some banks, that will generate them for you.
I believe the lower charge is for transactions that go through the debit networks (i.e. with a PIN), and don't involve Visa or Mastercard.
A liquor chain here gives a 5% "cash" discount for using either cash, or debit with PIN. You only pay full price if you do a credit transaction.
http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&sid=635f26c4af3e2fe4327fd25ef4cb5638&tpl=/ecfrbrowse/Title12/12cfr205_main_02.tpl
I work IT in a community bank. I work very closely with our Operations and Fraud department. Here is what I can tell you about VISA debit card fraud. If you are a consumer, you are totally protected IF you report your debit card being lost, stolen, or compromised within 3 days that you became aware of it being lost, stolen, or compromised. The bank will also have a hard time proving when you found out you had a problem with your card. The bank HAS to give you your money back. VISA and Washington D.C. make all of these rules. The little known secret is that banks take huge losses on debit card fraud because the regulation coming from Washington D.C. totally protects the consumer. Most of the time in a fraud case, the bank isn't able to recover the money from the merchant and they have to refund the money to the consumer. Therefore, the banks lose money on VISA debit card fraud. As consumers, you really have nothing to worry about when it comes to VISA debit card fraud. You are totally covered. If you have a VISA business debit card though, you are not covered by the regulation and you are subject to taking losses in a fraud case. If you are a business owner, you better be REALLY CAREFUL when it comes to who has business debit cards tied to your accounts. In your case when the bank said 3 - 5 weeks to return your money, you should change banks. Go to a good community bank or credit union in your area. Somewhere that will recognize you as a person and not a number. Stay away from the large nationwide banks and regional banks. Especially the ones that are having loan trouble. They are trying to stay afloat by sticking all of their good customers with lots of account fees. I use my VISA debit card everywhere and never worry about fraud. You should do the same. I do suggest that you be careful using it on the Internet. As a computer security professional, I do recommend that you practice good computer security.... AV, Web Filtering, OpenDNS, Patching, etc....
I know that sounds ridiculous, but the current system really doesn't prevent this kind of theft. Maybe this is a sign that we need to get back to a budget life - where we plan everything ahead; if you don't spend $ unexpectedly, you shouldn't have much problem having the cash on hand. This kills spontaneity, yes, but that's probably a big reason why we (in the US at least) have a negative savings rate. Hell, if you're clever, you can get discounts for paying cash (since you're saving the store 2-3% that they'd pay to process a card, or the wait on checks).
For online purchases, maintain a prepaid card with limited funds, or use PayPal - honestly, I have a high degree of confidence in their system, or at the worst, it isn't any lower than the confidence I feel towards the plastic in my wallet. If an online vendor doesn't take PayPal, well, there's always another one that does.
The best thing about a boolean is even if you are wrong, you are only off by a bit.
I only uses the card as a debit card at Barnes and Noble and at Costco. Someone duped my card and did max withdrawals over a period of 4 days, using a series of ATMs at Chase banks in Southern California. My bank replaced the funds within days. Got police reports started immediately but haven't heard a peep from the SoCal police. Freaking annoying and makes me want to go Gordon Freeman on the thieves with a crowbar. Your mileage with your banks Customer Service may vary.
I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own.
You know debit cards are insecure. Get a credit card and get over it.
Debit cards are nothing more than a great way to screw you. The banks know this and now you know it.
If you have a credit card, you're protected by the Fair Credit Billing Act, which means you're liable for up to $50, although in practice, the banks often waive this as a "card benefit". I have absolutely no clue why any sane person would use a debit card since the liability is nearly infinite.
That's not to say any given Bank might not be better than any given Credit Union but, on the whole, I have WAY more trust in my local credit union than my now non-existing bank.
I'm wondering what the risks are in using verbal checks (paperless ACH transfers). I pay my monthly electricity bill that way since my power company adds a "convenience charge" for using a credit card. As far as I know, the only thing needed for a verbal check is the account number and bank routing number. What's to stop anyone who knows the account number from issuing a verbal check to themself? The routing number for any bank is available online or by calling the bank. If I dispute a verbal check is the bank required to reverse the charge?
This is what an American Express card is for, you use it for your daily purchases, and you pay it off at the end of the month, no interest or fees. (other than annual fee). You get up to 20 days of float on your money also if you were to keep a money market account that you write just your mortgage payment out of etc, and use your Amex to pay everything else. If place doesn't accept Amex, then I'd recommend Paypal's Mastercard debit card, you transfer money into it, so you're never going to overdraft it, and their fraud dept is really good, and they are prompt on their security investigations. Plus again, it pays you interest on any balance, and cash back on (credit) purchases. For my business I made my merchant account (credit card processing) account a totally seperate account than my primary checking, I siphon money off every morning to the business account. But, that way if someone does a chargeback for a a large purchase and they put an investigatory hold on my account, I don't have vendor, payroll, mortgage checks bouncing... then again, I don't anyway, because I deal with a local regional bank (only 10 branches) that calls me anytime there is any problem, and gives me a few hours to make it right. This is why you don't deal with the bank of america's of the world. With a small bank all money deposited (including checks for anywhere) are available for withdrawl immediately, any overdrafts are recorded at night, and you have until 11am the next morning to make them good without paying any sort of fee, should you overdraft, they will go ahead and pay the item, and nearly all the time refund your overdraft fee if you talk to them. This is one way to get small loans, as they will let you overdraft your account and pay it back a couple days later for just a $30 fee... yes $30 might be alot on a $2500 loan but comes in handy in an emergency. This is why you get off your lazy a$$ and go to the bank and make deposits, INSIDE the branch, not the drive through. You get to know your bankers, and they get to know you. My bank offers free remote deposit capture, including they will give you all the hardware, but I still go into the bank about 4 times a week, just to make myself known.
"told that they couldn't use the card since it wasn't a Visa or MasterCard check card"
That's called 'steering'. Lots of reasons for that:
- Avoiding higher-cost forms of payment or perfering lower-cost forms; Losts of places that honor American Express try to steer customers to another card, as Amex often has the highest discount rate. Sometimes merchants avoid signatures and ask for the pin number to avoid the slightly higher discount for signature transactions. The issuers like higher discounts, so they run promotions like double points for signing for a purchase, etc. Oh, and rewards cards almost always cost the merchant more. You thought those points were free? All of these tactics are steering, by the merchant or the issuer.
- Some cards are more 'unreliable'. Those 'check cards' are always tied to an account. A 'debit' card might be pre-paid, and if something isn't quite right about the authorizaiton process, a merchant might not get paid if the funds are exhausted before they settle. It's not supposed to happen, but there are situations...
- Some merchants have agreements that kick back fees for certain cards, especially for larger volume or larger dollar-value transactions. That encourages steering, just another reason.
- Some card type are subject to more fraud than others, and merchants that understand that can either avoid those cards or treat them with extra caution. Address verification or matching the signature to another form of ID, for instance.
- It's not impossible that some merchants have agreements that expose them to more risk for certain card types. Online gambling outfits suffer huge losses, and are thrown under the bus by card issuers all the time. It's a dirty business. Any business where they don't have the card there (card-not-present) are usually more exposed and have to take more precautions. Even other fairly normal industries suffer more fraud. Fast-food restaurants for instance, etc. Some of these industries don't even bother to challenge chargebacks, as it's too small a portion to worry about. I'm regularly surprised at how merchants don't handle risk well at all.
Almost all issuers have agreements with merchants that prohibit steering, as well as charging more for card transactions than for cash, or requiring a minimum purchase for a card transaction. It can be hard to prove, but not impossible.
It would be interesting to ask one of these merchants why they don't accept a 'debit' card. I would not be surprised if they concoct some bs story, though the clerks may be told anything by the boss to get his way.
deleting the extra space after periods so i can stay relevant, yeah.
Well, almost.
I didn't so much have my ATM Debit Card card stolen as I did my identity.
What they (the criminals) actually did was electronically "skim" my card, thereby obtaining not only all of my bank account information (account number, etc -- all the stuff recorded on the magnetic strip of the card) but also my pin number. (Their keypad where you enter you pin number into was connected to another box that saved the two pieces of information together so they has everything they needed to clone and use the card).
We noticed it on the next bank statement. There were transactions for places in California and we live in Seattle, WA and we don't travel.
The next day I went to the bank to deposit a check and asked the teller what I should do. She immediately asked me whether I happened to make any purchases recently at the store across the street. Surprised that she would know I answered yes. She then told me the cops has just arrested the owner for fraud/identity theft. Apparently there were many dozens of victims, all in this area and many of them also customers of the same bank as mine (Bank of America).
Long story short, the bank refunded the entire amount (over $900) while the investigation was underway since it was likely the investigation would complete in my favor (and since they obviously had the resources to recover their losses better than I did to cover mine).
I'm surprised your bank isn't handling the situation similarly, unless your card was indeed stolen and not simply used as part of a much larger across-state-lines wide-spread identity theft ring (which the feds (FBI) took over investigating/prosecuting).
"Fish" (David B. Trout)
My South African bank has a nice, highly effective, easy to implement, widely available, cheap, and easily solution that doesn't eliminate fraud, but certainly minimises its effects. Whenever I use my (VISA) debit card, I get an SMS with the date, time, amount and location. I, maybe, in a week, make 20 card transactions, so the cost is 50c/week max to the bank buying in bulk. If I see a transaction I don't recognise, I phone the bank. compared to all the mostly wasted investment in PCI (including all the requirements that weaken rather than strengthen your website's security), the phishing friendly bullshit of Verified by VISA etc, it works like a dream.
I avoid using a debit card wherever possible for just this reason. The exception is with retailers (scum) who charge extra for paying by credit card - if I'm forced to deal with one such, I always change the PIN number immediately afterwards. UK banks have been ripping people off with this debit card thing ever since Chip & Fraud was introduced - they share your PIN with retailers, you get the blame for fraud!
I've had money taken from my account twice in 10 years. Both times I phoned my bank, reported the transactions as fraudulent and they credited me the money back by the next day. A week later they sent me a legal form to sign declaring that I didn't make the transactions, and that was the last I ever heard about them.
What does annoy me is the way they automatically block my card every time I use it abroad. Last time I went to the US they blocked my card after I used it to pay for my hotel room, then their automatic security system phoned me at 4am local time to ask if the transactions were legitimate.
Check cards draw money directly from the account they are tied to.
What more needs to be said? I understand that you're upset your money got stolen, but how much more clear than "Check cards draw money directly from the account they are tied to" can one get? This isn't even a common sense thing. This is a "here, we have explicitly told you what is going on, and if you can't understand what that means you really shouldn't be given a bank account in the first place."
-- 'The' Lord and Master Bitman On High, Master Of All
So many comments, so little common sense.
EMV is the answer, it works and is perfectly safe despite what the media whores in Cambridge tell you.
I am an adult and act responsibly.
I have been using credit cards for 20 years and have rarely paid anything but the amount I owe due to my purchases.
The bank is providing you with a credit facility, if one does not learn to use it the cardholder is the only person to blame.
... would never be used by the banks because it requires them to become technically competent and to lose a nice revenue stream of milking victims even more by charging overdraft fees and late fees. But here goes, anyway ...
For online purchase, once you check out, the merchant sends the amount to their financial service provider. The FSP connects to a central clearing house and generates a unique transaction code. The CCH stores a description of the transaction and the ID of the merchant. The transaction code is sent back to the merchant. The merchant provides this code to YOU, the buyer.
You go to your bank web site and select the CCH payment screen. It has a place for the transaction code which you cut and paste from the merchant site, and submit. The bank connections with the CCH and obtains full details of the transaction and displays it for you. You verify that it looks familar. The bank tells you if you have enough money to pay it or not. When you choose to pay it, the bank tells the CCH that it is now paid. The CCH tells the merchant's bank that it is paid. The merchant's bank tells the merchant that it is paid. If this isn't done by a transmission push, then at least it can be done by the merchant pulling a status on the transaction code they generated. Back at the merchant web site, you can query the transaction and see that it is now know as paid (after the process finishes, which might take longer during Christmas).
Your account is NOT exposed to the merchant or the merchant's bank. Optionally, you can include your previously stored shipping address (or pick one from several) with the payment and the merchant can use that.
Offline, this is harder to do. Cash may be better there. But it is still doable by having a portable device YOU TRUST with the right software. This could be integrated into other portable devices, like a phone or music player, if you trust that. The mechanism would involve an infrared communication between the vendor (via their cash register) and your device. The vendor sends your device the transaction code, and provides a channel for you to send data to/from banks (and only banks) via a central bank connection. Your device establishes a secure encrypted connection to the CBC using the CBC public key. It then tells the CBC the identity of the bank (the merchant will not get this info). Over that secure channel a 2nd channel is forwarded to the bank. Now the device establishes a secure encrypted channel to your bank using the bank's public key. It logs in to your account at the bank, tells the bank what the transaction code is (the bank now goes back to the CCH as above). You see the amount of the transaction on the device and choose whether or not to pay it. If you pay it, that info gets back to the merchant and you can walk with the merchandise.
Additional security will be needed within the device and your home computer. Your bank will have to manage your account safely (e.g. not let others log in to your account). But those are mechanisms YOU have some control over (change banks if you have one that is sloppy with security). You do not have to depend on a merchant being secure, or the merchant's choice of bank being secure. At the same time, because your identity may not be included with the payments, once payments are made, they are likely not reversible. So it will be like paying in cash.
now we need to go OSS in diesel cars
What a dangerous clause. Who is supposed to force whom to do something? So you want some larger authority (our beloved government, in this case?) to force the debit card companies to spend their money, manpower, and advertising space with no compensation; nay to cause harm to their own business model? Are there not enough warnings out there about the dangers of debit cards already? Weren't you already aware that these cards are not safe? Your ... somebody should do something... comes from your own frustration at shown to be an idiot, doesn't it? Hurts, don't it?
Don't trust corporations or government. Use cash and/or 'credit' cards. Have you learned these lessons now? I think not. You've already started up another 'debit' card account with the same rules that applied last time. Sheesh!
Just a reminder, for anyone who has not been on the business side of it: the credit card companies would prefer that you used credit cards. That way, instead of a flat fee of a few cents, they take a percentage of the gross. This either cuts into the merchant's margin, or else they will pass it on to you in the form of higher prices. Either way, the credit card companies make out like bandits.
Enjoy life! This is not a dress rehearsal.
but credit cards have far more protections than debit cards and are used in an identical manner (well, except for signature vs pin)
The "except" is a big difference. The debit card pin is fundamental. You can charge a credit card with any old scrawl that is never verified by anyone. A debit card pin number is verified electronically, never known to anyone except you and the card issuer. No one holds my debit card except me, making it more challenging to get the number on my card (hardly the pin). I never use my debit card over the internet.
This is why debit card fraud happens less frequently than credit card fraud. It is why retailers typically get charged about $0.25 + 2% for every credit card transaction, but only $0.15 for every debit card transaction. Note that retailers don't just eat these fees, costs get passed along to the consumer. When you use a credit card, you increase costs for everyone.
For Bank of America customers, this service is available as well.
Reply to That ||
There's another perspective on this, and another reason to do as you do - the credit card tax.
Everyone is up in arms about taxes these days - longer than just that really. People give up their days to protest taxes in various places. But I'll be that those very same people think nothing of using their credit cards to pay for that day's expenses. Or even if they don't, they don't realize that they're paying for the privilege of others using their credit cards.
The credit cards get a transaction fee - typically somewhere in the 3-4 % range. Years ago, I remember some places used to charge a slight premium for using a credit card. I'm not sure if it was through legislation or other pressure, but that practice stopped, in favor of "same price, cash or credit." What that really means is that EVERYONE is paying for the credit card transaction fee, whether you're paying cash or credit.
What do you call it when there's an extra percentage fee tacked onto your purchases? One word might be "tax", except this one isn't collected by any government, but by private agencies. Nor is it voluntary, like a "free market" thing, because it's tacked onto your purchases, whether you use credit or not.
I have a lot of sympathy for small, local businesses. I try to have a premium I will pay to buy locally, knowing that that money stays in my area, though I can't always do it, and I have my limits. But one thing I try even harder to do is avoid using my credit card with local businesses. They have to set their prices to account for the transaction fees, or else they go out of business. But by paying them in cash or check instead of credit, that piece of transaction fee goes to them instead of to some far-off bank. I can't get the "tax" back for myself, but at least I can give it to a local business.
The living have better things to do than to continue hating the dead.
I've been in the US for 10 days or so (longer now thanks to the Iceland volcano) and not once have I had my PIN or signature checked while purchasing goods. I get handed the goods and card before I finish my signature.
In the UK I have to enter my PIN for each purchase, and get occasional signature spot-checks.
So I suppose you guys have to start actually checking credit card security first before complaining.
I'm too cool for a sig.
I've had the same experience though I wound up not actually losing the money after the bank did their investigation thing, and it's darn lucky that the guy who did it to me didn't realize that the debit card in question was for a payroll account and had a ton of money in it. Just some junkie who knew how to make up card numbers the first time (the algorithm is published including the checksum info!), and the second time a dumpster diver getting info from a legit company I deal with who got sloppy. I now just have several check accounts for various uses that have the attached plastic, and only put money in them when needed -- any attempt to rip them off won't get much if anything. And it works fine -- no more problems after that move. You can't just use cash -- my wife will pickpocket it (!), and the internet doesn't allow it for online ordering.
Why guess when you can know? Measure!
Check http://en.wikipedia.org/wiki/3-D_Secure#Criticism for just some of the problems.
Visa are doing something about it, so much so that they are enticing people to use it by accepting the liability of fraud themselves - rather than leaving it firmly with the merchant as it is today.
If only this were true it might be worth it. However, the terms of the agreement presented to me whenever Verified by Visa tries to force me to join require that I, personally absolve both Visa AND the merchant of any responsibility for fraudulent charges and agree to pay any and all such charges while waiving the fraud limits on my current "unverified" card.
-- The reader anything less than completely failing to not misunderstand this sig is cursed.
I once had an employer reverse a direct deposit 3 days after it had gone in, resulting in a dozen overdraft fees on small purchases. I got it straightened out and the credit union was good enough to forgive the fees, but I learned a valuable lesson.
Turns out nearly every banking institution will reverse direct deposits up to 10 days after they go in. So now I have to worry both about mistakes on both ends (deposits and ATM cards).
My solution: direct deposits go into account A, ATM card is account B, "real" money goes into account C, Paypal comes out of account D, payments over the Internet come out of account E, and payments by check come out of account F. And a wholly separate bank has a single savings-only account for long-term savings.
It's absurd, but I've got no assurance than ANY pool of money can't be gotten into and my life fucked trying to fix it.
The risks with cards are 'common knowledge'
If you did not know your card code be abused, you are beyond any doubt a complete and total moron, as is Timothy for posting this story.
Putting a warning like you're talking on every card would be just like the cancer warnings in California. You'll still be retarded and ignore them anyway.
Now, lets get down to facts and things that can help you.
All bank cards in America require that the proof of sale be on the seller. Your bank should immediately halt the funds at worst, and in general should return them to you until the seller proves you bought the items. It doesn't have to be a Visa or a MasterCard. Don't get me wrong, if you go by a prepaid visa or something from some random refill over the phone place, good luck getting your money back. With a real bank however, its generally a lot easier to just threaten to call the feds and report them.
You've probably already seen it, but here is an excellent comment with proper links to what you want:
http://ask.slashdot.org/comments.pl?sid=1620370&cid=31866498
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
You are correct, but it is also true there are more legal protections on credit card transactions than on debit card transactions. So I guess the real question is, how much do you trust your bank to do the right thing, vs. what they are minimally legally required to do, without having to call their regulators or file a lawsuit against them.
First, I think he'd tell you he'd never use his ATM/PIN in ANYTHING but an ATM machine. If you want cash without going to a teller, there is no cheaper or safer way to do it. Debit cards or credit cards would all work the same as an ATM card, or would be more expensive. This makes the issue of PIN transactions being harder to refute irrelevantly equal. And no retard should give their PIN to anyone they don't accept as an authorized user of the card for any purpose.
Also while Visa provides virtually equal protections for credit and debit cards, that doesn't give it the force of law, only the force of contract that may have to be litigated. I believe debit card transactions still have somewhat fewer legal protections than credit cards. But even that doesn't really matter.
The real issue is if your debit card is rooted, the money is gone until the bank chooses to return it whether they do it in a couple hours, a couple days, or a couple weeks, whether that is legal or illegal, contractual, or in violation. If your credit card is rooted, you still have all your money. And if worse comes to worse and you can't agree with the bank on whether it is a valid charge, and you choose to sue or not, you can just not pay your bill. You credit score might go to crap, and they might choose to sue you, but you still have your money until you choose to give it to someone else.
Like I posted farther up, my bank did the exact same thing that the GP describes.
If you don't trust your bank, why are you banking with them?
Karma: Poor (Mostly affected by lame karma-joke sigs)
My credit card signature is blurred to the point of uselessness. Several places don't require a signature for smaller transactions.
I'm not sure how much legal weight the signature actually has.
I bank with a small national bank and a community credit union that I somewhat trust. They have never done anything to me, or anyone I know of that I deemed inappropriate.
But I also don't 100% trust any company to always do the right thing. You can always get a jerk employee, or just get unlucky after a misinterpreted policy change. When it is my money, I will always err on the side of caution, and the side of having more protection in regulation, rather than in contract or marketing language.
The "except" is not a big difference, in fact it's not a difference at all when comparing fraudulent use (with possession of the card) of the two types. A debit card can be used with a signature, exactly as a credit card can. If they're not going to check an ID with one, they're not going to check an ID with the other. The "nobody holds my debit card ... internet use ..." has no bearing as the argument can be used just the same for credit cards. If it's never lost it doesn't matter.
Increased security measures have increased costs. The average prices are built-in, and credit cards aren't going away. Smart shoppers get the average merchant costs lowered by debit card users, so like most things a higher percentage of burden is on the backs of those who pay less attention to the ramifications of their actions. I'm perfectly fine with all that.
The only time any of that comparison would be valid is with a debit card that cannot ever be used as a credit card. I wish you the best in finding one of those that is accepted at all standard terminals. If you have, you're lucky.
Verifiedbyvisa which will add an extra layer of security by demanding an OTP to be generated with the smart card of the VISA card; making fraud virtually impossible unless the card reader & code has been used.
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
You think warnings are going to help? They made a whole big hype about putting warnings on cigarette packs. Raised the price to do it.
Sorry, I don't know you. But this is asinine feel-good legislation. A debit card is an electronic checkbook. It contains, in one way or another, your account information.
You know that. Unless you're one of the people in 1990 that didn't know nicotine was addictive.
I fully agree they have a responsibility to protect their customers -- as much as is financially and practically feasible. But please. Signs don't solve problems. Or make a damn bit of difference in anything.
"But I also think that those producing these check cards should be required to advertise the hazards of having one of these cards (not in small print and maybe required in advertisement of these cards, similar to what is required with pharmaceutical drugs on television) and/or that if a debit or check card is issued a separate account should be required for its use, and users informed of the issues of placing all of their money in the same account that their debit card has access to."
Your argument is that you didn't know someone could steal your money? You were not aware of the hazards of carrying money (in whatever sense) in the modern world?
I'm sorry your account got cleaned out, identity theft is hardcore and there needs to be a lot more support and it needs to be treated like a much bigger crime than it is. I used to work in the check-authorization industry. It was awful to see these poor people getting their identity stolen and their life ruined.
But please. This is feel-good, 'blame the company'/lawsuit mitigation crap. It doesn't actually do anything. And it isn't anything that people shouldn't know already.
If we want to make a difference, we need a separate government bureau that is devoted to preventing/tracking/prosecuting/educating/defending citizens from/to/about identity theft. Smoke and lights aren't going to solve the problem. And they'll just make it more obnoxious and 8th grade-level instructions to do business with my bank. I hate that.
Again, it's not my intention to attack the OP personally. But those are the last things that are going to actually do any thing to help the problem. They will, though, cause the government/banks/credit card companies to spend a little bit of money, make a lot of noise, not make the situation any safer, and triple the hassle of doing through daily life. Airport security anyone?
K.