They are NOT sending out the card with the PIN printed on them so nobody can use them fraudulently anyway.
Once again, these are debit cards with a MasterCard logo on it. A mail thief can use them as credit card anywhere MasterCard is accepted. No PIN required.
I do expect they send the pre-activated pin on a different shipment, on a different day. (The usual is about a week apart). TFA doesn't give any information on this crucial point.
Actually TFA does:
Sign up for an HSBC checking account online, put money in the account and days later, an activated MasterCard debit/ATM card appears in your mailbox. A few days after that, the PIN number arrives in a separate envelope.
But that's missing the point. These are MasterCard-branded debit cards. You don't need a PIN to use them. Just take the new card out of the envelope and start charging anywhere MasterCard is accepted up to the amount of money available in the checking account.
I think that pre-activated credit card are much worse...
The pre-activated debit cards have all the red flags you cite. However, in this case, the fraudulent transactions come directly out of the victim's account. On a credit card, the victim simply disputes the transaction without actually paying for it.
In the case of HSBC Direct, you can request an ATM-only card. It doesn't have a MasterCard logo and cannot be used as a credit card. A PIN is required to get cash.
As it happens, just recently my debit card was used fraudulently online, and pretty much emptied the account to the tune of ~$4,500. The bank phoned me up...refunded (immediately, as in, the money was there when I logged in while talking to the agent on the phone) all the cash, and asked me if there was anything else they could do. The new card arrived two days later by courier...
That's good to hear that HSBC took care of you so well in this extreme case of debit card fraud.
Last year, I had $500 stolen via an HSBC card linked to my Bank of America account. It took BofA three weeks to return my money.
...they ordered me a new (unactivated, for the record) debit card...
Did you attempt to use the card before calling to activate it?
Both HSBC divisions I tested had the sticker claiming activation was required. The sticker was a lie.
This is a bunch of bunk. If your debit card is issued through Visa, you have the exact same protections as with a Visa credit card.
Yes, AC, using a debit card as a MasterCard/Visa card does offer the same fraud protection as a standard credit card. The difference, as the OP explains, is you are on the hook initially for fraudulent transactions. They instantly flow out of your checking account.
When the bank gets around to agreeing with you that the charges are fraudulent, they will return the cash. This will be weeks later. You're bills may be due much sooner.
Yes, you do get your money back eventually. According to one of my sources, the banks are obligated to replace the funds in two weeks.
In practice, it may take longer.
I was hit by a card skimmer last year. It took over three weeks for Bank of America to replace the $500 stolen from my account. (I never got the $3 foreign ATM fee back, FWIW.)
As LostCluster points out, having an empty checking account when you're not expecting it can put you in a tight spot with your landlord/mortgage holder, etc.
HSBC is a big, international company with many divisions. I'm not making this claim about all of them. Just the two I personally tested.
Also, how do you know the card you received wasn't preactivated? All of the cards in question had the standard "You must activate" sticker on it. The sticker was a lie.
Actually, we're talking about MasterCard branded "check cards." No PIN required. Just swipe or enter online anywhere MasterCard is accepted.
You're right, though, it's not exactly a credit card. It's worse.
As a debit card the money comes directly out of the linked checking account. If it were a credit card the victim would simply dispute the charges and never pay for them.
I've never tried a BitTorrent or any other p2p app on McD Wi-Fi but they don't filter much on the outgoing side. I've used many services on non-standard ports, including SSH2 and cisco VPN and never had a problem.
You'll never get to listen on incoming port, though, so you'll always be a p2p leech on McD Wi-Fi.
Also, the network is centrally managed by AT&T Wi-Fi (formerly Wayport). It's not like they're just throwing up a $50 router and forgetting about it. Certain activities may get their attention...
I've used lots of different services and ports at McDonald's and they've never been blocked. HTTP, HTTPS, cisco VPN, SSH2, SMTP, POP3, IMAP, FTP, SFTP and Remote Desktop. And I've connected to many those services on non-standard ports > 10,000.
Most McDonald's are franchises and they are not required to install AT&T Wi-Fi brand wireless. Some set up their own networks. Others jumped on board with AT&T but handed out free Wi-Fi coupons to their customers.
That deal ended in late 2007, though there were still lots of other ways to get free Wi-Fi at McDonald's- Qwest and AT&T DSL customers, for example had free reign.
I know firsthand how poorly IE7/8's JavaScript performs compared to Firefox and WebKit. I created a 75+ printed page article where, in pursuit of my fluid and near tableless design, used JavaScript primarily to resize XHTML elements on the page.
Processing takes around 5 seconds on Firefox, less than 10 on Chrome. IE8- easily over 30 seconds. It was unusable.
To get processing down to around ~30 seconds, I did all I could to optimize the script, using recommendations to from the IE Blog. I cached DOM elements I'm interested in, only modified each element once and cached function pointers (why calling a function directly in IE is a costly performance hit is beyond ridiculous).
In the end, when you visit my article using IE, I do some initial caching which takes about 5 seconds. Then I resize the elements slowly over time using simulated multithreading (setTimeout()). You actually see the progress in the caption bar.
Visit with any other browser and I run the script all at once. You hardly notice.
Most of the comments here sum it up nicely: The craft of and the demand for good journalism hasn't changed. The means of distributing it is changing rapidly.
I read great stories all the time. In the LA Times, on the Reuters and AP wires, in the New York Times.
I read all of their stories exclusively online. I have not dirtied my hands nor killed any trees by picking up a newspaper in many years.
Paying for news in today's free-for-all Internet is another subject. All things being equal, it's hard to justify paying for something you can get free somewhere else.
In a way, I hope this changes. It leaves news outlets to rely entirely on advertising for revenue on the Internet with implications that should be obvious.
I think micropayments would make a great counter to reliance on advertising revenue but we're a long way from that being feasible.
Google's practice of leaving software in beta for years gives them an excuse if you lose your data, etc when the software fails. However, revealing the names millions of (GMail) users who weren't even using the application (Calendar) with the security flaw sounds like a nightmare for Google.
Good thing GMail is still in beta too after, what, 4 years?
I know how it happened: These congresspeople received an anonymous gift of a Chinese-manufactured digital photo frame shortly before their Windows-based PC's were compromised. It seemed harmless enough at the time!
Absolutely- if you're looking to prevent identity theft, rather than learn about it after the fact, a security freeze (sometimes called a credit freeze) is the way to go.
Credit monitoring is expensive and does nothing to stop ID theft. Sure, if somebody does use your identity fraudulently, you'll get an e-mail about it but the damage is already done.
You're paying $180/year just to learn you've been screwed sometime after it happens!
On the other hand, security freezes locks your credit reports with a PIN. No one can take out a line of credit without that PIN.
And it's only $30/year, plus $10 when you want to temporarily unfreeze it.
Unless you take out more than one loan a month, you're saving money over credit monitoring. Plus, you're getting ID theft security that is proactive, rather than reactive.
Credit monitoring is good if you want to buy your credit reports in bulk or if you want to check your credit score every day. But as an identity theft solution? Sorry, I'm not sold!
Ah yes, but before Blockbuster's new management jacked up the price, Total Access was $17.99/mo and included both unlimited by by mail rentals and unlimited in-store rentals.
I'd say that's pretty damn competitive.
But you're right, in its current state, the Premium version of Total Access at $34.99/mo doesn't directly compete Netflix.
Excellent point- I didn't make the distinction. To be honest, I've never used Movielink beyond the free stuff section (though it's pretty slim pickin's today unless your a huge Rocky and Bullwinkle fan).
Blockbuster's new management are not fans of loss-leaders. They are the ones who doubled the price Total Access plan (Netflix's competitor) from $17.99 to $34.99 in less than 6 months.
Then again, I'm not sure how else they will get a device designed just for the their customer base without taking a loss.
Slashdot Mirror
In the US, most debit cards double as credit cards. The HSBC cards in question are no exception.
All a mail thief needs to do is sign for the transaction or enter the card online to use it. No PIN required.
Once again, these are debit cards with a MasterCard logo on it. A mail thief can use them as credit card anywhere MasterCard is accepted. No PIN required.
Actually TFA does:
But that's missing the point. These are MasterCard-branded debit cards. You don't need a PIN to use them. Just take the new card out of the envelope and start charging anywhere MasterCard is accepted up to the amount of money available in the checking account.
The pre-activated debit cards have all the red flags you cite. However, in this case, the fraudulent transactions come directly out of the victim's account. On a credit card, the victim simply disputes the transaction without actually paying for it.
In the case of HSBC Direct, you can request an ATM-only card. It doesn't have a MasterCard logo and cannot be used as a credit card. A PIN is required to get cash.
That's good to hear that HSBC took care of you so well in this extreme case of debit card fraud.
Last year, I had $500 stolen via an HSBC card linked to my Bank of America account. It took BofA three weeks to return my money.
Did you attempt to use the card before calling to activate it?
Both HSBC divisions I tested had the sticker claiming activation was required. The sticker was a lie.
Yes, AC, using a debit card as a MasterCard/Visa card does offer the same fraud protection as a standard credit card. The difference, as the OP explains, is you are on the hook initially for fraudulent transactions. They instantly flow out of your checking account.
When the bank gets around to agreeing with you that the charges are fraudulent, they will return the cash. This will be weeks later. You're bills may be due much sooner.
Yes, you do get your money back eventually. According to one of my sources, the banks are obligated to replace the funds in two weeks.
In practice, it may take longer.
I was hit by a card skimmer last year. It took over three weeks for Bank of America to replace the $500 stolen from my account. (I never got the $3 foreign ATM fee back, FWIW.)
As LostCluster points out, having an empty checking account when you're not expecting it can put you in a tight spot with your landlord/mortgage holder, etc.
Details please, AC.
HSBC is a big, international company with many divisions. I'm not making this claim about all of them. Just the two I personally tested.
Also, how do you know the card you received wasn't preactivated? All of the cards in question had the standard "You must activate" sticker on it. The sticker was a lie.
Actually, we're talking about MasterCard branded "check cards." No PIN required. Just swipe or enter online anywhere MasterCard is accepted.
You're right, though, it's not exactly a credit card. It's worse.
As a debit card the money comes directly out of the linked checking account. If it were a credit card the victim would simply dispute the charges and never pay for them.
Easier to authenticate anonymously and cause mischief? More people using the network because it's now free, therefore more targets for break-in?
Really, I'm racking my brain here trying to figure out the increased security risk.
I'm not sure how pay vs. free changes this. They've always had an unsecured Wi-Fi network. You can sniff packets whether you're authenticated or not.
Please enlighten us.
Yep, we're one of the last hold-outs. McDonald's in the UK, Australia, Singapore all have free Wi-Fi.
I've never tried a BitTorrent or any other p2p app on McD Wi-Fi but they don't filter much on the outgoing side. I've used many services on non-standard ports, including SSH2 and cisco VPN and never had a problem.
You'll never get to listen on incoming port, though, so you'll always be a p2p leech on McD Wi-Fi.
Also, the network is centrally managed by AT&T Wi-Fi (formerly Wayport). It's not like they're just throwing up a $50 router and forgetting about it. Certain activities may get their attention...
I've used lots of different services and ports at McDonald's and they've never been blocked. HTTP, HTTPS, cisco VPN, SSH2, SMTP, POP3, IMAP, FTP, SFTP and Remote Desktop. And I've connected to many those services on non-standard ports > 10,000.
They also have no porn filter.
Most McDonald's are franchises and they are not required to install AT&T Wi-Fi brand wireless. Some set up their own networks. Others jumped on board with AT&T but handed out free Wi-Fi coupons to their customers.
That deal ended in late 2007, though there were still lots of other ways to get free Wi-Fi at McDonald's- Qwest and AT&T DSL customers, for example had free reign.
I know firsthand how poorly IE7/8's JavaScript performs compared to Firefox and WebKit. I created a 75+ printed page article where, in pursuit of my fluid and near tableless design, used JavaScript primarily to resize XHTML elements on the page.
Processing takes around 5 seconds on Firefox, less than 10 on Chrome. IE8- easily over 30 seconds. It was unusable.
To get processing down to around ~30 seconds, I did all I could to optimize the script, using recommendations to from the IE Blog. I cached DOM elements I'm interested in, only modified each element once and cached function pointers (why calling a function directly in IE is a costly performance hit is beyond ridiculous).
In the end, when you visit my article using IE, I do some initial caching which takes about 5 seconds. Then I resize the elements slowly over time using simulated multithreading (setTimeout()). You actually see the progress in the caption bar.
Visit with any other browser and I run the script all at once. You hardly notice.
Check it out yourself if you'd like.
Most of the comments here sum it up nicely: The craft of and the demand for good journalism hasn't changed. The means of distributing it is changing rapidly.
I read great stories all the time. In the LA Times, on the Reuters and AP wires, in the New York Times.
I read all of their stories exclusively online. I have not dirtied my hands nor killed any trees by picking up a newspaper in many years.
Paying for news in today's free-for-all Internet is another subject. All things being equal, it's hard to justify paying for something you can get free somewhere else.
In a way, I hope this changes. It leaves news outlets to rely entirely on advertising for revenue on the Internet with implications that should be obvious.
I think micropayments would make a great counter to reliance on advertising revenue but we're a long way from that being feasible.
Good luck finding your niche!
Google's practice of leaving software in beta for years gives them an excuse if you lose your data, etc when the software fails. However, revealing the names millions of (GMail) users who weren't even using the application (Calendar) with the security flaw sounds like a nightmare for Google.
Good thing GMail is still in beta too after, what, 4 years?
I know how it happened: These congresspeople received an anonymous gift of a Chinese-manufactured digital photo frame shortly before their Windows-based PC's were compromised. It seemed harmless enough at the time!
I second that. And people in the above MacRumors thread are saying the same thing.
Absolutely- if you're looking to prevent identity theft, rather than learn about it after the fact, a security freeze (sometimes called a credit freeze) is the way to go.
Credit monitoring is expensive and does nothing to stop ID theft. Sure, if somebody does use your identity fraudulently, you'll get an e-mail about it but the damage is already done.
You're paying $180/year just to learn you've been screwed sometime after it happens!
On the other hand, security freezes locks your credit reports with a PIN. No one can take out a line of credit without that PIN.
And it's only $30/year, plus $10 when you want to temporarily unfreeze it.
Unless you take out more than one loan a month, you're saving money over credit monitoring. Plus, you're getting ID theft security that is proactive, rather than reactive.
Credit monitoring is good if you want to buy your credit reports in bulk or if you want to check your credit score every day. But as an identity theft solution? Sorry, I'm not sold!
Ah yes, but before Blockbuster's new management jacked up the price, Total Access was $17.99/mo and included both unlimited by by mail rentals and unlimited in-store rentals. I'd say that's pretty damn competitive. But you're right, in its current state, the Premium version of Total Access at $34.99/mo doesn't directly compete Netflix.
Excellent point- I didn't make the distinction. To be honest, I've never used Movielink beyond the free stuff section (though it's pretty slim pickin's today unless your a huge Rocky and Bullwinkle fan).
Blockbuster's new management are not fans of loss-leaders. They are the ones who doubled the price Total Access plan (Netflix's competitor) from $17.99 to $34.99 in less than 6 months. Then again, I'm not sure how else they will get a device designed just for the their customer base without taking a loss.