Has the PIN obstacle for debit card thieves been bypassed?
I was just talking to a friend of mine this weekend who had money removed from her checking account via Debit card theft.
Check your account regularly!
Recent Comments
Evil Functions
Support the EFF
March 10th, 2006
There are plenty of anecdotes like the one you relate being passed around in recent years. It is no surprise given the lack of real financial privacy law in this country, the low regard for security among institutions and the citizenry. As for solutions, this is beyond my grasp of security issues, but I should think we start with either strong privacy law or stronger security regulation by agencies that regulate financial institutions. If citizens don’t want to follow good security practices, let them suffer their fate. On at least four occasions, my credit card number has been stolen; not from me, but from the issuing institution. I am certain of this because they finally admitted it after the second time. The number(s) were for a card I keep locked in a safe and never use. It is an emergency card and I’ve been fortunate to not require its use in all the years I’ve had it. Therefore, it is impossible for someone to have gotten the number from me or through my carelessness.
I know people who rely solely on their VISA branded debit cards for all transactions that they can possibly use it to transact. I warn them that this is a dangerous practice, and that they’d be much safer to get a credit card and simply pay it off each month. Few listen. I sometimes come across folks who leave the signature box on the back of their cards, both debit and credit, blank. I love these. They violate the user agreement, and they give anyone an opportunity to create the definitive signature for the name on the card.
I really wonder when we’ll see some semblance of worthwhile security in our financial networks, in particular for citizens.
In a related matter, the Georgia Legislature has killed a credit security bill and is trying to kill another one. The first would have given consumers the right to freeze their credit reports, thus preventing access by potential thieves and others who bombard us with offers for more unsolicited debt. The bill was killed by legislators responding to retail business folks who rely on this access to nudge customers to incur more debt, and who profile based on information in the reports. The second bill, which the retail business association says it supports, only allows a consumer to freeze his report after suffering identity theft. The wording of this second bill is also sufficiently vague as to leave one wondering just what sorts of transactions it guards against. Imagine that.
So much for getting help from the government in protecting the wallets of the citizenry.
March 10th, 2006
If consumers want to be safer with their credit they can always go the prepaid card route. This allows you to buy a card with a prepaid balance on the card. If the card is stolen you only loose access to the money for the period of time for the investigation and cash return. Your card number changes with each and every card you buy, the card is in no way linked to your banking accounts or the credit/lending system.
I’m under the impression that many in Europe choose this option over a revolving charge credit card.
You do still have to find a way to have approval over credit requests in your name…
March 10th, 2006
I’d rather not have to pay for such a card. However, it may be an option worth exploration for some consumers. The popular means of purchase I’ve observed in Europe is in the form of smart cards. They were off to a terrible start here in the 1990’s because of concern about information that might be kept on them that others could potentially access. Wherever I see ATM’s in Europe, I also see machines for recharging smart cards. These things generally have a VISA or Maestro (Mastercard) logo and can be charged up from one’s bank account via a machine that appears and operates much like an ATM. If the card is lost, the owner only loses the amount of money on the card, and even that may be protected by their much stronger consumer protection laws.
March 11th, 2006
You have been able to do a reloadable “debit†card in the US for years (actually it’s exactly the same technology). If the credit card number does not change the basic difference is that you are playing with your money instead of theirs. Smart cards offer an increased level of complexity for authentication, but use of your own card is not generally an issue in the US as I am unaware of any credit card compay or bank that does not refund all (used to be $50 but I believe competition has generally made it $0) of any money stolen from a credit account (with debit cards the institutions are more conservative, and tie your money up longer, hence this topic). Thus I believe the biggest risk is in the definition of due diligence, regarding identification, that has to be performed when obtaining new credit accounts. This is a perilous line to have a government draw, as the risk of damaging your own economy is great.
I have never really examined European credit/privacy law, so I cannot comment on details or efficacy. As always there are a few interesting issues I see…
The EU demanding that the US keep information and transmit it to the EU (seemingly in violation of their own privacy law). Same link contains Bush decision to bring back Clinton Era regulation, doctrine of forcing banks to report the same data to them, but not the EU…
The risk of using of offshore IT on privacy by both US and EU.
Here is a nice little write-up by CATO (a little dated though). It outlines some of the privacy issues, however the CATO institute is a little more concerned with government databases. As an added bonus for all you “Bush can wiretap all he wants, I’m not doing anything wrong†people out there, there is a short outline of the thinking behind the 1974 Privacy Act, and what it was meant to protect.
March 12th, 2006
Where is the link?
March 15th, 2006
Sorry, it appears they were lost in somewhere in the editing process. But imagine in your minds eye the most informative, persuasive, and appealing links that could have possibly existed within the confines of the current Internet….
But seriously, I will try to look them up when I get time again. I had tried to find them all again, but I was unable to post any of them to the blog as it was not in operation for nearly 8 hours. Currently I’m looking at moving my server to another host (look for the causal relationship there) and will not have much spare blog time until then.
You should be able to find examples of all three on the net.
The first one came from an offshore investing site stating that requiring US banks to keep and report transactional information on EU citizens violated the EU privacy law.
The second one was from a English IT newspaper, which reported an event where private account information, for multiple customers of more than one of the large English banks, was purchased from employees of an India based IT vendor who handled account information for the various banks.
You should be able to search the CATO institute site for number three.