Nov 232017
Free standing ATM machines

Steven Seamark |

Part 1 Part 2 | Part 3

Freestanding, non-bank ATMs are one of the riskiest places to use your debit card. You know those ATMs you see at gas stations, convenience stores, airports and even sometimes at hotels and restaurants? Those machines are extremely vulnerable to hacking. Because of the high volume of traffic, it’s easy to for thieves to install skimmers unnoticed. And the staff at these places are typically not trained to spot skimmers or to notice if something is off or different about the ATM machine.

Using the external ATMs at the bank itself also presents a risk (though not as great a risk) for two reasons. One, because these machines are not supervised at all times, they are susceptible to being hacked / skimmed. The FBI’s fraud division suggests checking for signs that the ATM has been tampered with or damaged in any way, such as loose parts or screws, or parts that seem added on or mismatched. If you see such signs, don’t use the machine, and report it to the bank.

Second, there is the risk of being robbed if you use the machine after hours or at night.

For these reasons it’s safest to use the ATM inside the bank whenever possible.

Jul 082017
Where not to use your debit card

Steven Seamark |

Debit cards look just like credit cards and can be used in much of the same ways, so we sometimes make the mistake of thinking they are the same in all respects. They are not. There’s an important risk that comes with debit cards that is not present with credit cards: it’s much harder to recover your money in case of fraud.

With a credit card, if you find a fraudulent charge on your statement you can dispute it and refuse to pay, and the charges will generally be removed after a cursory investigation.

In the case of debit cards, however, the fraudulent charge draws directly from your bank account. Even if you dispute the charge and eventually get reimbursed by the card issuer, the process can take two or three months, and in the meantime that money is gone from your account, and that could cause some hardship.

So it’s best to be careful where you use your debit card. Here are four places where the risk is especially high:

1. Restaurants

The absolute riskiest place to use your debit card is at a sit-down restaurant.

If you use a debit card to pay your bill at a sit-down restaurant – the kind where the server takes your card away and returns with a receipt – you might well be ordering a side of debit card fraud with your steak and potatoes. During the time the server is gone he/she could make an impression of your card or copy the information.

Even if it’s not a sit-down restaurant – say you call in a delivery order and pay by debit card – some restaurants will keep your card info on file for ease of ordering with future orders. The problem with that is that many small businesses do not have security measures in place to protect your card information.

I consider major chain fast-food restaurants to be an exception. At the drive-in, you hand them the debit card, they swipe it and hand it back just a few seconds later. And major chains will likely have security measures in place. And if you dine-in, of course, you insert the card into the reader yourself. The point being, your card is never really out of your sight.

Next: Part 2 – Internet Shopping

Nov 152010

Clearly there is some element of risk involved in any sort of online financial transaction. Credit card numbers or bank account numbers can be stolen, passwords intercepted…

I recently had an unauthorized $400 charge against my debit card. Someone used it to pay for a plane ticket. My card is always in my wallet, but I often use it to make purchases online or pay bills. Apparently the card information was intercepted or stolen somehow.

The https prefix indicates a secure website

The https prefix indicates a secure website

The card has been closed and my bank refunded the charge, but the point is that online financial transactions carry a risk. Online bill payment is no exception.

So how do we minimize the risk? How do we know that an online bill payment website is secure? How can we safely transfer money online, or buy a product without worry?

1. Make sure the bill payment website is secure. The website address or URL should begin with https rather than http. https indicateds a “secure socket layer” or SSL connection, which is one in which data is fully encrypted and therefore protected.

Typically with an https website you will see a padlock icon in the corner of the browser window, either at the top or the bottom (or in some cases it may even turn the URL address background light blue or green). Clicking the padlock icon reveals the site’s security certificate and allows you to read about the protection that this affords.

2. Make sure the login process is secure. A quality bill payment website will usually give the customer two options: either to pay instantly as a guest, or to register and save payment information for future transactions. Neither one of these is necessarily better – it depends on your preferences – but both options should be secure.

If you’re paying as a guest, the website will usually ask only for your email address, then ask you to choose a payment option. Payment options could include online bank account, credit card or debit card. If you choose to pay by credit card or debit card, you may have to verify the card through 3D secure-a process used by major credit card companies as an added XML layer for online credit and debit card transactions. Visa call this process “Verified by Visa”, MasterCard call it “MasterCard SecureCode”, JCB International call it “J/Secure” and American Express call this “SafeKey”.

When choosing this option, look for specific statements on the website that credit card or debit card information will not be saved or stored in any way.

If you choose to register, a well designed and secure website will ask you to choose a name and password for future logins, and may also ask for your name, email address, physical address, and telephone number. You may even be asked for your date of birth, driver’s license number or passport number, though in my opinion asking for such information is excessive and carries the risk of identity theft. The same is true for your social security number. There’s no good reason for a commercial website or bill pay website to ask for such info.

You will often be asked to set up security questions in case you lose your login info. This is legitimate and common. Some websites now use cell phone verification. If you attempt to log in from any computer other than your usual computer, the website will send a verification code to your phone by text message. You must then enter the verification code into the website to proceed.

While these procedures may seem excessive, they are part of a good security system and they are there for your protection.

Mar 282009

The BBC news online reports that there has been a big jump in online banking fraud in 2008 due to fraudsters using malicious software programs called “keylogging” programs that track what keystrokes you type on a computer. This is occuring not in internet cafes or on public computers, but on online banking customers’ home computers.

 How does this malicious software get on one’s computer? A spokeswoman for Apacs, the UK’s online payments association, explains that it happens when people click on unsolicited emails and open the attachments. These attachments may disguise themselves as harmless photos, songs, or news stories, while the malicious keylogger program secretly installs itself. The program then tracks the victim’s keystrokes in order to gather credit card numbers and online banking passwords, which are then secretly mailed back to the criminals behind the fraud.

“The industry continues to remind customers to ensure that they have their computer’s firewall switched on and anti-virus software up to date,” said the Apacs spokeswoman.

Total fraud losses on UK debit and credit cards rose by 14% to £609m. Most victims of card fraud in the UK are not liable, so their money is refunded. Anyone in the UK who is a victim of fraud is not liable, under terms outlined in the Banking Code. As long as they have not acted fraudulently or without “reasonable care”, they will be reimbursed if somebody uses their card, steals it, or clones it. The code says that if somebody uses a card before it is reported lost or stolen, or somebody knows a Pin, then the victim could have to pay the first £50 that is lost.

To quote the sergeant from the old American cop show Hill Street Blues: “Let’s be careful out there.” 

%d bloggers like this: