Wednesday, August 2, 2017

Don't use your debit card anywhere except your bank's ATM

I've liked to use my debit card - it's like cash, only without the bother of carrying around cash.  It turns out that this is getting dangerous - "Skimmers" are devices that thieves add to point of sale cash registers and to ATMs that record the Debit card account number and PIN.  The thieves then use this to clone ATM cards and drain bank accounts.

Skimmers are getting quite sophisticated and can send data via cell phone text message (i.e. to thieves anywhere in the world).

Brian Krebs has a hair raising post about how these work and you should definitely read the whole thing.  Gas pumps in particular are being targeted, but this could be done anywhere.

Your credit card company will cover you if the Bad Guys swipe your card number.  Your bank will probably cover you, but it might take a while and you'd go through a whole lot of hurt until they did.  Use your credit card for purchased, and treat your debit card like an ATM card (and only use it at your bank, which will have much better security for the ATMs than other businesses will).

9 comments:

scoobyintexas said...

My credit union bitched and moaned when I asked for a new ATM card, instead of replacing the worn out old one with a new debit card. After a bit of foot-dragging, they finally gave me what I wanted. I will never have a debit card unless it is from an isolated account that I transfer money into for specific purchases.

Jeffrey Smith said...

If you use one particular brand of gas, buy gift cards from that brand at the grocery, as part of your regular purchase. Rewards points on your credit card plus no need to use it at a gas pump totally exposed to skimmers. (It helps if your grocery had a program like mine, which results effectively in me paying $40 for a $50 gift card.)

Lawrence Person said...

Has anyone created a skimmer that will hack/bypass/unlock chip verification or are those typoes of cards still safe from skimmers?

Murphy(AZ) said...

Trust a chip card at your own risk! Too much info is on that chip and it's not as secure as the issuers would have you believe. Having worked in the retail fuel industry, I note that, after the change to chip cards and the skyrocketing increase in skimmers being found on fuel pumps especially at 24-hr "pay-at-the-pump" stations that were unattended overnight, the best corporate security could suggest was to use your card to pay inside at the attended kiosk, as there was less likelihood that someone could compromise that card reader.

Previous posts here are correct: use cash or gift cards.

Patrick Monahan said...

Previous posts here are not correct. You are Visa or MasterCard debit card has exactly the same fraud protection, line for line, has your Visa or MasterCard credit card has. They will reverse the charges and put your money back in your account so that you can continue to use your card once there has been a fraud notification. It may take a day or two to get everything straightened out, but all of your money will be returned to your account. It has happened to me.
FormerFlyer

Borepatch said...

Lawrence, I believe that Murphy is right. I haven't heard of successful chip attacks, but that is very likely because the stripe security is so poor and easy to crack. As we see more chip cards we can expect to see successful attacks.

Jonathan H said...

From what I have read, there are (so far) only a few types of "skimmers" in use and it isn't hard to know what to look for.
Note that skimmers have also been used on bank ATMs, so they are not immune to attack.

scoobyintexas said...

@patrick- Does Visa/MC reimburse for NSF and late fees when a scammer drains a checking account right before the mortgage and 5 other bills all attempt to draw from it? I would expect that they reimburse the directly fraudulent charges, doubt they will indemnify against all the second order effects of fraud. Debit cards present an unnecessary risk, IMO.

Patrick Monahan said...

In my personal example, yes, they did reverse the NSF check fees. Also, at my two banks (both nationwide banks) you can set your account so that they will not cash a NSF check, thereby further increasing security and removing a source of egregious fees that Banks like to charge for this "service."
FormerFlyer