Some cretin recently cloned our debit card, in reflection of rising UK and international rates of card fraud despite technological countermeasures like "chip and pin".
Of course it makes us angry, and think of doing all sorts of unsavoury things to the perpetrators if we could confront the cowardly faecoliths. But the good news is we will get a 100% refund from the bank because they acknowledge we were victims of a security lapse; our credit rating is unaffected; and new cards were issued promptly with new numbers.
Of course we wanted to know if there was anything we could to reduce the risk of this happening again. We asked the bank if it was safer to use the ATM inside the branch rather than the hole-in-the-wall outside. They said probably so, since it would be harder to attach a device to the machine inside without being noticed. But we would be better still to make over-the-counter cash withdrawals and avoid using ATMs altogether, they said. That's reassuring—not.
ATM without (top)/ with (below) "skimmer" attached (© APACS)
There are still lots of people out there that won't go near online commerce, because they perceive it to be unsafe. I'd always thought someone was more likely to double-swipe or copy my card out the back of a restaurant than commit fraud online, but actually the risk is around 1:2. Figures from 2007 for UK-issued cards show that phone, Internet and mail order fraud (card-not-present fraud) amounted to £290.5 million, while counterfeit (skimmed/ cloned) card fraud totalled just under half this at £144.3 million. Since we've now been a victim of each type, statistically we can expect the next attack on our finances to come from Internet shopping.
www.shopsafeonline.org.uk has advice on reducing the risk of fraud when purchasing online.
We also thought "chip and pin" was supposed to make fraud more difficult for for your friendly neighbourhood scumbag. The problem is it likely won't be a local trying to do you out of your hard-won earnings. The APACS PR (12.03.08) says:
Counterfeit fraud losses have increased by 46 percent [on 2006 figures] but the vast majority of this fraud is due to criminals stealing card details in the UK to make counterfeit magnetic stripe cards for use in countries yet to upgrade to chip and PIN. The UK banking industry continues to encourage other countries around the world to upgrade to chip and PIN. This type of fraud will also become more difficult when the European banking industry meets its target to complete its chip card rollout by 2010.
This is exactly what happened to us. A device was attached to the hole-in-the-wall ATM outside our local bank (I phoned them and they confirmed its discovery), and our card was one of presumably many that was copied. When the scumbags finished their hole-a-day they returned to Milan where they knowledgeably used the card to draw out an amount close to the daily maximum, twice, before we discovered the theft and cancelled the card. Internet banking was our timely saviour, although that's not entirely safe but more so than shopping (£22.6 million in fraudulent transactions on UK accounts in 2007).
www.banksafeonline.org.uk has advice about preventing all types of online banking fraud.
The annoying irony is that when we try to use our original cards in person abroad, the transaction is sometimes refused by our bank on the basis of being "outside normal usage patterns". Even when we returned to the UK after a year abroad, the bank considered use of our UK card to pay my vehicle service in Sheffield suspicious, yet permitted its use in China, New Zealand, and Australia. It's hard to feel full-on annoyance, however, since such inconveniences are preferable to a relaxed attitude that leads to a more frequent change in cards!
P.S. No, I won't be avoiding ATMs or Internet shopping. If I do shun such conveniences then the crims win (like living in a gated community or not having a nice car to drive for fear of vandalism), and that's worse than the inconvenience of sorting out the occasional theft.
del.icio.us,
Digg,
StumbleUpon
Translate this page: DE | ES | FR
Follow tag feeds: Rant, security, shopping.
Buy for yourself on Amazon.com or Amazon.co.uk, leave a "tip"
Oh man, that sucks, Bruce! Good that you got your money back though.
Hey Rob, good to see you checking in again ;-)
It was little more than an annoyance, but ultimately someone's paying for all that fraud. I guess this post isn't so much a rant as a "public service announcement". I figured that by posting images of a skimmer (don't know if the device that got us was similar), the appalling statistics and those links to the "things you can do" sites I'd be doing my bit to raise public awareness.
Glad you noticed it so quick and got it sorted out in relative short order.
Fortunately we rarely use ATMs, maybe once a year, and I'm aware of the scanner method ... but of course due to the fact that I use an ATM once a year I might easily miss the add-on.
Credit cards are an enormous business here so we just use a mix of credit cards (not everyone accepts all kinds and not all of them come with perks, protection, etc) as if they were debit cards.
Chip cards? What are those? Just kidding. I know about them, but in the US I haven't seen one yet.
Newer credit cards coming out have RFID so you only have to wave at the machine. This would help prevent cashier fraud and theft of the card (which we had once 5 years ago, clerk never gave the card back and during packing we forgot) The problem is that studies have shown that RFID is unsafe and your card can be copied over the air without swiping it. One of our credit card companies that is rolling out RFID credit cards denied safety issues when I wrote them about that study. If they force RFID upon us, I will just take my business elsewhere.
One simple measure credit card companies don't allow you to use here is to place your personal photo on the card. Credit card transactions are checked for signature, but a thief can't look like you. This would have helped with C's credit card theft, because the female thief was a teen and of color. The first merchant could have kept the card back based on the photo. Fortunately for us, the CC company did have an automated fraud alert system in place; and when three or four purchases were made in stores we had never shopped at, the merchant was prompted to and the card was held back. It took a few months to sort the charges out. All in all we were lucky.
Identity fraud is pretty big in the US, probably more so than ATM fraud, and we've taken some steps to reduce the chance of it happening. Shortly we will be placing account locks on our social security numbers. With that in place no new accounts or cards can be created, which is what the thieves are after.
Just like their colleagues in grime, the spammers, any new countermeasure will be defeated by the fraudsters in time. Biometrics is the new buzz here (or if you're trying to get into the US I gather), but I think I'd rather the crims steal my credit card than my finger tip or eyeball.
I agree with you that digital crime is a lot easier, safer and less gruesome. And for every barrier you put up there will be some way around it. I could see grabbing a finger happen in some very very isolated cases, but there are supposedly some ways to defeat that system that are a lot easier.
We don't hear much about biometrics here. Only very little regarding passports & immigration. INS has my details since I applied to move here. I haven't flown international since fingerprint scanning and face - photo comparison is now part of entering and leaving the US for international travelers.
With all the security stuff that goes on we don't like to fly any more. Flying used to be fun, show up at the airport with 30 minutes before take off. Hop aboard. Now it is a real hassle. Can't park here, have to arrive 2-3 hours early, multiple checkpoints, can't take this, that, nor these things, ... shoes off, show us your laptop, show us your camera, pat down, swab your electronics & bag ...
Fortunately recently it hasn't been happening any more every trip; but I could swear I am on some profile list. There is no random in this happening half the time I set foot in an airport. If that were random I would be already be a multi-millionaire playing the lotto. Maybe I fit some international hacker profile with enormous wealth due to illegal and shady activities? WINK. While it is just the opposite. I couldn't be more average if I wanted to be, I think.
Several times I have been 'split off' from C to go to a max security line, while they let people they should be checking out walk through. Some of the things I have experienced and seen at TSA checkpoints is not the way they should go about it. And, let's not forget about maximum security applied to all law abiding passengers trying to get on the plane vs the open gates and minimal tot non-existent security for cargo, employee entrances, ... Anyway. There's a lot of controversy about security when it comes to airports, official buildings, etc.
{OT}
Bruce, I see that you and I are both suffering from alpha layer PNG death in our gravatars. After Gravatar switched from Rails to PHP, the PNG's were dropped. :(
Yeah, but the comments on that post are arguing to bring PNG/ transparency back Rob. If they don't reverse this soon I'll be ditching Gravatar (again). The effect was delayed on this site because of Gravatar caching.