Doing my groceries and standing right behind someone, I had a sudden need to be observant. The thought was how when someone uses a debit card always needs to cover their PINs, and so it is the usual deal that you cup your hand and cover you fingers entering your PIN on the keypad. At … Read More
Doing my groceries and standing right behind someone, I had a sudden need to be observant. The thought was how when someone uses a debit card always needs to cover their PINs, and so it is the usual deal that you cup your hand and cover you fingers entering your PIN on the keypad. At the same time, the grocery clerk turn his/her back and either stares to the opposite side or in some cases I see the clerk that has a smartphone checks whether he/she received a new text message. Then, do you stop and question, how is it that you need to cover you PIN when the only way for someone to withdraw cash from your account knowing your PIN is if they actually have your physical card. At first I was very skeptical, because this is indeed a fact, however I did my research and I was surprised what I found. It turns out, there are several ways people can get your PIN and theoretically your card. In this post, I will be detailing some of the ways your debit card can be hijack and why is this even worse than a credit card hijack. Card Skimming There are several ways of skimming your card, generally it involves using a few different devices and the help of very corruptible and unethical people. What must be understood here is that debit cards have a black strip and that black strip (as floppy disks did) hold up information related to your account information. ATM Skimming This is perhaps, one of the most dangerous, but effective way to copy your card. The trick is that they sell a facelift and also an camouflaged mini camera. What is very interesting is when all the devices are set in place, the data can be transmitted wirelessly and the fraudster can be sitting on his car right outside the ATM. All of these mini devices are carefully installed at the ATM. In some cases where the ATM is in the middle of a crowed place (i.e. a bar) there is no need for camouflaged camera, all it takes is a corrupt employee who participates to get footage of the place and obtain your PIN code. Then, all they have to is match the video framing on the recorded surveillance camera with the logged time that the card was skimmed in the device to be able to use your card. After the skimming device records the information saved on the strip, the skimmer is now able to create a fake card that they can go an ATM and withdrawn money. These skimming devices sell for an average of $50 dollars and can be found easily through sites like eBay, Craigslist or Kijiji. Fake PIN pads This is probably a extreme case in which the fraudster actually replaces the pin pad on top of the debit card machine. This requires the participation of a dishonest employee ins say a mini mart. Then, again the video for the PIN can be retrieved by the fraudster if he/she has access to the store’s security camera. Skimming Devices This portion was referred above when placing this devices on the ATM machine. The difference here to mention is the modality. In some cases, we are talking about placing this skimming devices hidden front plain view, for example you walk in a mini mart and make a purchase, the clerk takes your card runs it through a machine under the counter and then runs it through the deal machine. The machine under the counter is the skimming device, then again, the footage of the security camera can be matched with the data skimmed from the skimming device. As you see here, there is a pattern, and it is actual employees in places where you make purchases. This modality is usually most common in restaurants for when the skimming devices can also record information saved in credit cards. I am sure you are familiar with the process, the waiter hands you the bill, you put your credit card in the bill wallet you place your card there and you wait until the waiter takes it to process it. Well, it is at that moment that the waiter, if he is dishonest, can take it to the back and skimmed through. RFID Scanners This is the newest in debit and credit card fraud. You may have noticed that you are not receiving new debit and credit cards in the mail. These card are not only “chipped” or they have a microchip (which contains much more personal and banking information as the single strip does), but also that it is now able to transmit information wirelessly. Banks explained that their intention is to make it easy for people to pay whenever there is a wireless receptor devices, where you simply approach the payment terminal. The terminal simply has the ability to capture the radio frequency of your card and “connect” to it wirelessly and download the information that will then be interpreted into a purchase. Several nightly tv news have addressed this as a concern, however new payment methods just continue to appear.
“Using just an off-the-shelf card reader he bought online for less than $100 and a Netbook computer, Augustinowicz explained, he could swipe credit card numbers, expiration dates, and in some cases, even people’s names.”
— From CBS News. Recently PayPal announced how they are deploying a new payment method that allows people to pay with their mobile phone’s app. In a similar manner, Starbucks also deployed their payment method through their mobile app. Who really knows what the latest security concerns these new payment methods will bring up. It was already bad enough when fraudsters would simply just shoulder skim your PIN and then simply take your purse or wallet. You may argue that we don’t suffer much of this specific problem since pick pocketing or assaults rarely happen, but I would argue back saying that the technological availability in our country bring forth more serious possibilities for fraudsters. I hope this post teaches something about debit card fraud. You should generally check your transitions often, even daily and monitor for suspicious activity. I use Mint for this, because then it pushes notifications to your smartphone whenever there is a charge of even a daily activity report to your e-mail. In the meantime, consider buying an RFID block wallet, I know I am.