Debit Card Skimming Incident

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills

Debit Card Skimming Incident

Postby TO » Fri Dec 21, 2012 5:53 pm

My wife was a victim of a debit card skimming incident a few days ago. When reviewing my checking account activity online this morning, I noticed 5 consecutive $100 withdrawals from yesterday at the same ATM location in a neighboring suburb that we do not frequently visit. I immediately called Chase to report the unauthorized activity (they were cooperative and helpful, for what it's worth), and provided them with information related to our last authorized purchase.

We only use our debit card as an ATM card and for Costco purchases, since Costco only accepts Amex credit cards. When my wife went to the local Chase branch to pick up a new card, she told them again about her recent activity. They mentioned that someone in the exact same situation had stopped by the branch yesterday, and that person had made a debit card purchase at Costco on the same day as my wife. Since this seemed like too much of a coincidence, I reported the incidents to the manager at the local Costco (he, too, was polite and cooperative once he realized I wasn't seeking any sort of compensation).

The manager indicated that Costco performs an inspection of each and every POS card reader every day of the week to check for skimming devices (at least at this location). This appears to be an indication that they have encountered similar incidents in the past. It also appears that debit card skimming remains a concern even if appropriate precautions are being taken by merchants (assuming he was being honest about their security procedures). This encounter has provided me with an unfortunate reminder of the dangers of using debit cards.

A couple of side notes... The teller at Chase indicated that the perpetrator had tried to use the card for another ATM withdrawal this morning (luckily after we had already cancelled the card). Irritating. Also, I discovered the illicit activity while refreshing my accounts on Mint.com. I am aware of the potential security concerns associated with Mint, but today was an example of how monitoring your accounts with a similar tool can be beneficial. YMMV.
TO
 
Posts: 81
Joined: 10 Oct 2008

Re: Debit Card Skimming Incident

Postby scubadiver » Fri Dec 21, 2012 7:09 pm

Thanks for sharing. These types of posts make great public service announcements.
User avatar
scubadiver
 
Posts: 738
Joined: 4 May 2008

Re: Debit Card Skimming Incident

Postby livesoft » Fri Dec 21, 2012 7:39 pm

Alas, there have been several ATM withdrawals from our checking account this past week, too.


Unfortunately, they are all legit. :shock:

But thanks for sharing as well. My colleague has all transactions texted to his smart phone in real-time, so he catches anything unusual in seconds. He spies on his spouse this way, too.
It's all about short-term opportunistic rebalancing due to a short-term change in one's asset allocation, uh, I mean opportunistic rebalancing, uh I mean rebalancing, uh I mean market timing.
livesoft
 
Posts: 30781
Joined: 1 Mar 2007

Re: Debit Card Skimming Incident

Postby prudent » Fri Dec 21, 2012 7:57 pm

Did Chase return the money to your account immediately?
User avatar
prudent
 
Posts: 997
Joined: 20 May 2011

Re: Debit Card Skimming Incident

Postby neurosphere » Fri Dec 21, 2012 8:06 pm

livesoft wrote:Alas, there have been several ATM withdrawals from our checking account this past week, too.


Unfortunately, they are all legit. :shock:


So funny! I sometimes joke with my wife as I am importing data into quicken. Me: "Honey! Our credit cards numbers must have been stolen! There are [$xxx.xx] in purchases on them just this week!!!" Wife: "Uh, yeah! Call the police!".

:D :D
I am not an actor, even though I play one on television.
User avatar
neurosphere
 
Posts: 1289
Joined: 17 Jan 2010
Location: NYC

Re: Debit Card Skimming Incident

Postby Watty » Fri Dec 21, 2012 9:24 pm

scubadiver wrote:Thanks for sharing. These types of posts make great public service announcements.


To avoid debit cards, this should be a wake up call to cancel it and just go with credit cards and an ATM card.
User avatar
Watty
 
Posts: 4161
Joined: 10 Oct 2007

Re: Debit Card Skimming Incident

Postby TO » Fri Dec 21, 2012 11:10 pm

prudent wrote:Did Chase return the money to your account immediately?


Chase indicated that the missing funds would be posted to my account within 24 hours. They asked a series of questions before agreeing to this, but I think the fact pattern was such an obvious case of skimming that they did not seem overly skeptical.
TO
 
Posts: 81
Joined: 10 Oct 2008

Re: Debit Card Skimming Incident

Postby Frugal Al » Sat Dec 22, 2012 9:16 am

Watty wrote:...avoid debit cards, this should be a wake up call to cancel it and just go with credit cards and an ATM card.

I couldn't agree more. Some banks really make it hard just to have and ATM card without a debit feature.
User avatar
Frugal Al
 
Posts: 1246
Joined: 28 May 2010

Re: Debit Card Skimming Incident

Postby sscritic » Sat Dec 22, 2012 9:34 am

Frugal Al wrote:
Watty wrote:...avoid debit cards, this should be a wake up call to cancel it and just go with credit cards and an ATM card.

I couldn't agree more. Some banks really make it hard just to have and ATM card without a debit feature.

I have an ATM/debit card but I never use it as a debit card. If I never swipe, how can I be skimmed? I guess they could install the skimmer in the ATM built into the bank's wall, but that ATM is an "eat it and spit it" out ATM; the skimmer would have to be inserted into the ATM in the slot that is only big enough for a card to fit. Plus it would have to have an independent sucking device as the skimmer would be covering the ATM's built in sucker.

On the list of things I am worried about, a skimmer inserted into the card slot of the ATM in the wall of my bank is about as far down on the list as you can get (along with about another million things, like the earth ending on 12/21).
sscritic
 
Posts: 19583
Joined: 6 Sep 2007

Re: Debit Card Skimming Incident

Postby CABob » Sat Dec 22, 2012 2:14 pm

We only use our debit card as an ATM card and for Costco purchases, since Costco only accepts Amex credit cards.

Are you thinking the event happened at one of the reader devices located at Costco checkout or at an ATM located at Costco?
I would think the former is unlikely and I don't recall seeing an ATM at a Costco, but, then I haven't looked for one.
Bob | An investment in knowledge pays the best interest. -- Benjamin Franklin
User avatar
CABob
 
Posts: 2794
Joined: 25 Feb 2007
Location: Southern California

Re: Debit Card Skimming Incident

Postby dm200 » Sat Dec 22, 2012 3:42 pm

Frugal Al wrote:
Watty wrote:...avoid debit cards, this should be a wake up call to cancel it and just go with credit cards and an ATM card.

I couldn't agree more. Some banks really make it hard just to have and ATM card without a debit feature.


For some reason, I believe most banks and credit unions have eliminated the ATM-only cards. They all tend to be both. :(
User avatar
dm200
 
Posts: 6355
Joined: 26 Feb 2007
Location: Washington DC area

Re: Debit Card Skimming Incident

Postby prudent » Sat Dec 22, 2012 3:44 pm

I have been successful in getting "ATM-only" cards from a bank and a credit union. When the card expires they send a debit card as a replacement and I have to call and ask again for the ATM-only version.
User avatar
prudent
 
Posts: 997
Joined: 20 May 2011

Re: Debit Card Skimming Incident

Postby dm200 » Sat Dec 22, 2012 3:46 pm

CABob wrote:
We only use our debit card as an ATM card and for Costco purchases, since Costco only accepts Amex credit cards.

Are you thinking the event happened at one of the reader devices located at Costco checkout or at an ATM located at Costco?
I would think the former is unlikely and I don't recall seeing an ATM at a Costco, but, then I haven't looked for one.


My guess is that a COSTCO employee, who handled your card, used a palm-held skimmer to grap the information. Many of these devices, when used by a "talented" operator, are ot at all apparent to the card holder. Most often, they are used by folks like waiters, but maybe COSTCO is employing them now.

There is probably some sort of video/camera images of the person(s) who withdrew the $100. Seems odd that they would just get $100? Why not more?
User avatar
dm200
 
Posts: 6355
Joined: 26 Feb 2007
Location: Washington DC area

Re: Debit Card Skimming Incident

Postby dm200 » Sat Dec 22, 2012 3:48 pm

neurosphere wrote:
livesoft wrote:Alas, there have been several ATM withdrawals from our checking account this past week, too.


Unfortunately, they are all legit. :shock:


So funny! I sometimes joke with my wife as I am importing data into quicken. Me: "Honey! Our credit cards numbers must have been stolen! There are [$xxx.xx] in purchases on them just this week!!!" Wife: "Uh, yeah! Call the police!".

:D :D


My wife was a victim of identity theft on a credit card. Actually, it turned out just fine - the thief spent less than she does. :oops: :happy :oops: :happy
User avatar
dm200
 
Posts: 6355
Joined: 26 Feb 2007
Location: Washington DC area

Re: Debit Card Skimming Incident

Postby sscritic » Sat Dec 22, 2012 3:50 pm

prudent wrote:I have been successful in getting "ATM-only" cards from a bank and a credit union. When the card expires they send a debit card as a replacement and I have to call and ask again for the ATM-only version.

I don't understand the advantage of the debit-less card if you never use the ATM/debit card as a debit card. If I should be afraid of having an ATM/debit card in my pocket or in my desk drawer (where most of them are), I would like to know.
sscritic
 
Posts: 19583
Joined: 6 Sep 2007

Re: Debit Card Skimming Incident

Postby dm200 » Sat Dec 22, 2012 8:25 pm

sscritic wrote:
prudent wrote:I have been successful in getting "ATM-only" cards from a bank and a credit union. When the card expires they send a debit card as a replacement and I have to call and ask again for the ATM-only version.

I don't understand the advantage of the debit-less card if you never use the ATM/debit card as a debit card. If I should be afraid of having an ATM/debit card in my pocket or in my desk drawer (where most of them are), I would like to know.


If you only use the card for ATM transactions, but it has the debit capability -- and you lose it, the person who picks it up can, generally quite easily, use it (even without the PIN) to buy things. "Credit" transactions with a "debit" card do not require the PIN. Recently, many machines want the ZIP code, but otherwise , security is minimal. The PIN would be needed for ATM withdrawals.
User avatar
dm200
 
Posts: 6355
Joined: 26 Feb 2007
Location: Washington DC area

Re: Debit Card Skimming Incident

Postby Mudpuppy » Sat Dec 22, 2012 9:17 pm

CABob wrote:
We only use our debit card as an ATM card and for Costco purchases, since Costco only accepts Amex credit cards.

Are you thinking the event happened at one of the reader devices located at Costco checkout or at an ATM located at Costco?
I would think the former is unlikely and I don't recall seeing an ATM at a Costco, but, then I haven't looked for one.

There have been documented cases of skimmers located at other retailers' checkout lines. Barnes and Noble released a press release about such an incident a couple of months ago (http://www.barnesandnobleinc.com/press_releases/10_23_12_Important_Customer_Notice.html). Over 60 of the PIN devices at their registers had been compromised at stores nationwide. There are professional thieves who specialize in making and selling skimmers to replace the PIN pad devices at point-of-sale locations (http://krebsonsecurity.com/all-about-skimmers/ details several of such attacks, along with traditional ATM skimmer attacks). So what makes one think that Costco is immune to such an attack?
Mudpuppy
 
Posts: 2391
Joined: 27 Aug 2011
Location: Sunny California

Re: Debit Card Skimming Incident

Postby fareastwarriors » Sat Dec 22, 2012 10:46 pm

Thanks for sharing. Never had an incident yet. But it is good to be aware of these kind of situations.
The only withdrawals are from me. =(
fareastwarriors
 
Posts: 512
Joined: 14 Feb 2012

Re: Debit Card Skimming Incident

Postby mhalley » Sat Dec 22, 2012 11:57 pm

My bank wanted to give me the "fake visa" debit card, but after specifically requesting an ATM card only, they gave that to me. So, if you really want only an atm card, ask your bank if they have that option.
Mike
mhalley
 
Posts: 784
Joined: 20 Nov 2007

Re: Debit Card Skimming Incident

Postby pascalwager » Sun Dec 23, 2012 2:07 am

Earlier this year skimmers were installed in the Lucky Supermarket self-checkout machines in many stores around the SF Bay area. Some people lost a few hundred to a thousand dollars.
pascalwager
 
Posts: 337
Joined: 31 Oct 2011

Re: Debit Card Skimming Incident

Postby Default User BR » Sun Dec 23, 2012 11:47 am

prudent wrote:I have been successful in getting "ATM-only" cards from a bank and a credit union. When the card expires they send a debit card as a replacement and I have to call and ask again for the ATM-only version.

In the past, USBank would also restrict the existing card to ATM-only until the replacement arrived.


Brian
Default User BR
 
Posts: 7503
Joined: 17 Dec 2007

Re: Debit Card Skimming Incident

Postby tfb » Wed Dec 26, 2012 3:25 am

TO wrote:My wife was a victim of a debit card skimming incident a few days ago. When reviewing my checking account activity online this morning, I noticed 5 consecutive $100 withdrawals from yesterday at the same ATM location in a neighboring suburb that we do not frequently visit.

I wouldn't be so fast to blame Costco for this incidence. Fraudulent ATM withdrawals require stealing your PIN as well. It's a lot harder to steal your PIN at Costco versus an unattended ATM machine. Stealing the pin usually requires a camera that records your entries. It's not easy to mount the camera at Costco.
Harry Sit, taking a break from the forums.
User avatar
tfb
 
Posts: 6622
Joined: 19 Feb 2007

Re: Debit Card Skimming Incident

Postby Mudpuppy » Wed Dec 26, 2012 4:30 am

tfb wrote:
TO wrote:My wife was a victim of a debit card skimming incident a few days ago. When reviewing my checking account activity online this morning, I noticed 5 consecutive $100 withdrawals from yesterday at the same ATM location in a neighboring suburb that we do not frequently visit.

I wouldn't be so fast to blame Costco for this incidence. Fraudulent ATM withdrawals require stealing your PIN as well. It's a lot harder to steal your PIN at Costco versus an unattended ATM machine. Stealing the pin usually requires a camera that records your entries. It's not easy to mount the camera at Costco.

Skimming has long since evolved beyond putting a skimmer and camera on an ATM like it was originally. If they replace the entire card swipe and PIN entry pad device with a counterfeit device, no camera would be needed to record the PIN. This is a very common attack now, even at manned and video-recorded registers. They can swap PIN pads for counterfeit devices at manned registers by employing the classic technique of distraction and rarely is someone watching the video feed in real time to catch them red-handed. Such counterfeit devices have existed in-the-wild (e.g. actively being used for swiping incidents) for at least half a decade. The Barnes and Nobles incident this year was only the latest in a long string of such attacks.

That the Costco manager in question inspects his machines daily means they are on the alert for such attacks, but visual inspection alone is not good enough for some of the counterfeit devices. There is a very sophisticated black market in these devices, particularly to make devices that are visually identical to the legitimate devices. It's a difficult problem for merchants to guard against, because, short of gluing all their PIN pad devices to the checkout lane furniture (and then what if someone in a wheelchair can't reach it?), it's nearly impossible to prevent and hard to detect.

Edit: I suppose they could mount the PIN pad to one of the alarm units that sends an auditory alert when the pad is moved too far away from the base (normally used to secure demo units in the electronics section). But then the clerks would need a way to temporarily disable the auditory alarm for the customers who need the PIN pad moved for normal transactions or it would get annoying very quickly.
Mudpuppy
 
Posts: 2391
Joined: 27 Aug 2011
Location: Sunny California


Return to Personal Finance (Not Investing)

Who is online

Users browsing this forum: clubby, freddie, Grateful1, mhalley, munemaker, random1, tj and 72 guests