Debit Card Skimming Incident

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills

Debit Card Skimming Incident

Postby TO » Fri Dec 21, 2012 5:53 pm

My wife was a victim of a debit card skimming incident a few days ago. When reviewing my checking account activity online this morning, I noticed 5 consecutive $100 withdrawals from yesterday at the same ATM location in a neighboring suburb that we do not frequently visit. I immediately called Chase to report the unauthorized activity (they were cooperative and helpful, for what it's worth), and provided them with information related to our last authorized purchase.

We only use our debit card as an ATM card and for Costco purchases, since Costco only accepts Amex credit cards. When my wife went to the local Chase branch to pick up a new card, she told them again about her recent activity. They mentioned that someone in the exact same situation had stopped by the branch yesterday, and that person had made a debit card purchase at Costco on the same day as my wife. Since this seemed like too much of a coincidence, I reported the incidents to the manager at the local Costco (he, too, was polite and cooperative once he realized I wasn't seeking any sort of compensation).

The manager indicated that Costco performs an inspection of each and every POS card reader every day of the week to check for skimming devices (at least at this location). This appears to be an indication that they have encountered similar incidents in the past. It also appears that debit card skimming remains a concern even if appropriate precautions are being taken by merchants (assuming he was being honest about their security procedures). This encounter has provided me with an unfortunate reminder of the dangers of using debit cards.

A couple of side notes... The teller at Chase indicated that the perpetrator had tried to use the card for another ATM withdrawal this morning (luckily after we had already cancelled the card). Irritating. Also, I discovered the illicit activity while refreshing my accounts on Mint.com. I am aware of the potential security concerns associated with Mint, but today was an example of how monitoring your accounts with a similar tool can be beneficial. YMMV.
TO
 
Posts: 88
Joined: Fri Oct 10, 2008 2:48 pm

Re: Debit Card Skimming Incident

Postby scubadiver » Fri Dec 21, 2012 7:09 pm

Thanks for sharing. These types of posts make great public service announcements.
User avatar
scubadiver
 
Posts: 740
Joined: Sun May 04, 2008 10:48 pm

Re: Debit Card Skimming Incident

Postby livesoft » Fri Dec 21, 2012 7:39 pm

Alas, there have been several ATM withdrawals from our checking account this past week, too.


Unfortunately, they are all legit. :shock:

But thanks for sharing as well. My colleague has all transactions texted to his smart phone in real-time, so he catches anything unusual in seconds. He spies on his spouse this way, too.
It's all about short-term opportunistic rebalancing due to a short-term change in one's asset allocation, uh, I mean opportunistic rebalancing, uh I mean rebalancing, uh I mean market timing.
livesoft
 
Posts: 34293
Joined: Thu Mar 01, 2007 9:00 pm

Re: Debit Card Skimming Incident

Postby prudent » Fri Dec 21, 2012 7:57 pm

Did Chase return the money to your account immediately?
User avatar
prudent
 
Posts: 1250
Joined: Fri May 20, 2011 3:50 pm

Re: Debit Card Skimming Incident

Postby neurosphere » Fri Dec 21, 2012 8:06 pm

livesoft wrote:Alas, there have been several ATM withdrawals from our checking account this past week, too.


Unfortunately, they are all legit. :shock:


So funny! I sometimes joke with my wife as I am importing data into quicken. Me: "Honey! Our credit cards numbers must have been stolen! There are [$xxx.xx] in purchases on them just this week!!!" Wife: "Uh, yeah! Call the police!".

:D :D
Saving for retirement doesn't have to mean wearing rags and eating apples which fall from the neighbor's trees.
User avatar
neurosphere
 
Posts: 1400
Joined: Sun Jan 17, 2010 2:55 pm
Location: NYC

Re: Debit Card Skimming Incident

Postby Watty » Fri Dec 21, 2012 9:24 pm

scubadiver wrote:Thanks for sharing. These types of posts make great public service announcements.


To avoid debit cards, this should be a wake up call to cancel it and just go with credit cards and an ATM card.
User avatar
Watty
 
Posts: 4723
Joined: Wed Oct 10, 2007 4:55 pm

Re: Debit Card Skimming Incident

Postby TO » Fri Dec 21, 2012 11:10 pm

prudent wrote:Did Chase return the money to your account immediately?


Chase indicated that the missing funds would be posted to my account within 24 hours. They asked a series of questions before agreeing to this, but I think the fact pattern was such an obvious case of skimming that they did not seem overly skeptical.
TO
 
Posts: 88
Joined: Fri Oct 10, 2008 2:48 pm

Re: Debit Card Skimming Incident

Postby Frugal Al » Sat Dec 22, 2012 9:16 am

Watty wrote:...avoid debit cards, this should be a wake up call to cancel it and just go with credit cards and an ATM card.

I couldn't agree more. Some banks really make it hard just to have and ATM card without a debit feature.
User avatar
Frugal Al
 
Posts: 1438
Joined: Fri May 28, 2010 11:09 am

Re: Debit Card Skimming Incident

Postby sscritic » Sat Dec 22, 2012 9:34 am

Frugal Al wrote:
Watty wrote:...avoid debit cards, this should be a wake up call to cancel it and just go with credit cards and an ATM card.

I couldn't agree more. Some banks really make it hard just to have and ATM card without a debit feature.

I have an ATM/debit card but I never use it as a debit card. If I never swipe, how can I be skimmed? I guess they could install the skimmer in the ATM built into the bank's wall, but that ATM is an "eat it and spit it" out ATM; the skimmer would have to be inserted into the ATM in the slot that is only big enough for a card to fit. Plus it would have to have an independent sucking device as the skimmer would be covering the ATM's built in sucker.

On the list of things I am worried about, a skimmer inserted into the card slot of the ATM in the wall of my bank is about as far down on the list as you can get (along with about another million things, like the earth ending on 12/21).
sscritic
 
Posts: 21858
Joined: Thu Sep 06, 2007 9:36 am

Re: Debit Card Skimming Incident

Postby CABob » Sat Dec 22, 2012 2:14 pm

We only use our debit card as an ATM card and for Costco purchases, since Costco only accepts Amex credit cards.

Are you thinking the event happened at one of the reader devices located at Costco checkout or at an ATM located at Costco?
I would think the former is unlikely and I don't recall seeing an ATM at a Costco, but, then I haven't looked for one.
Bob | An investment in knowledge pays the best interest. -- Benjamin Franklin
User avatar
CABob
 
Posts: 3041
Joined: Sun Feb 25, 2007 9:55 pm
Location: Southern California

Re: Debit Card Skimming Incident

Postby dm200 » Sat Dec 22, 2012 3:42 pm

Frugal Al wrote:
Watty wrote:...avoid debit cards, this should be a wake up call to cancel it and just go with credit cards and an ATM card.

I couldn't agree more. Some banks really make it hard just to have and ATM card without a debit feature.


For some reason, I believe most banks and credit unions have eliminated the ATM-only cards. They all tend to be both. :(
User avatar
dm200
 
Posts: 6812
Joined: Mon Feb 26, 2007 3:21 pm
Location: Washington DC area

Re: Debit Card Skimming Incident

Postby prudent » Sat Dec 22, 2012 3:44 pm

I have been successful in getting "ATM-only" cards from a bank and a credit union. When the card expires they send a debit card as a replacement and I have to call and ask again for the ATM-only version.
User avatar
prudent
 
Posts: 1250
Joined: Fri May 20, 2011 3:50 pm

Re: Debit Card Skimming Incident

Postby dm200 » Sat Dec 22, 2012 3:46 pm

CABob wrote:
We only use our debit card as an ATM card and for Costco purchases, since Costco only accepts Amex credit cards.

Are you thinking the event happened at one of the reader devices located at Costco checkout or at an ATM located at Costco?
I would think the former is unlikely and I don't recall seeing an ATM at a Costco, but, then I haven't looked for one.


My guess is that a COSTCO employee, who handled your card, used a palm-held skimmer to grap the information. Many of these devices, when used by a "talented" operator, are ot at all apparent to the card holder. Most often, they are used by folks like waiters, but maybe COSTCO is employing them now.

There is probably some sort of video/camera images of the person(s) who withdrew the $100. Seems odd that they would just get $100? Why not more?
User avatar
dm200
 
Posts: 6812
Joined: Mon Feb 26, 2007 3:21 pm
Location: Washington DC area

Re: Debit Card Skimming Incident

Postby dm200 » Sat Dec 22, 2012 3:48 pm

neurosphere wrote:
livesoft wrote:Alas, there have been several ATM withdrawals from our checking account this past week, too.


Unfortunately, they are all legit. :shock:


So funny! I sometimes joke with my wife as I am importing data into quicken. Me: "Honey! Our credit cards numbers must have been stolen! There are [$xxx.xx] in purchases on them just this week!!!" Wife: "Uh, yeah! Call the police!".

:D :D


My wife was a victim of identity theft on a credit card. Actually, it turned out just fine - the thief spent less than she does. :oops: :happy :oops: :happy
User avatar
dm200
 
Posts: 6812
Joined: Mon Feb 26, 2007 3:21 pm
Location: Washington DC area

Re: Debit Card Skimming Incident

Postby sscritic » Sat Dec 22, 2012 3:50 pm

prudent wrote:I have been successful in getting "ATM-only" cards from a bank and a credit union. When the card expires they send a debit card as a replacement and I have to call and ask again for the ATM-only version.

I don't understand the advantage of the debit-less card if you never use the ATM/debit card as a debit card. If I should be afraid of having an ATM/debit card in my pocket or in my desk drawer (where most of them are), I would like to know.
sscritic
 
Posts: 21858
Joined: Thu Sep 06, 2007 9:36 am

Re: Debit Card Skimming Incident

Postby dm200 » Sat Dec 22, 2012 8:25 pm

sscritic wrote:
prudent wrote:I have been successful in getting "ATM-only" cards from a bank and a credit union. When the card expires they send a debit card as a replacement and I have to call and ask again for the ATM-only version.

I don't understand the advantage of the debit-less card if you never use the ATM/debit card as a debit card. If I should be afraid of having an ATM/debit card in my pocket or in my desk drawer (where most of them are), I would like to know.


If you only use the card for ATM transactions, but it has the debit capability -- and you lose it, the person who picks it up can, generally quite easily, use it (even without the PIN) to buy things. "Credit" transactions with a "debit" card do not require the PIN. Recently, many machines want the ZIP code, but otherwise , security is minimal. The PIN would be needed for ATM withdrawals.
User avatar
dm200
 
Posts: 6812
Joined: Mon Feb 26, 2007 3:21 pm
Location: Washington DC area

Re: Debit Card Skimming Incident

Postby Mudpuppy » Sat Dec 22, 2012 9:17 pm

CABob wrote:
We only use our debit card as an ATM card and for Costco purchases, since Costco only accepts Amex credit cards.

Are you thinking the event happened at one of the reader devices located at Costco checkout or at an ATM located at Costco?
I would think the former is unlikely and I don't recall seeing an ATM at a Costco, but, then I haven't looked for one.

There have been documented cases of skimmers located at other retailers' checkout lines. Barnes and Noble released a press release about such an incident a couple of months ago (http://www.barnesandnobleinc.com/press_releases/10_23_12_Important_Customer_Notice.html). Over 60 of the PIN devices at their registers had been compromised at stores nationwide. There are professional thieves who specialize in making and selling skimmers to replace the PIN pad devices at point-of-sale locations (http://krebsonsecurity.com/all-about-skimmers/ details several of such attacks, along with traditional ATM skimmer attacks). So what makes one think that Costco is immune to such an attack?
Mudpuppy
 
Posts: 2710
Joined: Sat Aug 27, 2011 3:26 am
Location: Sunny California

Re: Debit Card Skimming Incident

Postby fareastwarriors » Sat Dec 22, 2012 10:46 pm

Thanks for sharing. Never had an incident yet. But it is good to be aware of these kind of situations.
The only withdrawals are from me. =(
fareastwarriors
 
Posts: 619
Joined: Tue Feb 14, 2012 1:31 pm

Re: Debit Card Skimming Incident

Postby mhalley » Sat Dec 22, 2012 11:57 pm

My bank wanted to give me the "fake visa" debit card, but after specifically requesting an ATM card only, they gave that to me. So, if you really want only an atm card, ask your bank if they have that option.
Mike
mhalley
 
Posts: 1090
Joined: Tue Nov 20, 2007 7:02 am

Re: Debit Card Skimming Incident

Postby pascalwager » Sun Dec 23, 2012 2:07 am

Earlier this year skimmers were installed in the Lucky Supermarket self-checkout machines in many stores around the SF Bay area. Some people lost a few hundred to a thousand dollars.
pascalwager
 
Posts: 436
Joined: Mon Oct 31, 2011 9:36 pm

Re: Debit Card Skimming Incident

Postby Default User BR » Sun Dec 23, 2012 11:47 am

prudent wrote:I have been successful in getting "ATM-only" cards from a bank and a credit union. When the card expires they send a debit card as a replacement and I have to call and ask again for the ATM-only version.

In the past, USBank would also restrict the existing card to ATM-only until the replacement arrived.


Brian
Default User BR
 
Posts: 7501
Joined: Mon Dec 17, 2007 8:32 pm

Re: Debit Card Skimming Incident

Postby tfb » Wed Dec 26, 2012 3:25 am

TO wrote:My wife was a victim of a debit card skimming incident a few days ago. When reviewing my checking account activity online this morning, I noticed 5 consecutive $100 withdrawals from yesterday at the same ATM location in a neighboring suburb that we do not frequently visit.

I wouldn't be so fast to blame Costco for this incidence. Fraudulent ATM withdrawals require stealing your PIN as well. It's a lot harder to steal your PIN at Costco versus an unattended ATM machine. Stealing the pin usually requires a camera that records your entries. It's not easy to mount the camera at Costco.
Harry Sit, taking a break from the forums.
User avatar
tfb
 
Posts: 6691
Joined: Mon Feb 19, 2007 6:46 pm

Re: Debit Card Skimming Incident

Postby Mudpuppy » Wed Dec 26, 2012 4:30 am

tfb wrote:
TO wrote:My wife was a victim of a debit card skimming incident a few days ago. When reviewing my checking account activity online this morning, I noticed 5 consecutive $100 withdrawals from yesterday at the same ATM location in a neighboring suburb that we do not frequently visit.

I wouldn't be so fast to blame Costco for this incidence. Fraudulent ATM withdrawals require stealing your PIN as well. It's a lot harder to steal your PIN at Costco versus an unattended ATM machine. Stealing the pin usually requires a camera that records your entries. It's not easy to mount the camera at Costco.

Skimming has long since evolved beyond putting a skimmer and camera on an ATM like it was originally. If they replace the entire card swipe and PIN entry pad device with a counterfeit device, no camera would be needed to record the PIN. This is a very common attack now, even at manned and video-recorded registers. They can swap PIN pads for counterfeit devices at manned registers by employing the classic technique of distraction and rarely is someone watching the video feed in real time to catch them red-handed. Such counterfeit devices have existed in-the-wild (e.g. actively being used for swiping incidents) for at least half a decade. The Barnes and Nobles incident this year was only the latest in a long string of such attacks.

That the Costco manager in question inspects his machines daily means they are on the alert for such attacks, but visual inspection alone is not good enough for some of the counterfeit devices. There is a very sophisticated black market in these devices, particularly to make devices that are visually identical to the legitimate devices. It's a difficult problem for merchants to guard against, because, short of gluing all their PIN pad devices to the checkout lane furniture (and then what if someone in a wheelchair can't reach it?), it's nearly impossible to prevent and hard to detect.

Edit: I suppose they could mount the PIN pad to one of the alarm units that sends an auditory alert when the pad is moved too far away from the base (normally used to secure demo units in the electronics section). But then the clerks would need a way to temporarily disable the auditory alarm for the customers who need the PIN pad moved for normal transactions or it would get annoying very quickly.
Mudpuppy
 
Posts: 2710
Joined: Sat Aug 27, 2011 3:26 am
Location: Sunny California


Return to Personal Finance (Not Investing)

Who is online

Users browsing this forum: bhsince87, CAP_theorem, Epsilon Delta, Exabot [Bot], Gus, jimday1982, Miakis, nelson1015, new2bogle, schielrn, staythecourse, TheRightKost87, WandaG and 71 guests