Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

What Can Be Done About Security of Debit Cards?

timothy posted more than 4 years ago | from the go-cash-only dept.

Security 511

JumpDrive writes "I have been the victim of (Visa) debit card theft. I do not know where they stole or got the number, but it was used one day on the other side of the country and the next day it was used in Europe until they cleaned out my account. I had been monitoring my account online and immediately went to the bank and filed a claim. I was told at that time it would be 3 to 5 weeks for them to investigate the claim before they could return my money. Recently I tried to make a purchase with a debit card and was told that they couldn't use the card since it wasn't a Visa or MasterCard check card; this led to a discussion of why I no longer have a Visa or MasterCard check card. Which then led to the question of 'What can be done about it?' Currently I have a separate account for debit usage for my personal safety. But I also think that those producing these check cards should be required to advertise the hazards of having one of these cards (not in small print and maybe required in advertisement of these cards, similar to what is required with pharmaceutical drugs on television) and/or that if a debit or check card is issued a separate account should be required for its use, and users informed of the issues of placing all of their money in the same account that their debit card has access to. What other precautionary measures should be required or taken?"

Sorry! There are no comments related to the filter you selected.

What can be done? Nothing. (5, Informative)

plover (150551) | more than 4 years ago | (#31866154)

The short answer? The banks will do nothing for you today.

The long answer: Nobody will do anything for you tomorrow, either.

Why? Because Visa does two things, only one of which makes money. First, they are in charge of defining financial card security through the PCI council, and they own and operate the secure network VisaNet, which carries authorizations from retailers to banks. Guess which one makes them money?

If Visa were to design and offer a cryptographically secure solution, one based only on smart cards for the customers and Hardware Security Modules (HSMs) at the banks, then I could safely route my charge authorizations over the plain ol' Internet. I wouldn't need to use the charge-per-transaction VisaNet. Visa would stop making money.

So instead of offering a secure solution, Visa and the PCI council say, "Merchants must lock down their systems, protect this data, follow these 12 steps, acknowledge that you are powerless over alcohol (oh wait, wrong 12 steps), and if you don't, we'll loudly blame you for allowing someone to see our non-existent security."

Visa owns the protocols used between merchants and banks. They could strengthen the protocols. They could prescribe encryption. They could require the deployment of chipped banking cards. But they do not, and have not for many, many years, despite a pathetic track record of security.

If you want the banks to be safe with your money, you ironically have to take charge of your own security. If you switch to using the green paper stuff, your losses will be finitely limited to what you carry on your person. If you want a more achievable answer in today's plastic world, DO NOT CARRY DEBIT CARDS. Debit cards do not offer you protection against loss. Credit cards are limited by U.S. law to a maximum of $50 liability to the cardholder. Debit cards losses are usually covered by the bank, but they are under no legal obligation to do so. For ATM access, most banks will honor your request for an ATM-only card instead of accepting their default ATM/Debit card. Of course, the use of credit cards requires personal discipline to always pay the debt on time, but otherwise you would see little difference.

Re:What can be done? Nothing. (4, Funny)

Master Moose (1243274) | more than 4 years ago | (#31866248)

I suggest everyone reading this with a debit card transfer all of their money to my account. I do not have a debit card so it will be free from this sort of attack.

Re:What can be done? Nothing. (1)

godrik (1287354) | more than 4 years ago | (#31866344)

Or send your card number to me. I will enter them in the "Debit Card Protection System 2.5" myself !

Re:What can be done? Nothing. (4, Insightful)

stonewallred (1465497) | more than 4 years ago | (#31866300)

I hate to say this, but use cash. I have several credit cards, and I use some of them daily. But unless the interest rates are lower than what I can make by not paying them (seldom if ever) they get paid off monthly. I do not have a debit card. I have a paypal account tied to a bank account I use strictly for buying and selling on ebay(lego if you are interested). My bills I pay with check or cash, and sent via mail or delivered by hand (the HVAC/R supply houses, as it credits immediately to my accounts when paying at the store). If I want something off the internet, I get a buddy of mine to order it using his data, not mine. Plus with cash, there is never a question of bouncing a check or overdraft fees or charges. Will probably get modded down for suggesting such an anti-tech idea as using cash, but oh well. Karma is overrated anyway.

Re:What can be done? Nothing. (5, Informative)

Gr8Apes (679165) | more than 4 years ago | (#31866596)

Naah - no modding down. Everyone here should be smart enough to distrust debit cards immensely.

As for internet buys - use 1 time numbers. My main credit card has them available, although I'll admit it is a pain in the tukas to get to the screen that gives you one, and it's not exactly advertised. (read that as you have to know what you're looking for and what the specific verbage is on the menus, or you won't find it)

Re:What can be done? Nothing. (1)

failedlogic (627314) | more than 4 years ago | (#31866622)

I think this is brilliant. I try to use cash (withdrawl x amount) and spend that only. The problem is, counterfiting is likely as easy as Visa/Debit fraud. So when you start paying cash for things, you're made to feel like a bloody criminal - they look at you a few times too often, scan the bills under UV light and yadd yada. I'm usually buying stuff in well-dressed attire (not that that matters), but I'm not a homeless guy trying to pass a $100 at a till to buy smokes. This unfortunately are for both large or small purchases (I can certainly understand POV of retailer regardless of amount).

I plan on paying off my VISA soon and once that is done, I'm going to keep a small separate debit account with a different bank, get an ATM only card and use credit for everything else.

Re:What can be done? Nothing. (2, Informative)

halowolf (692775) | more than 4 years ago | (#31866390)

I just use a credit card with a low limit for shopping both out in the real world and on the internet and just act smart. I have never had any theft from my card by any unauthorised charges yet. I have had one retailer not supply the goods I purchased (on an authorised charge mind you) because he was a lying scum bag, but I got my money back from that and hopefully my complaints to the regulatory authorities will land him in jail, since he was an insolvent trader.

Re:What can be done? Nothing. (2, Insightful)

Fjandr (66656) | more than 4 years ago | (#31866774)

This really is a good answer. Not necessarily the low limit, but credit cards have far more protections than debit cards and are used in an identical manner (well, except for signature vs pin). If it's a credit account with the same bank your checking or savings account is with, it's usually pretty simple to transfer the money from your bank account to pay off the credit account monthly. Doing so incurs no additional cost. If the card is charged maliciously, you still have all the money in your bank account, and once the investigation is complete you don't pay interest on the balance that was on your card. It's a win-win.

If you absolutely have to have a card, there is no additional hardship doing it this way. Even if you have bad credit, you can get a secured card through your bank.

Re:What can be done? Nothing. (5, Informative)

RenQuanta (3274) | more than 4 years ago | (#31866394)

Credit cards are limited by U.S. law to a maximum of $50 liability to the cardholder. Debit cards losses are usually covered by the bank, but they are under no legal obligation to do so.

(Emphasis mine).

Actually, I don't think the part about the lack of debit card consumer protections is factually accurate. Here's the blurb from The FTC's Facts for Consumers [] :

ATM or Debit Card Loss or Fraudulent Transfers (EFTA). Your liability under federal law for unauthorized use of your ATM or debit card depends on how quickly you report the loss. If you report an ATM or debit card missing before it's used without your permission, the EFTA says the card issuer cannot hold you responsible for any unauthorized transfers. If unauthorized use occurs before you report it, your liability under federal law depends on how quickly you report the loss.

For example, if you report the loss within two business days after you realize your card is missing, you will not be responsible for more than $50 for unauthorized use. However, if you don't report the loss within two business days after you discover the loss, you could lose up to $500 because of an unauthorized transfer. You also risk unlimited loss if you fail to report an unauthorized transfer within 60 days after your bank statement containing unauthorized use is mailed to you. That means you could lose all the money in your bank account and the unused portion of your line of credit established for overdrafts. However, for unauthorized transfers involving only your debit card number (not the loss of the card), you are liable only for transfers that occur after 60 days following the mailing of your bank statement containing the unauthorized use and before you report the loss.

If unauthorized transfers show up on your bank statement, report them to the card issuer as quickly as possible. Once you've reported the loss of your ATM or debit card, you cannot be held liable for additional unauthorized transfers that occur after that time.

Re:What can be done? Nothing. (1)

plover (150551) | more than 4 years ago | (#31866448)

Thanks, that's good to know, but I still won't carry a debit card. I'm not in the habit of checking my bank balance daily to see if someone's been stealing from me.

For these laughable "protections", I'd be far better off keeping my money under my mattress. It seems to me it should be 100% of the job of the bank to keep my money safe and secure.

Re:What can be done? Nothing. (4, Insightful)

RenQuanta (3274) | more than 4 years ago | (#31866602)

In this day and age, with online banking so prevalent, checking your account every few days is only prudent. It's not unreasonable for the consumer to have some burden of identifying the loss, since each of us are the best and most efficient judge as to whether or not the transactions on our accounts are in fact ones we performed. Millions of dollars in software development and analyst training have been spent on helping banks to detect fraud, but those systems aren't fail proof.

In the end, there's no substitute for each of us keeping an eye on our own accounts' transactions.

If we don't take responsibility for our own financial affairs, should we really expect the banks to carry the whole burden on our behalf? No matter how good it is, any security measure can (and likely will, sooner or later) be defeated. (and let's not forget good old fashioned social engineering...)

In the end, the best protection against a breach is constant vigilance. (Or, said another way, prevention only goes so far, detection is still requried ;-)

Re:What can be done? Nothing. (1)

dissy (172727) | more than 4 years ago | (#31866654)

For these laughable "protections", I'd be far better off keeping my money under my mattress. It seems to me it should be 100% of the job of the bank to keep my money safe and secure.

To be fair, for those of us that just keep money at a bank, they DO keep it pretty safe and secure.
(Barring the bank going out of business in a tragic way or something of course)

The problem is, as you hinted at in your first post, that by asking for a debit card (Or by not refusing one) you are basically instructing the bank that anyone using this set of 25 digits* has the ability to take money from the account.

*(30 digits if zip is required, but I didn't think that one was enforced by the bank, just CC# CSV2 and exp date.)

As you mentioned, they fully have the ability to use a more secure process and ditch the current system, but they clearly haven't, nor will for the very reasons you gave.
So since that current method to access my money is not secure, it is not an option to me.

People blindly accepting this poor insecure option when they don't need to is also a problem. Of course the banks not even trying to fix things is also a problem. It's just that fixing only one of those two will keep your money safe and secure at the bank, and since only one option is even under your control, it's the only one we can use. (However we can bitch about both still heh)

I fully agree with your stance, and I too do not have a debit card on my main checking or savings accounts. I have one on a spare empty savings account with no overdraft coverage (if it does not have the funds to cover it, it rejects the charges. You have to specially ask for that one these days) that I can transfer money into for the rare time I need such a use.

Although instead of under a mattress, I would have to highly recommend a small fire/water proof safe that fits _under_ the bed and mattress ;}

Re:What can be done? Nothing. (1)

JesseMcDonald (536341) | more than 4 years ago | (#31866754)

However, for unauthorized transfers involving only your debit card number (not the loss of the card), you are liable only for transfers that occur after 60 days following the mailing of your bank statement containing the unauthorized use and before you report the loss.

You don't have to check your bank balance daily—just make sure you don't lose the physical card, and review your monthly statements. You would have to do just as much for a credit card.

Re:What can be done? Nothing. (1)

jr0dy (943553) | more than 4 years ago | (#31866416)

On the flip side of that argument, someone stands to make a lot of money by entering the market and challenging Visa with the selling point of increased security. Are there barriers to entry in that market? Sure. Will Visa lobby its butt off to intensify those barriers? No doubt. But it's not impossible. Furthermore, what about the following: a cash-secured credit card. They already exist from what I've heard (no personal experience with them), but I'm not sure if they function in the fashion that I envision, which is basically a system in which the charge initially hits the credit account, but after a predetermined amount of time (enough time to allow for the monitoring of transactions, such as 3-7 days), the credit account automatically debits the user's checking account.

Re:What can be done? Nothing. (2, Informative)

plover (150551) | more than 4 years ago | (#31866584)

Sure, a single bank can stand up their own system. But what retailers are going to sign up and connect to them? What retailers want to take on that expense? And if I create John's Credit Network and Bruce creates Bruce's Credit Network, how would we get cooperative protocols? Finally, who is going to finance and pay to create a system that competes with Visa but doesn't actually generate revenue?

And forgetting the difficulties in creating such a system, think about another hard problem, the human element. It's well-demonstrated that ordinary consumers don't care about security. It's not a selling point. Why not? Even if they cared greatly, the $50 liability limit that the consumer protection laws mandate means that they're not at any real risk for fraud if they stick with their current bank. Where is the consumer appeal for "John's Crypto Credit Card, good at more than two retailers citywide, and your money is mathematically safe!" If I can use John's card at two retailers in town, or a Visa at over 6 million locations worldwide, and I'm only risking $50 to go with the Visa, guess which convenient card I'm going to choose?

Network effects (2, Insightful)

sjbe (173966) | more than 4 years ago | (#31866606)

On the flip side of that argument, someone stands to make a lot of money by entering the market and challenging Visa with the selling point of increased security.

Theoretically true but it would take someone with VERY deep pockets. Visa and the other large credit card vendors have a the very powerful asset of network effects [] on their side. Virtually every merchant takes Visa and Mastercard. Somewhat fewer take Discover and Amex. Very few merchants have the equipment to handle more secure cards. This means that even though there are safer cards available, there is no network to handle them and it would cost a sizable fortune to get enough merchants to carry them. From the consumer's point of view there is little incentive to carry a card that is not widely accepted especially if they are protected against loss anyway. Visa can simply promise to cover any losses which makes it uneconomical for someone to build a more secure network. In other words, ain't gonna happen.

Only way I can see a secure card network being installed in the US is if it is mandated by Congress. I've seen some efforts by Amex and some others but unless somehow we can convince Congress to get involved (unlikely in my opinion) I just don't see it happening any time soon.

Re:Network effects (1)

Al's Hat (1765456) | more than 4 years ago | (#31866676)

Congress is getting involved in luggage charges by the airlines. I'm sure if they feel there is some advantage to them they'll step up to address the need for a secure card network. You are of course correct that it won't be soon.

Re:Network effects (1)

socsoc (1116769) | more than 4 years ago | (#31866736)

Just like all the wonderful stuff they did with the CARD Act? Whatever they do will bite the consumer in the ass.

Re:What can be done? Nothing. (1)

Twinbee (767046) | more than 4 years ago | (#31866424)

Perhaps we should let the government control our banks, or at least get them to set up non-profit companies.

Stories like that make me feel ill.

Re:What can be done? Nothing. (2, Insightful)

socsoc (1116769) | more than 4 years ago | (#31866740)

We should control the banks in the US, since we basically own them via bailouts anyway.

Re:What can be done? Nothing. (3, Informative)

Kitkoan (1719118) | more than 4 years ago | (#31866490)

They could require the deployment of chipped banking cards.

And this is where most of the problem has been caused. The belief that if we put those RFID chips in our bank cards, they [] must [] become [] safer. [] The problem is, it's the chip that is the biggest security issue since its RFID it's 'always on' and more then willing to send it's information to whomever asks. The banks and credit card companies have invested millions, if not in the billions, of dollars into the technology and its a flop. A massive, expensive flop. And now they have 2 options. Fess up that it's a failed experiment and have very pissed off investors. Or, censor/intimidate anyone who wishes to publicly expose [] this as the failure it truly is.

Re:What can be done? Nothing. (0)

Anonymous Coward | more than 4 years ago | (#31866500)

I think American banking laws need to catch up.

In Canada, Debit card fraud is treated the same as bank theft. As in when your bank gets robbed, it's not your money that's stolen. I know a few people who have been skimmed. They received all of their money back.

Re:What can be done? Nothing. (0)

Anonymous Coward | more than 4 years ago | (#31866582)

Silence, socialist. All Real Americans know that profits are generated by the pure virtue of Wealth Creators, while losses are caused by lazy black people. Any attempt to make corporations responsible for their actions is class warfare.

Something can be done. (1)

Darth Muffin (781947) | more than 4 years ago | (#31866520)

My wife works at a Credit Union and gets these types of things all the time. There are a few things you can do.

1. Get a Bank or Credit Union that gives a damn. Investigate before you choose one. A good one will monitor your activity and shut it down and call you when something goes wonky (like charges from all over the place or charges from known fraudulent organizations). When it does go wrong a good one will either fix it quick or possibly give you provisional credit to get you buy until they do fix it.

2. Use a real Credit Card for most items and have the discipline to pay it off each month. Credit Cards are held to a higher standard than debit because it's *their* money and not *yours*. If you challenge a charge they have to credit you right away while they research it, and the burden of proof is on them. As a side benefit you might get mileage or an annual rebate.

3. Use your debit card for small ticket items -- lunch, gas, etc. Don't keep more than you're willing to lose in the account, a few hundred maybe.

What can be done? Campaign finance reform. (0)

Anonymous Coward | more than 4 years ago | (#31866576)

"What other precautionary measures should be required or taken?"

You are asking a bank CEO who makes $40 million per year + bonuses and stock to care.

The U.S. government is controlled by those who profit from a corrupt financial system, by those who profit from making war, and by those who profit from a number of other manipulations.

"What can be done? Nothing."

What can be done? Reform campaign finance. That will help eliminate government corruption. Now those who pay the most get the politicians they want.

Re:What can be done? Nothing. (1)

oasisbob (460665) | more than 4 years ago | (#31866598)

Credit cards are limited by U.S. law to a maximum of $50 liability to the cardholder. Debit cards losses are usually covered by the bank, but they are under no legal obligation to do so.

That simply isn't true. See Regulation E [] .

Re:What can be done? Nothing. (0, Flamebait)

timmarhy (659436) | more than 4 years ago | (#31866666)

I've never understoof why the hell anyone would use a debt card. i guess there is a section of the market with no self control, and hence can't own a credit card.

they could end all this by implementing one time CC numbers, but that is probably more costly then covering the fraud at this point.

Herp derp (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31866160)

It's the new world order. Enjoy.

id theft fear is overrated (1)

tilminator (970595) | more than 4 years ago | (#31866172)

Re:id theft fear is overrated (1)

AnonymousClown (1788472) | more than 4 years ago | (#31866402)


The worst I have ever heard happen to a victim of identity theft was lawsuits from collectors. After a while, they, the lawyers, figure out what has happened and go away. And it's a pain to get new credit - which I'm not so sure that's a bad thing. It does add a lot of stress to your life, though.

Get a credit card (4, Insightful)

HeavyD14 (898751) | more than 4 years ago | (#31866174)

If it gets stolen, it's not your money. Also, you got skimmed.

Re:Get a credit card (3, Funny)

Anonymous Coward | more than 4 years ago | (#31866230)

Most likely skimmed.

What's your card number and PIN so I can check.

Re:Get a credit card (1)

Tumbleweed (3706) | more than 4 years ago | (#31866484)

Most likely skimmed.
What's your card number and PIN so I can check.

Oh, awesome, service, thanks! My card # is 1234-5678-9012-3456, and my PIN is 1234 (same as my luggage, so I don't have to remember multiple numbers; I recommend this 'mnemonic device' to all my friends!).

Thanks so much, you're a real pal!

Re:Get a credit card (1)

adolf (21054) | more than 4 years ago | (#31866346)

The same fraud prevention policies apply equally to both credit and debit cards bearing the Visa or Mastercard logos, for transactions in which Visa or Mastercard is involved.

So, if you only ever use your "debit" card to perform "credit" transactions, and nobody has your PIN, you're just as well protected as you would be with an actual (debt-based) credit card.

However: Neither Visa nor Mastercard can do a damned thing if someone has your card number and your PIN, since a criminal in possession of both of these bits of information will just empty the account using debit transactions and the credit card companies simply aren't in the loop on that. In such cases, it's entirely up to your bank as to how you'll be treated.

More information from the horse's mouth is here [] . And still more, from that other horse, here [] .

Re:Get a credit card (1)

HeavyD14 (898751) | more than 4 years ago | (#31866476)

You missed the point, if your credit card number gets stolen, your checking account doesn't get wiped.

Re:Get a credit card (0)

adolf (21054) | more than 4 years ago | (#31866660)

If that was the point, then yes, I did miss it because it was completely silly. The obvious to the particular problem you just described is simple: Don't put all of your eggs into one basket.

Stop saying I owe Income Tax, don't ignore 83(a) (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31866364)

Stop saying I owe Income Tax, don't ignore 83(a). Section 83(a) applies to all property, and yet they give $5k fines now rather than answer how they applied the tax code to me. Of'course Income Tax on top of a Credit Card of any kind that charges you 30% for the privilege of using your own money is right out of the billowing ass of Hell in Maryland where IRS incorporated.

Of'course, the same reason I don't use Debit and Credit Cards is the same reason I don't use Birth Certificates and Driver Licenses and all the other government-issued papers: I don't want my identity stolen.

Re:Get a credit card (0)

Anonymous Coward | more than 4 years ago | (#31866372)

In at least some European countries, the law says that in this case money was stolen from the bank. Unless the bank can prove it was fraud on part of the client, the bank pays. Maybe that is why in those countries people seem to prefer ATM cards above credit cards.

Of course in some countries, banks very quickly said: "no more magnet strips, only chips". Unfortunately they had to keep the magnet strips for transactions abroad.

So it is possible to get better consumer protection laws. Please support the organizations or people in your country that try to make that happen.

Re:Get a credit card (1)

Tumbleweed (3706) | more than 4 years ago | (#31866464)

If it gets stolen, it's not your money.

Well, yeah, not anymore, it isn't. Hence, the stealing.

Use a credit card, duh (4, Insightful)

QuantumG (50515) | more than 4 years ago | (#31866190)

How the banks advertise it: "Use your own money to shop online!"
What it actually means: "Expose the cash you need to live on to fraud."

The banks like it because you're putting your money at risk, not theirs.

Use American Express (1)

DesScorp (410532) | more than 4 years ago | (#31866658)

How the banks advertise it: "Use your own money to shop online!"
What it actually means: "Expose the cash you need to live on to fraud."

The banks like it because you're putting your money at risk, not theirs.

Which is why I've used AMEX for my daily expenses for close to ten years now. It's a charge card, not a credit card, so you don't get deep in the debt hole... you have to pay the balance at month's end. But it has all of the standard protections of full credit cards. Someone, probably a clerk at a store somewhere, used my number for fraudulent purposes, and as soon as I noticed it on my bill, AMEX froze the charge, and launched and investigation immediately. They kept me up to date the whole time. Also, if "suspicious" activity occurs on your account,,,, say, an all-night Ebay binge... they'll temporarily freeze the account and call you just to be safe.

Re:Use American Express (1)

QuantumG (50515) | more than 4 years ago | (#31866752)

Which is why I've used AMEX for my daily expenses for close to ten years now.

You must have racked up a lot of those fees and surcharges that everyone puts up signs about because AMEX demands 2% more than Visa from the merchant and the merchants refuse to wear it.

just use a CREDIT card (4, Insightful)

CohibaVancouver (864662) | more than 4 years ago | (#31866198)

Step 1: Cut DEBIT "check" card in half
Step 2: Just use a CREDIT card. You're protected. Problem solved.

In Canada you need an ATM PIN to use a debit card linked to a bank account, but the PINs can still be skimmed by compromised payment terminals. I only pay by credit card.

Re:just use a CREDIT card (0)

Anonymous Coward | more than 4 years ago | (#31866552)

This is exactly right. Credit cards have laws backing them up, along with an industry that places responsibility for fraud on the banks issuing the cards, and the vendors taking in fraudulent card transactions.

          Debit? It takes money out of your bank account. There are no legal protections. There is no regulation. The bank is not obligated to cover for fraud, they could tell you to go find the fraudster and get your money back.

          In Britain, they don't have these types of credit card laws and in fact the banks DO tell people the cards are infallible, and they owe for fraudulent transactions.

Re:just use a CREDIT card (1)

anarche (1525323) | more than 4 years ago | (#31866760)

What do you do when people don't compare signatures on your card/credit card slip?

Get a new bank (4, Interesting)

KalvinB (205500) | more than 4 years ago | (#31866210)

Shop around for a bank that actually values you as a customer. I believe Bank of America will give you your money back within 24 hours. I'm not a fan of theirs but at least they do that for you. I personally use US Bank.

Re:Get a new bank (3, Insightful)

Sean5033 (246214) | more than 4 years ago | (#31866292)

This happened to me recently with B of A. I live in FL, and someone used my card in NJ. Bank of America shut my card off right after it happened, sent me an email, text message, and gave me a phone call letting me know they'd detected fraud. When I called them back, they gave me the option to turn the card back on (in case I'd jumped on a plane to NJ) or initiate a fraud investigation.

I think the fraud algorithm they use is pretty good, they found it right away. Fortunately it was only a $4.80 "test" charge. But they prevented any more money from coming out, and got the 4.80 back to me within 48 business hours.

Re:Get a new bank (1)

godrik (1287354) | more than 4 years ago | (#31866306)

I am not sure how it is in your country (since you do not say anything, I guess you live in the USA). I would go with get a new bank. My wallet was robbed one day. I called the phone service of my bank which is 24/7 as soon as I got that my wallet got stolen. My visa card was 'revoked' the day after.

Re:Get a new bank (2, Insightful)

Matheus (586080) | more than 4 years ago | (#31866384)

I've had to have transactions purged from my card a number of times... once stolen... a few times just stupid hotels double billing me 4-figure hotel bills.. and others.

Wells Fargo got me my money back immediately on claim (with restrictions) and within a week for real (once they had investigated).

No bank is perfect but for a large one I'm generally happy with the wagon.. of course don't get me started on over-draft fees :)

Re:Get a new bank (1)

Tumbleweed (3706) | more than 4 years ago | (#31866510)

Same here for me with Wells Fargo, except they called me to ask if I had made certain funky-looking purchases (I had not) before I had even noticed. If you're going to go with a BigBank, Wells Fargo is the one, for sure. One of my local branches is even open until 5 or 6 on Saturdays, which is extra-special-nice.

Re:Get a new bank (1)

DeadPixels (1391907) | more than 4 years ago | (#31866486)

I've had terrible experiences with Bank of America being unwilling to refund any money with clearly fraudulent charges. Had to fight for weeks to get any refund, and they were uncooperative the whole way. In the end I wound up switching to PNC and haven't had any problems with their service.

With that said, however, I think it depends entirely on what branch of each bank you're at and what call center you get routed to when trying to go up the corporate ladder. YMMV.

Re:Get a new bank (1)

MWoody (222806) | more than 4 years ago | (#31866696)

I have several complaints about BofA, but their handling of fraud isn't one of them. I've had my debit card stolen by Gypsies (yes, really) while in Europe, had it exposed by an online store's security compromise, had an Ebay transaction go very bad, and had it once used to buy $50 worth of gas 100 miles away where I never traced the angle of attack. In every case, I had the funds back within hours and a new card within the week.

Actually, I did have one complaint: when they stop a potentially fraudulent charge, an automated system calls YOU and asks for the last four digits of your SS to "confirm." I hung up and called the number on the card; they confirmed it was a real call and couldn't seem to understand why I thought that was insane.

But there's something else I learned about BofA recently: they're actually a number of smaller franchises pretending to be one unit. Though they appear unified, accounts are specific to your region/state/branch. I discovered this problem after moving cross country, when a bank manager very politely informed me that he could make zero changes to how my account was set up short of himself calling the same number to which I already had access. So the differing stories might be because we're actually dealing with different banks entirely.

Re:Get a new bank (1)

schnikies79 (788746) | more than 4 years ago | (#31866600)

I can't speak for BofA, as I use a local bank that only has three branches.

A few months ago I was on a trip to northern Michigan (i live in southern Indiana), and I ran across a good deal for a digital camera, so I bought it. About 45min later I got a phone call from a lady that works in fraud for the bank, she just wanted to make sure it was me that made the transaction.

Apparently they do this for any oddball purchases such as that.

Simple (1)

Potor (658520) | more than 4 years ago | (#31866214)

I travel a lot. I tell Visa where I am going to be, whenever I buy a ticket.

The've actually stopped me from using my own card. A minor inconvenience for peace of mind.

Re:Simple (1)

binarylarry (1338699) | more than 4 years ago | (#31866250)

It's annoying either way.

So in short: Use a credit card and if you get hit with fraud, have a backup credit card to use until the charges are reversed.

Most people don't realize that the onus is entirely on the bank to deal with fraud, it's their money and problem, not yours as a card holder.

Re:Simple (1)

humphrm (18130) | more than 4 years ago | (#31866282)

This doesn't stop a skimmer from using your card across town. Also, what should he have done in this case, called Visa and said "I am not going to be on the other side of the country, or Europe next week"?

some technology that already exists (1)

Tumbleweed (3706) | more than 4 years ago | (#31866232)

1) Get a bank that lets you put your picture on your card (in case your card is physically stolen)
2) If it's possible (not sure on this one), get a card that can't be used without a PIN
3) If it's possible (not sure here either), get a bank that allows you to configure your card to only be used online if the security code on the back is also used. MANY places online still don't ask for this, for some reason. The payment systems DO know the difference between whether a card is being used in person or not, so there's no technological reason this isn't possible.
4) Encourage laws to make these things available where they aren't, with the 'default' settings set to maximum safety.

How about a real solution? (5, Insightful)

John Whitley (6067) | more than 4 years ago | (#31866234)

But I also think that those producing these check cards should be required to advertise the hazards of having one of these cards

NO, NO, NO. No stupid, pointless warnings. Make the financial institutions solely liable for all identity theft. They're the only ones with the ability to stop it, and they should be the ones that bear the full economic incentive for managing fraud.

But I didn't say it first, Bruce Schneier did [] :

The actual problem to be solved is that of fraudulent transactions. Financial institutions make it too easy for a criminal to commit fraudulent transactions, and too difficult for the victims to clear their names.
It's not that financial institutions suffer no losses. Because of something called Regulation E, they already pay most of the direct costs of identity theft. But the costs in time, stress and hassle are entirely borne by the victims.

The whole article is +5 Insightful, well worth reading.

Re:How about a real solution? (1)

rbcd (1518507) | more than 4 years ago | (#31866354)

Mitchell and Webb [] have done an amusing sketch on it, too.

absolutely nothing (1)

Pinhedd (1661735) | more than 4 years ago | (#31866254)

Nothing can be done to improve debit card security beyond what already has been done. The best thing anyone can do is avoid using it anywhere other than an ATM or some place you trust. If you can, use a credit card and just dont over spend.

The only way is special accounts for Debit cards. (1)

AnonymousClown (1788472) | more than 4 years ago | (#31866256)

Clark Howard [] , a consumer advocate here in the States, has been railing against them for years.

And the really sucky part of your troubles is that any checks that get bounced because of this, you're responsible for the fees - all of them.

And banks love to tally up all your withdraws before all deposits just so they can hit you up for charges. They're junk!

The best way to protect yourself from debit cards is not to use them.

When Visa and Mastercard say that you have the same protections with a debit card as you do with a credit, they're full of it.

There's only one way I know to protect yourself if you really need to use one of those things ("Piece of trash Visa or Mastercard" as Howard says). I opened a checking account a few years ago and my own bank said that I should open anther account just for debit transaction (totally free of course) just to protect myself an my money. They even admitted that they're crap - WaMu before the Chase takeover.

I had a better experience (4, Interesting)

roc97007 (608802) | more than 4 years ago | (#31866260)

One day I found that my bank account had been cleaned out. There were a massive number of $50 charges from one vendor -- essentially they kept charging $50 until they got a decline. The charges had occurred after 11:00 PM and before 5:00 AM local time, which made me think that time zones were involved.

I called the bank immediately and reported it, had the card frozen but by that time there was only about $20 left.

I did some research from the transaction information -- the company had an address in California that appeared to be fake, an 800 number that was disconnected, and the domain was owned by a different company in Korea.

I printed all this out, took it to the credit union. They had me fill out some forms, and gave me access to some money (I was pretty much broke) while they worked on it.

Within 3 days all my money was returned to me. It's possible that the credit union fronted me the cash while they worked with the authorities -- they never said. But as far as I was concerned, the event was over in less than a week.

Maybe it makes a difference which bank you use. Or maybe it's the difference between a bank and a credit union. I dunno.

I never did figure out how they got my numbers.

Re:I had a better experience (0)

Anonymous Coward | more than 4 years ago | (#31866554)

Not quite this happened to me, but a similar scenario - I was double charged on a purchase with my debit card. I informed them as soon as I saw the double charge in online banking, and confirmed it wasn't just a memopost and settled transaction, no, it was in fact two transactions.

Called my bank. They sent me a bunch of forms, I filled them out and returned them. Even before I got the forms, the same day as I reported it, I immediately saw on my account a "Provisional Credit" for the disputed amount. It took them over 2 months to sort this out, but despite this, they never revoked this "provisional" amount.

Personally, no offense to the OP, but people need to READ THINGS before they sign or use them. Some debit cards have no form of insurance on the money or on theft. My debit card, provided you select "credit" and charge it through Visa, not the debit system, is protected by same zero liability for mistaken transactions. Also, my bank provides a 24-hour funds return guarantee if the card is stolen or my number is stolen as long as I report them. In other words, if I report it, they give me my money back within 24 hours.

So there you go. I don't mean to be an ass, but they aren't responsible for making you read the damn forms, that's your job as a consumer. Caveat emptor. If you're too lazy to read financial documents that may determine whether or not you have enough money TO LIVE then when it all goes missing and you're up shit creek, that's your own fault. Sorry.

Here's the answer: NEVER USE DEBIT! (0)

Anonymous Coward | more than 4 years ago | (#31866266)

Debit cards are EVIL. Don't use one.

With credit cards, the onus is on the BANK to prove that a transaction is real. When theft occurs, you dispute the charge, and it's the bank and/or merchant that is left holding the bag and dealing with the police.

With debit cards, the onus is on YOU to prove that a transaction if false. When theft occurs, YOUR MONEY IS STOLEN, and it's you dealing with the police trying to get your money back.

In both cases, normally fraud gets cleared up eventually, but debit is a much bigger hassle.

The only possible reasons to use debit instead of credit:

- your credit history sucks and no one will give you a credit card
- you can't control your spending with a credit card

Unless you're in one of these categories, NEVER, EVER USE DEBIT.

so the real lesson is do onto others as they do 2u (1)

Rivalz (1431453) | more than 4 years ago | (#31866268)

If they are resolving it, but just not as fast as you like that is one thing.
If they are choosing to look the other way that is another and that will not work in the long run.
I think 3-5 weeks is a reasonable amount of time given the often complex nature of the problem.
How long do you think it takes the bank to recover or catch the parties involved?
Do they often recover the lost money?

Personally I would like it if I had a remote that I press that allows my debit card to be used for the next half hour and only when it is activated.
Hard currency is on its way out of style so whoever designs the next big sec measure for debit will be laughing to the bank.

Re:so the real lesson is do onto others as they do (1)

Zironic (1112127) | more than 4 years ago | (#31866380)

What's usually expected of the bank is to return the money out of their own pocket while they're investigating.

look here you retard (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#31866278)

it's common knowledge that check card/debt cards take that money from your account immediately, unlike credit cards where you pay after the fact. If there's fraud on your credit card, you dispute it and don't pay it (the merchant gets stuck). If there's fraud on your check card, that money's gone so you're entirely at the mercy of the bank.

So what can you do? Well, don't be a retard. Since that's too difficult for you, how about you shut up and fuck off.

Better softare (1)

thoughtsatthemoment (1687848) | more than 4 years ago | (#31866294)

... to limit where, when, and how much the card can be used. How about instant notification for user approval on your mobile phone? That'd be really cool.

Does your bank not call your or text you ? (3, Informative)

parallel_prankster (1455313) | more than 4 years ago | (#31866310)

I have set up my acct such that if there is an access made more than a certain amount of money and/or out of my local area, they call me/text me to call them and verify the transaction. I am not a frequent traveller, so this works out for me. Look up if such a facility is available with your bank too. Another thing, see if they offer some sort of fraud protection mechanism. Some banks do that. That takes off some of the time-delay/processing worries too. If you choose to use your debit card and not credit card mostly, also, move your money from checking to some savings account and keep very little ( subjective) money in checking. That may help too.

Cash (1)

gillbates (106458) | more than 4 years ago | (#31866312)

You know the saying about having a single point of failure, all of the eggs in the same basket, etc... Have enough cash on hand to see you through the time it takes to get something like this resolved. An 8 to 12 week supply is probably prudent, as well as a reasonably robust safe to keep it.

CDs are also useful, though someone could conceivably take those as well.

Re:Cash (0)

Anonymous Coward | more than 4 years ago | (#31866570)

I don't think anyone ever keeps 8-12 weeks worth of cash on them. Why should they? Even if your bank account does get cleaned out, payday is generally right around the corner and can help tie you over till your bank can straighten things out.

As for a safe, robustness isn't the important part, weight is. If someone breaks into your house and finds a safe that weighs less than 100 lbs, they're taking it with them and will figure it out later.

Re:Cash (1)

Civil_Disobedient (261825) | more than 4 years ago | (#31866694)

It's a little hard to buy things online with cash.

No debit card (1)

zenray (9262) | more than 4 years ago | (#31866318)

I won't use a debit card untill they make crediting the account just as fast as a debit action. In other words, never.


Wow... (0)

Anonymous Coward | more than 4 years ago | (#31866374)

Guess what folks? Some people still -- yes, in this "any identity thief can get credit" age -- can't get a credit card.

For my part, I got tickled a year ago, on the debit card I got from the hole of the Great Unbanked: ACE Check Cashing.

They shut it off immediately, and refunded the $4.78 (to, a French Webhost)... but it took over a week to get me a new card *and I have direct deposit*.

My solution? Got a *second* new card.

Direct deposit goes to one, locked up in a safe place and *I never use that card for anything*. It has Virtual account numbers, and I've set those up for my car insurance and a couple recurring bills.

The second card is what I use to buy things, in person, online, and via PayPal... but that card almost never has more than $50 on it, unless I transfer money to it to buy something specific...

which transfer I can do via SMS. Average delay? 60 seconds.

Works out nicely for me.

Re:Wow... (2, Funny)

snowraver1 (1052510) | more than 4 years ago | (#31866608)

Want to know why you can't get a credit card? Because you don't have a bank. Seriously, stop using those ghetto check cashing shops and get a bank account. Wasn't it embarrassing to tell you employer that your bank is "ACE Check Cashing"?

Umm... what? (0, Troll)

Anonymous Coward | more than 4 years ago | (#31866388)

You want my advice? Move to a civilized country. One where banks are required by law to secure debit card transfers, just like credit card companies are required to secure credit card transfers. Seriously, I've never met anyone who's had a problem with a debit card -- a credit card, perhaps, but never a debit card.

Just one more part of US legislation that is severely broken, I guess.

Only use a credit card (4, Insightful)

cortesoft (1150075) | more than 4 years ago | (#31866392)

Debit cards are functionally useless, since they give you nothing that using credit card which you pay off every month wouldn't while costing you quite a bit.

If you have a credit card you pay off every month, you get an interest free loan for a month. You earn points for rewards. You get protection against fraud. You often get warranties on things you wouldn't normally get.

You get NONE of this with a debit card. The only reason a debit card is preferable is if you don't have the self control to spend an amount you can pay off every month, or you have such a bad credit rating you can't get a credit card with a grace period.

Why use a debit card? Seriously- Why? (0)

Anonymous Coward | more than 4 years ago | (#31866396)

I spent 12 years working in law enforcement. For several years, I specialized in "High Technology Crime", Identity Theft, and white collar crime. I learned many things doing that. One thing I learned is this: A True ATM card with a strong PIN is fine. A True CREDIT card is fine. A DEBIT card should be avoided. If a CREDIT card is compromised it is the banks money and not yours. One thing that I do not understand is why people with good credit use a debit card. Why not use a credit card (the banks money) and then pay the bill in full each month. My NEW bank and I have an understanding. The FIRST time that they try to upgrade me to a DEBIT card over a true ATM card, I take my money elsewhere.

It was a horrible idea then AND now (1)

markdavis (642305) | more than 4 years ago | (#31866398)

I have been telling people for YEARS how unwise it is to have or use a "debit" card with a Visa/MC logo on it. My bank kept INSISTING that I use one, and I would have to send it back and tell them to please send me a regular debit/ATM card. Many of the same people that thought I was "paranoid" and "obsessive" or just plain strange don't think so anymore. I know more than one person who has had money taken from their account and then it is up to THEM to try and get their money back, meanwhile checks are bouncing, fees are accumulating, credit scores are plummeting. Hours and hours of work to "fix", and then not really know if it is "fixed".

The whole idea of taking a perfectly good ATM card and then linking a Visa logo to it so someone can take JUST YOUR NUMBER (not even have the card) and wipe out your actual account, live, without even a PIN code, is just crazy. Get a CREDIT CARD and let *THEM* take the risk!!

Australia and Debit Cards (1)

sr180 (700526) | more than 4 years ago | (#31866430)

Interestingly enough, a Australia's largest shopping retailer (Woolworths) has just stopped the use of debit cards in their store - citing excessive bank fees. Instead, customers must use EFTPOS - which goes directly through the banking network and not Mastercard or Visa.

Why would you ever use a debit card? (1)

kopo (890010) | more than 4 years ago | (#31866442)

This is something I've never understood. Why on earth would you ever use a debit card when a credit card can be used instead? As long as you keep your account balance at zero, you have nothing to lose by using a credit card. And you gain a few legal protections against fraud; your own money generally isn't exposed.

Do debit cards have any advantages at all?

Re:Why would you ever use a debit card? (0)

Anonymous Coward | more than 4 years ago | (#31866514)

CCards are safer but with a debit card you can get cash back, which is handy. Also, my understanding is that the fees for the merchant are lower for debit cards.

Poor flagging? (1)

Vylen (800165) | more than 4 years ago | (#31866470)

I dunno if places do it with debit cards, but it should be just as easy... but with some (dunno if all) credit card companies flag "suspicious" activity - and your card being used in Europe would be one such instance... in those cases, they'd call you up to verify the purchase.

Your bank could at least do that sort of thing. Like seriously.. Europe? duh!

Bank Fraud (1)

philofaqs (668524) | more than 4 years ago | (#31866480)

As someone who has just been stung by a £10000 scam. Someone somehow persuaded my bank to to allow them to to do telephone banking on my account. He did not have my passport, driving licence or birth certificate. How the branch and the bank's fraud dept thought it wasn't possible however 2 days ago the fraudster phoned the bank's phone line to see why he couldn't steal any more money. All true BTW I never checked statements too closely you need to. Got about 7 grand back so far.

I did a study on this a few years ago... (0)

Anonymous Coward | more than 4 years ago | (#31866494)

Did you know to accept a credit card roughly costs the merchant about $1.05 (US) per $50.00 spent? Why do you think you see ATM's in all kinds of small businesses? A debit card cost a merchant much less, though the merchant may not realize this because they have been sold an account that charges about as much to them. The Independent Sales Organizations (ISO's) and third party processors have to make a buck somehow. As consumers - were already paying this $1.05 fee, passed along to us as the the "insurance" to cover identity theft and credit card losses - namely in higher fees for products we purchase.

Cash is the best way to handle identity theft, though it places the merchant at risk for possible theft, as well as the cost in handling the physical money - so be it.

I wish that product prices were lower and customers would have to read a sign on display that expressed they had to pay 5% a surcharge to use their VISA card.... which of course is against "Visa's" rules. You know.. for identity theft purposes.

What to do? Tell you're bank they're full of it (5, Informative)

oasisbob (460665) | more than 4 years ago | (#31866498)

IAABG (I am a banking geek).

The rules for provisional credit on debit cards is very well established. They fall under Regulation E, section 205.11. [] The bank has ten days to get you a provisional refund, and can take up to 45 days in certain circumstances to complete their investigation and finalize the credit.

Make sure you get them a notice in writing! Once you do, they have ten days to credit you, and many banks will do it much faster. If the bank drags their feet, just tell them "I want provisional credit within the mandated timeline per Regualtion E".

Here's more on this topic: [] [] []

The protection for misuse of debit cards is strong, you just need to know what to do. If your bank isn't responsive, Move Your Money [] to a smaller institution that cares.

Protection (3, Insightful)

arizwebfoot (1228544) | more than 4 years ago | (#31866528)

I have a separate account with debit card that stays zero. When I know I'm going to pay a bill online or use for some other purchase, I move just however much I need into that account to cover the purchases or debits. In this way, if some one gets ahold of the number, there isn't a lot they can do with it.

Also I don't have overdraft protection on that specific account so that again, if someone gets my number(s), there isn't much they can do about it. Sure I may get nailed for a hundred bucks - if they catch it at the right time - otherwise, they just don't get my money.

Re:Protection (3, Insightful)

olsmeister (1488789) | more than 4 years ago | (#31866702)

The point is, you shouldn't have to do all that.

So you need to be saved from yourself? (1)

suprcvic (684521) | more than 4 years ago | (#31866536)

"and users informed of the issues of placing all of their money in the same account that their debit card has access to." Ever heard of not putting all of your eggs in one basket? I keep enough money in my checking account to cover me and the rest securely in a savings account. People shouldn't have to be told to have common sense.

Are there CC companies that fight fraud? (1)

Nanoda (591299) | more than 4 years ago | (#31866550)

A common theme I hear is that credit card companies don't care enough about fraud to do any investigation whatsoever. I'm loath to pay any fees at all on my credit card, but I'd probably pay, say, 50$/year to get a card where, in the event of my card being used fraudulently, the criminals are hunted down and prosecuted / persecuted to the fullest extent available in the country in which they're found. (Rather than it just being written off as a cost-of-business expense and raising everyone's interest rates)

Only a matter of time (3, Funny)

KevMar (471257) | more than 4 years ago | (#31866588)

It is no longer a question of if your card will get stolen, but when will it get stolen.

I keep my daily limit low on my debit card. Around $250-$300 is my daily max. When I want to purchase something over that I call the number on the back of the card and have it raised. After the purchase, I call back and lower it again. The few times I need to make that call are worth it.

Once I was calling back to get it lowered and the lady was so confused as to why anyone would want such a low daily limit. Once I explained it to her, she thought it was a good idea.

I use this card every day. So if someone runs it to its max, I will find out about at lunch time. If I am out that 300, its a manageable loss.

What if you could get back every dollar that they take from your account from the bank (or some type of insurance)? Lets just say you have a high daily limit and they are able clean out your account in 1-4 days. How long can you survive while you wait to get it back. Thats the scariest thing about it comming directly out of your account. It is money you are missing while you try to get it recovered. When it is on a normal credit card, you can still make your house payment. There is no way they could get that back to you over night. It would take days or months while they investigate.

The most common theft of credit card numbers are from family members or someone you know. When charges are local to you, the investigations require more time and take more work.

Just read the fine print (0)

Anonymous Coward | more than 4 years ago | (#31866614)

Just yesterday, I got a replacement debit card from VISA -- after my account was one of an unknown (to me) number of accounts that might have been "compromised" in VISA's words.

I was astonished to read that their new security features include a limit of $2,500 for a single purchase (or $1,000 for a single cash withdrawl) WITHOUT the PIN. Yes, WITHOUT the PIN!

One-time transactions (1)

Xugumad (39311) | more than 4 years ago | (#31866616)

As others are going to point out, short of a miracle you'll have a hard time persuading banks to move to anything more secure, but...

Currently, if I order online, I give the retailer my credit card number, expiry date, the security number off the back, my name and address. I might as well just post them my passport, in terms of giving them things that can be mis-used. So, better plan; I attach a trusted (as in I trust it, not to be confused with Intel's idea of giving you hardware the MPAA trusts) hardware device, in to which I insert my card. My web browser says "I want to pay $100 to " to the device, the device flashes this onto its own independent screen, and asks for my PIN to confirm the transaction. If I confirm, it generates a one-time usable token for payment of $100, usable only by the named retailer, and sends it to the web browser, to go on to the retailer. If it's intercepted, it's useless. If someone manages to persuade you to pay the wrong person (say a site that calls itself fBay and you don't notice it's not eBay, I don't know), at least they can only take as much as you've agreed to, there's no way they can take more.

For shopping day to day... I don't know, maybe the little hardware device does short range Bluetooth to do a similar transaction sequence with the till?

Yeah, so, not going to happen, but that's what could be done.

Solution: Don't use a debit card (1)

sumbry (644145) | more than 4 years ago | (#31866618)

It sounds counterintuitive but the real solution is to just never use a debit card. Have a separate ATM card and credit card.

When you're using a credit card, you're protected automatically when things like this happen. If you claim that a charge is fraud, it is up to the merchant to actually prove that it is a legit charge. This means that your credit card company will remove the money from the merchants account immediately. If they fail to prove (usually by signature or some other means) that you made the charge, they take the hit.

The other thing that sucks about using a debit card is that they do absolutely nothing to help you build your credit. If you're looking to get lower APRs one of the best ways to do that is to use an actual credit card to buy things and then pay off most of the balance every month. When you use a debit card it doesn't register as a balance. If you bought tens of thousands of dollars on a credit card it could do wonders for your score if you pay it off and keep the balance low. Doing that same thing on a debit card does absolutely nothing.

Debit cards also suck because if you use them for things like Hotel Reservations, the Hotel will actually put an AUTH on your card for more than the price of your room. As long as that AUTH is there you don't have any access to those funds in your checking account. Hotels, etc will routinely AUTH you for more than the price of a room, in some cases 1/3-1/2 as much.

Stories from the third world (1)

Superdarion (1286310) | more than 4 years ago | (#31866620)

HSBC, the chinese bank, has been handling my money for a long time. I use a debit card and quite freely, I might add. I had never had a problem until about 6 months ago, when I saw a transaction which I hadn't made.

I called the bank immediatly and told the nice lady my problem. What she said was "Are you sure you didn't buy anything from companyname on that date? Alright. Do you agree to pay any charges that could arise if the company has the signed voucher for that purchase? You do? ... ... ... Ok, sir, your money is back in your account. You can use it right away."

It made me feel kind of dizzy to see a company treat me, their client, as a human being. I checked right away and just as she said, the money was back in my account.

A few months later I had some issues with an internet transaction. I clicked the "pay now" button at the end of the process and after a few seconds, the page gave me an error and I just left it there. However, the site did make the charge (even though the company had no record of the transaction when I called them). I had to call the bank again. This time the call took 30 minutes, but the money was back in my account by the end of the week.

Say what you will about the Chinese bank, but they treated me greatly those two times.

Exercise your Reg E right (1)

Pagey123 (1278182) | more than 4 years ago | (#31866624)

I work as a network admin for a small community bank, so I have a passing knowledge of these matters. First, fully investigate your rights under Reg E if you are in the US. []

There are rules that govern reporting unauthorized transactions and the providing of "provisional credit" by the financial institution. Make sure you read and understand your rights. Hold your institution's feet to the fire, and make sure they act within this framework.

Second, understand that it is difficult to protect your debit card information. It can be stored (and stolen) from so many places. Any online purchase may result in your card info being stored on a server somewhere. Once that server's back end database is compromised, your data is exposed. Or you shop at a store with a POS system that is not well secured. Or your server at the restaurant last night cloned the mag stripe on the card. Ad infinitum.

Now, it's easy to say "make the financial institution liable for all fraud". But keep in mind the sheer volume of ACH payments processed by some of these banks. There's no way in hell that a bank can know for sure, 100%, that you did or did not initiate a particular transaction. However, please know that most banks' core providers have heuristic/behavioral analysis that does in fact look for behaviors that don't match yours. Companies like Fidelity National Information Services (FNIS), for example, actively send out "fraud alerts" that monitor ACH and debit activity on their networks. For example, if your card is used to purchase a product from a country or a domestic location that doesn't match your activity history, your bank can be alerted and the card can be "hot carded". I know it seems like we, as banks, drop the ball a lot, but keep in mind there is a lot going on that customers are not even aware of.

One piece of advice I would give is to just keep enough in the DDA account to which the card is tied to not go into an overdrawn status. Keep the bulk of your funds in a NOW or savings account with nothing electronic tied to it. No debit card, no automatic bill pay, etc.

Banks don't want security (2, Insightful)

straponego (521991) | more than 4 years ago | (#31866682)

They encourage the use of signature cards instead of PIN cards, even though PIN cards cost them much less to process. That's because they can add their cut on top of that price, and pass the cost on to you.

Signature debt card fraud is about 15 times as high as PIN debt fraud. When was the last time somebody checked your signature on a card?

So, it's more wasteful, and enables vastly more fraud, but the banks love it. But I guess that makes sense; bankers are, after all, parasites and crooks under the protection of law.

Let me give another example of how they don't care about real security. USbank's online banking service now interrupts the standard username/password entry process by asking you a "security question." These questions are things that you could find about most people in a couple of minutes, by looking at Facebook/google, knowing them casually, guessing, etc etc. The answers are shown in the clear. So where, on every other site you've ever used (including, until recently, this one) you'd expect to be typing your password into an obscured field (********), you instead are typing into a box that anybody near you can read. Awesome. And in exchange, the security you get is... a trivial question, and a picture from a handful of pictures you're allowed to set as your "security image". Which anybody within 50 feet can see.

[Reviews comment in case caffeine has led to unfortunate or controversial comments. Nope, looks good!]

another idea ... (0)

Anonymous Coward | more than 4 years ago | (#31866698)

One issue is whether the banks or legislation can protect you or not since like bankgeek told us, there are resolution mechanisms in place that CAN be accessed (Regulation E).

Another issue is what can you do, in addition to all of this, to protect yourself.

Step 1. Switch to a pure debit card (not debit/credit). This means that you can only spend what is in your account since the transaction never goes through a card merchant (PIN-based interbank transactions).

Step 2. Add another account at your bank that is not tied in to this debit card. Keep your money there.

Step 3. Move money to debit as you need it on the net.

One time pads (1)

eluusive (642298) | more than 4 years ago | (#31866728)

Smart-style Cards loaded with one-time pad data that are recharged from time to time. No reason why a credit card number should ever work twice.

This is EXACTLY why I don't carry one (3, Insightful)

sirwired (27582) | more than 4 years ago | (#31866742)

This is EXACTLY why I refuse to carry a debit card. With one swipe, your account is empty and your mortgage bouncing.

With a credit card, you argue with the bank about THEIR money.

With a debit card, you argue with the bank about YOUR money.

Guess which sort of inquiry receives more attention?


Load More Comments
Slashdot Login

Need an Account?

Forgot your password?