I got this text message from my bank yesterday :






I don't shop at Kroger so I immediately knew it was not a legitimate charge. I checked my wallet, my card was still there. I googled Kroger #366, and it is here in Houston where I live. I called the bank and asked how someone else used my card when it hadn't left my wallet, and how their system knew to flag it as a fraudulent charge since it was well within my region (usually I only get these alerts when I travel). They said:

• It was flagged because previous to that $89.39, there were other charges of very similar amounts. I checked my account and sure enough there had been a couple of charges of $87.55 at Kroger.
• My card was likely duplicated from information obtained over the internet, or from a hacked card reader at a local business.

Duplicated? I'm sure this isn't news for all of you, but it was news to me. I had no idea you could copy a credit card.

Being that the charges were attempted just up the road from me, I think odds are that my info was not gathered from an online source, but more likely from a local business or ATM.

I researched more and found out that there are devices sold over the black market that fit over ATM and gas pump card slots, that record your card info as you swipe. They are made to order, made to look exactly like the original card slot on the machine. They employ modern technology and are very sleek, slim, and look just like part of the machine. If you aren't an expert on the machines, you likely wouldn't notice the addition. At ATM locations, they are often paired with a hidden camera (usually installed in a brochure holder) to record you keying in your PIN.

here's a picture of a "skimming" device:

The criminal rips the original out and replaces it with this. Could you honestly tell that isn't OEM equipment?

There are some which are a little bit easier to identify:

^This was installed on a RedBox movie machine.
Below was installed on an ATM

http://www.scambusters.org/skimming.html

This type of fraud is skyrocketing people! If you didn't know before, now you do; take it from me, they can get your card, copy it, and use it. When they do, they will start making small purchases on it at to avoid you being alerted to it. They don't know how much is in your account and they don't want to make big purchases that get declined, so they go buy lots of smaller value items which they can resell (hence the multiple similar-value charges which activated my bank's anti-fraud algorithm; I hope you bank's is as good as my bank's).

These things are being made for every type of card slot now! Those little table-top game tablets at TGI Friday's, RedBox machines, soda machines, ATMs, gas pumps, parking toll machines, EVERYTHING!

Use cash (obtained from your BANK TELLER) whenever and wherever possible. If you can't use cash, use your debit card as credit. Avoid typing in your PIN at all costs, because if they get your PIN they now have access to your balance statement and they can simply wipe out your entire balance rather than fussing around buying & selling expensive cologne from Kroger.

 

This type of fraud is skyrocketing

It really isn't. If anything, that kind of fraud has been on a steady decline, thanks to the proliferation of chipped cards.

Use cash (obtained from your BANK TELLER) whenever and wherever possible.

Not convenient.

If you can't use cash, use your debit card as credit.

Your debit cards have the same (lack of) protection as your credit cards. Except that when there is a fraud on your debit card, you are on the hook, vs. your issuing bank. If anything, credit cards should be used precisely in this case.

The focus of the industry now is on the prevention of online fraud. Offline fraud, the kind you experienced, is trivial.

BTW, CapOne probably has the best fraud detection in the industry.

 

This type of fraud is skyrocketing

It really isn't. If anything, that kind of fraud has been on a steady decline, thanks to the proliferation of chipped cards.

Where are you getting this information?
My claim was regurgitated information from articles I read on the topic, which may have been dated.
When I went looking for trend data just now, all data from reputable sources is from 2013 and previous.
Here is what I got from FICO:

According to FICO, and pretending it's still 2013, this type of fraud IS on the rise.
Maybe the chipped cards have decreased the number of occurrences since 2013 but I cannot find any data that supports that claim. I cannot find any that refutes it either.

But I know what I see out in the real world, and what I see is that the only store I've been to that consistently requires me to use the chip in my card is WalMart.

Use cash (obtained from your BANK TELLER) whenever and wherever possible.

Not convenient.

I can't argue with that, but I can argue that it's more convenient than having all your money stolen.

Your debit cards have the same (lack of) protection as your credit cards. Except that when there is a fraud on your debit card, you are on the hook, vs. your issuing bank. If anything, credit cards should be used precisely in this case.

I wasn't arguing the case of not using credit cards. I was arguing that, when using a debit card, run it as a credit card (as in, do NOT input your PIN). This prevents a scammer who has obtained your account info from obtaining your account balance and simply withdrawing the entire balance at an ATM. It limits the scammer to making small purchases at POS terminals.

The focus of the industry now is on the prevention of online fraud. Offline fraud, the kind you experienced, is trivial.

It wasn't trivial TO ME! and it won't be trivial to anyone else who experiences it either. Which is the intended purpose of this post; to make people aware of the danger so they can limit their damages.
This post wasn't intended to be a discussion of whether or not physical card fraud is a legitimate danger (which it obviously is)

 

I use ApplePay whenever I can, mostly because it's cool, but also because it's safer. It's a pet peeve of mine that I still have to sign my signature some times when using Apple Pay or the chipped cards. That defeats one of the main safety features

 

I use ApplePay whenever I can, mostly because it's cool, but also because it's safer.

Assuming that the device can withstand attacks - that's where a closed system like the iPhone has an advantage over Android.

Technology-wise, tokenization is the future. For tokenization to work, you have to encode locally, which opens you up for new attacks.

BTW, the more (technologically) interesting one is SamsungPay.

Of all the payment technology, AliPay is probably the most amazing. There isn't a whole lot known about it from a technology point of view. However, its widespread uses in China, the volume it processes, and the seemingly low-tech requirement, and the fact that there has not been (known) large scale and successful attacks on it is remarkable.

It's a pet peeve of mine that I still have to sign my signature some times when using Apple Pay or the chipped cards. That defeats one of the main safety features

The signature isn't there for safety - it is there thanks to the lawyers.

 

My wife has a very effective counter defence to her cards getting hacked.

Simply keep all credit cards maxed out and only pay the minimum amounts plus keep all bank accounts that are tied to cash cards dead flat.

In a way it's based on the old concept of can't steal what's not there to take.

 

That's part of the argument for not carrying cash, also. I rarely have more than $80 or so in my wallet.

 

Personally I prefer to carry cash and don't care for the card payment system myself.

 

I hope you bank's is as good as my bank's).

Nope. My bank bought into that account monitoring software and it sent me a notice that I was paying one of my monthly bills every month. (No Sh!7, Sherlock!)

Simply keep all credit cards maxed out and only pay the minimum amounts plus keep all bank accounts that are tied to cash cards dead flat.

I had a wife like that. I called it, "Having all the debt you can service"...kind of like our Government.
You gots credit? Spend until it's all you can do to pay the minimum each month. Somehow, that's a sign of Prestige.

 

My wife has a very effective counter defence to her cards getting hacked.

Simply keep all credit cards maxed out and only pay the minimum amounts plus keep all bank accounts that are tied to cash cards dead flat.

I think I detect sarcasm here.

But, just in case you're serious, the price she is paying for "security" is a hell of a lot of interest! Too expensive for my blood.

 

I had a wife like that. I called it, "Having all the debt you can service"...kind of like our Government.
You gots credit? Spend until it's all you can do to pay the minimum each month. Somehow, that's a sign of Prestige.

Right!
I think I'll go out and apply for more loans. I'll buy more and more crap every year and then somehow convince people to praise my "annual growth."

 

Right!
I think I'll go out and apply for more loans. I'll buy more and more crap every year and then somehow convince people to praise my "annual growth."

Just make sure your purchases are on sale so you can show your spouse how much you are "saving" each year. You'll be ready for retirement in no time.

 

I think I'll go out and apply for more loans. I'll buy more and more crap every year and then somehow convince people to praise my "annual growth."

I promise to be envious of you and stand in awe at your obvious wealth.

 

My bank went to chipped cards.

Before I got chipped cards, I did have one card stolen, but the bank declined a purchase of 300 of gasoline in east texas. I only use that card in a few locations, so I knew where it was stolen and found out a week later my waitress was fired from that place.

Exercising due diligence, I replaced that card once I found out about the decline.

Yes, I am wary of "added devices" when I swipe my card in vendors and at ATMs.

 

This is really strange... here in Mexico we've had chipped cards for at least 10 to 15 years already! and yet in the US they're almost novelty.

I wonder if anyone's yet figured out how to clone a chipped card.

 

I wonder if anyone's yet figured out how to clone a chipped card.

If man designed it, it is hackable and cloned.

Chipped cards were available for a long time in Europe as well. Compared to the U.S. how many cards and card machines are in other countries? I'm sure the sheer numbers and cost to replace them all in the US prevented a mandate.

 

They're mandated now. Cards without chips should be gone forever in the next few months.

 

Won't help with online purchases though.

 

Hola strantor,

They moved in one definitive direction. When I read Electronic payment evangelists say largely cash-free economy has cut costs and reduced crime rate I remembered your post.

Look here

 

Hola strantor,

They moved in one definitive direction. When I read Electronic payment evangelists say largely cash-free economy has cut costs and reduced crime rate I remembered your post.

Look here

I'm afraid that a cashless society is the perfect dream of a totalitarian government.
Imagine being able to track every single citizen's economic transaction.