Stores in my area have been requiring the clerk to enter the last four digits; however, I always tell them what they are and they never look at the card.

And they say crime doesn't pay!!

It is amazing what people will do. If they put all that energy into gettting a job and working hard at it. They would be able to everything they want legally. But they are just too lazy to make anything of themselves.

Consumers and businesses wage a never-ending battle against thieves who'll take our hard earned money. Our best defense is knowledge, awareness, and detection.

I would like to have a list of stores that take the extra steps to prevent credit card fraud. I prefer to take my business to stores that consider fraud protection measures an integral part of doing business.

www.IdTheftAwareness.com

A few years ago, I left my credit card in my car. Next day, I got a call from Sunglass Hut asking about my order shipment. The lady said she was ready to ship to me in my home in New York. (I live in California.) Just the simple act of leaving a card in plain view is asking for credit card number theft.

Thanks for your service. I learn so much from your articles and I think I am now more vigilant as a consumer. I'm the type who is basically trusting, and I need someone like you to remind me to be careful.

You're glossing over the main obstacle to this kind of credit card theft. If you simply clone a card as you have described, you still don't know the PIN. Since it's encrypted on the stripe you need some means of decrypting it. You're making it sound like any teenager can do this. In the instance you first reported a credit company committed an unforgivable sin and stored that data along with the card numbers. Worse, they didn't encrypt the file. I hope they receive a severe penalty to help encourage other companies not to repeat their error. RND - NY

Im thankful that this story finally came out to light. I was a target of this type of fraud last May where I lost 115 dollars out of my bank account. I didnt know I had lost it until I had checked my account balance on a trip I was on. I reported this theft to my bank, and I was told that the loss was my fault though my purchases made on Ebay, which I know wasn't true. I eventually got the money back, but they never found a link to Ebay, but either way my bank still gives me flak about if its my money that I am accessing when ever I deposit or withdraw funds. Thanks to MSNBC for breaking this information and letting others know to be careful!!!

As of this moment whenever I go to a store and the clerk ask, debit or credit, my answer will always be credit. With stores storing information, I think everyone should follow suit and use their cards as credit cards. This would ensure that the stores have no pin information to store, and it would provide better protection in case of fraud. By the way, shouldn't there be a law that prohibits stores and other merchants from storing your pin number? If there is no such law then there should be!

The Exxon stations on I-95 began using the zip code input for their credit cards. For laughs I put in all zeros. It took it. So much for that.

Due to the F.C.C., relay operators for the deaf are not allowed to release this information. Credit card fraud goes on constantly. Criminals from Ghana, especially, use the free internet relay service, have us call businesses for them, order merchandise and shipping, business people are losing money in exorbitant and sickening amounts. Unfortunately for the deaf, people MUST refuse to do business over the phone for the self-acclaimed "Deaf" who want to use credit cards, while never coming into the store. Relay operators are forced to play along with them, and the Americans who are truly deaf are having their reputations ruined by crimes they're not committing, as well. Our business owners MUST be aware of this.

We have never purchased anything with our debit card using our PIN number. Banks issuing debit cards should carefully instruct their customers that they should always use their card in a credit manner when purchasing goods by signing a credit slip the same as when they use their credit card.

How about the banks with ATM have a call back system. such as when a withdrawal is made, your phone # on file is called informing a transaction was done at the address of the transaction.

This sounds like the perfect opportunity to introduce RFID tags into debit cards. Using this technology you could have a system that allowed cash withdrawals only with the original matching encoded card.

Many of the fraud problems would be eliminated if consmers could specify regions/countries/states that they will never make charges from. It would be up to the consumer to update their information if they are traveling to those area. For most of the year, I'd be happy to restrict my credit card, ATM and debit card to the US.

Years ago I did programming for ATM networks and ATM systems. I was one of thr original implementations of the PULSE ATM network.

Track 1 of the cards contained the cardholder name and was only used for display purposes, if at all. Track 2 contained the card number, algorithm seed, and offset. Track 3 was rewriteable to allow account balances to be maintained on the card. Track 3 was not used very often.

At that time PIN numbers were not stored on the cards nor in the system computers. PIN numbers were calculated using one of two methods. DES encryption would take information from the card and determine the PIN. There was also DIEBOLD encryption that used a set of tables that the card information was massaged through several times to determine. In both scenarios there was an offset on the card to allow customer chosen PINs to be used.

The upside to either system was that no PIN information was stored anywhere in the financial institution files. The downside was all that was needed was the scheme used and the tables and pin numbers all cards from the insitution could be determined.

I had, in fact, written a program for customer service that would calculate the PIN number for any given card that was issued by the institution. A dangerous and powerful program indeed that was very tightly controlled.

As to what has transpired since then I am unaware. PINS were calculated locally as communication between machines, attached host, and destination host was not that reliable. I don't know if the PINS are still calculated or if the PIN is actually stored in the banks system and then verified. This causes a security risk as the information is retrievable and viewable by others. Using a complicated calculation makes determining a PIN by a human much more difficult.

I would hope that PINS are still calculated using a proprietary table and algorithm known only to the issuing bank. That will not stop fraud from merchants that store the PIN, but it may help from exposing the PIN in case the issuing institution is compromised.

I would also add that checks are more dangerous than ATM cards. If I can see the account number and bank name on a check, within minutes I can have checks printed that will draw on that account. The check can have whatever name I desire (stolen ID, etc.) and will process through the system. Getting a bank to return money withdrawn by check requires some effort, more so than what is required by electronic transactions such as debit and credit cards.

My "trusted" MasterCard Debit Card info was hijacked by someone in Seoul, South Korea. Of course by the time the bank had opened after the weekend and I could actually find a human there to alert, they had cleaned out my checking account and were in the process of taking my life savings from my savings account! Thanks overdraft protection! The card never leaves my wallet so I could not understand how this happened. The bank people told me that chances are a retailer that I used my card at had stored my card info on a computer and was probably hacked. Awesome! Meanwhile some Korean dude is making 100 dollar purchases at 7-11's in Seoul and 500 to 1000 dollar purchases at Department stores there. Watchout folks it can happen to you too! Monitor your accounts daily either by phone or online, especially debit cards because that is your cash they are stealing, not the credit card issuer's!!!

VERY SIMPLE SOLUTION. CANCEL AND GET NEW CERDIT OR BANK CARDS EVERY TWO TO THREE MONTHS AND KEEP ON ALSO CHANGING YOUR PIN NUMBERS.

What happens when the stores swipe your credit card 2-4 times. They say it didn't go through. Is this used to steal information or multiple later charges?

Makes me feel better knowing my credit card information is as secure as our boarders and ports. Yeah right.

It's become apparant that although convenient, credit cards have become as easy a target as social security numbers. My wife and I went to Italy recently. When we returned to the US, there was a phone call from the bank waiting for us on our voice mail. They wanted to tell us that there were 3 Western Union transfers totaling $2600 to England ready to be processed. Luckily, it raised a red flag and they wanted our approval first. The only thing we used our credit card for was shopping and dining. I believe a restaurant server took our card to pay for the bill, wrote down the account number, then sold it or handed it to his/her mafia boss. Use traveler's checks when traveling!!!

To the "cancel and renew" post, your idea would be good, except that you would trash your credit rating, since your credit history would be reduced to the same 3-6 month window.

A couple of years ago, I cancelled a couple of older, inactive accounts... and my FICO score went down about 35 points.

DirectTV found a way with their smartcard technology P4 cards from being hacked. Why can't CC/Debit cards?

To Robert Reynolds: change banks, man. Come on, you don't deserve that kind of treatment from a bank-or anyone else who relies on your good business.

I think,first of all,the interested in FRAUD
have to be cought!

Someone wrote earlier that the obstical to this type of fraud is the crook needs the PIN. This is only true at an ATM. When was the last time a gas pump or fast food joint asked you for a PIN or ID? Another thing to remember is there are encoders out there that will change the PIN on the card. Ever changed your PIN at the bank? The bank chooses to make you input the old PIN, but a crook can do it without.

Why is this such a big deal? Any reputable bank will give you back the money in short time due to fraud. If the bank accepts the risk, why do we care? Not like my social security or kids names are on the card. There are even banks who promise to give you back the money in less than 24 hours. Small risk for me to keep using the simplicity of the debit card.

The pin can't be on the mag stripe or I wouldn't be able to change my pin over the phone or via a website when the card is not involved in the change. The only way I know of to get a pin number is from the card owner, the financial institution, or by a lucky guess.
In any case, this type of theft is a good reason to put RFIDs in cards and require biometric verfication like fingerprints or retina scans.
The next thing we'll probably hear about is a device that reads a fingerprint and then builds a replica that can be worn and used by thieves. I suppose someone could even also build a fake eyeball that could be encoded with a retina replica if the stakes were high enough.

Last week I was at the grocery store trying to purchase groceries with my BofA debit card when my transaction was denied. I paid with another form of payment, and immediately called the bank.

It turns out that two days earlier (without contact from BofA) someone pulled out $80 from an ATM in Warsaw, Poland. BofA immediately placed a $50 limit on my card without notifying me to prevent fraud. I do not mind the restriction as a protection to my account, but the fact that I was not contacted disturbes me. They had my phone number and contact information, but still no contact.

I felt like the 'Citi' commercial where the customer had to yell his passcodes to gain access to the customer service representatives (FLUFFY! BIGBOY!).

Of note, I do not use my debit card for online transactions, and I do take precautions to ensure my data. I do not know where they got my data from...

To Ken I of Boston: that's a great idea. That would narrow things down quite a bit. If and when a transaction occurs in a location that the card holder wouldn't normally have been, the transaction can be flagged as suspicious.

I have never used a debit card but just last week I received one from a local bank in DC. After reading the article from MSNBC, I immediately cancelled my debit card. I had no idea that those card reading machines store PIN numbers and everything else. This article was very informative, and thank you. I just hope that Financial institutions will come up with a better security for ATM and Debit Cards.

This is exactly what happened to me 2 months ago. 20+ ATM transactions from London England against my California account for the exact same amount. Two issues arose from my misfortune. The bank was much more reluctant to return the ATM and currency exchange fees associated with this theft then they were to return the fraudulent withdrawals. Secondly, I was told that when given the choice between credit or debit use of the card, use credit because you don't disclose your PIN data.

This is the reason that I get gift cards to make my purchases online. Or use one of those cards that are reloadable. Do not use your ATM/Visa/Mastercard anywhere!. if you do , you risk that someone can hack the information and empty the checking/savings account. Or if you want to use it, then have two checking account: one connected to the checks and ATM card where you only leave a few hundred bucks (whatever you want to risk) and the other where you actually keep your money. Do not make checks for the 'safe' account!. that is what I do at least.

As a long time retailer I thought I had witnessed virtually every debit card/credit card scheme out there. When my bank called and asked if I had just returned from the Ukraine...I was puzzled. Upon learning that every cent I owned had been withdrawn in 300 dollar increments over a weekend left me floored...especially since I was still in pocession of my bank card. The bank efficiently handled the claim and restored the funds, but were evasive in helping me understand how this could have happened. After reading this article and the one that preceded this one, its very clear to me how this happened.

This may explain what happened to my friend in LAS VEGAS recently! She went to an independent ATM located in a casino and verified her account but didn't do any withdrawal. Two days later she found out her balance was $100.00 less! Being a tourist, her bank account is in a foreign country, so she could not report it until she got home a week later. Haven't heard about the bank's resolution, but the question is - any other Las Vegas victims out there? Seems logical that the thieves would target this place.

I recommend we get rid of credit, get rid of credit cards, go back to checks and cash. Then, life will be more simple, and all of our credit problems (theft, bad scores, bankruptcy, etc) will slow down (Well, maybe not, but it sounds good.)

The onus needs to be placed on the banks and businesses, not the consumer. When they, not the consumer, are liable, then and only then will they care about security. As long as they can say it's "your money, your problem" the problem won't get fixed.

You better be an informed consumer!
Visit http://www.ezcreditanswers.com for more information on credit card fraud, how to protect your credit etc.

This is old news...its been going on in various forms (card-swiping, etc) for over a decade.

Key-cards and pins have been long known to not be a secure-system.

As any security expert will tell you - security should be at least 2 of 3 factors
1. Something I know (i.e. PIN)
2. Something I have (i.e. Card)
3. Something I am! (i.e. retina/hand scanning)

No.3 sounds great, but in reality its no-where near reliable (or cheap) enough for commercial credit usag -I know that as I have banking customers who've tried it, and 90-95% accurate is useless to them!

No.2 (magnetic-stripe cards) has been comprimised since inception. For this reason the UK (and I think most of Europe) has moved to "Chip-and-PIN" - which embeds an ecrypted chip on every-card.

It does of course require new card-readers everywhere, but duplication of the chip is extreemely difficult,
and I am not aware of any widescale breaks in that security to date.

While reading one of the above comments (the Korean incident), I had a thought. How much money could that person have saved had they been able to cancel that card online? It seems like an easy feature to implement in online banking and I can only guess how much it would save someone in a situation such as the one experienced by the poster. I bank with Navy Federal and will be inquiring about this today.

I worked at a bank for 20 yrs..What most people don,t know is that your debit card can be used without the card...These lazy people who don't have a real job, get friends who are working at certain stores, restaurants and etc ,get them to just give the card # to them and go to a store, gas station, & etc who will be glad to put the card# in and get a piece of the action...I know cash is what they want. you can go to the bank and request the limit on a atm withdrawal in a 24 hour period...most are $400.00...and if you check your balance everyday you can catch it alot quicker.....also can request the purchase amount in a 24 hour period also...

It is absolutely unbelievable what lengths criminals will go to in order to stay a criminal! All of this news lately is making me want to go back to my great grandparents banking system -- the "cash under the mattress" is sounding better and better. Please! Somebody! Come up with something that will stop them from stealing our hard earned money!!

I'm using cash from now on!

Check your bank statments and use online banking features that your bank offers! (I'm a fraud investigator at a well-known large bank...

Very simple solution. Demand that your bank give you an ATM card. Do not accept debit cards and don't use them. Use credit cards and your bank account will never be touched. I refuse debit cards a=and only use ATM and credit cards.

All of this scares the heck out of me. Nothing seems to be safe anymore. I say cancel it all.

In all these posts I didn't read one comment about why e-Bay is allowed to sell equipment that is only intended to break the law when in private hands. Everybody talked about consumers and banks and whose fault it is. It is the fault of the thieves out there. Talk about shutting the door after the horse is out - don't sell the equipment. If you aren't a bank or a credit card company, there is not one reason on earth you would need an encoder.

I think this is horrible that people are stealing others money because they are too lazy to do it. But reading the article shows that current systems constantly allow this behavior to continue. I do not feel sorry for the financial institutions that are getting ripped off because as I see it they are already engaged in legalized theviery. Their ridiculous interest rates, late fees when the payment is late ectera, ectera... Did you know that in the infancy of this great country usury was illegal and in most cases people were tarred and feathered. This is what honest americans should do to these financial CEO who enact all of these fees and outrageous interest rates that only screw people outta hard earned money not helping them build credit as they tout.

It seems like just yesterday when digital cell phones were introduced and supposed to be very secure. In fact I specifically remember the comparison of 5-6 main frames working 24-7 for 3-4 years is the only way they could be cracked. Now when a terrorist pushes the send button they know where he is instantly. Technology will always beat technology and so on!

MY IMAGINATION CAN'T CREATE A SCENERIO, 5 YEARS FROM NOW, ON SECURITY ISSUES. I JUST HOPE I DON'T GET HIT ALONG THE WAY!

Last month, my account in Newtown CT was targeted to the tune of almost $15,000. Yea, that's right $15,000. All of the purchases were made from Europe and were made on high end airline tickets. Some over $3,000 each. The bank took care of this for me - thank you very much Chase, but the crooks, at least for now have gotten away with it. What a scare, when I went to get money from my cash machine and there was nothing left. Someone clever person could get very rich if they can figure out a simple way to thwart these bandits.

We have the convenience of 24-hour banking and worldwide shopping at the press of a button, but we should have considered the possible consequences when this technology gets into the wrong hands. These crimes don’t just deplete life savings, it can ruin credit reports. As you may know, a bad credit report eliminates you from getting a home or car loan to losing a new job. Yes, that’s right, some employers check your credit to see your “character”.

Your article is just one more reason why we’ve said “NO” to electronic bill payments and ATM cards for years.

You know they don't even have to be in the country. I personally got ID thefted twice in 4 months and this was after doing all of the necessary things. Changing my debt card, putting fraud alerts on my credit, etc. I got online one day to check my bank account and found that someone in Jordan had hacked my data and WIRED himself the money! The Company KNEW it was fraud yet it took me almost 3 weeks to get MY money back! And then they have the nerve to suggest companies to you(that for a nice monthly fee) will "protect" your information. Isn't that the job of the banks and credit card companies in the first place? How is it that there are companies now that are making money on a crime?

Personally I only use an ATM card at a bank ATM ( as in the ATM is in the bank in view of hte bank employees so the skimmer cannot be replaced by theifs) to withdraw cash.

I NEVER use an ATM card to make actual purchases. I use a credit card.

I was a credit-card fraud victim in Thailand. Three months after a trip there a single $400 charge appeared from a store I had never been to. It was stripe encoded, so my credit card stripe had been ripped and likely put onto another card, with the thieves knowing what stores wouldn't check the last 4 digits. I didn't have to pay, though it was a hassle to cancel the card, fill out affidavits and get a new one going. Since then, I have never let the credit card out of my sight (such as at restaurants).

There should be a penalty for businesses that do not check the back of the card for signature and verify with a picture ID for an instore purchase. I constantly go places and use both my VISA or my debit card and maybe one in 20 times does someone ask for my ID. Even if I question it they say, No, that's ok. I realize this won't help online transactions but there has to be a better way!!

I was once the victim or debit card fraud, but in this case I got very upset with the bank..While I was out in Las Vegas using the card at several locations. Someone was also using my account in Queens, NY. Within minutes of eachother. I eventually got my money back but it took a battle, a visit to the police station and several visits to the bank, not including all the phone time.
This instance could have easily been averted. How can you use the same card on both sides of the US within minutes of eachother. Banks need to get their acts together.

Last time I visited England, store clerks could not believe they could process my US credit card with no PIN. I'm like go ahead it will work fine and they were like OK, I have to see this... PIN's for credit card transactions would be good to see here too. Just adds another layer of difficulty for a would be thief.

Many merchants keep the copy of the paper receipt that contains your full debit card number as well as the expiration date. I've gotten in heated arguments with them because they won't give ME back the one with the numbers and exp. date. Why do they need this information? It's already in their computer. There's no way to know who sees it, what's done with it or who might copy it down. I thought there was a law against it, but apparently not. I'm just going to stop patronizing these stores or pay cash. Watch out for this the next time you sign a receipt after using your debit card.

My friends all believe that I am from another planet when I tell them, not only do I not have a debit card.(which I don't) I do not use the "drive-up" method of banking.... I feel it safer and I can "spend" an extra few minutes trying to be safer!

Never use your card online. Many card companies offer one time-use credit cards. Use them.

If your birthdate is prior to 1990 and you were born in California, you better use something else in place of your mother's maiden name when opening accounts, etc. The state was kind enough to post all the pre-1990 birth records on the Internet a few years back for anyone to locate. California birth certificates contain your mother's maiden name and date of birth. All the thieves need after that is your Social Security Number and, voila, they become you!

When I found this out I set out to open new accounts to replace those that I used my mother's maiden name to open. It took a couple of years (to protect my credit score) but I got it done. Mother's maiden name is simply a password. I highly advise everyone to use something else in place of it.

My Wife and I had this happen two weeks ago we went into a store and our debit card was turned down it turned up that it had a freeze on it so I used my card. we then went to our credit union and they destroyed it and issued a new one on the spot. It
turns out that someonr got a list of customers from paypal and sent a fake e-mail to paypal customers asking to verify our info and my wife did that.Well
they had her card number just like that the one good thing is that Star the compant that takes care of that stuff for the Credit Union was on their toes and
noticed that we could not get that far in an hour . So they put a freeze on it.

I don't like to use my check card when we travel so, I use credit cards.Two months ago we were traveling out of the state that we live in.I used my credit card twice for gas and the third time around the card was declined! I didn't know why.So, I called the bank to see why it's been declined. They said they saw the charges made out of my state so, they called me immidiately on my house phone but they couldn't get hold of me then they blocked the card.That card was DISCOVER card. I felt so good about this customer service. That means they do care about my account.I provided all of my personal info then they relased the block on my card over the phone. Now that I'm thinking what if my card was stolen and been used untill I realized it had been lost/stolen.If they didn't have this great service it would have been a huge headache to clear it out. So, there are some good credit companies out there.I happened to have one of them!

What is becoming of this world. I have a bit of advise. I am a victim of ID theft. I went to one of the places where the theif used by debit card. Boy, did the manager get an education from me. I paid for my meal by check, just as did the thief. The manager asked me for my id. She did not even look at my picture on the drivers license. She wrote down the number and gave the drivers license back to me. I let her complete the transaction. Then, I told her that I was a victim of Identity theft and had recently talked to her on the phone regarding an individual using my identity. Yes, the thief used my drivers license as ID and got away with it. I told the manager to avoid identity theft in the situation is to compare the picture id to the person. Of course, I have seen pictures of the woman that used my identity and she does not look like me one bit. What will help in this matter is that when you present a check and have to show your id, make sure the retailer looks at your picture and you. If they dont, please make them aware of it (even if it is a bit of embarrassing for them). Others will hear you and they to will do the same.

Has anybody thought about putting some controls on the sale, and ESPECIALLY re-sale, of the encoding machines? If banks, etc. are not allowed to simply resell or discard these machines it seems to me the worthless scumbags who perpetrate these crimes will eventually have a harder time doing it.

Years ago, my bank decided that I wanted a debit card (aka cheque card). U.S. Federal law on credit vs. debit is considerably different. Fraudulent credit transaction liability is limited to US$50 total. Fraudulent debit transaction liabilty is US$500 per transaction. What a comfort there. Yes, your bank may say they will make you whole, but with a debit card you take your bank account in your hands. I told my bank that if I had to have the debit card, I would close the account. The next week, they realized my and other people's concerns and dropped the mandate that the debit card be used.

I don't know why everyone is making such a big deal about this. Make sure your bank protects your credit and/or debit card against any and all fraudulent purchases, then you have nothing to worry about. In the case that something does go wrong, one phone call solves the problem. If your bank doesn't uphold this policy, then find one that does. I'm with Wells Fargo and they recently sent me a new debit card with a different number accompanied by a letter explaing that my previous number may be under risk for theft, then they reassured me I was protected against any and all fraudlent purchases from all my accounts (checking, savings, credit) with them. Its that simple.

Don't start changing YOUR lifestyle because some hack is too lazy to do something productive with their lives.

As a long-time banker who started using debits cards since its inception, I have always instructed my customers to use the cards as credit when making purchases and never using a pin number. There was a period of time when Wal-Mart would only accept debit cards with a pin number (due to the lawsuit with mastercard and visa) and i refused to shop there because of that. I have also taught my teenage daughter to use her debit card as credit wherever she shops. And I only use my bank's ATMs.....I don't trust anybody elses......people need to be very careful and pay attention.....

I was one of the victims caught up in this mess. I had $313.00 taken from my account last week in fraudlent charges. One was from some betting (gambling) place, 1 from a Poker network place and another from a singles.net or singlesnet.com (something like that). These all hit in 3 days time. You never know what will happen. I do buy different stuff online but these are supposed to be "Secure" sites. From now on im going to stick with calling the place and not going to their site. Now, I have to pull a credit report and look at it. Too much bad stuff is being done with our technology these days. Some day this has to stop. Watch your account closly and report anything unusual. Thanks for the great article.

I am certain there is technology that can stop this, so why are the banks making it so easy for criminals?

If you think what happened to Dave from Connecticut, posted Mar. 17 was bad, check this out for a kicker, my girl and I have the same card, and one day we had accidentally swapped them, the next day I had actually used it to purchase something, I used my signature on a self check out counter, and the system took it...

My bank account was robbed a year ago. The person took $1500 of my money. The bank refunded my money and I closed the account and took my business elsewhere. A couple months later that bank is calling me because I have charges that I need to pay for. I had asked what they were for and they were the same charges this person made a couple of months before. After I closed the account that person still was able to take money out of an account that was closed. The bank to this day still says I owe them the money, after I have taken the closed account slip into them to prove the charges came after I closed the account. Just be very wary of everything!!

Here is a idea I have been throwing around for a long time. When you want to use your credit card on the internet, you first go to the card's holder and tell them where and how much you are going to spend. They then give you a credit card number that's only valid if used at that location. That way, no real credit card numbers would be used and if they got hacked, they would be useless. Of course this type of idea wouldn't work for those small purchases or the Impulse buy days but at least if the idea was refined, it could be used in all situations.

I have been in sales for over 6 years now, and it is amazing to me that people get so concerned about their credit card safety, but at the same time get worked up when stores take the extra precautions to protect them because it 'takes time'. I recently worked at a location that did not allow you to use the credit card unless you typed in your home telephone number. If it wasn't a match to your credit card account information then it would not allow us to process that card. You would not believe how many days I would get yelled at because customers had to enter in that information. Security from credit card theft takes EXTRA time! If you want to be protected deal with it!

J. Sutton -
All merchants are now required to TRUNCATE the card number on the signature receipt as well as the copy given to the consumer (display the last 4 digits only). This was mandated by Visa and MasterCard and it is usally applied to other card types by the merchant to make it easier, programming-wise. In additon, the card associations (Visa,MasterCard,Discover,Amex) require the merchant to file the signed receipt for a period of 1-3 years from the transaction date in case there is a dispute, which the merchant must provide a copy of on request in such cases.

This is old news. I was committing "white card" fraud against my college's parking garage back in 1992. And I didn't need any special "encoders" or other special gear to do it with either -- all I needed were the guts of 2 old reel-to-reel tape players, some audio tape, an expired parking credit card, and a current parking card with $15 encoded on it.

I don't suspect that duping a modern ATM or credit card is that much more difficult.

Anyone reading the recent news on debit card PIN fraud may be interested to note that retailers that store PIN information is not the only way for thieves to steal PINs. As a former technician in the ATM industry, I can tell you that PIN information is encrypted using an old encryption algorithm called 'DES' directly at the ATM and sent over the public telco lines to a central network, such as STAR or private bank network. For several years now, the banking industry has been pushing ATM owners to upgrade to a newer and better system, called 'Triple DES' that is much harder to hack into. Many ATM owners have not complied, because of the cost of the upgrade. My former employer, Shields Business Solutions has a company policy of purchasing inexpensive, used ATM's that have been replaced with newer, safer, and more secure ones; and placing these older machines in public places around the city for customers to use. Many of these locations are in poor neighborhoods in and around Philadelphia. Shields has no intention of upgrading the DES software to make these machines more secure, as it incurs an expense and would cut into their profit margin. When I left the company, not a single ATM owned by Shields or MBM, a sister company, had the security upgrade. One day an enterprising hacker is going to figure this out, and the old DES security is not very difficult to crack. Perhaps this has already happened, and is the source of some of the PIN fraud currently being reported.

Thank's for more great news. I was recently robbed by an investment scam that apparently originated in Russia. Now I'm feeling real good about even more way's to get ripped off. How about going back to storing cash in the pillowcase? Sounds a lot more safe to me.

My husband receives an email from our bank anytime our debit card was used for more than a $100.00 purchase, including ATM withdraws. Now that our bank is merging with another bank, we hope that is one policy they don't disgard.

I was in WalMart buying only about $6 worth of items and it was payday and my bank card was denied. This had happened before, but it was because they check amounts of money you spend and then freeze the account if it is not your normal spending pattern. Well, come to find out, it was someone in Moscow, Russia. I was floored! Thank goodness I have fraud protection!

I never get debit cards with the Visa/MC logo. I don't care what the ads say about zero liability by using those cards. The problem is the money can be gone from my account and I might be unable to pay my bills while the bank sorts out which charges are fraudulent and which are not. In defense of the banks, I am sure there are bank customers who commit fraud on their own bank by withdrawing money and then reporting it as fraud. So banks may sometimes be unsure of whether their customer is lying to them about an unauthorized transaction or not.

The use of one-time account numbers for credit card transactions online sounds quite attractive - I need to use that for my purchases going forward.

Why does the honest consumer always have to pay. Why doesn't the government enforce stricter punishment for those convicted (especially within the country) or have a talented and dedicated task to crack down on these crooks?

I don't know why, you, the endusers aree still falling for the false statement thed debit is better than credit, with debit cards is your own money at risk, use credit instead, it is their money. If it is stolen you just don't pay it.
No clerk seems to care about security, they rarely ask for a formal ID, or if the signature matched one on the ID.

Last year 2005. I buy life insurance to my Daugter. Before I buy insurance to my daugter and I ask NY life insurance not to withdraw from my account monthly and I will write to them avery 6 months. The agreements ok with my req'd. After one month and I saw my money withdraw from NY Life without my agree but my Bank of America still let them withdraw from my account. So I call the bank and my NY Life and they return my money to me in 2 weeks later. That is very crazy out there.

Last 5 or 6 yrs I have a checking and saving about in Federal Resever bank now is Washington Mutura.
My have have over 10,000 and once I check on my account that the bank withdraw my money about 30 somthing every month and I ask the bank why. They tool me I am over withdraw 500 so now we need to withdraw you account monthly. that another crazy in my story..

So I recommend if you can go check your checking or saving account once per day you that would be help you. I hope no one will have trouble on they Checking or Saving account.... Take care!!

Magtek has a technology to combat this type of fraud. It's called MagnePrint.
MagnePrint® is a card security technology that can detect "skimmed" or magnetically altered counterfeit cards. Just as fingerprints can uniquely identify human beings, MagnePrint® can uniquely identify magstripe cards. MagnePrint® technology was discovered at Washington University in St. Louis, MO, USA. MagTek refined the technology, to bring it to practical use, and has an exclusive license to market this technology. http://www.magneprint.com/information/what_is_magneprint.asp

I hope the Almighty contiues to protect me from this sick behavior. All I can say is that YOU CAN NOT ESCAPE YOUR KARMA. As hard as it may be, keep doing what's right and the sun will shine on you.

Bob

I'm sure Mastercard and Visa love your recomendation to always use your card as credit instead of debit. They charge the Retailer (middle man) more for this type of transaction.

I THINK THIS IDENTITY THEFT IS VERY EASY TO DO SO LONG AS YOU HAVE SOMEBODY ON THE INSIDE.MOST THEFT IS STARTED WITH SOMEBODY KNOWING SOMBODY IN THE RIGHT PLACE AND THEN COMMUNICATING THE INFORMATION NEEDED.
NOW THAT'S SIMPLE.

I am switching back to cash!

This is the kind of crap that our wimpy PC government should be protecting us against!!!! The banks are profiteering from the system. They dont care if you have a loss and when they get a loss they love it even more since they use these losses to justify the HIGH interest rates. This is like the insurance companies who make more profit after a natural disaster, since the loss allows them to go to the commission for a rate hike. I always wanted a "dead end" credit card that is not connected to anything - anywhere. That way if they get you on one credit card they can't reach in and help themselves to everything you own. It would be great on internet sales etc. BUT the problem is that no credit card company wants to give up the big bucks that a no limit system has. When you get a credit card with a $500 limit they do you a "favor" and within a few months increase it to $12000???>>>> and it is still tied to the entire banking system. If you get hit on paypal for example, you may have only $2 in the account but it is connected to all your banks and allows a full cleanout!!

No matter what you hear or read, there are alwarys out there to break the technology or laws, even if you go through fingerprint technology; somebody will get your fingerprint on his or her own finger, period.
Nothing is safe, just be prepare and enjoy the present.

My sister has been hit twice in the last 3 months with two separate banks. Both times they took $2,000.00. They had a card made with their name on it and her account info and bought three gift cards at three different Staples within 5 minutes of each other, each card for $1,000.00 Thankful though CoAmerica replaced the money within 20 days. Still try going 20 days without cash when your account is cleaned out.

I have a debit card which I use all the time, it is so convenient, especially since alot of businesses do not accepts checks. I also have on-line banking and I check my account daily. I have yet to encounter any type of debit card fraud and hope I never do. After reading the article though, I will from now on use the debit card as a credit card transaction. I feel for you all that have experienced fraud. Unfortunatley, the criminals will ALWAYS find a way to steal!

Yeah, computer technonogy has sure helped our lives. I see little evidence of any real improvement in my life because of computers but "they" keep telling me it's better. "They" sure do know alot don't "they".

Anyway, I say we go back to cash. Going back to cash would not only solve the problem of people who use a credit card legitmately being too far in debt to begin with, it would also prevent the actions described in this article.

The one thing in this story that is not accounted for is the lengths that the ATM jackers will go to to get the PINs. It occurs to me a creative jacker could set up a legitimate ATM machine (easy to get these days) with fraudulent merchant information, modify the machine to actually work as a legitimate ATM for a while, shut it down and use all the information that was entered to dip again into the accounts of people who used the machine.

While I am sure there are protocols to stop this, it would seem to me to be a thing to be leary of. I would warn peope using ATM cards to use thier banks ATM machines or use ATM debits only at reputable vendors. Seeing an ATM machine in a bar or other place of business where there may be issues of fraud could be asking for trouble.

Something else to think about I guess.

Thanks for all this info its very very helpful but I do need to comment on one of the comments placed here. Not everyone wants to go thru the hassel of changing bank accts every 2 months..its our acct and our money why should we do all that trouble every couple of months when we can just keep updated on our acct's and not leave your cc in a stupid place! But I do agree w/changing your pin # every so often!

J. Sutton
All retailers and customers must be aware that the whole credit card number shows on the batch that is done to send the information to the credit card merchant. The number on the sales slip may be truncated however the batch is not!! Be aware of safe storage of this information.

1. I never, ever use debit cards.
2. I have one credit card that I use for all purchases, whether in person or on line, and it only has a $1,000 credit limit. If they steal it, they won't have much of a shopping spree at my expense.
3. I use two banks in the the same town. One for checking, which only has slightly above the minimum balance, and one for savings. When I have to pay bills, I go to one bank, get the cash, and deposit it into the other bank. Nothing is an inconvenience for me when it comes to watching over my money.
4. All ATM withdrawals are only from my checking account and only done at a bank ATM; never for example at the mall with a freestanding ATM. Savings withdrawals are done the old fashioned way: I walk into the branch and fill out a withdrawal slip. I never withdraw from savings using an ATM card. I realize not everyone can operate so close to the cuff as I do and my system may not be the best, but in this ever-changing, high-tech world, being conservative is the best way I know how to protect myself and my money.

Whatever happened to just cash purchases? Are we too spooked of being robbed to withdraw small cash amounts? If a purchase is...say $200 or less, why not just withdraw the cash to pay? D & CCard purchases, to me, should only be used for major purchases - $500+, or unless you don't have cash & need credit badly. This not only saves time (cash or credit?) in Grocerie or Retail store lines, but it will also eliminate nasty stares from people paying cash, but having to wait longer while someone uses a Card or check to pay for petty $20-$50 worth of goods. Sometimes cash is good! Limiting Card use will limit ID and Card theft. Thieves can't copy withdrawn cash!! That's why they stalk unsuspecting Card users.

I live in a western state, but travel frequently to NYC. Why is this progressive, ultra-sophisticated city still printing one's ENTIRE cr card # on the receipts they generate? Here in the wild west 95% of all merchants have done away with anything but x's and the last 4 digits. No attempt to remedy this inexcusable anachronism is being done in the Big Apple. Hope Bloomberg, Pataki or someone with some power is reading this! Open your eyes, East Coast!

Just a week ago I was a victim of this type of fraud. All the transactions (about 20 - at $2,000)took place in Mexico - with my card in my posession. I caught the transactions occuring in my account within two days - due to online banking. It was a hassle, but took only a week to have Bank of America refund/credit my account and issue a new card. They were very supportive throughout the entire process and even cashed some checks for me - even with a negative balance in my account, while I waited out the process.
Thankfully - I did not have my savings account linked to my bank account (overdraft protection). I would advise anyone NOT to sign-up for that option - otherwise your checking account will pull everything out of your savings, too.
For all the financial loss this type of fraud will cost all banks with customers use of debit cards, it would seem they are going to have to come up with a more secure approach-rather than PINs - as suggested above (i.e. strips, fingerprints or retina Ids) for more secure approaches. The up front costs of more secure monitoring and deterrants to fraud are minimal considering the millions they are paying in associated fraud costs.

Just a quick note on the use of RFID tags. It might not work with today's technology. RFID tags are easily programmable with a readily available handheld device. A programmable RFID tag could even be used in situations where a non-programmable tag is normally used.

And here's the worst case scenario. RFID tags are readable from about twenty feet using powerful wall mounted antennas. All a crook would have to do to capture RFID tags is to drive around with an RFID antenna mounted in their car.

Wow, Bob, you make me wanna swear-off using plastic...ok, maybe just one more time. ;o)

Amanda Greer-You are so right. Everybody hates when the store checks ID's but they scream when credit card fraud happens to them. A couple of years ago the local Sam's Club started the policy of requiring a fingerprint on all checks. People raised so much hell that Sam's had to stop the policy after a couple of months.

The best idea I've seen on this Blog is the one on using reloadable pre-paid cards. You load them with just what you want to spend or risk and it is not tied to any of your bank accounts or real credit cards. We could take this further and use encrypted microchips on them just like in Europe to reduce the risk even further. This should reduce the risk greatly because the microchips are very hard to crack and it wouldn't be worth the effort because so little money is on these cards at any given time anyway. These cards would be great for trips where if they are copied the loss would be minimal. You could even carry several of these on a trip and spread your spending funds across the cards so that you don't loose everything at one time.

The goal should be to keep the value of the card very low at any given time but make the effort to crack them and obtain any gain very high.

Be careful when travelling to Malaysia. That must be the fraud capital of the world. Three visits and each time my credit card was skimmed .

Ciitibank was aware and I got a replacment card in that country. Never use a debit card..

Once a part a time financial theft was a capital offense - i.e. cattle and horse theft. Whether it is Enron or these white card folks, if the impact on a person is equivalent to what horse theft and cattle theft was -- is it not time to revive the old penalities? We need to stop treating these financial criminals (including corporations) to a different level of punishment...

Someone used my debit card to purchase flowers and I have no idea wo=how they got my card now I can understand how it can happen. I had to cancel the card to be sure someone did'nt use it again. It's to bad there are people out there stealing from us. ls

Thanks to everyone giving such good comments. I do not have a debit card, have only one credit card. But I have overdraft protection on my checking account linking savings and CDs to it, I will cancel that. I will also call my credit card company to lower the $10k limit to 2k, thanks for that hint.
Since the criminals seem to figure out new things fast, I now wonder if one got hold of my lost February payment letter to the credit company which also included a check, and is able to get creative with those two account numbers.

I think it should be unlawful to publish the exact detailed information on how to commit felonies such as these. You just helped spread information on how to commit these crimes. We the consumer, don't need to know the details on how it is done. We just need it to stop.

Last year I got ripped off for 1400.00 dollars on a purchse made using my multiple debit cards. Now what I do, is dont use Debit at all. I now reduced my credit cards to have a limit of 500 dollars and that way the damage is always limited.

Thank you for educating me about this. I had no idea that using your debit card at a store was not a smart thing to do.I have always done that for the convience, but never again.I feel sorry for the people that this has happend to.To those crooks who get a kick out of stealing from others, GET A JOB YOU LAZY BUMS.

Why dont the manufacturers of these encoders make them also write an encoder part ID on to every strip they write? So that number could be used to help determine if card theft had occurred through the use of a resold encoder? Banking software matches up thousands of numbers it seems checking for a valid encoder ID would be simple enough? This would also allow banks to charge again to remake cards for older customers who had cards from a machine they resold? maybe calling it a card re-issuance fee?

The idea of getting rid of all forms of credit and reverting to the old "cash under the mattress trick" is fine in theory but not in practice. I use a form of it myself. My small pension payment is deposited automatically on the first day of the month and I go to my financial institution on that day and get a Money Order to pay my rent. I then withdraw all that's left in cash and obtain more MOs as needed throughout the month. Sure it's a hassle but it works for me.

The flip side of having no credit cards is that it's impossible to rent a car/hotel room/etc. without one. So I dont do any traveling at all.

Isn't America grand in that you can work all your life and have to resort to draconian measures to protect what is rightfully yours?

What is wrong with paying with cash? I actually end up saving more money by not having a credit card,atm card or checking account. That is another reason not to have a credit card-you end up with more green and the crooks can't get your money. They would have to go back to purse snatching!! Or worse yet, get a job!!! In today's society-you are on really on your own. So be careful out there and make it harder for the crooks to get your money. The banks and credit card lenders are not on our side, so we have to be more watchful and keep an eagle's eye out. No one cares about the honest hardworking American citizen anymore.

1.) Why can't common ATM's have a white card detector and keep the card if it is one?
2.) Why can't the cardholder (him/herself) have control to restrict where the card can be used; such as the USA only or Germany and/or France or the state where they live or wherever? Purchases or ATM withdrawls attempted elsewhere are automatically denied. The ATM machines should retain such cards.
3.) Why not issue cards that are only good in the issuing country for those people who don't expect to travel outside their own country? If such a card, real or white, is used elsewhere - deny & retain.

To Chuck of Plainfield, your idea is already in place. Citibank has their virtual credit card # program where a one time number is used on every purchase if you want. Also these cards can be set with a one time limit or a recurring limit so I use them for places I have not shopped before on line. Also Citibank and their ATT branded card have frozen my card when I have driven long distances and go to more than 1 gas station, they send a call back number to the merchant. It can easily be unfrozen in a few minutes. Also when I go out of the city and out of the country I carry only 2 cards, American Express amd my Citibank MC, but I tell them both before hand when I am leaving and where I am going and when I'm returning. Saves getting your card frozen overseas which is an inconvenience my brother had, upside is they both have numbers you can call collect to. Finally I take advantage of their websites and periodically check my statement on line. This caution is the price we pay for the convenience these cards offer.

A number of months ago, someone tapped into our bank account. They relieved my account of nearly $5000, using it as purchases through a local store where I had never been in my life. Yes, BofA did "refund" my losses within a few days; however, that money was not free for them either. To the poster who asked about "what the difference is if the bank pays this out?" The difference is the money comes from somewhere, whether through fees they charge their customers and increase them to cover the losses, or it will come through slower increases in the interest rate they pay me for my funds sitting in their institution. So I pay repeatedely - I loose through reduced services and/or higher costs, and I loose through my time spent meeting with a bank VP, filling out reports at my Sherrifs Office, visiting the store I never had been to before to alert their manager, reviewing their computerized sales logs looking for signs, making repeated long distance calls to their security services department, etc.

Two other items: One, don't forget also that if you use your debit card as a credit card, your money will usually stay in your account for what generally seems to me to be one to three extra days. That may not be much, but when I earn interest on the funds in my checking accounts, every day the money is in mine versus theirs, it is money to me. Two, for those who use cards, please be aware of one of the newer, and hand it to the creatively lazy SOBs who do it, tricks - be very aware of anyone standing near you when you have a card in your hand. Realize that you may have someone very close-by who seems to innocently be on their cellphone, but may actually be photographing or "taping" your actions with the digital camera built into their phone. They can do a still shot to get the numbers, your name, and the expiration date. If they "tape" it, they can also follow your movements to watch as you key in your pin number. Simply take that home, download it to their PC and blow it up to read it more easily. How incredibly easy is that?!

Where's law enforcement? If this was about terrorism, then they would have traced the URLs etc. of these suppliers of criminal information and charged them. We act as though it's cute that clever people post this kind of info online.

I believe in a open society with rights, but my right to swing my arm stops at the end of your nose.

Preventing ID theft occurs in,at the least,three areas. First with the card/account holder, second with any links between them and their financial institution (retailers, merchants etc),thirdly with the financial institution itself. You can combine as many of the preventative methods suggested in this blog as you want, but unless measures by merchants and financial institutions are standardized imposed,AND enforced with high penanlties (more liability shifted to them),none of the preventative measures you take into your own hands will be anywhere near bullet proof, unless more risk is shifted to the other two.Merchants and retailers should NEVER be allowed to possess full card numbers,complete account information,or PINs in printed or any other visible un-encrypted form, only the "X" and last four digit format.Point of sale and ATM transactions should ALWAYS require encoded ID (drivers license)along with the card and somehow not allow the transaction to complete without it.Drivers licenses have an encoded strip also and could be swiped along with the credit/ATM card to authorize/complete the transaction.Or,some secondary data input or request that is not only unique to your account, but also unique to your knowledge only,something that does not pass through data bases or is left on a paper trail,like your zip code, middle name or phone number that matches with information on file at your bank(something that a thief simply has no access to).It should reject the transaction if does not match (like it DOESN'T do at gas pumps).Regardless of how annoying people think it is,for their own protection they need to get used to such protocol.What bothers me most is that some merchants don't require even a signature for card transactions (Carl's Jr., Chipotle). They swipe the card then give it back with a receipt and that's it,just like most gas stations!Online transactions are worse because even though they ask for the last 3 digits on the back of the card to prove it is in your possesion, that doesn't mean the card isn't in the wrong possesion or someone at a retailer (restaurant for example)has written down/copied the info from your card when it was out of your sight.A couple of people hit the nail on the head when they mentioned that many large scale frauds start with an "inside" person; peoples hands in which your information passes through during transactions, and the fact that no one checks ID's anymore, anywhere. I never sign my cards,I write SEE VALID ID on the signature stripe in large very noticeable lettering because I ALWAYS have at least my drivers license with me.Don't have your ID with you,bad.Card ever lost or stolen,good(at least for POS transactions).The more financial institutions and merchants suffer from losses,liabilities and penalties, the more initiative they will take to think of solutions that their customers have confidence in and can rely on.

The number of compromised Debit and Credit Cards along with PINs will get worse every year unless more advanced technology gets implemented across the United States and the world to thwart this type of card cloning that is described by Bob Sullivan in his article. In fact, this technology already exists in the form of so called smart cards that contain an embedded microprocessor. They're quite widespread in Europe but can rarely be seen or used in the United States so far. This type of so called smart cards look just like regular credit or debit cards in size and appearance with an additional small chip that is inside of the card. The algorithm of encryption on the chip makes it next to impossible to compromise or copy these cards unless one uses NSA type of super processing power. So even if the thieves copy the magnetic stripe from the rear of your card and also manage to obtain your PIN number that information by itself is insufficiently useful without the smart chip that can't be replicated by the thieves. This type of technology stopped so called skimming card theft in its tracks in those countries where the technology has been rolled out by the banking industry. Here are the reasons why we still have to live with the risks of our checking/saving accounts being emptied by the criminals through fraudulent ATM withdrawals.

1) The risk of overall debit card fraud is remarkably low in the United States thanks to good law enforcement efforts as well as bank’s fraud prevention transaction analysis software. There are very satisficated Russian, Albanian and Nigerian organized criminal groups that have members who focus on credit and debit card fraud. All three groups consist of thousands of members who have associates around the world who can assist with technology and logistics issues such as prompt ATM withdrawals, card info skimming in restaurants, Gas stations, ATM machines in the grocery stores etc.
Fortunately for the Banking Industry there are dedicated law enforcement investigators working in The Secret Service, FBI and State as well as many local Police Departments and FTC who focus on safeguarding American financial industry from catastrophic losses due to debit, credit and many other forms of financial crimes.
It's important to remember that in the United States The Secret Service actively investigates Access Device Fraud. In order to have the Secret Service involved the loss linked to a single perpetrator on average must be in the range of 50 to 100 thousand dollars. While smaller fraud amounts are supposed to be investigated by local law enforcement the reality is that most jurisdictions either don't have the knowledge or technological resources to deal as efficiently as they should with this "new" type of criminal activities in their respective jurisdictions. Even in New York City which has a very well funded Police Department and excellent Specials Frauds Squad Detectives the threshold of opening an investigation is around 10 thousand dollars in losses linked to a single individual or associated group of people. The reality is that it's hard to determine who is stealing and how much until the individual is apprehended and then an assessment is made based of his/her life style expenses, amount of cash available on the perpetrator or in the place of residence, number of cloned cards produced, equipment used for card cloning and several other criterias that I would not rather not mention here.

2) In order to introduce a new generation of counterfeiting proof Debit and Credit cards all of the current plastic magnetic stripe cards presently in circulation in our wallets would have to be replaced and the equipment in all retail and ATM machines upgraded in order to take advantage of additional security features offered by smart card embedded chips. Needless to say that this type of project would cost billions of dollars in expenses to the banks and retailers and that is the reason why the banks after doing cost versus benefit analysis accounting so far choose to absorb the losses due to theft. The production of cards with magnetic stripes cost around 25-50 cents while cards with smart chips cost anywhere in the range of 2 to 10 dollars. So far the only bank that experimented with smart chip credit card in the United States has been the American Express Corporation that has issued Blue Cash Credit cards to their customers and yet without proper retail and ATM infrastructure that chip is useless for now even though it makes the card look nice and futuristic without offering any additional security to its holders. Until the banks collectively decide that it's more expensive for them to allow the thugs to empty our checking accounts or place charges on our credit cards and then absorb the losses for consumers this problem will only become more widespread. Thanks to the Federal laws the customers are only liable for the first 50 dollars in non authorized credit card transactions and even that amount is not demanded from consumers thanks to Visa and Master card associations policies. For unauthorized debit card or electronic funds transfers the customers are responsible for the first 50 dollars if the bank is notified within two days after you discover unauthorized transactions and if you wait between two and sixty days then you can lose 500 dollars and after that the banks aren't obligated to return any of your money back to you at all.

Regarding the comments by some readers about the banks that they are thieves and rob people my response is that nobody forces anyone in the United States to borrow the money and if you do then you choose to spend beyond your means and have to pay for that privilege in the form of interest to the financial institutions. They are not charities that exist to help you buy new household appliances groceries or anything else for that matter. These institutions are businesses and that mean they are in business to make money on you and me. It’s neither their goal nor their purpose to subsidize your or my quality of life. So the next time when you pull out that credit card out of your wallet remember that it’s your decision to buy on plastic and that by using it you agree to the terms and conditions on which you use their services and spend their money and that money isn’t yours and therefore comes with strings attached.

If the banks for now choose to tolerate the losses rather than invest into upgraded infrastructure then it’s also their business decision and they have to operate with all the consequences resulting from their business decision just like we have to live with the results of our decisions in life. The banks have their shareholders to whom they have to report quarterly earnings and that is the main obstacle to the infrastructure investment into new access device processing systems based on more secure technologies.

In spite of all the security issues related to the ATM cards I personally am quite happy that banks allow access to my cash anywhere in the world. Also it’s only a matter of time before the financial institutions implement the technology that will make ATM and Credit card fraud virtually non-existent. The banks and U.S government have infinitely more resources than the criminals do to deal with this problem effectively in the long term. For now we can either keep our money in the bank or under the mattress. The fact is that your money is more safe in American banks rather than under your mattresses. Of course, that’s your money and you can do as you wish as long as you realize that if your money is taken by the thugs from under your mattress then the money is gone forever while the bank will restore your balance and absorb the loss if the money is kept in the bank but stolen from your account.

All this discussion of using Debit cards as a Credit card, think of the retailer. I am a small retailer trying to survive in this fiercly competitive world. It costs me much more to process a card as a credit card than a debit card. If debit cards are insecure now, then card processing companies should charge consistently for a debit card when presented as a credit card.

I used my debit card at a local supermarket here in Madison, Wisconsin. The clerk spent more time than usual staring at my debit card. Since then, there have been at least two attempts to withdraw from my checking account. Fortunately, my bank successfully blocked both attempts. After talking to the store manager, however, I got a who-cares response. He didn't even bother to investigate. After calling him a second time a week later, he acted like he didn't even remember me. He said that someone else must have taken my first call. Sometimes, the business where the ID theft started try to brush off customer complaints to avoid bad publicity. I'm not convinced that retailers are even concerned about protecting consumers, just making money.

Don't expect the bank, merchant, or our great federal or state "gummint" to protect you. Financial security is a "Do It Yourself" project.

It is really shocking. Are technological advances boon or curse? It is high time to think and act.

One person wrote: "It is amazing what people will do. If they put all that energy into gettting a job and working hard at it..." They went on to call the culprits lazy. Logic would prevent a smart person from saying they put a lot of energy in to it and then call them lazy. WHAT ABOUT THE PIN? The author doesn't say how they get the PIN. Maybe the banks are the problem with the PIN?!?!

** caution note: always check the ATM card slot for anything suspicious! many criminals are attaching those 'card readers' to the front of ATMs and reading your card data as it passes into the 'real ATM'. they come back later to retrieve the device.. stocked with 100's of card data read by the ATM that day!

Encoders "should not" be available to the public? I didn't realize the US had a centrally-managed economy.

Let's understand the facts here. If a merchant or processor improperly, and in BLATANT violation of their agreement with Visa, MC, etc. stores mag stripe data, then they should face the consequences, and I don't just mean a dressing down from the FTC.

Already there have been suggestions to limit the sale of encoders. This is foolish. With so much money to be made, white carders will be able to bribe legit businesses and get what they need, while legislators can crow about "doing something about the problem". Visa can go on blithely allowing 70-90% of merchants to not comply with the PCI security specifications, and it will be (criminal) business as usual.

If you want to make this problem go away, you need to provide an incentive for those who are truly enabling it to change their behavior. Raising the street price of an encoder from $500 to (say) $5000 won't affect the amount of fraud of this nature on iota.

this is scary because of the easy availibility of walmart gift cards with the magnetic strip on the back. the cards could potentially be used as a cheap method to procure cards to make debit card fakes.

I live in Malaysia. Also known as the centre of fake credit cards. The situation was so bad, the government required all credit card companies to switch from using magnetic stripes to smart cards.

Since January, every credit card and and bank ATM cards have a computer chip on it (like the SIM card on GSM phones). http://en.wikipedia.org/wiki/Smart_cards. Not so easy to fake. From time to time, an angry American tourist will demand to know why the store I work at does not accept his Visa/Mastercard which doesn't have a chip.

On the bright side, ever since the switch, we have not have a single case of any customer using a fake card in our shop.

C'mon please. You're living in the middle ages.
In my country debet cartds have an embedded chip, which very effectively prevents copying.

"I write SEE VALID ID on the signature stripe in large very noticeable lettering because I ALWAYS have at least my drivers license with me"

Unfortunately, a card needs a signature to be valid. Your cards aren't signed (SEE VALID ID is not a signature) so merchants aren't supposed to let you use them! (Most will, but I hear the Post Office is a real stickler.)

The fix is in. Hide your money in a mattress. This is your only warning.

Reader should all ask their banks/credit unoins for a

Backward engineering mag-stripes is even easier and cheaper than buying equipment and documentation on eBay.

The function of magnetic stripes encoders has been available on the internet (then BBS's) since the late 80's. Since the layout of data on the stripes is a public standard published by the ANSI Standards Org, anyone with a year of college-level circuits courses could build their own stripe encoder with the info. Here's a document from 1991, the earliest one I could find in 3 attempts on Google: http://www.phrack.org/phrack/37/P37-06

Until recently though most people with the knowledge to build one manually went to enough college that the penalties weren't worth the risk. With organized crime (like the Russina Mafia) hiring techies to hack systems, they also have the brainpower to build these systems themselves.

Recently, since this, I have noticed everywhere I go that merchants have been requiring zip codes for verification.

Upto now, do you know any measures useful for financial institutions to fight against crime? Or we must use chip-card?

Inconvenient? Yes. Disaster? Of course not--you get your money back.

Let's be concerned with more critical issues affecting life as Americans, such as insidious ILLEGAL IMMIGRATION.

I think it is sad that MagTek Corporation assumes that anyone who needs a manual to a used card encoder is a criminal that needs to be foiled. We are starting a biodiesel cooperative and are looking at a used cardkey type system. Problem is we'd have to encode cards for it. Being a co-op we don't have a lot of money, so we are also eyeing used card encoders. Guess we better check to make sure they have manuals.