In the End... We return to Bartering, Precious Metals, Jewels, etc.

Several people have said that all PIN's are 4 digits. Not true! I once had a store clerk tell me that my PIN HAD to be 4 digits. Wrong! Mine isn't, and there is no need for yours to be either. I believe it must be AT LEAST four digits, but it can and should be much longer. Furthermore you should change it regularly - at least every month.

It's all a bunch a hooye. Money can be stolen. Checks can be stolen. Credit cards can be stolen, and so on. Using precautions no matter how you carry money is the key to limiting loses. Carry a Hunderd, keep a little more in a safe at home, then deposit the rest in a savings or whatever at a bank. Carry a few checks, keep check books locked in a safe at home, having a separate savings.

As long as you have access to other money when a theft occurs, I say carry whatever works best for yourself.

Until theres a mandate on security for everyones personal computers, and its taught to everyone , this is a problem thats never going away.
The use of cards on PCs carries 25 times the risk as ATMs. Why isnt this mentioned ?
You know why ? Because american PCs are the most open, unguarded , insecure machines on the planet.
All the trojan horses people invite into the system, in the name of " Its free! " ... and all the remote hosts created by stupid sheeple who load P2P filesharing software and use torrents ... No freeking wonder !
Our sheeple cant see the trees because of the forest.
They arent going to correct this, forget about it.

I remember seeing my pin on the register screen at office max, so its not suprising.

how about this one? Instead of punishing criminals who can hack our system, let us praise them. Clearly they are much more smarter than us. Ever see "Catch me if you can"? Great movie. Point being, if you want to punish those who can beat our system, from whom shall we learn to make it better?

Businesses such as Wal-Mart will only allow debit transactions with the pin inputed manually. I have tried to use credit but they still only allow the debit with pin purchasing. If we are going to a cashless society isn't there a better way to protect people who so not want to carry lots of cash?

ok everyone with a solution, here I go:
Carry Cash: seems to be the popular one, some people have mentioned the risk of robbery. simple, carry your gun closer than your cash. But think about this, what if you aren't robbed. What if you only drop your wallet? huh mr tough guy? nobody to bead down, just gravity doing its job. truth is, cash is paper, it burns, travels, & does what it wants. cash honestly is the most viable thing to get taken, cause once its gone, it's gone.
ATM only cards: I have a question to these people, how many atm's do you honestly go to? I bet less than 1% of these people go to more than 5 atm's on a routine basis. Why can't you tell your bank to only make your atm card work at one specific atm? & here's an extremely crazy one, why not have a call approve your transaction. it would be annoying, but the bank should know my number & instantly call "are you currently standing outside the atm at sucha such branch in china requesting to withdraw $5000 dollars from your account? press 1 for yes, 2 for no". Now if I were standing there, I'd press one, and in, 30 seconds, out comes cash. Businesses seem to know how to call me when it comes to getting my money, why not when giving it out?
Debit card people: alright, you're dumb. Simple. Banks make money counting on people to overdraw, & debit cards are their best tool. Okay, so you have to make online purchases? yes, so do I, & yes, I am dumb enough to use my debit card. but what is my account balance after every transaction? 0... simple, I won't leave a penny in the account when the day is done. why? because when that day comes that the bank says, "why did you spend $10,000 on whatever.com?", I get to say "why did you dumba**es approve that?", pardon the french youngn's. &, in this case, the bank is asking me for money, not me asking for my money back. Gives me the feeling of more power :]
Credit Card customers: Okay, I understand that there are those who pay their balance every month, no interest. Credit card companies look out for you very actively for fraud. And that having good credit is really your most valuable asset in life. Honestly, without good credit, what would anyone have? no home, no car. now, credit cards build credit, but they can destroy it as well, so be careful. That's a little off topic. In regards to fraud, I guess this is the best option. &, in the event of emergency (dead car sitting on I-15, only 115 miles from your nearest bank's ATM). But how often do you really find yourself stranded like that? It makes good for travel, but when near home, there are other ways to pay.

So I have ruled out everything, right? Well, to those who wish to gain knowledge, here is some advise I don't think you'll find anywhere.
1)Don't carry more cash than you're willing to flush away. Thats right, if it can't just go bye bye, then it's too much to take with you.
2)Don't use ATM. Simple, I've only walked up to one when it was afterhours & something needed to be done. Honestly, beyond that, don't approach one. it can wait, drive up banking or walking in are just better options
3)Online banking. Here comes you're next big story "yada yada's online banking information databse hacked for millions of account numbers & all the more in cash." I don't get it, I mean, at a merchant, the pad is communicating directly to the bank. But online banking is free and open to anyone with internet. Just is way too open for me to enlist. Screw convienence, I'd rather go out of my way here.

Now that you are all sick of hearing me speak, may I give some more information? Don't ask me why, but here is how I go to and from banks.
1)Go in the back entrance. Don't drive in and out via the major road, this is a public signal "hey, I was just at the bank"
2)Don't spend time, or hesitate, going in and out. If you walk in and settle business and get out, then you will portray a different image than if you just stagger in, meander around. Seriously people, as nice as I'm sure you are, a bank is a great time to act like you don't take crap.
3)Don't show that you were just given money, as soon as the teller counts it in front of you and hands it, don't even try to organize, stuff it away so quick even you don't see the cash. Nobody needs to know how much you were given. Nobody cares. If they do care, then you don't want them to know. Be sure you've driven away from the bank before you think of organizing it.
4)Look around. for one, this will allow you to see who is watching you. But no matter how obervant you are or aren't as a person, at least act like you're looking around. Robbery is half a mind game, if you can make them think that you are one step ahead of them, they may just back off.

Remember, your money is your money. Simple. I'm sick of people and the saying "well, it's only $..." seriously, fines, fees, or, in this case, fraud. It takes from you. And often, people seem to think that its okay to just let it go. NO! you should hold every penny. Honestly, what happened to counting pennies? well, perhaps I should say quarters. They add up. Quit just giving change away people, thats your money, keep it.

Lastly to anyone who is still reading this. I personally thank you. I am pretty obsessed with money, as you can tell, and I hope that everything I have given is advice that will help you prevent yourself from being a victim. I hate the word victim, it just implies helplessness. And I know that nobody reading all my stuff is helpless. Don't be a victim, be wise, rise above circumstances. Don't be helpless, it's a hard place to be. Feel empowered, never lie down and cry victim. I know I'm sounding a bit motivational here, but listen to it. I've never called myself a victim. It's such an insulting term to me. But maybe that's only me. Again, thank you all for your time.

Boy, glad that caffiene is finally working.

-Benji

American have been offered a choice. But God, guns,
and no gays were more important. Whem you vote for the dull and ignorant your not going to get good leadership. If the past eight years haven't taught you, may McBush teach you. And remember, "Beneath the carefully constructed veneer of a blithering buffoon there lurks a blithering buffoon."
Borus Johnson

My Husband and I were a team for the financial advisor/mortgage industry.

The biggest problem is no one pays attention to their credit reports. Then they are surprised when all the "weird" transactions are on their reports.

We both advised our clients to pull their credit reports quarterly if they had a lot of cards or accounts.

You would be amazed at the amount of people that have never pulled their own credit and had so many open accounts it is no wonder they were "hacked".

If you live a very modest living and do not use credit a lot, pull your credit at least twice a year.

Be your own cop people! It is the best way to head off a potential "robbery".

And please, when you pull the report and there are old accounts showing "open" on the report that have not been close them or any account you have not used in over six months, write a letter to the company and request it be closed!

( Guys, We get it! We know the Circuit City or the Best Buy has huge blow out electronics sales every year. Locking your card in the safe is not a guarantee that your card number will be safe!

Girls, Same with you and the Macy's or Dillards or Saks sales. You can always get another card and another account, close them if you do not use them!)

Keep copies of all of your letters. If you do not receive a letter back or a call from the company, you can follow up to ensure it has been taken care of. Then when you pull your next report verify that they have been closed.

There are ONLY 10,000 four digit PIN numbers. Push them one by one through the encoder alogarithm and you get the specific output for each- a "DICTIONARY" crack of the 'unbreakable' code.
Using something this weak is gross negligence on the part of the banks and deserves a "class action suite" for all of us- Do I see a starving lawyer out there who wants to make a name for himself?
A stronger code would encode the PIN against the account number so there would be far more than 10,000 "DICTIONARY" answers.

I find it very amusing at the folks who blame the "Internet" for the decline of Western Civilization. As many security professionals here have stated, there was probably far less "black magic" than simple ignorance. I am an IT security professional and havd observed the same thing, criminals simply wait for someone to do something stupid. Swordfish and Firewall are movies, not reality.

AND to Terry who posted about German banks "but also banks are not as interested in having there customers in debt so that they can make money." Au Contraire mon ami, but Baron Rothschild is the one who started this system of debt IN EUROPE, financed Napoleon, Hitler and the Romanov's murder and helped Rockefeller, Chase, Morgan and others set up the system here in the form of the Federal Reserve (Bretton Woods Agreement). Virtually unhackable systems use multi-factor authentication as in something you know and something you have. The debit card is something you have and the PIN is something you know. Why in the heck is the PIN ON THE CARD?!? If the transaction verifies at the bank's end it doesn't have to be on the card!! As many security pros have already pointed out, it's a VERY bad design. Hence the Payment Card Industry Data Security Standards recently (AFTER THE FACT) enacted (pcisecuritystandards.org). The problem is incompetent management refusing to take action until the damage is done. They whine about "there's no return on investment in security" until they lose millions like TJ Maxx. Most corporations are successful IN SPITE of themselves, not because of themselves.

Alot of computer jobs are being outsourced to India & China including pin & credit card data and processing. They don't have the laws we have. Search outsourcing Wamu... Switch to a local bank that does not outsource their work.

For the comment" The big boys like Wal Mart has beat down the amount of fees but the smaller companies and the mom and pop retailers could never do. The have to cave in to the banks or the banks will close their accounts which no retailer could live with."

The banks do not shut down the merchants accounts if they do not process transactions through them. There is a competitive market out there regarding the rates and fees that a merchant pays. A lot of times the merchant gets LOWER rates if they bank with their Credit Card Processor, but they still have the right to go other places. But that is a conversation for another day.

This issue boils down to security at the merchant location, and the merchant's software. If they are not securing their systems, or keep their systems away from the fingers of thieves, they are should be held liable, and are by the Card Brand Associations, for this negligence. This is the same for any bank, or Credit Card Processor who is compromised, either by employee or hacker.TJ Maxx, Dave & Buster's, and Card Systems were all hacked in some way, and all were held responsible, and are still either digging themselves out of the financial hole, or have gone bankrupt due to the trouble they got themselves into.

Yesterday I added my comments about two suspicious debit card charges same day, same location, for car washes and the both accounts were at a major bank.

A person I know alsa had a similar problem with her credit card issued by the same bank being charged for services apparently by the same car wash.

My comments never made it online.

I wonder why?

As a follow-up to Gordon's comment, the hacker could have processed transactions from a number of debit cards for which he actually knew the PIN codes, simplifying the decryption process. I have been out of the technical side of the banking and retail transaction processing business for a number of years, but I can think of numerous shady characters that I couldn't believe were hired for positions where they had access to sensitive code and information that could easily lead to this sort of thing happening. But that's only part of the problem. I've also observed executives at virtually every client company I've worked with over the years that are absolutely oblivious and incapable of understanding a word of what is being discussed here - but who are tasked with making decisions on related alternatives. The problem is obvious, but we won't likely see solutions beyond serendipitous apprehensions, selective prosecutions, and finger-pointing anytime soon...

I had a friend who discovered someone had set up credit cards accounts in her name. They got her social security number and her address and set up the whole thing. Several accounts and credit cards. Then they went out and spent the limit on every card. She knew nothing about it for a month when the bills started to come in. Her life was hell for months. How can you keep someone from doing that to you when you do not ever have to meet the people who set up your account face to face? If people get your personal information, you are vunerable. And it is so easy to get today.

Unfortunately this article was written without any mention whatsoever to the chip and PIN requirement for cards outside the US.

Let's face it, antiquated American payment cards have been a technology embarrassment for years, just like the primitive mono-tone one-size-fits all bills.

The systems outside the US not only are more modern in terms of security controls, but also more consumer-oriented, and even less invasive (better privacy).

Consumers in America deserve(d) better. The real story is why they have not been offered a choice.

I say we should eliminate jail time for hackers and identity thieves....shoot them on the spot and leave their carcass for the buzzards.

These heathen scums need to get a real friggin' job and stop taking the money of us hardworking americans.

My husband and I barely live paycheck to paycheck and I don't know what we would do, or how we would get to work(50min commute) if something like that happened.

I NEVER use my card as debit. EVER. (my husband always does and I crab at him about that)

actually let me correct that, the grocery store we use only does debit or cash. And I never think to get cash before we go, but I am going to start doing that.

What is really strange about this is when the DOJ was notified about this initially they chose to do absolutely nothing. You get the whole all over the page crapola with forms reports and talk to this one and that one until your blue in the face. Im not the average consumer and came across some information which my formal training told me was something that shouldnt be. I passed this along as "a concerned citizen". I thought the initial findings of these types of transactions were not so obvious until you get to look inside of the internal string of data that is used by these "hackers". It really is not that extrodinary once you get past the wall of crap that is built around this. Once I find out if this de-encryption tool which I dug out of a picture that was being transmitted via a picture of all things. I immediately broke transmission and began what I like to call my on special way of "taking down the site". What was revealed to me via ways that I rather not divulge, was they are and were not that sophisticated as it seems. They had some help from both overseas and at local merchants. Hard to prove yes. Hard to see not really. Nowadays it seems anyone with an access code to a retailer or anything of the such will compromise themseves and or the company they work for. All this for a little of nothing. I hope there is more focus on this type of activity in the very near future. Stay tuned for the unleashing of the new cyber terrorism that will likely be something we have never seen before. Maybe by that time this will certainly get the attention of the folks that should have been paying attention all along. The stuff is out there you just have to reach up there and grab it.

I had a credit card "skimmed" at a local establishment in Hilliard, Ohio. The information was then recreated and attempted to be used to purchase $1,700.00 worth of jewelery in Italy while I was vacationing in Virginia Beach. The card was cancelled and although it was a bother at the time, it was far better than trying to convince the bank I was not in Italy and Virginia Beach the same day and times.

Robbed???

He meant carry cash and a Glock :)

When shopping online I use a second card that I transfer funds to from my other account. It only holds what money I need to pay for the purchase.

What is wrong with using cash? Flat out robbery. There are still plenty of no-tech thieves in the world and being in the suburb of a major city makes carrying cash a bad idea.

I will harp on what has been said plenty of times in this blog, pay attention to everything in your life. A lot of people hate technology but that is not going to make it go away. It is here so use it. I check my account almost daily which takes about 90 seconds of my time. Minimize any possible damage by spotting the fraud immediately.

What I don't understand, I can go to the bank and make changes to the ammount of money that can be withdrawn from my ATM in a 24 hour period. Why can't I put a block on my cards so they can't be used in other countries? If I do decide to leave the states I can notify my bank with dates and itinerary to lift the ban. Aren't the majority of the withdrawls made outside the country?

It is what it is so adjust to it or parish.

Some wrote on here the other day about nuking Nigeria because of the email scams or scams to steal books that was written about here on redtape. Should we now call for nuking Ukraine, Germany, Turkey, China and USA because of these identity thefts and scams? Crimes occur everywhere in every country. USA is the absolute worst in terms of scammers of all kinds but they love to highlight the faults in other countries. Because so much in life is now technology based all you can do is be careful and hope it's not your turn to be hit.

Fingerprint identification would probably eventually be hacked too. If pins are electronically transmitted, how would fingerprints be sent? Electronically! It might just be a longer string of information to decrypt, but it would be a matter of time before someone figured it out. I remember one company spending millions of dollars to make music CD's that couldn't be reproduced or hacked. The hacker's solution was to hold the control button down which stopped it from auto playing and then he could access the information. So millions of dollars in hack proof technology took about 3 minutes to break. The biggest problem in my opinion is the lack of ability to pursue and punish people who do this from overseas. Yes you can get your money back, but that doesn't change the fact that some criminal can get handfulls of cash and not have to worry about prosecution.

NYT has an article on the same story, with more details:
"http://www.nytimes.com/2008/08/12/technology/12theft.html?_r=1&partner=rssuserland&emc=rss&pagewanted=all&oref=slogin"

Dave and Busters was remotely hacked, not physically walked into...

To the person that wrote this
"Sorry folks but I prefer using cash or hand written checks...remember them?
Until the money community can guarentee that my electronic stuff is COMPLETELY free of theft, I'll do it the old fashioned way, thank you very much.
No numbers to remember...ain't that a bonus?"

Give me a cancelled check and less then a hour i can create checks and cash small amounts in banks in town.
How? Check creating software, a scanner, a printer, a computer and blank checks say from office max.
end of discussion.

We need to treat these crimes along with securities fraud as serious as we treat terrorist. This is putting doubt in our entire economic system.

Well...call it what you may, but it seems we're one step closer to some kind of chip or tag with gps that is the only way we can access accounts. That way they (the gov't) can see where we are at all times and control our money so that no one else will take it. Sounds good right? What a joke! They'll have yet another means to control us! The sad thing is that because of fear, we (the citizens) will beg and plea for this to happen...

Sent Aug 12, 2008 11:11:36 AM

"Sorry folks but I prefer using cash or hand written checks...remember them?"

Ever look at the bottom line on your checks. You are handing over your complete checking account number.

Well being a person who has has lived overseas for awhile and have used the banking systems in Germany there are alot of ways to better protect the consumers but US banks don't want that(there is no many to be made thinking about the customer)I have a account with Citibank here and in Germany same company the Germany subsidiary has way better data protection. One reason being the smartcard system they use that goes through a set network that is constantly guarded against intrusion. Nothing is 100% but they are around 99% customer security is takin more serious there than here, but also banks are not as interested in having there customers in debt so that they can make money. It is extremely hard to have overdrafts in at my bank in Germany but here you can get them a dime a dozen. I did not know that in the US they do not have Live accounts everything is delayed by at least several days basically in the hope you will forget about a transaction so that they can get there fees. Europe accounts are live what you see is want you get and want you can use unless you have been a customer for awhile then they will let you go over your limit and will not charge you a fee.

There is nothing wrong with credit as it was originally implimented.
There is something wrong with most electronic transactions. Were there real regulations for exacting security most of these and other problems would be eliminated.
Charges from a problem of this nature are not legally permitted. Refunds of overdraft and other fees are required by the industries chartering of these businesses.
However, the financial businesses should be required to offer immediate refunds instead of allowing them to 'hold' things up for whatever time they see fit.
Purchases should be for the amount only and not allow retailers to hold additional funds as is common practice now.
Additionally, part of this stems from the same law that deregulated financial institutions and has caused the present economic problems.
Until such time as the institutions and their respective executives are held responsible, don't expect very many changes. The recent paybacks from those who made subprime a dirty word is nice, except...no wrong doing and no prison time for those who did the crime!!! Just a fine to pay. You should see the revenue from the interest, etc...10 to 20%
Specifically, the companies do not have to care about the customer, just the almighty bottom line.
Example: If my account is overdrawn, how can someone with my debit card put through another transaction? I couldn't, but they can?
One set of rules for the people and no rules for them it seems to me...?!
Now I just get cash out using my debit card, nothing else.
And yes, absolutely, cash do still work. It costs you and the business less too.

Is a federal credit union safe, or protected in some way? I only use a Visa card from the credit union.

Hahahahahahahahaha.........
Ya don't use a bank, Ya don't get ripped off.
Get a clue people. Everyone is lookin' to gank yer MONEY. The Goverment, the mob, yer slezsy girlfriend, you ex-wife, YOUR WIFE, YOUR BOSS.........
I rest my case.

I believe, that over 99% of these and other fraud has to do with the existance of the Internet. Over 40 million Americans' credit or debit card info, over 10 million Americans' identity were stolen, phishing actual breaking through banks' and corporations' firewalls costing billions of $-s a year, pedophilia many more crimes are just some of the real damages caused by the continuing existence of the Web. Given the fact, that the majority of the folks, who get spyware into there computers do NOT realize that they got it, I consider it foolhardy to bank or to shop via the Web disclosing ALL the relevant info the crooks need to steel your money and/or your identity.

The one world government people do not want cash to be used as it is much more difficult to track and record what people are doing. However, in large metropolitan areas cash transaction surveillance is not impossible. Did you notice how many comments mentioned the thefts were never publicized?

Run all possible 4-6 digit PIN numbers (almost all ar 4 digits) through an identical encryption device. This takes about 2-10 minutes if hooked up electronically instead of a keypad. Record the result. Look up each encrypted block in database. Piece of cake.

I don't think the penalties for hacking are severe enough. I think if you hack you should be hacked, publicly by the victims of these crimes. Line up the hackers in front of the town hall placing their stubby little digits on a table and let the victims take a few swipes with a machete. Maybe gouge a few eyeballs out for good measure. Networks could even make a reality show out of it. It be highly entertaining and I think a lot of fun to see fingers and eyeballs flying in a bloody shower in high def.

Have you not heard of skimming? That is how these crooks get your PIN. And yes, they make cards with your number and use your PIN to take cash, usually via ATMS on weekends when the bank is closed. It happened to me-- and they took more than $1500. It should be strongly prosecuted. These people are thieves no matter how you look at it, and I am surprised that this is news to you.

wgtodd or wglenntodd on Ebay & Paypal
PAYPAl AND Ebay seems to have a better system then the Banks:
Some this wrote this below but I say Not with PAYPAL which is also connected to me and my wife account,They now have Cops in almost town and over seas they go after them them in full force,But the Emails people were falling for is so easy to detect just look at where if came from,If it is not from paypal or Ebay like this example,X-Envelope-From: ebay@ebay.com
Return-Path:
Received: from mxpool01.ebay.com (mxpool19.ebay.com
then it is a fake:AND paypal always starts HTTPS:"or here is a email for a Item I sold
--
href=3D"https://www.paypal.com/us/vst/id=3D5N9556xtz1234ect:
Spoofs for people that steal will never have this,They try to hack me all the time and have never got a dime

My wife is a senior banker, specifically, in the security department.

We do not have debit cards or PayPal. Those are the two biggest headaches she has, the next are all the pay day lenders and idiot people that don't (or don't want to) understand the terms. You would be surprised how many people use them and the type of people who use them!

You can have all of the security you want, but in the end, if the people using the security features are lazy and/or underpaid workers (i.e. Walmart, etc.) it will be like leaving the door to the vault open for criminals who come waltzing by when they fail to properly lock your data down.

This is more than a security issue...it's a people issue as well. Do we trust the people operating the registers to do their jobs or not?

how about registering fingerprints and using fingerprint readers at atms plus pin numbers

I wil not use a debit card to my account because of the direct access to funds. I use my credit card, and have it send me an alert for all charges over $20. I sometimes carry cash, but I ALWAYS carry my concealed weapon (yes I have a permit) regardless of where I go.

Criminals could get my card number from a merchant with poor security, but I should know pretty quickly after the first use.

The way the media speaks of cash, it was as if every other person was robbed of their life savings the moment they walked out of the bank. My family uses cash as much as possible. We use the "credit" function of our debit card when cash is not convenient. How many people were robbed before they got a debit card? Seriously. And now, with this "Touch and Go" technology, a semi-intelligent thief can steal your credit card information by walking past you! The "convenience" you've been sold comes at a price. Let's start with 2-3% higher prices in goods (do you honestly think that the stores don't recoup their cost of being able to accept VISA or Mastercard?). Then there's the wonderful service that comes from the card companies when your payment gets lost in the mail or their system doesn't process the payment in time. Finally, you may have gotten all your money back from the ID theft, but the end is no where in sight as you are now battling ID theft on your credit report for years. Remember this: EVERYONE ACCEPTS CASH!!!

Some this wrote this below but I say Not with PAYPAL which is also connected to me and my wife account,They now have Cops in almost town and over seas they go after them them in full force,But the Emails people were falling for is so easy to detect just look at where if came from,If it is not from paypal or Ebay like this example,X-Envelope-From: ebay@ebay.com
Return-Path:
Received: from mxpool01.ebay.com (mxpool19.ebay.com
then it is a fake:AND paypal always starts HTTPS:"
My wife is a senior banker, specifically, in the security department.

We do not have debit cards or PayPal. Those are the two biggest headaches she has, the next are all the pay day lenders and idiot people that don't (or don't want to) understand the terms. You would be surprised how many people use them and the type of people who use them!

After this happened to me for the second time I stopped using my debit card anywhere for any purpose except standing at the teller window inside the bank (I also bank at Washington Mutual--or did). It STILL happened to me again. So either the WaMu PIN pads were compromised, or this fear is confirmed. My card was used for ATM withdrawals in Romania, and there was no way for anyone to get my PIN, as I never used it to shop. I never even used it at ATMs.

gnomic Says on this post this below what I do : And It helps I never keep money that is attached to a ATM, In my main Account me and my wife use a MIDDLE ACCOUNT that pays all of our online and other transactions ,This way the MOST I have to worry about is a $20.00 overdraftalso look at your statement there is a code like 18002929xx4 abd numbers that TRACK WERE IT WAS PULLED FROM :WGTODD
gnomic:
I keep most my savings in an account that has no access via ATM or credit cards. The only think I can do is go online and move cash to other accounts. And I keep just enough in the primary checking and savings accounts to pay the bills and prevent any overdrafts.

Planning for these types of problems prevents them from being serious problems for you.

What is wrong with using CASH!!! That is one of the downfalls of the 21st century - CREDIT!!!

This is not rocket science. The more you use credit/debit cards, the more risk you run of being a victim of fraud. On top of that, if you don't check balances on a daily basis, you are running the risk of having suspicious activity taking place for up to a month without knowing. Use cash. It's simple. If you can't do that, use credit for purchases instead of debit. You won't lose money or have to deal with overdraft fears. It's not rocket science. It's common sense. The public is so naive.

Society is relying too much on technology and when corporations and organizations place information out on the web; all of society is vunerable.
Thank your corporate America for your cost-saving and call centers in India.
Thank your corporate America for the business decision to have the micro-electronic manufacturing facilities in Tailand.
Thank your Congressmen and women; for allowing and facilitating Global Trade, especially with software applications.
Thank your research Universities for opening up "technology training" to every "student" from China, the Middle East, Africa/Nigeria, Europe, South America--it does matter that there families own oil production, timber plantation, sugar plantations--just as long as the "research university" gets the funding for "Global Innovation".
Thank the Department of Homeland Security, FBI, CIA, for promoting "International Diversity" to solve the War on Terrorism, War on Drugs, War on Oil, War on Trade/NAFTA/CAFTA.
Thank the financial and banking industry for the creation of VISA, MASTERCARD, DISCOVER, DEBIT, CREDIT, and the whole damn slew of products.
Thank the identity theives in Amsterdam, who need money for their drugs.
Thank the identity theives in Nigeria, for all the emails and "you have one USD 10,000,000 dollars because of the western industrialist Momut who died in a car/plain/train/automobile accident."
Thank the damn internet creators, for the "it is best in the public hands"....

Cummulative Summary: All members of society, across the globe and world is a victim of technology.

Thank the websites, such as this one, who ask for "Optional" entry of an email address.

Maybe, one day, humanity will blow them selves up with some "hacker" who gets access to the nuclear launch codes. It would be a fitting and diserving end of humanity

Carrying cash is the easy alternative...unless you have been robbed. This happened to me 20 years ago, and since then I have never carried more than $20.00 in my pocket. If debit & credit cards are also at risk, what can we do?

As in any other part of our lives this article brings the point home that 'you' have to be alert to 'everything' in your life. You can not let your guard down : from locking your front door, watching your kids and watching your bank accounts.
The end of the story pushes people to use credit cards which is a good idea but does not tell of the hidden charges with all credit cards including debit cards used as credit. The hidden charge is that the 'bank' charges the 'retailer' anywhere from 1% to 5% if the tranaction amount as their fee to handle the tranaction. That fee is part of the overhead of the retailer which is passed onto every other customeer in the form of price increases. The big boys like Wal Mart has beat down the amount of fees but the smaller companies and the mom and pop retailers could never do. The have to cave in to the banks or the banks will close their accounts which no retailer could live with.

Time for the microchip.

Death, as Me called for, might be a bit extreme. Life with out parole in a Super max, now that might get someone's attention.

As a security engineer who is certified to assess credit card systems, the majority of blame falls not on the hackers, but on the merchants who's systems were clearly not compliant.

All restricted data (CC Numbers, PIN Validation Info, CVC/CV2) must be encrypted both at rest (stored on a server) and encrypted in transit over the network.

This is supposed to be implemented with a secure algorithm, and once the transaction is completed, the information cannot be stored in any system. Only the transaction confirmation information is required, and holds no consumer information.

These merchants should be held criminally negligent for allowing this breach of cardholder information.

Not surprised. There is no penalty for Crime in US. If theves had their hand cut off and were openly tortured in public inhumanely - then this would stop.

In response to the 10:29am post: One of the most damaging aspects to online and identity fraud is incorrect information. It would be difficult for a criminal to gain access to your internet banking account if they hack a merchant and obtain your debit/credit card information. First of all, your internet banking account has a log-in ID that is different from your debit card number. Second, even if a criminal was able to obtain your internet banking log-in ID and password, they still should not be able to gain access unless they are using the same computer that you use. The reason for this is the multi-factor authentication that banks were required to install a few years ago. My guess is that you either have some sort of harware device on your PC that you need to access your IB account or you have the passphrase and challenge questions when you log-in from a different pc. The criminal would need your log-in ID, password, and be able to answer the challenge questions (within three tries or they are locked out) in order to gain access. If someone is illegally using your IB, chances are it is someone that you know.

My wife is a senior banker, specifically, in the security department.

We do not have debit cards or PayPal. Those are the two biggest headaches she has, the next are all the pay day lenders and idiot people that don't (or don't want to) understand the terms. You would be surprised how many people use them and the type of people who use them!

Your best bet is to stay with a small community bank or Credit Union rather than the large institutions that have a great big red target on them. The flag goes up much quicker with a small bank.

The Internet and electronic banking have made it much easier for everything you have to be hacked and stolen. People should also use common sense, something that is not done much these days.

You want fast and easy, well you got it and the consequences that came with it.

I am social worker in the medical field, not a banker. This is just frightening. I will start using good old cash from now on. I had heard about this but not in this detail. The more techo savy, the worse it gets.

pins are 4 digits..right? so that means the range of numbers is 0000-9999. Now how hard could it be for any off the shelf computer to run each possible combination for any specific card? It doesn't take a rocket scientist. I mean if they can do all of that other stuff. Why would this be such a difficult task? I carry cash only.

I have told my bank that I want nothing to do with a debit card. I have a standard ATM card and a credit card, what more do you need. Debit cards a very dangerous both because they provide direct access into your account and the overdraft fees they hit you with after they authorize a purchase that exceeds your account balance. The other thing is that you do not need 15 credit cards!! It is much easier to keep track of one or two cards and check for fraudulent activity.

Note to the 10:20am post: I'm not sure about the specifics for the Dave & Buster's incident...but many times the way it goes is two or more "criminals" will enter the store. One will distract the employee behine the register and the other will attach the device on the back of the register. Some time later, they will enter the store again, distract the employee, and retrieve the device.

Sorry folks but I prefer using cash or hand written checks...remember them?
Until the money community can guarentee that my electronic stuff is COMPLETELY free of theft, I'll do it the old fashioned way, thank you very much.
No numbers to remember...ain't that a bonus?

This happened to me as well. I received a call from my credit card company asking my wife if I was out of the country. I was not and they immediately cancelled my card without further ado. Seems my Mastercard was used at an ATM in Paris. So... how did they get my PIN? That, my friends, is the $650.- question, which is the amount that was taken before the card was cancelled. Because it was a credit card, I never used the PIN number in the United States (or anywhere for that matter) for cash
withdrawals because of the high fees allotted to such transactions, so there was no PIN floating out there in the public domain. Also, one interesting note. Supposedly, you cannot use your US card overseas unless you contact the credit card company asking for permission during those travel dates. Those transactions should be blocked if you try to use the card outside the US. There are simply too many questions. What do I think? I have a suspicion that the bank itself was hacked and they didn't want to issue new cards like Citibank did with my wife's card, which came utterly out of the blue, with no fraud attached. Imagine the funds it takes to reissue that many cards... maybe in the Credit Card companies eyes, taking the chance at fraud is far less expensive than reissuing millions of new credit cards. Food for thought.

This was easy to do due to the ignoring known security measures.

Mark,
There is a part of your post that needs to be corrected. The issuing bank almost always recieves the funds back in a fraud situation. They get the money from the acquiring bank (processing bank) who is then responsible for getting there money back from the merchant. in most cases it is the merchant that looses out and the rest of the time the acquiring bank

think outside the box folks...if they have your debit card NUMBER and PIN then:
1. they can TRANSFER large sums of $$ using online banking from YOUR account to an offshore SHELL account. The $300 limit usually only applies to ATMS
2. most folks use the same PIN so now they potentially have your other PINS/PASSWORDS as well and can steal other ID
3. They can 'create' any number of fake accounts in YOUR name while they are at it and you may not know about the new accounts for months or years later. Think CREDIT cards for instance...

I work in the electronic banking department of a local, mid-size bank. The $50 loss mentioned in this article is in accordance with Regulation E. If your bank issues a VISA or MC debit card, the contract they signed is much more strict. VISA and MC require zero liability for fraudulent activity, and you must be credited within 5 business days of when you first contact the bank about the fraud, provided you complete the appropriate documentation (usually a signed form or a letter describing the fraudulent activity). The bank must begin its investigation immediately and credit you the full amount of the fraud. If they can prove the transactions are legit, they can re-debit your account, but they must give you at least 5 buisness days advanced warning. In the vast majority of cases, the bank assumes the loss for the fraudulent activity...it is rare that they receive reimbursement from the merchant or card company. The bank does receive income each month from VISA/MC to offset fraud, but most of the time it doesn't cover it. Also, many banks nowadays utilize some sort of neural-network technology that scores transaction as possible fraud. The customer will receive a phone call to verify if the transaction is legit or fraudulent. Many times this occurs before the item actually posts to the customer's account. The real inconvenience to the customer comes when a card is closed and reissued, but most banks will insist on this in order to keep their losses down. Closely monitoring your account is the best way to minimize your fraud losses, especially with the availability of internet, telephone, and mobile banking.

Whatever happened to going into your bank to get money the old fashioned way?

Note this item in this article: "In May 2007, for example, they entered a Dave & Buster's restaurant in Islandia, N.Y., and installed sniffer software. Afterward they re-entered the store every month to empty the catch from their virtual net, eventually stealing 5,000 account numbers from that store alone and using those numbers to steal $600,000."
How did they do this? What did they do, just sashay into the back office and upload the sniffer software? It seems to me that every time this blog publishes one of these panic-attack stories, the author doesn't include all the facts. The news about these data thieves was made public last week, and no, it's not a good idea to tell people everything about the method of committing a crime, but this Dave & Buster's story has some holes in it and I'd like to know more.

I have found the best way to guard against I.D. theft is to have poor credit. If they can get money using my I.D. .....Wow!!

I just paid Washington Mutual $260 to clear up overdrafts from withdrawals that were "suspicious". Problem was, I was overseas at the time, so I couldn't prove the negative. I closed my WaMu account and zeroed my balance immediately upon return to the states, but they continuted to allow this idiot to try to draw from a zero balance. Three years later, I received a collection from them.

Major pain dealing with greedy banks and greedy criminals. Let the buyer beware, I guess. Storing my money in a mattress is sounding better every day.

Saying the thieves stole encryption keys along with the pin blocks doesn't pass the sniff test. It is highly likely that it is done with asymmetric (public-key) encryption, and that a different key at the bank is needed to decrypt what the pin terminal encrypts. I would also say it is not worth it to even have a debit card that stays in your wallet for use at ATMs. Get an ATM-only card. Thieves managed to steal my debit card number and make purchases even though I never used mine at retailers, only at a single ATM. Fortunately, Visa was on the ball and spotted the fraud. Use a cash-back credit card and pay it off each month instead so any fraud doesn't come, even temporarily, out of your own assets.

Where have you been? You are writing an article about activity that has been going on for years. Please make sure that you are keeping up with what is really going on, maybe consult with those in the financial information security arena before you try to write about something that you obviously have no idea about.

As the Neocons are trying to force us to a cashless economy, account security will be moot, since whoever is in charge of the electronic money system -- i.e. the "government," will have access to all of your data, financial, PIN numbers, medical records etc... We will not be allowed to have this same access.

And they will use that access as a means of control over our behavior.

A few months ago, I was contacted by Capital One regarding fraudulent activity. Turns out there were a number of withdrawals from ATM's in Amsterdam, while I'm located in NY/NJ area! CapOne had recently taken over NorthFork, which had previously taken over GreenPoint Bank. CapOne explained that old GreenPoint debit cards had been hacked. They issued me a new card, issued me a temporary refund for the fraudulent withdrawals (~$3K), and made the refund permanent once I submitted a sworn affadavit form. Apparently, this affected a number of clients who still held GreenPoint cards. I never heard anything in the news about this, although I looked for it back then, so this article certainly resonates with me.

The reality of the transaction world is that it is too big and complex to ensure perfect security.

Consumers would not tolerate the controls needed to enhance security. And banks have controls to limit your losses, but it often takes a few days to recognize that a fraud has occured and fix the problem.

The best thing for consumers to do include:

-- Have multiple cards from different banks and be prepared to have your card knocked out of commission by fraud.

-- Have different banks and accounts and limit the amount of money that can be accessed using cards.

-- Enable alerts that give you balence and large transaction emails to your cell phone.

-- Make sure you understand how much you can lose and have some cash stashed away so if your account is a victim of fraud, you have enough money to get by until the situation is resolved. Banks aren't responsible for fees you incur if you can't pay your bills.

-- Know you rights!

I keep most my savings in an account that has no access via ATM or credit cards. The only think I can do is go online and move cash to other accounts. And I keep just enough in the primary checking and savings accounts to pay the bills and prevent any overdrafts.

Planning for these types of problems prevents them from being serious problems for you.

I've been a victim of fraud twice and the worst problem I've had was updating the credit card info at online retailers like amazon. And despite that I do tons of shopping online, both times the fraud involved physical access to my card.

if they test enough good cards with pins, and figure out what it gets converted to, they should be able to reverse engineer the encrypted unknowns.

Back in May I went to use my "check card" online to make a purchase that I knew I had plenty of money for only to have it declined several times. I finally called the ticket outlet and the very nice service rep. tried it manually only to have the card declined again. So, finally, I called my bank thinking the card system must be down, no, but they wanted to know if I had been in Mexico City the day before or if I made several purchases online to Mexico City? NO! It was determined that somehow my card number had been stolen and used to the tune of around $1,000.00. Luckily the bank helped me recover the money, and I did speak to the local police, who of course, said there wasn't much that could be done due to the fact it was done internationally.
Now, I do not know if my card was apart of this particular event, but I hope the responsible parties are brought to justice.

This happened to me in June 2007. I used my debit card for gas and two days later $800 (the daily maximum)was withdrawn from my account at an ATM in New York city. Bank representative said a gang was working on the east coast. I did get the funds replaced by my bank (Wachovia) but it took 5 days and I had to sign an affidavit stating I was the only person who knew my pin. Fortunately I did not have any checks bounce or other problems relating to the money missing from my account.

Why would anyone want to use a debit card? First there's all the over draft fees, now this. There's a really safe way to handle money. Carry cash and only spend what you have. If a person doesn't want to or can't carry cash use a credit card. Spend the banks money and let yours sit for a month collecting interest. This only works if you pay off your credit card each month. If you can't pay off the card each month, I'll bet you're one of the people that add to the billons paid in fees. Too many people think they can live way above there means by using plastic. In the end the card companys get a huge chunk of a holders money and lowering their standard of living even more in the long run. Unlike the TV adds "Your NOT worth it"
But the good news is, as long as you are protected to only $50 loses in case of theft, the banks are the ones that should be worried.

Identity & credit card theft should be punisable by death

The encryption keys referred to are generally generated for a specific server, making it hard to steal these too. It is possible given the data encrypted is almost always 4 digits and knowing a sample of a few hundred or thousand actual verified pins that someone actually figured out how to decrypt these. What is particularly frightening is this will cause a push for more biometrics, which combioned with pins would up the ante a few million percent, but keep us on a steady collision with Orwells 1984.

Zero liability is fine, but as noted at the end of the article, consumers may still be responsible for 1) overdraft charages by the bank, and also 2) overdraft charges by merchants when outstanding checks bounce. In addition, some companies, such as Wal-Mart, will deny ALL future electronic transaction if even one bad check is passed. Furthermore, to invoke the zero liability protection, and possibly reverse some of the overdraft charges by a bank, it will be necessary to convince the bank that the transaction was fraudulent, and that may not be easy to prove, particularly when the transaction shows that one's PIN was successfully used to confirm the transaction, and the fraud details may only come out years later. Even with a zero liability guarantee, consumers will always lose if fraud happens to them.