Check your credit card

[Chasey_Lane]

Skimming is easy. A tiny device is set to capture your card and a pinhole camera gets the pin. Always cover the entry of your pin with another hand. Also grab the card entry slot and pull and see if it comes out.

http://krebsonsecurity.com/2015/09/tracking-a-bluetooth-skimmer-gang-in-mexico/ is a high level overview.

I am just returning from visiting my local branch office. They don't think this is a skimming issue, and she's never seen it happen locally in southern MD. I guess that's a good thing. I went to a concert 2 weekends ago and used my debit card and they think my card was swiped then. She said it happens a lot and I'm pretty confident her story is right.

My new debit card will come with an encrypted chip and she said it will prevent this from happening in the future. :crossingfingers:

 

[DoWhat]

i am just returning from visiting my local branch office. They don't think this is a skimming issue, and she's never seen it happen locally in southern md. I guess that's a good thing. I went to a concert 2 weekends ago and used my debit card and they think my card was swiped then. She said it happens a lot and i'm pretty confident her story is right.

My new debit card will come with an encrypted chip and she said it will prevent this from happening in the future. :crossingfingers:

nfcu?

 

[kwillia]

Timely article! http://wtop.com/consumer-tech/2015/09/column-understanding-chipped-credit-card-deadline/

Q: What should I do if I don’t have a new chipped credit card by the Oct. 1 deadline?

A: The new EMV standard, which stands for “Europay, MasterCard, Visa,” is an important step to helping improve security for credit- and debit-card transactions, but it’s creating quite a bit of confusion.

The Oct. 1, 2015, deadline actually only affects physical retailers who conduct “card-present” transactions, not card holders.

The only thing that changes on Oct. 1 is that the liability for fraudulent transactions switches to the “least EMV-compliant party.”

 

[GWguy]

Timely article! http://wtop.com/consumer-tech/2015/09/column-understanding-chipped-credit-card-deadline/

Q: What should I do if I don’t have a new chipped credit card by the Oct. 1 deadline?

A: The new EMV standard, which stands for “Europay, MasterCard, Visa,” is an important step to helping improve security for credit- and debit-card transactions, but it’s creating quite a bit of confusion.

The Oct. 1, 2015, deadline actually only affects physical retailers who conduct “card-present” transactions, not card holders.

The only thing that changes on Oct. 1 is that the liability for fraudulent transactions switches to the “least EMV-compliant party.”

So if you don't have the new card, the retailer has the new reader, and you get frauded, are you responsible or is the card issuer ? Interesting.....

 

[vraiblonde]

Considering the number of people who use their credit/debit card both online and in the dirt world, very few people actually have their card compromised. I think the studies say 18% of adults have had their credit card information stolen, which means that 82% have not.

I have to believe, given how freaking stupid people are, that much of that 18% are people who don't take reasonable precautions. I do EVERYTHING online - like EVERYTHING - and I've had my card compromised I think twice in the last 20 years or so. Knock wood. So be cautious, but no need to freak out.

 

[kwillia]

So if you don't have the new card, the retailer does, and you get frauded, are you responsible or is the bank/lender/CU ? Interesting.....

Here is my understanding... Credit card companies are on the hook to provide us with chipped replacement cards in time for us to activate them by October 1st. When I received mine a letter came with them that said our original cards would automatically be turned off soon so I needed to activate my new cards as soon as possible. That makes me assume that if we don't get a replacement card it's on the issuer. If we get one we have to activate and start using it because our old one would become dead.

 

[Chasey_Lane]

nfcu?

No. PNC.

 

[somdfunguy]

Chipped cards in the US still have the mag stripe. Until that goes away and the readers are no longer used this problem exists. Many stores have the new readers but they are dual, you can swipe or insert the chip. We will get there but it is still a few years away.

 

[Chasey_Lane]

Chipped cards in the US still have the mag stripe. Until that goes away and the readers are no longer used this problem exists. Many stores have the new readers but they are dual, you can swipe or insert the chip. We will get there but it is still a few years away.

If you have a chip, apparently the swipe no longer works. Instead, you HAVE to insert your card -- the machine reads the data (in a way that scrambles it) -- and you are protected against fraud activity.

 

[Tilted]

Merchants need to move more quickly to install and bring on line NFC terminals so that they can accept payments using platforms such as Apple Pay and Google Wallet (though I haven't yet researched how the new Google Wallet works sufficiently to be sure that it's a good option from a security standpoint). Using those platforms can't eliminate all fraud or any chance that thieves will be able to steal your credit or debit card information. There will still be the potential for people to steal your information in other ways, to include when you don't use, e.g., Apple Pay because a particular vendor isn't set up to accept it. But they make the situation much better and make it all but impossible for a thief to skim your information or hack the merchants computers to get it (when you use the platform rather than the credit card itself).

The problem is merchants' interests and consumers' interests aren't completely aligned on this front. For consumers Apple Pay (and services that work the same way) is a win-win. It increases security and privacy, not to mention convenience. But from a merchant's standpoint, they don't want that privacy for the consumer - they want to be able to track purchases of particular users and make use of that data. Some of them also want, for various reasons (including to avoid the fees they are charged in connection with credit card transactions), to get their own collective mobile payments platform - CurrentC - into common use. It would be better for merchants but, in most regards, a poorer option for consumers. I don't think it will catch on to a great degree. As people understand how it works as compared to how things like Apple Pay work, they'll understand that the latter are more in their own interests and prefer those options. But as it is many merchants are still holding out hope of being able to make CurrentC a popular payment option. So they're dragging their feet on getting set-up (or just choosing to) allow NFC-initiated payments from the likes of Apple Pay and Google Wallet. Consumers need to put more pressure on more of them to do that sooner.

 

[somdfunguy]

If you have a chip, apparently the swipe no longer works. Instead, you HAVE to insert your card -- the machine reads the data (in a way that scrambles it) -- and you are protected against fraud activity.

It is not true though. My cards all have the chip and both ways work at merchants that can do both.

 

[vraiblonde]

If you have a chip, apparently the swipe no longer works. Instead, you HAVE to insert your card -- the machine reads the data (in a way that scrambles it) -- and you are protected against fraud activity.

The swipe still works on swipe only machines, just not on ones that also have the chip.

But it's only a matter of time before some nefarious genius figures out how to steal a chipped card, so..... :shrug:

 

[kwillia]

The swipe still works on swipe only machines, just not on ones that also have the chip.

But it's only a matter of time before some nefarious genius figures out how to steal a chipped card, so..... :shrug:

Exactly... it's explained in the link I posted that cards have both because not all merchants have switched to the new technology yet. What becomes effective October 1st is that a merchant that hasn't switched assumes responsibility of all false transactions that occur on their dinosaur swipers from that point on.

 

[Tilted]

Exactly... it's explained in the link I posted that cards have both because not all merchants have switched to the new technology yet. What becomes effective October 1st is that a merchant that hasn't switched assumes responsibility of all false transactions that occur on their dinosaur swipers from that point on.

Just to be clear: Gas pump readers, which are among the most vulnerable, have a couple more years to comply because the cost of changing all of them will be pretty high.

 

[Chasey_Lane]

I filed a police report, and the officer said this is the 11th incident in the last month or so, same exact circumstance and all ATM withdraws in Baltimore. So beware local peeps!

 

[vraiblonde]

I filed a police report, and the officer said this is the 11th incident in the last month or so, same exact circumstance and all ATM withdraws in Baltimore. So beware local peeps!

Same ATM locations, too? If so, that means the ATM is compromised and they need to take care of that.

 

[Chasey_Lane]

Same ATM locations, too? If so, that means the ATM is compromised and they need to take care of that.

I don't know what ATM locations the crooks are dispensing money from, only that they are all happening in Baltimore.

 

[Warron]

I had a case with capital one a few months ago where someone else's name was added as a card holder to my account and a card was mailed to them in Florida. Interesting enough, a couple days before it happened, I got a card in the mail from capital one for the former owner of my house (7 years ago). He now lives in Florida. I put it back in the mail as incorrect address.

For some reason I feel that it was a screw up by capital one rather than a criminal stealing my info. It just seemed too much of a coincidence that in the same week I got mailed a card for someone who lives in Florida, and someone in Florida got mailed my card. (I was never provided the name of the person my card was sent to so I can't know for sure it was the same person).

In the end, I got a new card and changed my online account password. I don't know what else I can do about it. The only charge was an expedited mailing fee which capital one removed after a bit of complaining (I had to talk to 3 different people to get it removed).

 

[Chasey_Lane]

Final determination: skimmer found at the CPFCU location on Maple & 235. Confirmed by St Mary's County Sheriff's Office.

The skimmer was on the ATM for about a 24-hour period on 09/12.

 

[GWguy]

Final determination: skimmer found at the CPFCU location on Maple & 235. Confirmed by St Mary's County Sheriff's Office.

The skimmer was on the ATM for about a 24-hour period on 09/12.

Wow. That's one of the last places I'd expect one.