Debit Cards Make Consumer Data Protection Dicey: How Cyberthieves Can Empty Your Bank Account

Facebooktwittergoogle_plusredditpinterestlinkedinmail

I have a friend who lives a completely cashless existence. Whenever she shops, wherever she goes online and off, my friend never carries money. She whips out her debit card to pay the bill. When I tell her that’s a bad idea, she looks at me like I’m from another planet. Maybe I am.

Consumers Like Paying with Debit Cards But Convenience Comes at a Price

My friend has plenty of company according to a September, 2011 report on payment methods by BIGinsight™. In its monthly Consumer Intentions & Actions (CIA) Survey, the research firm found that 49% of nearly 10,000 respondents regularly purchase items using debit cards. Another 26% of those surveyed occasionally use debit cards. That makes non-debit card users like me a distinct minority.

I guess I shouldn’t be surprised. Because debit cards are directly linked to consumers’ bank accounts, they’re cheaper than using credit cards with high interest rates and more convenient than carrying cash. The trouble is, debit cards are also a direct link to consumers’ bank accounts for cybercriminals.

Report Finds Debit Cards Put Consumers At Risk

In December, NBC Connecticut reported that police in the town of Wallingford received more than 200 complaints from debit card theft victims. According to NBC, one Connecticut victim got a call from his bank asking if he’d made a purchase from a Walmart in Mississippi. He said no, he was sitting in his living room in Connecticut. The man and his wife had $700 stolen from their accounts. Dozens of other victims reported fraudulent purchases made from places like Florida, Louisiana and even Malaysia.

“Consumers can lose everything in the blink of an eye and there’s no guarantee they’ll ever get it back,” says Bill Hazelton, the founder of CreditCard Assist.com, a leading credit card intelligence and resources firm. Its November, 2011 report cited massive debit card theft from large corporations as evidence of a systematic debit card failure, especially the ones issued by Visa and MasterCard. Hazelton says poorly encrypted processing programs, an outdated PIN system and nearly nonexistent liability protection for victims have led to nearly $1 billion in debit card losses. Check cards and unsecured debit cards don’t use PIN numbers to validate transactions which makes consumer data protection nearly impossible.

In 2011, SonyOnline Entertainment reported that over 10,000 debit card numbers had been stolen from its network databases. Citibank also revealed that hackers had stolen over 200,000 debit card numbers. And the national supply store chain Michael’s said it had lost tens of thousands of dollars of their customers’ money to due to account information that was stolen.

Consumer Liability Isn’t Limited for Debit Card Fraud

Unlike credit cards, which limit fraud victims’ liability to $50, debit cards fraud victims’ liability can skyrocket. There’s $50 liability only if fraud is reported within two business days; $500 liability until 60 days have elapsed. After that, debit card fraud victims can be on the hook for the entire amount stolen from their bank accounts, plus their overdraft limit. I don’t know about you. But I don’t check my bank balance every two days. Even if you report debit card fraud quickly, your bank is allowed to conduct a 10-day investigation into your claim. In the meantime, that can mean you could be bouncing checks and have no money to pay your bills.

According to the 2011 Javelin Strategy & Research Identity Fraud Survey Report, 1.4% of consumers get hit by debit card fraud every year. In a typical case, consumers spent 28 hours making phone calls to resolve it. And they ended up with $795 in out of pocket expenses they didn’t get back. Yet 80% of American consumers still have a debit cards in their name. And 190 million people are expected to use them this year – 30 million more people than use credit cards. If you’re one of them, here’s what you can do to protect yourself.

How to Avoid a Debit Card Disaster

∙Check your bank balances every couple of days to limit your liability for debit card fraud.

∙ Don’t use a debit card online or for phone orders. Since they’re directly linked to your bank account, your risk of getting cleaned out by a hacker is far greater than with a credit card.

∙ Never use debit cards at gas stations which are rife with skimming scams.

∙ Avoid using a debit card at restaurants or anywhere where there are a lot of people around and your card is taken away to be swiped.

∙ Hide your pin when you use it at ATMs; and keep an eye out for ATMs that look like they’ve been tampered with.

∙ Never use a debit card at hotel, airport or at other Wifi hotspots. You could be the victim of a man-in-the-middle attack in which a hacker eavesdrops on your communications via the unsecured wireless network. And your data could go into the merchant’s database which is another place where it could be compromised.

∙ Use VPN software like PRIVATE WiFi™. Virtual private networks provide the best kind of data protection by encrypting the information traveling to and from your computer. That means it’s hidden from hackers at Wifi hotspots and at home.

If you’ve been the victim of debit card fraud, we’d like to hear what happened to you. Drop us a line and share your story.

Get Private Wifi   Protect your personal information.
Get DataCompress   Cut your mobile data usage.

Jan Legnitto

Jan Legnitto is an investigative journalist and documentary producer who writes about criminal justice and intelligence issues. Jan is also a frequent contributor to the Private I blogs.

  • Wendy G

    This article contains a bit much of fear mongering. The “this could be you” example couple that had $700 “stolen from their accounts”, surely had every penny of that reinstated by their bank, assuming they did not know the card was lost or stolen. That there’s the law. This means the money was NOT stolen from them, although it was stolen from the bank. Big difference.

    (Although – if they DID know the card was lost or stolen and did nothing about it – then they’re irresponsible, and no one will feel sorry for them for having their funds stolen.)

    Also, the 2-day and 60-day time limits to notify the bank of fraud, are measured from the date that you learned of the theft or loss of the card, NOT from the date of the actual fraudulent use. This is actually the same time limit as with a credit card.

    This means your first piece of advice – check your account every few days – is unnecessary (though not a bad idea). Just keep an eye on your card! Don’t lose it, or let it get it stolen – but if you do, notify the bank, and then your liability is only $50 – and most banks waive even that. Why? Because they don’t want to cancel your card – banks make TON$ of money on those cards! Little fraud losses here and there, like the $700 fraudulent charge at WalMart, don’t come anywhere close to making these cards unprofitable for the banks.