Posted on 03/13/2006 10:57:46 AM PST by APRPEH
The unfolding debit card scam that rocked Citibank this week is far from over, an analyst said Thursday as she called this first-time-ever mass theft of PINs "the worst consumer scam to date."
Wednesday, Citibank confirmed that an ongoing fraud had forced it to reissue debit cards and block PIN-based transactions for users in Canada, Russia, and the U.K.
But Citibank is only the tip of the iceberg, said Avivah Litan, a Gartner research vice president. The scam -- and scandal -- has hit national banks like Bank of America, Wells Fargo, and Washington Mutual, as well as smaller banks, including ones in Oregon, Ohio, and Pennsylvania, all of which have re-issued debit cards in recent weeks.
"This is the worst hack ever," Litan maintained. "It's significant because not only is it a really wide-spread breach, but it affects debit cards, which everyone thought were immune to these kinds of things."
Unlike credit cards, debit cards offer an additional level of security: the password-like Personal Identification Number, or PIN.
"That's the irony, the PIN was supposed to make debit cards secure," Litan said. "Up until this breach, everyone thought ATMS and PINs could never be compromised."
Litan's sources in the financial industry have told her that thieves hacked into a as-yet-unknown system, and made off with data stored on debit cards' magnetic stripes, the associated "PIN blocks," or encrypted PIN data, and the key for that encrypted data.
(Excerpt) Read more at techweb.com ...
My debit card (major bank not some local outfit) can be used without a pin...just choose credit on the checkout terminal, and it processes just like a credit card (I have to sign for the purchase)...however, the money comes out of my account just as if it were used as a debit.
So how are debit cards supposed to be more secure?
They are American owned, right?
Personal Debit card secured by Smith & Wesson...
When someone says 'it's not about the money", it's about the money.
Question: Was the data stored in a center overseas? I have often said that with the offshoring of IT work it was a matter of time before something like this happened.
Hmm...the text of the article implies that it was a point-of-sale hack on a store that retains the customer's PIN with his or her account number, which is a security hole roughly on the order of writing the PIN on the card and then losing the card. Nuts.
Did I read this article correctly to contain the blood curdling statement that an "as yet unknown" system was compromised? In other words, they have no idea what was broken into? Not good.
I can't see the point of debit cards either. If you use it in credit mode I presume your recourse if it's used frauduently is the same as any credit card. The clerk is supposed to verify your signature.
In debit mode, I am not asked to sign the receipt. On the other hand, my bank charges $1.50 for each debit transaction. Not being a big checkbook maintainer I was really chagrined when I saw how many $1.50 pops I had on $6.00 salad bar purchases.
So, there is absolutely no reason for me to use debit mode. The fact that it has been proven insecure just reinforces the decision.
As the article says, this instance I find troubling/irritating for several reasons: 1) Not supposed to be able to do this with a PIN-fired card. 2) The hack apparently originated overseas, so getting to the root of the problem appears near-impossible, and run-of-the-mill "inside a store where you used the card" issues seem not to apply. So the irksome part (to me) is that the source of the problem seems "unknowable"...at least for now.
Actually if you use your debit card as a credit card I believe the money is not taken out of your account until the end of the month where as if used as a debit it is taken out when used.
I have a CitiBank card that hadn't been used in four years. Last week I got a notice from them cancelling the card, saying a credit check showed me with a delinquency. When I went to the listed credit agency on the Citibank letter, I found myself embroiled in a scam to get you to subcribe to their credit agency.
Incorrect, at least for all the debit cards I've ever used.
Not with mine, if I use it in credit mode...zip, bang, boom, it's out of there by the next morning, LOL.
I will say that I never get charged a fee to use my debit card, so for that I'm grateful.
My 17 year old has a debit card for his account. I was surprised that he was able to get it because of the "credit" aspect, but the bank officer that signed him up for it said that there was really no risk to the bank since it only withdraws funds from his account, even though it can be used in a credit mode (there is a overdraft protection on it though that is tied to his savings account.)
I belong to a major bank based out of Pittsburgh and was contacted Friday as a "proactive courtesy" to let me know my card and PIN may have been compromised, and was told that "no illicit transactions" were processed against my account.
If the crooks have my PIN, how can the bank make that statement? Only I could truly know that.
Ouch! What rinky-dink bank does that? I've been using debit cards for purchases for 20+ years and never had them charge a fee. The only time I get a fee is if I get cash from a "foreign" ATM (i.e., one not owned by the bank), but point-of-sale purchases are always "free".
So, there is absolutely no reason for me to use debit mode.
Yeah, if they charged a stupid fee even for debit *purchases*, I wouldn't use one either.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.