Saturday, March 04, 2006

Debit Card Breaches, A Growing Problem

Last month, 200,000 debit card numbers were breached in the Western United States. News reports speculated that the breach was either at Sam's Club, or Office Max.

Here is one of the posts, I did on this scenario:

Office Max Denies Being Hacked in Debit Card Breach

Now activity seems to be moving to the middle of the country and even to the East Coast.

Indiana's NewsCenter16 Reporter, Kimberly Torres reported on 03/02/06:

"Banks and credit unions, including some here in Michiana, are sending out letters to warn their customers. Someone got into the database of a nationwide store chain, although Visa won't say what store. They stole Visa credit card/debit numbers, and soon after, ATM transactions popped up overseas."

Contact 16: Visa card numbers stolen, Michiana affected

The same day, the Indiana story broke, the Boston News Channel reported:

"Officials said Leominster and Fitchburg area residents are being stung by debit card fraud in amounts of from hundreds of dollars up to almost $2,000."

Towns Stung By Debit Card Fraud

Of course, there is no way to tell if this activity ties in together, but the similarities are amazing. It appears that retailers, debit cards and hacking seem to be involved in most of the scenarios.

This supports the story on February 23rd that Debit Card Fraud Causes FBI To Widen Its Probe ZDNet, which stated:

"Federal investigations into a debit card fraud that has affected about 200,000 cardholders in the western US have been extended to other parts of the US in an effort to identify common factors. In the past week, Bank of America, Wells Fargo and Washington Mutual advised that the debit cards of certain customers would be replaced following an unconfirmed card security breach in which cardholders' names, debit card numbers and PINs were obtained. Fraudulent charges at Wal-Mart's Sam's Club division and at office retailer, OfficeMax, are receiving particular scrutiny in investigations."

No one is saying (directly) how the systems at retailers are being compromised. One thing that has been spotted, with increasing frequency, is the use of skimming devices (often wireless) on ATM machines. Here is a post, I did awhile back with some interesting pictures:

ATM Machines That Clone Your Card

It appears that debit card breaches are a growing problem for both the financial and retail industries. Everyone seems to be extremely tight lipped on how the breaches are occurring and it's hard to say, whether this is because of the ongoing investigation, or for other reasons.

Fox News recently reported:

"Consumer advocacy groups say the public isn't getting the full story on debit cards, which have become so popular that 127 million are in use today."

"Debit cards are the pot of gold at the end of the rainbow for banks," said Ed Mierzwinski of the U.S. Public Interest Research Group (U.S. PIRG), a consumer watchdog organization. "They're a big risk for consumers."

"Mierzwinski said the bank makes $2 on every $100 spent with a debit card, but banks don't tell consumers how difficult it is to reclaim their funds after a theft."

Here is a scary story from MSN Money, Banks hang fraud victims high and dry by Liz Pulliam Weston. In this story, she writes:

"The rules are somewhat different for bank accounts. When a fraudulent debit charge or automatic payment is reported, a section of federal law known as Regulation E requires banks to investigate within 10 days. But banks can extend that period to 45 days if they credit the disputed amount or $2,500, whichever is less, to the customer's account. (Paper checks offer even less protection, as I discussed in "Your paper check is a thief's best friend.")

"But a bank can decide there was no fraud, experts say, and take the money back as long as it provides a written explanation to the customer. That's what happened to the Hendersons and to Los Angeles Times columnist Steve Lopez, who recently wrote about his bank snatching back the $2,020.50 it had restored to his account after a theft."

Problems with debit cards aren't confined to the United States, breaches are being regularly reported throughout the world.

Here is an interesting article from the Canadian Broadcasting Company, which illustrates the growing problem in Canada, also:

CBC News:Debit card fraud an 'epidemic'


prying1 said...

Thanks once again Ted for an excellent article. I'm certain you are affecting people in a positive way.

Anonymous said...

Interesting that the laws are less protective of the consumer on debit cards.

Does this have something to do with the increase in this activity?

Anonymous said...

Actually, it all depends on how a debit card is used. If it is used with a PIN, it falls under different regulations that if you sign for the purchase. Signing for the purchase offers more security to the cardholder because of Visa and MasterCard's regulations of Zero Liability for unauthorized purchases.