How the Little Guy Gets Screwed: Episode VI

Trench Warfare

Home

Report this Blog for Abuse

Syndication

Archives

My bank account got hacked recently.

To the tune of $1800.

Yes, that's right. Eighteen hundred dollars.

And this is how the bastards did it: They stole my PIN number. Those four magic digits that are supposed to keep my card safe--they had access to it. And in the course of four days, six separate transactions, and two cards (they had The Geek's information as well), they pilfered that money from ATM machines. In London.

You read that correctly. Cash in hand. In London.

Technology is great, until it turns into that little ankle-biting yipper. There are some really smart people out there that have found a way to buck the system. I almost want to praise their ingenuity if the whole thing wasn't so insidious.

When you type in your PIN number at the store--any store--that number isn't necessarily purged immediately. It has to go through a complicated transaction along the way from the retailer to the bank. At various points along the journey, the encryption gets lifted so the bank can approve your transaction. And herein lies the genius: these guys somehow figured this out. They mine this information, make fake debit cards (which, apparently, is not difficult to do), blithely walk up to the ubiquitous ATM machine and walk away with your money! You can read more about how they do it here.

A few years ago, some retailer (Office Max was the suspected culprit) got hacked and millions of credit card numbers, coupled with PINs, were stolen. Citibank was targeted last year. This year, a gas station in California became subject to the scam, as well as ATMs in Maryland Apparently, this kind of theft has been going on since the turn of the new century. I have no idea which retailer got hacked that led to theft in my account. What I do know is this: it was a major retailer, because I predominately used my PIN when I bought groceries. Not only that, but my bank, being proactive, had just sent me a new card not a month before. This, despite the fact that I wasn't due for a new one for another nine months. My NEW card was compromised, so the thieves had garnered the information recently.

I'm not really down with some dude in London walking up to an ATM machine and making withdrawals from my account.

Just saying.

So how is that we get screwed here? Well, besides the obvious, there is a law in place called "Regulation E". This law protects consumers from electronic theft. Theoretically. The problem is that the consumer has to be on top of things pretty much all the time. As long as you report the "unauthorized use" of the card to your bank within 48 hours, you're only liable for 50 bucks. Which is beyond pocket change--that's a tank of gas. However, that liability jumps up dramatically after two days: to the tune of $500. For most of us, five hundred dollars isn't a petty sum of money.

I was fortunate enough that my bank notified me and we got all of our money back fairly quickly. But this went down on a weekend, naturally, meaning that nothing could happen until Monday. Meaning our account was anemic until it all got straightened out. But what about the person who just flat out doesn't have much money? If their account is wiped out in one of these scams, they could go for days without funds. Kind of a problem if you need food. Or gas. Or cash for one of the 78 times a year the local elementary school asks for a handout. And I'm sorry, but I don't look to the banks to be all "social worky" and take care of these victims in the meantime, although as a matter of customer service they should. Cynical? Perhaps. But they hardly deserve our trust.

So what to do? Well, my mantra since this happened to me has been plain and simple: Don't use a PIN when using your debit card. Ever. I know most retailers' machines default to the "number pad" on their devices, but all you have to do is press "cancel" to bypass that option. They just don't like for you to do so because credit card transactions cost them money. Of course, then you have the issue of your signature being "out there", but I learned a long time ago that a simple scribble on the pad suffices. I never use my "real" signature--a double edged sword, no doubt.

Another thing to do is practice due diligence on your bank account. I tend to check mine daily, but that's because I'm compulsive about it. The reason why these withdrawals slipped by me before is because I had briefly gotten out of the daily check habit (plus the bank called). No more. The problem here, of course, is that not everyone has online banking or regular access to a computer--more of a professional conundrum. In the blogging community it's a moot point. As for the banking? If your bank doesn't offer online access to your account, they're woefully behind the times and you need to move along to someone who does. Just not Bank of America, as they are the devil.

The ATM hacks are a bit disconcerting because we all need cash at some point, right? For me, it's hardly a matter of just going to the bank to withdraw cash. I bank with USAA--they don't DO brick-and-mortar. I just have to take my chances here and use ATMs sparingly. I suggest you do the same.

There's a website out there called Identity Theft with plenty of free information. Additionally, you can go to the Federal Trade Commission for information about consumer rights. I sincerely hope this doesn't happen to you. ->