The Target data breach last December made vulnerable up to 70 million customers’ debit and credit card information. However, card fraud can also occur on a much smaller scale.
Debit card information can also be easily stolen through card readers called skimmers, and Bay Area gas stations have been hit in the past by thieves who then gain direct access to victims’ bank accounts.
“We’ve had some instances with scams at gas stations where people install their skimming devices to store card numbers to retrieve it,” a deputy from the Marin County Sheriff’s Office said, who requested that his name not be used. “They have the cardholder’s information and can do whatever they want with it.”
The Marin County District Attorney published a consumer tip in the Marin Independent Journal on May 19 citing the dangers of using debit cards to make purchases.
Thieves collect the debit card information through a two-step process, according to an article published by Consumer Reports. First, thieves will attach the card reader directly over the ATM’s actual card slot. This way, when a customer swipes their debit card through the counterfeit reader, the information is collected from the magnetic strip. To get the PIN, criminals can either attach a camera above the keypad or lay a fake keypad over the real one to store the number. The data is then transferred to a blank card as a duplicate account, and used to withdraw money at ATMs.
The deputy said that credit cards can be more secure than debit cards when making purchases.
“With debits there’s traditionally a PIN associated with it, but credit cards can be used just with a signature,” he said. “When I go to the gas station I run it as credit, because I don’t have to punch in a PIN number. That way, if someone’s watching me and if there’s a skimmer hooked up, they won’t get my PIN or see me punch the keys,” the deputy said.
Additionally, there is more consumer protection when making purchases with credit cards, as the billing doesn’t directly come from a personal bank account.
The deputy recommended paying attention to one’s surroundings when using a debit card, and checking one’s bank statement frequently.
“A lot of people have smartphones to check their statement,” he said. “A typical statement goes for a month, so if you don’t check it when you get charged for purchases you didn’t make, you could’ve headed it off after the first purchase.”
Krista Blickman, a customer sales and service representative at the Wells Fargo in Corte Madera, said that another way to check the security of your debit card information is through identity theft protection.
“Once you become 18, you can sign up for identity theft protection. It tracks your social security number so if somebody other than yourself opens a card in your name, Wells Fargo will call you and ask if it’s okay to open the card,” she said.
The deputy estimated that three or four complaints of identity theft are reported in Marin County to the jurisdiction office per month, although it’s more common for people to report to the bank.
“The way banks work is, the money’s insured. So if someone stole money from the account, you’re not the victim, the bank is the victim, because they’re going to insure you for the money. They have their own investigations division responsible for these types of fraud. So they get more [reports of fraud] than we do,” the deputy said.
To prevent skimming, American banks have begun replacing the magnetic strip with an embedded microprocessor chip.
“Banks are switching over to having a chip put in the card. It originated overseas in European countries,” Blickman said. “There’s a little metal chip that goes in the card, and it makes it almost impossible to get information from it.”
Called EMV chip technology after its developers Europay, Mastercard, and Visa, the chips contain information needed to make purchases with a card and are not susceptible to magnetic readers.
Wells Fargo is currently in the process of switching over to only supplying EMV chip cards. They estimated that by December 31, 2014, all Pre-Payment Card Industry (PCI) PIN entry devices such as debit cards must be retired and replaced with PCI-approved devices, according to a Wells Fargo Merchant Connect document from 2012.