Two days ago I got an automated telephone call from our bank (BofA) asking if we’d attempted an ATM withdrawal in the amount of $407. We hadn’t, but thinking the call itself could be a scam I wrote down the phone number they gave and hung up without talking to them. I checked our account online and found that amount had been debited and then reversed or credited. But I also saw that $271 had been withdrawn; I filed a fraud complaint, the card has been blocked, and we expect the money to be refunded by the bank. All of this ATM activity took place in Paris! Well, back in the Fall we had been in Italy for 4 weeks where the card was used at bank ATMs to withdraw cash. We didn’t make purchases with the card, only cash withdrawals at bank ATMs. We didn’t lose the card; we still have it! How did they get the PIN? Was it an inside (the bank) job? Has anyone else experienced this?
Oh Galen.. this is not just something that happens in foriegn countries.
This happened to me,, here in Victoria BC ,, my hometown.
I was at grocers,, had just rung up over 200 dollars worth of groceries.. hand over my card ( because yes, I had it in my possession) and the cashier handed it back saying it was blocked.. I am like what??? So embarrassed .. pay with my CC .. go home, phone my bank.
Someone had taken out 300 dollars that morning,, then a few minutes later tried to take another 300 dollars out,, the bank flagged it on the second attempt and blocked it.
They said my card must have been scanned somewhere .. they though it might have been a self serve gas station as they had a rash of frauds in our area. They say the scammers put a fake scanner on the pumps.. and then position themselves across street with binoculars.. they watch you enter your pin.. most of us do not hide our pin when at gas stations because no one is standing beside us.. The bank told me its best to use the pumps that are closest to the store part of gas station and to always hide pin entry with hand even if no one is around.
I got my money back so no biggie.
A fake front is placed over the existing atm which will scan your insertion and more likely these days there is a tiny camera to take your pin number as you enter it.
I have had one personal instance of this fraud when using an atm outside a supermarket in the UK. The card on first presentation almost immediately came back out before I had completed entering the pin. On re-presentation all went well. A card and detail was used in Thailand at a supermarket the following day, but was blocked immediately by my bank. My bank 'phoned to advise all the second day.
This is why newer ATMs do not have a 'flat' slot to make it hard to attach skimmers onto it.
My guess would be that the issue had little to do with your travel to Italy or skimming of your card at an atm. Likely somebody, likely local, was able to get your info, or as I experienced, somebody put the pieces together.
They don't even need the PIN, as long as they have the debit card info they can run it as credit. Your info can be emailed anywhere in the world and a new card generated before you know it.
@Stan-BofA online described the transaction they got away with as an ATM withdrawal at a bank. I'm surprised they could do that without a PIN.
Thanks everyone for your input. It was interesting to hear that some of you have experienced this here in North America, too. It seems we'll need to add another step of caution to our banking activity!
This could be a result of the Target breach - or a separate scam. Just because the card was used in Paris doesn't mean the information was gathered in Europe (doesn't mean it wasn't either). Recently, they caught some illegal aliens crossing the Mexican border into the US with around a hundred fake credit cards that were directly linked to the Target breach. Information from the breach gets sold in batches to people who know how to use it fraudulently.
I had a fraudulent charge and talked to a security manager for the bank's fraud department. He said one of the most common errors victims make is assuming the timing/location of the fraud has anything to do with the timing/location of where their information was stolen.
Galen
These days a lot of the data loss is via hacks and other lax security precations on the retail side at hotels as noted in this Post article.
Also and interesting report on the Target hack that made the news near the holidays.
Do your part and protect you cards and how you enter data and who you give it to.
Me I use cash as much as possible as I wrote about awhile ago.
Safe Travels!
@Brad: What I didn’t say is that the bank asked “Have you been in Europe recently?” So their thinking/logic is just as erroneous as the rest of us. But I do understand the timing/location thing.
@Ionpete: The card never left my possession. We also use cash as much as possible, but one has to get the cash first in order to use it! We believe that’s where the problem lies.
Thanks for your replies.
Just a week or so ago I had a call when I was at work from American Express asking if I had been in China or Japan 30 minutes earlier. Ummm, no. Never been to Japan, and I haven't been in China since 2005. The card had never left my possession, either. So there is really no telling how the information got out.
Just note on most recent losses. These losses were due to hacks and software left on POS. Not much a card holder could do.
@lonpete or anyone else: What does "softward left of POS" mean?
POS is Point of Sale. So that means hacks and software left on the equipment at the point where you used the card (ATM slot, store credit card machine, etc.). The previous poster is saying that most of the recent problems were due to software or other hacks, not card skimmers.
My understanding of POS (point-of-sale) software is that such infects a machine involved in a retail sale (credit and/or debit) and forwards the card information for fraudulent use.
Ladies and Gents hence that is why I use cash as much as possible. Get what I need from the ATM for a few days and don't use cards.
You simply have to accept that there’s a certain amount of risk one assumes when transacting business with debit cards and credit cards. There are things one can do to mitigate the risk, but there’s always going to be some risk no matter what. One can limit his use of cards, but it really takes just one transaction for fraud to occur somewhere in the pipeline. My take? Take whatever reasonable precautions you can, but use your cards as needed. Your liability on credit cards is limited, and as long as you don’t have $20,000 in cash in your checking account, only the amount present can be drained. Just transfer over from savings right before you need it. And even then, you’ll likely have some recourse to limit those checking account losses if fraud occurs. It’s 2014, and it’s just the way business is transacted. I used to worry about e-mailing credit card details for hotel reservations…it’s not secure at all. But as some have pointed out on this Helpline before, what’s the risk, really? In truth, it’s low.
"...You simply have to accept that there’s a certain amount of risk one assumes when transacting business with debit cards and credit cards..."
The same risk exists when using cash, just in a different flavor. It can be lost, stolen, or a cashier can short-change you. One has little recourse to recover lost hard-currency as opposed to fraud from plastic, which can be recovered.
Thanks for posting this as a warning for us!
My husband & I have a separate account that we use for travel. The account has an ATM card that looks like an ordinary card except that there's no name imprinted on it, and it has no credit card logo. This account is not linked to our savings or checking accounts. So, if someone steals our card, it's virtually worthless to them. We use that exclusively for ATM withdrawals for cash (that goes directly into the moneybelt). So, restaurants are paid in cash.
I reserve & pay for all of our hotels upfront through Expedia, so we don't need to risk using a credit card in Europe. I print 2 copies of each of our Expedia reservations, handy for checking in & checking out - never had any issues.
I’m sure you’re taking reasonable precautions, but as stated earlier, there are always going to be certain risks no matter how you go about paying for things. For example, your travel account ATM is a decent idea. The ATM card associated with that account isn’t worthless to a thief, however. He doesn't need your name from the front of your card or a logo. He could easily access whatever amount of cash you have in that account. He can’t access your checking & savings accounts, so that part is good. And you had to use a credit card on Expedia, right? That could get hacked. There are some risks with these things. I don’t think you’re doing anything wrong. In fact, it sounds like you’ve thought it through thoroughly. My point is that none of this is risk free, and there’s only so much we can do. Using cards instead of cash does limit your liability, however. Oh, and if we’re talking about a prepaid travel card you use like an ATM card, I don’t believe they have the same legal protection as a regular credit card if hacked, so that is a serious downside as far as limiting your liability.
I had the similar situation with ATM company. No clue who this company was until I looked it up they have been debiting my checking account for 6 months I thought it was a foreign atm until I looked it up they got around 80 dollars or more out of my account and have written them countless emails only to get no reply. And I do not know what to do?! I asked site vcharges.com to chek and now I am waiting for their reply!