8/04/2008

Thieves, Damn Thieves

We'll likely never know how, but someone stole my wife's debit card number. You can't look back at the last places you did business as so many retailers and processors needlessly keep your data on file for way too long - years in some cases. And despite the frequency with which security is breached at these places - by hacking into the system, lost or stolen laptops, or by just dumping the hard copies in the dumpster for anyone to find - and despite the publicity generated around this, your data is still treated with reckless abandon every single day. It's stupid. But still, debit or credit, the cardholder is on the hook until the issuer recognizes the charges as fraud.

This really sucks, since as you know from our post on our cash envelope system, we pay cash for most of our monthly purchasing. We estimated that currently, only 10-15% of our purchases happen via debit. That number shrinks further when you narrow it to transactions to her card specifically. What I'm saying is that our odds of this happening should be far less than say, someone who puts all of their monthly purchases on a card.

As all of you credit card fans know, ID theft is so much worse with debit cards, because they are so much less secure, the thief has direct access to your money, and they have no federal laws protecting them. Here now is the hell that we went through:

  • We got a phone call from our bank on Thursday informing us of some suspicious activity on our debit card. Turns out that they monitor account activity (assumingly automated?) to spot fraudulent activity. Our account, specifically her card, came up with a red flag.
  • The service rep then proceeded to review the past few days of activity with my wife, starting with the ones that were suspicious. There were a few purchases on iTunes and Napster on Tuesday. She was told that they were consistent with how stolen card numbers are tested before they go after the bigger purchases.
  • The funny part is that after those 'test purchases', my wife had made a donation to a friend's campaign fund. The $100 donation via Act Blue was the straw that broke the camel's back for the bank's fraud monitor - they thought it was fake! It was legit, but the other's were not.
  • They then when over about 2 weeks worth of purchases to make sure all of the fraudulent ones were caught. After she got off of the phone, she then double checked by reviewing our account online.
  • They also de-activated her card number and sent us a new one.
  • Then we went on with our lives as normal.
Pretty rough, huh? No mortgage checks bouncing, no waiting forever for the money to be replaced, and we weren't liable for a cent. In fact, our bank held all suspect charges until they could be verified, so the fraudulent charges never hit our account! No harm, no foul.

The real kicker is that this is with a small regional bank. Not BofA. Not Wells Fargo. Not WaMu. Not Wachovia. Not a multi-billion dollar national bank. And yet they can do this. They spotted the fraud, acted on it, AND were correct (mostly) - All with very little inconvenience to us. We've been with Bank of America in the past, and they were surprisingly great to deal with when it came to fraud, but we were the ones catching it, not them. In fact, when the Mrs. traveled for work, she had her company credit card and her debit card. Fraudulent charges were always easier and faster to resolve with the debit card than the credit card. No act of Congress required.

Myth-be-gone!

3 comments:

Anonymous said...

My husband's debt card was stolen and they emptied his account buying vitamins. lol. Weird... but the bank caught it and cleared it up easily enough. It also wasn't a big bank, just a local credit union.

Anonymous said...

I've had fraudulent purchases appear on credit cards and had no problem getting the charges erased and a new card number issued. This has happened three times -- once it was an inside job, when a bank employee lifted my number and used it under the name I signed to a letter to the company, which is different from the name I use to sign credit-card slips and legal documents.

From what I'm told, if and only if you or your bank spots the fraud against a debit card promptly, you may be able to get the charge erased. However, banks are not obligated to do that in the case of a debit card. You do run the risk of losing money if the theft is not recognized in time or if you can't prove you didn't make the purchases. That's not true of credit card fraud--lenders are legally required to reverse fraudulent charges against a credit card.

One reason I don't no longer have automatic payments charged against a credit card (something newspaper circulation managers adore) is that when you must have the credit card number changed, you have to get in touch with all the merchants who have this arrangement and give them the new number. That really is a hassle!

Anonymous said...

Funny-
Thanks for chiming in.

Credit cards do have some federal law that folks like to beat their chests about when it comes to fraud. That only helps when the issuers agrees that it is, in fact, fraud. The risk is the same - debit or credit.

Yes, debit card protections are subject to the issuing bank's policies and procedures (just as credit cards are), but they are not limited to that. Beyond the bank, you need not look to Washington, but to the card backers - likely Visa or MC as they have a Microsoftian share of the debit market. Both have zero-liability policies for debit that mirror that of credit.

Besides, are you really going to trust that these credit card issuers (Chase, Citi, et al)are going to abide by some federal law, when they break the Federal Fair Debt Collection Practices Act on a daily basis? Not I.

The real point is that debit card fraud protection is not the wild wild west as many credit-mongers like to have everyone believe. As shown here, even the First Bank of Podunk has security measures that seemingly trumps all.

Thanks again.

Blog Widget by LinkWithin