Well, this week just keeps getting better. I found out that my bank card information from Seattle was stolen and has been used to make fraudulent charges in Florida. I had to cancel the card and now will have to go and dispute about $500 in charges. What amazes me is that all the charges were at gas stations in Florida and all are listed as “debit without PIN”, which means with only a bank card number, they could steal money so easily.
The American banking/credit system is terribly insecure. Here in Ireland, I’ve been using a Laser card which is like a debit card, but has a built-in chip that stores your PIN number. In most cases, you have to have a PIN number to unlock the card. People in Ireland were surprised when they saw my US credit card, and one fellow remarked, “If you dropped this, anyone could just walk into a store and use it.” He was right.
Also the Bank of Ireland’s online banking site is a lot more secure, and asks more questions before you can log in. Even when you setup the PIN, you have to do it in a random order, to prevent someone from eavesdropping. When I use the US bank website, I just have a login name and a password, which can be stolen easily.
I am really annoyed at the US banking system right now, and annoyed at how insecure everything is. I won’t be getting a new debit card issued; I don’t want to risk getting my number stolen again at least until I get back to the US. Even then, I may just stick with an ATM card only.
Namuamidabu
Update: After talking with my bank’s Fraud department about disputing charges, it turns out my card and my wife’s were both stolen (3 charges on her card, 2 on mine). Definitely something happened in Boston. That was the only time we both used our cards.
Update 2: After much research and careful thinking, I believe my bank account information was stolen online after doing a direct debit transaction ages ago. That explains why both cards were charged by the same people. I won’t be making that mistake again. 
Hello, this blog is about my life as a father, Buddhist and Japanophile / Koreaphile. Any useful information I can pass along will hopefully make the 
I know – it’s weird how insecure the US banking system is (didn’t we just have a crash?)… I mean – it makes so little sense. We talk about online privacy soo much, but online security (which ought to be more important) is in many cases so close to NOTHING. Glad I’m in mainland Europe (where the pin-system is just like you describe it).
Ha ha ha, how true! You bring up a very good point: privacy and security are not (and should not be) separate. In fact, privacy should be one aspect of security. Honestly, I just think most Americans don’t know better. I didn’t even know about PIN-system cards until I moved to Ireland, and most Americans don’t have the benefit of travelling abroad.
Instead, we’re moving to a “flexpass” system (radio-chip in card) that makes it paying for items in person more convenient, but much more easy to steal (since radio signals can be stolen).
Just silly.
It’s very easy to clone a credit card. You can buy the equipment cheaply in your local electrical store. A ‘reader’ is inserted in to the card terminal which copies the details on the magnetic strip. If it is a chip and pin terminal a pin hole camera is used to capture the number being entered. The fraudsters then match up the PIN with the captured details and copy them onto a blank card – any card with a magnetic strip will suffice eg a mobile phone top-up card. The cards are then shipped out to countries where they can easily be used or shops in which the owners are themselves part of the fraud and allow them to be swiped.
In the UK the average fraud spend on a compromised card is somewhere in the order of £730. The cards are cloned in a number of ways – mainly from ATM machines rigged out in the way described above.
The best way you can prevent your card being cloned is by preventing the hidden camera from capturing your PIN number. You can do this quite simply by holding one hand above the other whilst entering your PIN so your fingers and the key pad are obscured from any camera positioned above it. If you are using a shop based terminal do the same or if it is portable move it away from its normal position.
BTW my comment above is limited to PIN enabled bank cards. Cards which you don’t need a PIN are of course even less secure.
I am also surprised at the lack of security. At many gas stations here in Los Angeles, the pump does not require a PIN but merely a zip code. It’s not too difficult to guess some local zip codes when using a stolen credit/ATM card.
I’m so sorry that this happened to you! You should also consider checking your credit information to see if someone tried to open an account in your name.
Hello all,
Thanks so much for your feedback:
Jishin: Excellent advice and much appreciated. I noticed in Ireland most card terminals do have 3-sided “shields” that seem to help obscure your PIN, but the “hand trick” seems to be good advice, so I started doing that. In the US, the card was used for non-PIN transactions (people used the Mastercard feature like a credit card), apparently at gas stations, so I doubt they actually stole my PIN. Apparently the card number was enough.
Tornado: Yeah, I bet that some gas stations still don’t have up-to-date terminals for even zip codes. Because I live in seattle, it’s unlikely that they would have known my Zip code all the way down in Florida. Sounds like Florida is behind the times.
I’ve been tracking the transactions and they’re all in backwater cities in Florida, so I bet the gas stations are out of date.
Jeannie: Yeah, we considered that too, so I will be flagging my information with the credit bureaus.