debit card( checking account) fraud?

[Rosiv]

3. Don't save your cards on websites. This always baffles me that people do it (you wouldn't leave your credit card at the Pizza Hut you go to all the time, right? So why is PizzaHut.com all of a sudden a good place to just leave your credit card?). The only places I will save my card to are places that FORCE you to do it like Netflix.

This is a common misconception, any place you use a debit card, or credit card, stores all of your card's information in their database anymore. You literally can't get away from having your card information stored.

You are correct that the data base stores it so you're still vulnerable on the "X got hacked and my credit card is now stolen" but I'm more referring to the much easier setup where someone just gets your user name and password. If I save my credit card on Walmart.com and someone gets into my account, they now have access to the credit card. If I don't save my credit card on Walmart.com and they get access to my account, the most they're getting is my personal information that they could get out of any phone book.

Like with my example I gave about Xbox Live; the only compromise was my account. My credit card was not on there so ALL they could take was whatever I had on Xbox Live. Had my credit card been on there, they could have loaded up on Live Points and really gone nuts with my money

The databases are actually much easier to crack than individual accounts, also cracking a database of a large retailer gives not only credit card information, but also account login and password information if it's stored. "Script kiddies" usually are the ones who crack individual accounts, often times in like Steam and XBox Live it's to make you look like an idiot. The databases are still where everything is, cracking individual accounts is worthless, because the hackers generally don't use the card information themselves. They sell the card information on black markets, that way it's neigh impossible to catch the hackers, even if they catch the identity thieves who use the information for personal gain.

This is why I default to using prepaid cards and things like my Google Wallet which I strictly control, only putting what I need on account to make an online purchase. If someone steals those card numbers, they'll get nothing, because I keep the accounts empty until I use it to pay for something, if I keep an active account at all.

So would you say checking your banking on a college dorm wifi, using college atms, and buying via ebay or amazon bad practice?

 

[stormtrooper9091]

1. Nope.
2. Insecure processing and bank people being jerks
3. Know what you shop

Since I mostly use Steam as means of online shopping, and I do it by always buying on the spot and never ever keep anything in my steam wallet. Same as Ebay. I hate banks and I hope they all perish though

 

[Duck]

I used to work in the banking industry and specifically in a loss prevention position, so this thread absolutely intrigues me.

1) have any of the members of the escapist been a victim of this type of fraud?
> I can't speak for any of the other members of The Escapist, but I myself have never been a victim of fraud. I would like to attribute this mostly to the fact that I am very careful with what sites I purchase from and where I use my debit card, but the list doesn't stop there.

2) what do you think are the major causes of being a victim of fraud?
> There are several "major" causes of fraud, but you might be surprised at what they aren't. First of all, I'll list three of them in no relevant order: 1) Phishing Attacks, 2) CCP Breaches (Central Card Processing, I.E. payment gateways or terminals), 3) Mail Theft, 4) E-Scams (419 Scams, Relationship Scams, etc.)

If I had to choose from this list the top two reasons, in order, it'd be CCP Breaches and Phishing Attacks.

CCP Breaches are when attackers take over a payment gateway by compromising key machines and injecting malware into the operation. On a retail level, they have a computer which handles financial records and usually, the POS (Point of Sale) terminals are on the same network as the computers. Assuming that the attackers are able to compromise the central machine, they can essentially write their own firmware or set up logging mechanisms to log things such as credit/debit card numbers, Track 1&2 data (this is what comes from your Magnetic Stripe), Pin #'s. This information is then sent to a central storage server where it can be sold on the dark internet or used by the attackers for nefarious purposes. The most famous examples of this (that I'm aware of) are Target, Home Depot and GE Money (J.C. Penney & co).

Phishing Attacks are, but aren't limited to, when you receive an authentic looking email from a bank such as Wells Fargo. The emails suggest that there is a problem with your account information and that you must log on to a website in order to verify and update your information. The link in the email takes you, however, to a fake website designed to look like Wells Fargo, and the information you provide to the attackers (typically things like your DOB, Mothers Maiden Name, Social Security, Debit Card Number, Pin) can be used to either open lines of credit in your name or to perform an account take over (ATO, meaning they take control of your card and your account)



3) solutions for avoiding fraud
>I won't go in to much detail here but this is what I normally told my clients:
- If you think your card is compromised, replace it. Banks generally don't charge a fee to replace your card if you believe that it has been compromised. In fact, some banks enforce a card expiration policy on their debit cards, which will make them invalid after a certain period of time.
- Change your PIN number regularly. Although you might think that people aren't seeing your pin when you hold your hands over the keypad, believe me, there could be someone on the other end of the internet just sweating at the fact that they're about to get another high balance bank account. PINs such as 1234, 0000 and parts of your birthday generally aren't good choices for PINs.
- Don't give your information out to anyone, and especially people who call you. You may think that the bank is calling you to inform of some unauthorized activity, but scam artists can and have used this method to obtain your card information in the past. Tell the person that you're calling back to speak with their department directly, and call the customer service number on the back of your card for good measure. That way, you know you're speaking with the real McCoy.
- When you swipe your card, be aware of your surroundings. I know that it sounds crazy, but there are still people out there that compromise debit/credit terminals by installing card skimmers. If the machine you're using looks tampered with, inform the cashier and ask them to speak with their manager. It's never a bad thing to speak up, and most store owners will thank you for bringing it to their attention.

Finally, and most importantly, DO NOT SHOP ON SHADY WEBSITES. I know you might want to get that highly discounted video game for $20, but those attackers also want to get their thieving hands on your personal information too. Sites like Amazon and eBay are usually your safest choices for making online purposes of general merchandise, but CheapDiscountVideoGames2016.scam are just out there to get your money. Oh, and this should go without saying: Run a respectable anti-malware solution and keep the definitions up to date. You never know what you'll run into out on the internet.

This is by no means a complete list of ways to get frauded or ways to prevent fraud, but all of this information is based on my own first hand experience from the perspective of a person working in loss prevention. You might have your own ways of doing the whole security thing, and if you do-- Keep doing what you do.

Cheers!

 

[MysticSlayer]

1) have any of the members of the escapist been a victim of this type of fraud?

Personally, no. However, my parents have been affected, which indirectly affects me.

2) what do you think are the major causes of being a victim of fraud?
(Ex: online banking with unsecure internet/public internet?)

In my mom's case, she just fell victim to online scams. I'd imagine that that is the most common.

My dad, however, had some of the important details (card number, security code, etc.) stolen by a waiter at some Mexican restaurant around here. I guess that waiter gave off a lot of bad signs, but my dad still didn't expect him to steal credit card info. Either way, it was enough to prompt him to seek a different Mexican restaurant to eat at whenever he wanted it.

I guess some other common problems would be false websites, stolen cards, insecure connections, and hacked databases.

3) solutions for avoiding fraud

Stick to respectable sites, ensure each site is genuine (a good browser will help with this), keep up with news of any new security problems with stores you've shopped at, make sure your connection to sites uses HTTPS (again, a good browser helps), and don't use your card when on a public network.

 

[Kinokohatake]

I work for a large bank. We do deal with a lot of fraud on a daily basis from our customers. And as much as the internet has enabled people to just throw their information out there, even little things can do it. Whenever you go to a restaurant you give your card to a waiter or waitress who doesn't get paid a whole lot, and you have no idea if she is using your information or selling it. I have several accounts set up, and at the restaurant or movie theater or grocery store I will transfer over roughly what I need to make a purchase to my spend account. And I made sure on that spend account that I opted out of over draft coverage, that way if someone gets a hold of my information I don't have to deal with the overdraft fees.