I had my debit card skimmed at a local gas station in October. Within a couple hours, it was being used at stores in Los Angeles. I live a 3+ hour drive from LA so there's no way the skimmer/data was physically taken down there–the data had to have been transferred (cell?) to someone down there pretty quickly.
My card was used at a restaurant and a few different stores, but several times per store. Total amount charged was about $2K. All purchases were < $100 and most purchases were for very even amounts at drug stores. Based on research, this is because buying gift cards is a favorite use of stolen cards. Gift cards can be turned into cash online for about 75-85 cents on the dollar.
Chase was very good about freezing the card and crediting back all the fraudulent charges.
TIPS:
- Use cash or a gas card for gas OR at the very least, use a pump close to the cashier
- Debit cards have a reputation for having less protection than credit cards. At least at Chase, this is no longer true. Chase has zero-liability for unauthorized debit card purchases [1]
- Check your online banking often
- Don't rely on your bank's automated fraud detection. Most alerts I've received from Chase have been false positives (legitimate purchases while traveling).
I don't know why people swipe debit cards. If that account get stolen, that's your hard cash that's going to be taken.
Imagine if someone steals your debit card number and you did not find out about it for a week. By then you could miss your next rent payment because you don't have available funds in your account.
At least with a credit card, you have a full statement period to clean things up.
My guess is there's a significant chunk of the population who, like me, simply don't own any credit cards. A quick search puts it around 25-30% of the US population. People do it for various reasons (don't qualify, don't believe in using them, etc.).
Debit cards are a convenient tool for these people.
If you use your debit card as credit, you get the same protection as a Visa/Mastercard credit card. Merchants and POS systems will generally steer you toward using it as debit (i.e. with PIN) because it's cheaper for them. If you feel bad about increased costs for merchants, use cash.
[I realize the parent didn't indicate that they themselves were in the "no credit card" camp, just thought it might be helpful information for someone].
You may get the same protection, but the debit card protection comes after you've lost the money from your checking/savings account. After checks may have bounced.
In general, I try and make all of my purchases on one credit card, and only use my debit card for withdrawing cash at atm's. That way I only have to monitor one account for fraudulent activity. Where this breaks down, is a lot of the discount/cheaper gas stations will only accept cash or debit. Also, the magnetic stripe seems to wear down pretty fast on my cards, which means I often have to use my debit card when the credit card isn't swiping. I agree though, get a credit card (preferably with rewards, mine does 1% cash back) and use that for all of your purchases.
I've also had plenty of false positives, but my bank (Bank Of America) has caught multiple actual fraudulent charges. It's easy to hate on big banks and big data and the loss of privacy, but it's pretty cool when your bank calls you up and says "We don't think that was you buying skateboards and polo shirts in Eastern Europe."
I have had this happen a couple time. I got a call one Saturday morning asking about 3 recent charges, including a Men's Warehouse in Waikiki.
My response: "You are calling me at my California home number. I WISH I were in Waikiki right now. How about you reverse everything today and send me a new card in the mail?"
That reminded me of one false positive that may be of interest to the HN community:
I was buying a custom-made suit at Indochino's "traveling tailor" event. It was at a pop-up storefront in Seattle (where I live) but my bank thought their mobile point-of-sale card processing system was in Vancouver, BC and declined the transaction until I explained to them what happened.
I live in a sort of love/hate relationship with BoA's fraud-detection system.
On the one hand, I had a number genuinely stolen a while back in the PSN hack, and a case where someone tried to use my debit card in a hotel in Tennessee. In both cases, I got a phone call almost immediately, was out zero dollars and had a new debit card number within 24 hours.
On the other hand, I travel a lot. Emphasis on a lot. And I have begun simply planning trips around the expectation that at least one of my BoA cards will be frozen every time I do so, because their systems don't seem to actually work off usage patterns. Instead, use of the card beyond a certain mileage radius from home address triggers a fraud alert. So even though quite a bit of my travel is to a small number of cities, I still have to deal with occasional random fraud alerts freezing my cards (example: I've been to Washington, DC around six times in the past year. Despite that -- and despite making the booking in advance, including the card number -- I still had one of my cards frozen when trying to check into a hotel there a while back).
Their customer service people have confirmed that it's just mileage radius, and anecdotally it seems that the radius is around 600 miles (I am based near Kansas City, and can safely use BoA cards in Denver and Chicago, but has a problem once in Austin, IIRC). Which probably makes sense for most people, but I am more than 600 miles from home at least a couple times every month. And there seems to be nothing for it aside from calling their fraud-prevention department every time I'm about to go somewhere, which is equally impractical.
For what it's worth, I found out that you can inform BofA about your travel plans via online banking. A lot faster than calling the fraud prevention line.
I don't know of any bank that don't offer this now. As part of FDIC Regulation E, the cap on consumer liability for credit card fraud is a max of $50 [1]. For most banks, it costs them more than that to try to get that from the consumers .
The reason why people say that debit cards are safer than credit is because credit card provides a buffer to your bank account. If there is fraud, you still have the cash while the fraud is investigated. With debit, you are out the cash until the fraud is reported.
[1]
http://www.fdic.gov/regulations/laws/rules/6500-1350.html
____________________________
(a) UNAUTHORIZED ELECTRONIC FUND TRANSFERS; LIMIT.--A consumer shall be liable for any unauthorized electronic fund transfer involving the account of such consumer only if the card or other means of access utilized for such transfer was an accepted card or other means of access and if the issuer of such card, code, or other means of access has provided a means whereby the user of such card, code, or other means of access can be identified as the person authorized to use it, such as by signature, photograph, or fingerprint or by electronic or mechanical confirmation. In no event, however, shall a consumer's liability for an unauthorized transfer exceed the lesser of--
(1) $50; or
(2) the amount of money or value of property or services obtained in such unauthorized electronic fund transfer prior to the time the financial institution is notified
____________________________
This is not true for debit cards. You skipped the next paragraph, which provides exemptions that mean you have unlimited liability if you don't report a problem within 60 days, or $500 liability if you don't report a lost card within two days.
Same link, one paragraph down:
"Notwithstanding the foregoing, reimbursement need not be made to the consumer for losses the financial institution establishes would not have occurred but for the failure of the consumer to report within sixty days of transmittal of the statement (or in extenuating circumstances such as extended travel or hospitalization, within a reasonable time under the circumstances) any unauthorized electronic fund transfer or account error which appears on the periodic statement provided to the consumer under section 906. In addition, reimbursement need not be made to the consumer for losses which the financial institution establishes would not have occurred but for the failure of the consumer to report any loss or theft of a card or other means of access within two business days after the consumer learns of the loss or theft (or in extenuating circumstances such as extended travel or hospitalization, within a longer period which is reasonable under the circumstances), but the consumer's liability under this subsection in any such case may not exceed a total of $500, or the amount of unauthorized electronic fund transfers which occur following the close of two business days (or such longer period) after the consumer learns of the loss or theft but prior to notice to the financial institution under this subsection, whichever is less."
Read the fine print (it's not provided at that link, that link says "Certain limitations apply. See deposit account agreement.") They literally give themselves an out if you have given your card number "to someone else". It's mighty hard to use a card without giving your number to someone else, so the protection policy could be interpreted to be utterly meaningless and it will be up to an arbitrator what "or ... someone else" means if you have a disagreement about this with your bank.
Debit cards do not have "a reputation" for having less protection in America. Debit cards do have less protection in America. With a credit card, you can lose $50. With a debit card, you can lose all of the money in your account and in all accounts linked to that account.
Chase has a policy of advertising zero-liability for debit cards. The US government has a federal law requiring $0 to $50 liability for credit cards ($50 if you lost the physical card and didn't report it before it's used, $0 otherwise). The US government has a federal law requiring tiered liability for debit cards depending on how fast you report a theft and providing no protection after 60 days. [1]
Meanwhile, bank policies may appear to offer better than federal law requires for debit cards, but in practice the fine print can ruin you, and it's up to the bank whether you get protected under their policy since it's not federal law, and at best you get arbitration to settle a dispute not a court.
See, for example, the exceptions Chase gives themselves in their 'zero liability' [2] & [3]:
"If your Card is lost or stolen, or your Card number is used without your authorization, if you notify us promptly, you are not liable for any unauthorized transactions, including transactions made at merchants, over the telephone, at ATMs, or on the Internet.
However, these special provisions do not apply where you were grossly negligent or fraudulent in the handling of your account or Card, where you have given someone else your Card, Card number, or PIN, or where you delay reporting unauthorized transactions for more than 60 days."
"You must provide us with all information we need to investigate the alleged error or item. You must also file any police reports and provide any supporting affidavits and testimony we reasonably request.
If
you do not comply with the requirements above, we are not required to reimburse you for any claimed loss, and you cannot bring any legal claim against us in any way related to the item or errors.
"You must notify us in writing within 30 days after we mail a statement or otherwise make a statement available (for example, paperless statements) if . . . An item that you did not authorize or that is altered is listed on the statement ... You must provide us with all information we need to investigate the alleged error or item. You must also file any police reports and provide any supporting affidavits and testimony we reasonably request.
If you do not comply with the requirements above, we are not required to reimburse you for any claimed loss, and you cannot bring any legal claim against us in any way related to the item or errors."
> They literally give themselves an out if you have given your card number "to someone else". It's mighty hard to use a card without giving your number to someone else, so the protection policy could be interpreted to be utterly meaningless and it will be up to an arbitrator what "or ... someone else" means if you have a disagreement about this with your bank.
Do you have any record of any credit card company trying to take that perceived out, ever?
It would be a strange thing for them to do, since they don't eat the costs of fraud anyway (the merchants do).
>so the protection policy could be interpreted to be utterly meaningless and it will be up to an arbitrator what "or ... someone else" means if you have a disagreement about this with your bank.
What?
I have contested charges on a debit card before. You don't go anywhere near having an arbitrator. You call them and explain the situation, they mail you an affidavit, you mail it back, money reappears.
These aren't theoretical/untested waters. People file chargebacks on debit cards all the time. The only downside (compared to credit cards) is that the money has left your possession until the bank puts it back (rather than you refusing to pay the charge until it goes away).
> Debit cards have a reputation for having less protection than credit cards. At least at Chase, this is no longer true. Chase has zero-liability for unauthorized debit card purchases
Yes, but it may be a couple of very stress filled weeks until you get your money back. It'll be even worse if you don't have cash elsewhere, or credit cards you can use for everything in the meantime. If you're one of the people who only have a debit card, well, you're screwed.
The reason a credit card offers higher protection is that the money never actually leaves your possession. Once you have contested a charge, you can short the bill by the amount of the charge and you won't be responsible for interest unless you "lose" the chargeback.
Whereas with a debit card, the money has effectively disappeared from your checking account until the chargeback process completes.
I had my debit card skimmed at a local gas station in October. Within a couple hours, it was being used at stores in Los Angeles. I live a 3+ hour drive from LA so there's no way the skimmer/data was physically taken down there–the data had to have been transferred (cell?) to someone down there pretty quickly.
My card was used at a restaurant and a few different stores, but several times per store. Total amount charged was about $2K. All purchases were < $100 and most purchases were for very even amounts at drug stores. Based on research, this is because buying gift cards is a favorite use of stolen cards. Gift cards can be turned into cash online for about 75-85 cents on the dollar.
Chase was very good about freezing the card and crediting back all the fraudulent charges.
TIPS:
- Use cash or a gas card for gas OR at the very least, use a pump close to the cashier
- Debit cards have a reputation for having less protection than credit cards. At least at Chase, this is no longer true. Chase has zero-liability for unauthorized debit card purchases [1]
- Check your online banking often
- Don't rely on your bank's automated fraud detection. Most alerts I've received from Chase have been false positives (legitimate purchases while traveling).
[1] https://www.chase.com/checking/debit-cards