Scam of the day – December 5, 2012 – New debit card danger developments

As I have repeatedly said, debit cards are a dangerous way to shop because unlike credit cards which carry a potential liability of no more than $50 for fraudulent purchases made using your credit card, if your debit card security is compromised and your discovery of the breach of your security is delayed. you risk losing all of the money in the bank account connected to your debit card.  As more companies have become better at protecting the credit card data and debit card data including PINs that are found on the companies’ computers through encryption and other security measures, the weak link now more and more being exposed by identity thieves is the point of sale (POS) terminals that many companies use that is found at the checkout counter.  We are all familiar with these small machines through which we swipe our credit or debit card rather than giving our card to the clerk to run through the cash register’s credit or debit card processor.  Unfortunately, many stores, including most recently Barnes & Noble as I described in my Scam of the Day on October 25, 2012 have not taken the steps necessary to protect the security of these devices which in many stores have been manipulated to provide credit card and debit card information including PINs to identity thieves.  In some instances, the identity thieves have posed as repairemen to alter these credit and debit card terminals in order to get access to the information contained therein.  Debit cards in particular present a substantial problem because once the identity thief has the card number and PIN, it is a relatively easy task to create a phony debit card that can be used at any ATM to empty the victim’s account.


Don’t use your debit card for shopping.  The risk is just too great.  Limit its use to getting cash from an ATM.  Additionally, if you are shopping with either a credit card or a debit card (and not following my advice) don’t use the POS terminals, but rather ask the clerk to run your card through his or her cash register’s credit card terminal.  Your security is improved as the cash register’s information is generally protected better by most companies.

Scam of the day – October 25, 2012 – Barnes and Noble data breach

Barnes and Nobles on Tuesday announced that it had suffered a data breach in stores in California, Florida, New York, New Jersey, Rhode Island, Connecticut, Massachusetts, Illinois and Pennsylvania.  The data breach was traced back to PIN pad devices used by customers at the cash registers to pay for their purchases through the use of either debit cards or credit cards.  Even if you have not shopped in a Barnes and Noble store recently, the lessons to be learned from this hacking are important.  Although the case is still being investigated, it appears that one PIN pad device in each of the affected stores was tampered with such that the hackers were able to retrieve the information and use it for identity theft purposes.  The tampering could have been done by identity thieves either with the assistance of a rogue employee or by hackers who managed to get unwary employees to click on a link that installed malware.


If you used a debit card at a Barnes and Noble store within the last few months, you should change your PIN and carefully monitor your account.  If you used a credit card, you should also monitor your monthly credit card statements to make sure that there are no unauthorized charges.  Debit cards are a particularly dangerous way to shop because unlike credit cards, the law does not limit your liability to $50 of unauthorized charges.  In fact, if you fail to report the breach of your security for a debit card for more than 60 days after the breach, you could potentially lose all of the money in your checking account without recourse.  And even if you do promptly report a breach of your debit card security promptly, your account may be frozen while the situation is investigated by your bank.  A good piece of advice to anyone using a credit card or debit card to make store purchases is to have the clerk swipe the card thorugh the register.  As with the Barnes and Noble data breach, increasingly identity thieves are accessing the PIN pad devices to get your information.  Having your card swiped directly through the register is somewhat safer.