Scam of the day – October 29, 2017 – Twelve people indicted in gas pump skimmer scam

The U.S. Attorney’s Office for the Northern District of Ohio recently announced the indictment of twelve people alleged to have installed skimmers at gas pumps in Ohio, Colorado, Maryland and Utah in order to steal credit card information used to create phony credit cards with which they made fraudulent purchases.

Skimmers are small electronic devices that are easily installed by an identity thief on gas pumps,  ATMs and other card reading devices.  The skimmer steals all of the information from old style magnetic strip credit card or debit cards which then enables the identity thief to use that information to access the victim’s bank account when the skimmer is used on a debit card.  If a credit card is used, the identity thief can use the stolen information to access the victim’s credit card account.  Each skimmer can hold information on as many as 2,400 cards.

MasterCard and Visa announced in December of 2016 that the deadline for the installation of EMV chip card readers on gas pumps was being delayed three years to October 1, 2020.  Credit card rules required EMV smart chip credit card equipment be installed by retailers to process these cards by October 1, 2015 in order for the retailer to avoid liability.   Wider implementation of the use of EMV chip cards at retailers has resulted in a dramatic reduction in data breaches and credit card fraud at retailers using this equipment.   The deadline for the installation of EMV chip card readers at gas pumps was originally scheduled for October 1, 2017.  Around the country there has been an increase in the use of skimmers installed by criminals at gas pumps.


Always look for signs of tampering on any machine you use to swipe your credit card or debit card.  If the card inserting mechanism appears loose or in any other way tampered, don’t use it.   Debit cards, when compromised through a skimmer put the customers at risk of having the bank accounts tied to their cards entirely emptied if the theft is not promptly reported and even if the victim reports the theft immediately, the victim loses access to his or her bank account while the matter is investigated by the bank. Debit cards should not be used for purchases at gas pumps or for other retail purchases because the legal liability laws related to stolen debit card information are not as protective to consumers as the laws relating to fraudulent credit card use.

August 13, 2016 – Steve Weisman’s latest column from USA Today

It has been ten months since the switch to the computer chip EMV credit cards was mandated for credit card issuers and merchants in order to avoid liability for fraudulent charges yet many stores still haven’t made the change.  Here is a link to my latest column for USA Today in which I explain what is going on and what it means to all of us as consumers.

Scam of the day – April 12, 2016 – Progress of switch to smart chip credit cards

Many of you may remember that the apparent deadline for credit card companies to issue new EMV chip credit cards to replace the old style magnetic strip credit cards and for merchants to install new card processing equipment to handle those transactions was October 1, 2015, yet here we are in April of 2016 and according to a recent study by CardHub only 33% of retailers have upgraded at least 90% of their payment terminals.  In addition 30% of American consumers still have not been issued an EMV chip card.  There are many reasons for this failure of both credit card companies and merchants to adhere to the new regulations pertaining to EMV cards, but most prominent is that the deadline date of October 1, 2015 was not a date by which credit card companies and merchants were required to create and use the EMV cards respectively, but rather a date, after which, the credit card companies and merchants failing to create and use the new EMV cards would merely have greater risk of liability in the event of credit card fraud.

EMV stands for Europay, MasterCard and Visa, the companies that created the credit cards with a computer chip that generate a unique, randomly generated token for each transaction thus making the kind of massive data breaches and credit card fraud that we saw in the Target data breach in 2013 all but impossible to achieve.  The rest of the world has been using EMV cards for many years, but the United States, until recently continued to use the old technology of credit cards with magnetic strips on the back that contained account information that was extremely vulnerable to theft through skimmers on processing equipment or data breaches at merchants.


The EMV card is not a panacea by any means to protect us from credit card fraud.  The EMV card offers no protection from online credit card fraud where the chip is not used.  In addition, the EMV cards in the United States generally are tied to a signature for verification rather than the more secure use of a PIN which is what the rest of the world does to authenticate use of the card. However, the EMV card still represents a major step forward in the battle against credit card fraud in the United States.  If you do not have an EMV card yet, you should demand one from your credit card company.  You should also encourage the merchants with which you do business to switch over their processing equipment to the new EMV equipment.

Scam of the day – March 11, 2016 – Possible Home Depot data breach settlement

A tentative settlement has been reached between Home Depot and the 56 million victims of its massive data breach which occurred between April and September of 2014.  The proposed settlement provides for a 13 million dollar fund to reimburse victims for out of pocket losses incurred  with an additional 6.5 million dollars being set aside for legal fees and other related expenses.  Shortly after the data breach, Home Depot announced that it would provide a year’s free credit monitoring through security company All Clear ID.  The offer was made to Home Depot customers who used their credit or debit cards at Home Depot between April 1, 2014 and September 9, 2014.  The proposed settlement of the class action brought by victims of the data breach must be approved by the judge overseeing the case.

Similar to the major data breach at Target which occurred a year earlier, Home Depot’s computers and credit card processing equipment was hacked when a third party party vendor’s computers were hacked thereby enabling the hackers to steal the passwords necessary for the third party vendor’s to access Home Depot’s computers.  As an additional part of the settlement Home Depot committed to make greater efforts at data security.


As further developments in this settlement occur, I will inform you of those developments so if you were a victim of the Home Depot data breach, I will let you know what to do.  As for all of us, even if we were not a victim of this particular data breach, it is important to remember that we are only as safe as the places with which we do business that have the weakest security.  Greater implementation of EMV smart chip credit cards will reduce the effects of data breaches aimed at gaining credit card and debit card information, but many stores still have not shifted over to the new equipment required to process EMV smart chip credit cards.

Also, do not use your debit card for retail purchases.  Limit its use to ATMs.  There are strong laws to protect you from fraudulent use of your credit card, but the laws protecting you from liability in the event of fraudulent use of your debit card are not strong and you potentially risk losing your entire bank account to which the card is attached.  In addition, even if you report the fraudulent use of your debit card immediately, your bank will freeze your account while it investigates the breach which can be very inconvenient if you need immediate cash or have bills automatically paid from your account.

Scam of the day – July 5, 2015 – Trump hotel chain hacked

Donald Trump seems to be constantly in the news these days.  Whether it is for declaring his candidacy for President of the United States or for making inflammatory comments, Trump is omnipresent in the media.  However, the latest Trump news event is not one with which he must be pleased.  It has just been disclosed that the Trump Hotel Collection, which includes hotels in Chicago, Honolulu, Las Vegas, Los Angeles, Miami and New York has been hit with a Target-like credit card and debit card data breach that appears to have started at least as far back as February.  As with so many data breaches, it was discovered not by the company hacked but by credit and debit card processing banks that noticed a pattern of fraudulent use and traced the cards back to the Trump hotels.  This type of hacking and data breach is expected to happen again and again as companies still cling to the use of old fashioned credit and debit cards using magnetic strips rather than the more modern smart credit cards with computer chips that create a new one-time authorizing number each time the card is used.

Here is a link to a column I wrote for USA Today in September of 2014 in which I both described how these data breaches occurred and correctly predicted their continuing pattern.


There is little that we as credit and debit card users can do to protect ourselves from the security vulnerabilities of the companies with which you do business.  One important thing to do is to refrain from using your debit cards except in ATMs.  Using your debit card at retail establishments puts you at much greater risk of expensive identity theft in the event of a data breach at the company with which you are doing business because of weaker consumer protection laws regarding liability for fraudulent use of your debit card.  Although the deadline for companies being required to install smart credit card readers is months away, you should ask your credit card company for a replacement credit card with a computer chip now.  Some stores, most notably Wall Mart are already using the safer smart chip cards.  Whenever you can use the smart credit card, it is important to do so.