Some time ago I went to buy a car. I shopped and found the perfect car for me. Set up the deal via the internet. All I had to do was go fill out the papers and drive off with my new (to me) car. The financing was all set up. I had cash in the bank, but decided to use my credit card to take advantage of a cash back program. My credit Union financed the purchase and issued a voucher to me for the whole amount, but I was planning on putting a couple thousand down on it.
All went according to plan until my credit card was denied. A quick call to find out the problem and the next thing I know I'm talking to bank security. They wanted to know if I had made a 7pm $35 purchase at my neighborhood Publix, two gas purchases one at 7:30pm for $112 followed up with another one at 7:45 for $137 at a gas station I never go to. They also wanted to know if I had made an 8pm $350 purchase at Walmart and a $1,200 one at Ross at 9:20pm. Yes, no, no, no and no.
The 9:20pm purchase triggered a freeze on my card (but I think it was the super rare and very high for me Walmart purchase that got the security department's attention). The call to my land line occurred when I was at the car dealership buying the car.
Sucked for me.
One evening I'm doing an expanded milk run and the next day, out of the blue I'm a credit card fraud victim. My card was duplicated, used to rack up $1799 of fraudulent purchases, frozen, closed, new account opened, over and done in less than 16 hours. I had new cards in less than 36 hours.
The credit card security department determined my credit card was skimmed at the Supermarket cash register. Luckily, the credit card company had a plan to close the account, issue a new card to me and overnight it to us. All this happened in less than 10 minutes while at the car dealership (who kindly gave me a private office to handle it). I was told I wouldn't be liable for the fraudulent charges if I would assist them in the investigation. Not a problem. The security rep told me that my card was likely skimmed at the grocery store's cash register where the card's information was likely transmitted via bluetooth (short distance) or GSM cellular to a remote location (across the street or miles away for that matter). I was told that unless I knew what to look for, chances are I wouldn't have noticed the skimmer and if the encrypted wireless authorization was hacked; I would never have seen it. I knew what to look for and I didn't see it.
I know about computer security. All my cards are kept in a protective case. I know that credit cards afford more protection than a debit card. The credit card issuer's assets are vulnerable and they monitor transactions for outliers. Debit cards are your assets. Thieves can drain your checking and attached savings account very quickly and bank security is far less interested in preserving your assets than theirs. Debit card issuers are far less likely to detect out of character spending and freeze debit cards. So, I'm doubly careful when using my debit card. I use all four fingers to punch in my PIN under cover to make snooping it more difficult. I check my transactions later in the day after using my debit card for sure and credit cards most of the time. I call my credit card company and tell them when I plan on doing a spending spree. I look at the card readers before sliding my cards and check for the duplicate plates, duplicate readers or an extra piece no matter how small that doesn't line up perfectly with the card reader. I wiggle them to see if a piece comes loose. I check for a clear plate installed over the touch screen. Check for any incontinuity on the card reader. When in doubt, I pay cash. What I don't check is to see if there's an extra inch long dongally, connector device put between the keyboard PS2 connector and the back of the cash register. That just isn't practical.
This little device is readily available at many stores and is a keystroke logger. It skims and stores credit card swipes and PIN number entries on a tiny memory chip like the one in your smart phone. A lot of them are purple, but black or grey paint can change that fast enough. A party of three or four come into the store to do an Ocean's Eleven ruse to scope out the hardware and install it. Then an Ocean's Twelve to retrieve the PS2 connector with the data. It halfway worked recently at Nordstrom's in the Aventura Mall. Security caught the installation on one cash register and they were found on 5 others and removed. This technology is somewhat obsolete as it requires retrieval. The skimmers that transmit the credit or debit card information via blue tooth or GSM cellular is "better" for the thieves. All they have to do is install it and read what comes in from a remote location and they never have to go back to retrieve the hardware. Done well, and there will be no usable fingerprints.
I know a couple Publix managers and a former police officer (who doesn't mind making a call now and then) who helped me follow up on my case of credit card theft. It turned out in my case that a bunch of cards from different credit card issuers had been skimmed at that store over several months off the same cash register with different cashiers. They suspected a store employee wasn't noticed when they had seamlessly installed a skimmer. Both the police and my credit card security rep were sure it was the recording kind, because inspection at the store yielded no skimmer devices. They concluded that the skimmer was unnoticeably removed once the thieves determined the store was considered a hot spot by police. There has been no traced skimmed cards from this store for months.
That experience has made me a bit more cautious with how I handle my financial transactions. The holiday spending season is here. Your best defense is vigilance. Be safe everyone. Use your credit and debit cards with care.
1:12 PM PT: Thanks for the rec list. I see we're hungry for a change of subject. I thought I'd be passed over for government shutdown or ACA diaries. Thanks for reading.