The Fraud Blog with Tracy Kitten

Account Takeover Pt. III: Back to Cash?

Account Takeover Pt. III: Back to Cash?

I made a decision this week about payment transactions and how I'm conducting them in the future. I'm going back to cash.

I'll bend the rule for the occasional credit purchase, of course, but I'm steering clear of debit. Don't get me wrong -- I like my debit card. With debit I can manage spending, get cash back at the POS, hit an ATM and earn points when I choose the signature-based option.

But it's a double-edged sword: That direct access to cash offers a link to all of the funds in my checking account. But if that card is stolen or the account breached by fraudsters, I watch all my funds disappear. It happened to me a couple of weeks ago. A classic case of personal account takeover, and it shook me on levels I am only just beginning to appreciate.

For one, I feel completely violated -- some entity just took a snapshot of my entire financial profile -- and I definitely do not feel comfortable using my debit card anywhere. I am even becoming fearful of the ATM -- a revelation that just hit me the other night.

Here's the scene: I have to make a run to the store and swing by the bank to deposit a check. So, what to do first? Should I get cash out, or just use my debit card to buy my groceries? I really hate to put a grocery bill on my credit card. So, I guess I'll hit the ATM first -- deposit that check and get some cash.

Now, I never used to think twice about depositing at the ATM, even when I had to make an envelope deposit. With the advent of imaged deposits, I have been even more gung-ho. But now I'm afraid.

As I'm debating with myself, it's too late to get cash at the branch, so I opt for the drive-through ATM. It has to be safer than the self-service POS terminal at the grocery store, right?

Sources this week have shared with me several stories of POS skimming and network hacks, and how both are growing at accelerated rates -- rates that will likely surpass ATM skimming in the near future. Mike Gervaif, an investigator with the Calgary, Alberta, Police Service in Canada, says skimming at the POS is a massive problem. "These guys steal a POS terminal from a Blockbuster, for example. They install a memory board and a Bluetooth inside, put an encrypted code in the compromised POS, so that they can activate this code and turn on the Bluetooth, and then they go to the store and switch it out with the terminal at the counter," he says. "From there, they just park the car within one to three kilometers of the store and use the Bluetooth to pick up all the transaction data and card numbers."

That does not make me feel comfortable.

Add to that another conversation I had this week with an IT/networking specialist about network vulnerability at restaurants, and I'm even more concerned about using my debit card at any merchant location. "Restaurants are the worst," he says. "Their networks are always wide open."

During the late '90s to mid-2000s, I read a lot about the inevitable global shift toward cashless societies. U.S. card issuers and payments processors put out study after study about increased debit card use and evaporating cash. By the end of the decade, we would all be using contactless cards, they suggested, and the cash-back option at the POS was going to cannibalize cash withdrawals at the ATM.

U.S. ATM operators balked at the idea -- not surprising. After the ATM explosion in the mid-90s, the U.S. quickly claimed the title as the largest ATM market in the world, with an estimated 450,000 deployments. The entire planet has about 1.8 million deployments.

Here was the U.S. ATM operators' argument: Cash is anonymous, it's convenient, and payments with cash are much faster than signature- or PIN-based POS transactions. And no need to worry about that cash-back option at the POS, they said. The payouts are capped, they require cardholders to buy something, and POS terminals are not accessible 24/7.

It's interesting how a handful of disruptive events over the last decade have supported those ATM operators' claims. 9/11, the global recession, differing international payment card technology such as EMV, and an increasing number of card-skimming attacks, online breaches and cybercrimes will push more people to cash.

Well, at least that's the impact all of those things have had on me. And since I consider myself to be like many consumers, I have to think a similar shift will occur for them as well.

I'd welcome a good counter-argument ...



About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.