kwselke
Member
I now feel up to writing about this hacking of one of my bank accounts prior to Hurricane Harvey striking Texas. This occurred to my credit union checking account. I have other accounts at the credit union as well as accounts at a large commercial bank.
A Visa Debit Card is connected to the savings and check accounts at the credit union. The card is equipped with the EMV encryption chip. I use it as an ATM card to get cash, and use cash or a credit card for transactions.
Prepping for the imminent landfall of Hurricane Harvey, about 2:30 PM on 8/23/17 I went to a neighborhood pharmacy to use their fee free ATM to get some extra cash. I logged into the ATM and tried to make a cash withdrawal. This was the first time since 8/1/17 that I had used the debit card. The machine replied that it was unable to dispense cash at that time. I thought nothing of it. The following morning (8/24/17) I routed my normal morning walk to include a branch of my credit union and got cash there at their 24 hour ATM. I was away from home until lunchtime and then I found a message on my answering machine from my credit union asking to call about the possible fraudulent use of my debit card.
I called the number left and got an automated system which asked me to confirm that I had made a $203.95 declined ATM withdrawal at 7:30 AM from a Valero Corner Store that morning. I pressed the number 2, for NOT ME! The machine replied with, your debit card ending in #### has been restricted, please contact Customer Service at 800-###-####.
I think, uh oh! If they rejected a $200 withdrawal maybe there are others. I logged into my account online and sure enough there was my withdrawal at 5:30 that morning followed by a withdrawal of $403.95, then a withdrawal of $303.95, and the third fraudulent attempt was rejected.
I called the 800 number and talked to them. The nice lady said that I could file a claim online and pick up a new card at a branch tomorrow or next week. I said, you must be in a call center somewhere outside of southeast Texas? She said, that's right I'm in Michigan. I said there is a hurricane coming and it may be a week or two before I can get out or the branches around here open again.
So, off I go to my local credit union branch. The manager there was wonderful. I told her my story, showed my ID, gave her a printout of my checking account and said... this one this morning was me, these other two today off Wilcrest Dr. are not me. I handed over the one and only legitimate debit card ending in ####, straight out of my wallet. She said... wow, this was not lost or stolen, it was cloned. I said, and they got my PIN which is not written down anywhere.
I swore an affidavit to the two fraudulent withdrawals. A new Visa debit card was immediately issued to me. Harvey hit on Friday 8/25/17. The stolen funds were restored to my account on Monday 8/28/17.
I talked to a cousin who knows a great deal about these issues and who works for a major bank dealing with them. The EMV encryption chip on a credit/debit card cannot be cloned. The magnetic stripe on the EMV card can be cloned. Coded on the stripe is a message that this is a chip card, which should force the card reader to require the insertion of the chip to complete the transaction if the machine is EMV capable. I find it hard to believe that anyone is still using magnetic strip technology. As my cousin pointed out, the owner of an ATM that did not have EMV chip capability generally has to pay the bill for fraudulent transactions that could have been prevented by the chip if a chip card was used, so non-EMV chip machines should vanish at a faster and faster rate.
This is a true story that happened to me, not a rant. Yes, it does happen. Cover your hand when you enter your PIN, even if there is a cover on the machine.
A Visa Debit Card is connected to the savings and check accounts at the credit union. The card is equipped with the EMV encryption chip. I use it as an ATM card to get cash, and use cash or a credit card for transactions.
Prepping for the imminent landfall of Hurricane Harvey, about 2:30 PM on 8/23/17 I went to a neighborhood pharmacy to use their fee free ATM to get some extra cash. I logged into the ATM and tried to make a cash withdrawal. This was the first time since 8/1/17 that I had used the debit card. The machine replied that it was unable to dispense cash at that time. I thought nothing of it. The following morning (8/24/17) I routed my normal morning walk to include a branch of my credit union and got cash there at their 24 hour ATM. I was away from home until lunchtime and then I found a message on my answering machine from my credit union asking to call about the possible fraudulent use of my debit card.
I called the number left and got an automated system which asked me to confirm that I had made a $203.95 declined ATM withdrawal at 7:30 AM from a Valero Corner Store that morning. I pressed the number 2, for NOT ME! The machine replied with, your debit card ending in #### has been restricted, please contact Customer Service at 800-###-####.
I think, uh oh! If they rejected a $200 withdrawal maybe there are others. I logged into my account online and sure enough there was my withdrawal at 5:30 that morning followed by a withdrawal of $403.95, then a withdrawal of $303.95, and the third fraudulent attempt was rejected.
I called the 800 number and talked to them. The nice lady said that I could file a claim online and pick up a new card at a branch tomorrow or next week. I said, you must be in a call center somewhere outside of southeast Texas? She said, that's right I'm in Michigan. I said there is a hurricane coming and it may be a week or two before I can get out or the branches around here open again.
So, off I go to my local credit union branch. The manager there was wonderful. I told her my story, showed my ID, gave her a printout of my checking account and said... this one this morning was me, these other two today off Wilcrest Dr. are not me. I handed over the one and only legitimate debit card ending in ####, straight out of my wallet. She said... wow, this was not lost or stolen, it was cloned. I said, and they got my PIN which is not written down anywhere.
I swore an affidavit to the two fraudulent withdrawals. A new Visa debit card was immediately issued to me. Harvey hit on Friday 8/25/17. The stolen funds were restored to my account on Monday 8/28/17.
I talked to a cousin who knows a great deal about these issues and who works for a major bank dealing with them. The EMV encryption chip on a credit/debit card cannot be cloned. The magnetic stripe on the EMV card can be cloned. Coded on the stripe is a message that this is a chip card, which should force the card reader to require the insertion of the chip to complete the transaction if the machine is EMV capable. I find it hard to believe that anyone is still using magnetic strip technology. As my cousin pointed out, the owner of an ATM that did not have EMV chip capability generally has to pay the bill for fraudulent transactions that could have been prevented by the chip if a chip card was used, so non-EMV chip machines should vanish at a faster and faster rate.
This is a true story that happened to me, not a rant. Yes, it does happen. Cover your hand when you enter your PIN, even if there is a cover on the machine.
