Posted by: David Scott
ATM cards, ATM machines, bank breach, bank card breach, bank card data, bank card security, bank cards, bank fraud, bank PIN numbers, bank security, credit card, credit card breach, credit card data, financial institution, financial institution security, financial security, financial system, PIN numbers, US mail
An interesting thing happened to me on the way back from my mailbox the other day.
But first: I had a debit card that was getting increasingly difficult to use. The magnetic stripe on the back had a scratch on it, and I often had to swipe it three or four times to get it to read. So, I called the bank and requested a new one. I haven’t had to replace a card in a long, long time. I figured the new one would come with instructions to call a number for “activation.”
Interestingly (well, at least to me), when the card showed up, the accompanying letter made no mention of any need for activation. It did take care to tell me the card could be used at “millions of Visa ® merchant locations.” It talked about “free access to cash” at qualifying ATMs. Further, the letter was so helpful in telling any recipient that $300 cash was available each day, as was $1,500 in purchases.
Representing the most help, perhaps (particularly for thieves), was this informative sticker on the card itself! [Capitalization is exactly as on the sticker] –
This debit card works at all Visa merchant locations.
Press the CREDIT button and DO NOT INPUT YOUR PIN.
Funds will be deducted from your checking account
and there will be no transaction fee.
It really is nice not to have to fuss with a PIN. But here, we’re at a point of diminishing return: By making the card easier to use for the consumer, we’re also opening a very insecure avenue, yielding a breach potential: Unauthorized use of the card for THEFT. [Those caps are all mine].
The letter had a 1-800 customer service number and I called it. I wanted to confirm that the card was ready to use, absent any proactive activation on my part. The representative confirmed two things: 1) The card was ready to use, and 2) that, upon my direct query, the card indeed had been ready all along, as delivered to my mailbox.
Couple worrisome things here. There have been times, not too often but more than a few, where my neighbor’s mail has been delivered to my mailbox. In fact, this has happened at several addresses I’ve had over the years. I’m sure there has been mail of mine delivered elsewhere – in fact, I remember people walking stuff over here and there.
In the event this card had been placed in the wrong mailbox, there is the possibility that someone would be tempted to take the card and use it. The envelopes for these cards do not disguise the fact that they contain a card – you can readily feel a card just by picking up the envelope. Consider too that someone could tear an envelope open without noticing it’s meant for someone else (in fact, I’ve done it). Once open, there’s a nice sticker advertising the fact that you hold free money in your hand.
Of course, with all of the surveillance systems today, it would be distinctly unwise to use someone else’s card without authorization. But that doesn’t preclude kids, or stupid people, or even someone adopting a disguise and walking up to a machine, from gaining some ready cash… from… you.
I don’t like it. What do you think? Aren’t we supposed to be getting tighter as regards security?
Also, keep this in mind: Removing the need to call and authorize/activate a card takes a bit of a burden off the financial institution. But… presumably any burden regarding security is something a bank is precisely supposed to be offering.
Call it a service. :^ )
On this day: In 1836, U.S. Patent #1 is granted for locomotive wheels (after 9,957 unnumbered patents).