If I had my way, the people who steal plastic card numbers would be subjected to extreme and inhumane discomfort—like being strapped to a chair and forced to watch a television that gets only one channel, such as C-SPAN.
This thought came to mind during my credit union’s latest card compromise. After a lull last year, our phones recently began ringing off the hook.
People were discovering large withdrawals through out-of-state gasoline stations. Actually, they would have been perfectly legitimate if most of our members drove 18-wheelers from coast to coast.
But they don’t, so we quickly realized we had been victimized by a major skimming operation. The cards were full-on duplicates, including magnetic stripes and personal identification numbers. A quick call to other banks and credit unions told us this was a problem for them, too.
The source, however, wasn’t readily apparent. First, we looked back 30 days, then 60, and even 90. No pattern. It was only after going back six months that we found the culprit: a compromised gas station in town.
We attacked the challenge with everything in our toolkit—incense, a small shrine, and a few chants. Within a week, the flood had diminished to a trickle, but not before fraying both our nerves and our fraud budget.
Insurance was little help as our insurance firm recently raised our deductible from “huge” to “astronomical,” apparently in an attempt to maintain the use of fresh linens for its daily executive luncheon.
Even finding the perpetrators was an impossible task. They’d vanished into thin air faster than Rick Perry’s presidential campaign.
With card fraud so lucrative, it’s no wonder it draws bad guys, just like politicians to a fund-raiser. And as financial institutions, we bear the brunt of the cost, primarily due to MasterCard and Visa “0% Liability” pledges (also referred to as “duck and run” coverage).
In response to our plight, both major card firms have introduced plans to migrate to Europay, MasterCard, and Visa (EMV) chips. EMV is a replacement for the magnetic stripes currently used on most cards.
When an EMV card is scanned, the merchant’s terminal reads data from the chip, accesses the member’s Facebook account, and places a note on his or her Facebook timeline, such as, “Hey, I just bought a one-year supply of Weight Watchers lasagna!”
All in the blink of an eye.
Actually, the EMV does protect against skimming attacks, as it takes considerable equipment to successfully copy a computer chip. Now,
I hate to throw cold water on a new technology that has been proven by Europeans, but rumor has it Greece put its entire deficit on an EMV-equipped credit card and has been paying the overlimit fee for months.
Just kidding! But the initial EMV cards issued in the U.S. will have one critical flaw: The magnetic stripe.
Didn’t I say EMV was a “replacement”? I did, but unfortunately few merchants have the equipment needed to actually read EMV chips. As such, issuers are mandated to include both the EMV chip and the magnetic stripe on their cards—thus turning a $1 investment into a $4 liability (and you thought only Congress had that power).
Oh, and don’t forget “card not present” fraud. EMV doesn’t help when the physical card isn’t part of the transaction.
Of course, Visa and MasterCard have instructed merchants that the new EMV standards will be in force by…oh well, “one of these days.”
So fear not: Things could be worse. We could be stuck watching reruns of old political debates.
JAMES COLLINS is chief financial officer at O Bee CU, Tumwater, Wash. Contact him at 360-943-0740.