Debit Card Stolen, POS Fraud

tomas2819

I had my debit card stolen while abroad and there has been a significant amount of money taken from the card in POS transactions. I did not have my pin written down anywhere and had not used that particular card in weeks. The pin had no significance to anything in my life (important dates etc). I don't want to go into many specifics but I have done everything which is generally advised once one discovers a card has been stolen. The case is pending but I am reading conflicting reports online as to whether I will be covered or not, with the fact that the transactions were POS being the factor working against me. The bank is refusing to comment until the case is settled.

Can anybody help to clear this up as I am exceptionally worried right now.

Rasmus

How long had it been stolen before you reported it? (Assuming the date of the first transaction was the same as the date of theft).

murphaph

If the PIN was used (were you possibly shoulder surfed?) then you're probably screwed. If the transactions were authorised on fake signatures, you should be alright.

tomas2819

murphaph wrote: »

If the PIN was used (were you possibly shoulder surfed?) then you're probably screwed. If the transactions were authorised on fake signatures, you should be alright.

Hey Murph, like I said I had not used the card in weeks, I cannot see how I would have been shoulder surfed.

Interestingly, I was able to get in contact with one of the stores where one of the fraudulent transactions was made. They identified the transaction, said the perp could have used a pin or could not have used a pin, they cannot tell on their system (there it just says Visa), they should be able to tell by the CCTV but are sending that info to the police, not to me.

My bank has told me, with what seemed great authority, that a pin was used on all transactions. Can anybody tell me how accurately a bank could gauge this information? Especially in a foreign country that would not be on most Irish travelers initiatory.

Rasmus wrote: »

How long had it been stolen before you reported it? (Assuming the date of the first transaction was the same as the date of theft).

Hey Rasmus, I don't want to go into any unnecessary specifics while my case is still pending. I am fully aware of the implications of the various times when one reports a card missing. I however cannot find any consensus on the issues surrounding POS Pin Debit Card fraud. If somebody can help explain this to me I would be very grateful.

Atlantic Dawn

Check what country the card was frauduently used in, my guess is the US where no PIN number is required. If this is the case I would go down the route or complaining to them that their system is not secure in the US as your PIN was not used in the POS transactions.

BuffyBot

Hey Murph, like I said I had not used the card in weeks, I cannot see how I would have been shoulder surfed.

Card fraud can happen from minutes to months later.

They should be able to tell how the transaction was processed, yes.

Nervous Wreck

Atlantic Dawn wrote: »

Check what country the card was frauduently used in, my guess is the US where no PIN number is required. If this is the case I would go down the route or complaining to them that their system is not secure in the US as your PIN was not used in the POS transactions.

Wouldn't bother with this. If PIN was bypassed (in a US store for example), it's up to the merchant to securely identify the cardholder. We use Chip&PIN here cos it's more secure but the US have their own security procedures that should have been abided by.

Also, OP, if you reported your card stolen before the transactions took place, you'll get everything back. If not, it's a lot less likely tbh.

petersburg2002

On the other hand, if the bank can prove than a pin was used, they will make things very difficult. And argue that due to your negligence (intended or not) that they are not liable to refund you.

tomas2819

BuffyBot wrote: »

Card fraud can happen from minutes to months later.

They should be able to tell how the transaction was processed, yes.

Not trying to be snarky but are you suggesting that it's plausible to assume that somebody shoulder surfed me and stalked me for seven weeks before deciding to pick pocket me?

If this really is the case I imagine I have a lot more to worry about going forward........

Nervous Wreck wrote: »

Wouldn't bother with this. If PIN was bypassed (in a US store for example), it's up to the merchant to securely identify the cardholder. We use Chip&PIN here cos it's more secure but the US have their own security procedures that should have been abided by.

Also, OP, if you reported your card stolen before the transactions took place, you'll get everything back. If not, it's a lot less likely tbh.

No the card was stolen and used in the same country on the same day. This country is not the USA, it is one not regularly frequented by Irish travelers.

petersburg2002 wrote: »

On the other hand, if the bank can prove than a pin was used, they will make things very difficult. And argue that due to your negligence (intended or not) that they are not liable to refund you.

I strongly suspect that a pin was not used, does this negligence work both ways? ie. Does the bank have a responsibility to flag non chip and pin transactions that are clearly being used fraudulently? (cleaning an account I almost never use out, over the course of a few hours, when I have never spent more than a few hundred in a day before)

BuffyBot

Not trying to be snarky but are you suggesting that it's plausible to assume that somebody shoulder surfed me and stalked me for seven weeks before deciding to pick pocket me?

Your assuming it's shoulder surfing. It could be a cloned card issue, etc. The stolen card may not automatically be the one used.

The problem is, there are way to many variables here to give you the answer you seek (which appears to be "you won't pay a cent", btw). That's not something anyone here can give you a guarantee on.

Mycroft H

when did you report the card as being stolen?

Rasmus

tomas2819 wrote: »

Hey Rasmus, I don't want to go into any unnecessary specifics while my case is still pending. I am fully aware of the implications of the various times when one reports a card missing.

Sure, I was suggesting though that if you left it a while to report it (because you didn't notice) there is less chance of proving it wasn't you.

tomas2819 wrote: »

Not trying to be snarky but are you suggesting that it's plausible to assume that somebody shoulder surfed me and stalked me for seven weeks before deciding to pick pocket me?

I strongly suspect that a pin was not used, does this negligence work both ways? ie. Does the bank have a responsibility to flag non chip and pin transactions that are clearly being used fraudulently? (cleaning an account I almost never use out, over the course of a few hours, when I have never spent more than a few hundred in a day before)

Sometimes cards get stolen en masse, then are redistributed or sold, then don't get used for weeks. Card machines in different countries often aren't programmed for pin entry - all you have to do is swipe it. (The retailier can disable the security on the machine).
I THINK the bank would be none the wiser. For example, a couple of years ago I used a visa card outside of Ireland, and I put in the wrong pin by mistake. When I went to apologise, it was already processing the transaction. Hardly secure eh?

A relative of mine also had their card stolen in Spain ( a chip and pin) and the thief had no problems painting the town without a pin-code. It took a few weeks, but my relative was not deemed to be responsible for any of the transactions, but they did report it within 24 hours or something.

tomas2819

BuffyBot wrote: »

Your assuming it's shoulder surfing. It could be a cloned card issue, etc. The stolen card may not automatically be the one used.

The problem is, there are way to many variables here to give you the answer you seek (which appears to be "you won't pay a cent", btw). That's not something anyone here can give you a guarantee on.

The answer I was looking for was how my card being used with a pin affects my liability. You suggested that fraud can take place weeks to months later (in response to a suggestion about shoulder surfing), then you suggested cloned cards. The facts, which I have covered already, are that a card I had not used for weeks was stolen and used a few hours later. Your original suggestion made no sense given these facts which is why I questioned your logic.

Rasmus wrote: »

Sure, I was suggesting though that if you left it a while to report it (because you didn't notice) there is less chance of proving it wasn't you.

Sometimes cards get stolen en masse, then are redistributed or sold, then don't get used for weeks. Card machines in different countries often aren't programmed for pin entry - all you have to do is swipe it. (The retailier can disable the security on the machine).
I THINK the bank would be none the wiser. For example, a couple of years ago I used a visa card outside of Ireland, and I put in the wrong pin by mistake. When I went to apologise, it was already processing the transaction. Hardly secure eh?

A relative of mine also had their card stolen in Spain ( a chip and pin) and the thief had no problems painting the town without a pin-code. It took a few weeks, but my relative was not deemed to be responsible for any of the transactions, but they did report it within 24 hours or something.

This seems to be what happened, thanks

If anybody can answer "Does the bank have a responsibility to flag non chip and pin transactions that are clearly being used fraudulently?" I would be grateful!

Shield

tomas2819 wrote: »

If anybody can answer "Does the bank have a responsibility to flag non chip and pin transactions that are clearly being used fraudulently?" I would be grateful!

No. They don't, because they're not Big Brother. How are they to know you're not on holiday where the card is being used.

The problem is that some of those hand-held machines still retain the last 100 numbers. All it takes is 1 person to see your PIN, and those details can and do get sold on to the underground market.

Solair

The bank's pleading negligence where a PIN's used isn't really very fair as the technology cannot be 100% impenetrable.

How's a customer negligent if they, for example, enter their PIN on a fake PIN pad or something?

They're putting too much faith in chip & PIN. It's better than swipe & sign, but it's by no means 100% secure.

Shield

Biometrics could be the answer. Could you imagine the merchant handing you the terminal which says "Please put your (random finger) on your random hand) on the pad now.

That would be very, very difficult to copy because anyone looking to clone it would need all your prints.

Just an idea, but I don't believe an idea that isn't being looked at somewhere.

Solair

Shield wrote: »

Biometrics could be the answer. Could you imagine the merchant handing you the terminal which says "Please put your (random finger) on your random hand) on the pad now.

That would be very, very difficult to copy because anyone looking to clone it would need all your prints.

Just an idea, but I don't believe an idea that isn't being looked at somewhere.

Until someone invents finger print copying and making fake finger covers.

You lean on something and your prints are all taken...

Nervous Wreck

tomas2819 wrote: »

If anybody can answer "Does the bank have a responsibility to flag non chip and pin transactions that are clearly being used fraudulently?" I would be grateful!

The answer is no.

Firstly, not all countries use chip and pin. For those that don't, it's up to the merchant to verify the security of the transaction.

Secondly, your idea of what it 'clearly fraudulent' is completely skewed. You seem to think that, since you don't use that account regularly, the bank should have known that it wasn't you. This is bizarre. People leave their accounts inactive for long periods all the time. If the bank were to do as you suggest, assume that transactions weren't your own simply because you don't often make transactions on that account, they would be inundated with calls/e-mails/walk-ins etc from people complaining that their card had been stopped for no good reason when they tried to make a transaction. They're not going to stop transactions based on the fact that you don't usually use that account. To ask that they do would be to ask that they have people check on every card transaction and set it against the account history of every card holder when the transactions are made just to verify that the cardholder does in fact use their account regularly. Not only would this extend the time it takes to make a card transaction, it would also force the bank to hire so many people to do such a stupid job that they would likely collapse in a matter of weeks, if not from the idiocy of their own workings, then surely from the money spent on staff in useless jobs.



Bottom line is fraud happens. It's not your fault your card got stolen but it's not the bank's fault either. Stop trying to put blame on the company that facilitates your financial needs. The person who stole your card is to blame and no one else. The bank is not commenting on whether or not you'll get your money back because they do not know. That's why they are investigating. Asking people on the internet to help you figure out a way to blame the bank is not going to get you your money back. Be patient and hope for the best. You might get it back. But if you don't, well it sucks. But people get robbed sometimes. Suck it up.

tomas2819

Nervous Wreck wrote: »

The answer is no.

Firstly, not all countries use chip and pin. For those that don't, it's up to the merchant to verify the security of the transaction.

Secondly, your idea of what it 'clearly fraudulent' is completely skewed. You seem to think that, since you don't use that account regularly, the bank should have known that it wasn't you. This is bizarre. People leave their accounts inactive for long periods all the time. If the bank were to do as you suggest, assume that transactions weren't your own simply because you don't often make transactions on that account, they would be inundated with calls/e-mails/walk-ins etc from people complaining that their card had been stopped for no good reason when they tried to make a transaction. They're not going to stop transactions based on the fact that you don't usually use that account. To ask that they do would be to ask that they have people check on every card transaction and set it against the account history of every card holder when the transactions are made just to verify that the cardholder does in fact use their account regularly. Not only would this extend the time it takes to make a card transaction, it would also force the bank to hire so many people to do such a stupid job that they would likely collapse in a matter of weeks, if not from the idiocy of their own workings, then surely from the money spent on staff in useless jobs.



Bottom line is fraud happens. It's not your fault your card got stolen but it's not the bank's fault either. Stop trying to put blame on the company that facilitates your financial needs. The person who stole your card is to blame and no one else. The bank is not commenting on whether or not you'll get your money back because they do not know. That's why they are investigating. Asking people on the internet to help you figure out a way to blame the bank is not going to get you your money back. Be patient and hope for the best. You might get it back. But if you don't, well it sucks. But people get robbed sometimes. Suck it up.

Cheers for the response, what you are saying makes sense, even if the bolded points are a tad embellished, since I clearly outlined it was not an everyday transaction, this was emptying out my entire account, which was a significant amount of money over the course of four hours.

Shield

Let's not forget that banks are insured against what basically boils down to theft. The poor customer isn't. The real problem here is that the banks will deny, deny, deny any liability because it certainly can't be seen to accept responsibility on the back of 1 phone call.

Consumers have rights too, and (not saying this applied to the OP) but you might have lost your card/have been dipped and be in the middle of nowhere to get access to even carrier pigeons let alone phones or computers to alert the bank as soon as possible.

If it was me: I would fight them tooth and nail, and demand, and demand, and demand, and scream and scream and scream IF it genuinely wasn't my fault. Like I said, they're insured against this and they DO pay out to people who have been defrauded out of huge sums, because such people are likely to go legal and do the whole 'cast a net' legal trick. They don't like doing it, they don't like it ending up in the papers that they swallowed the loss, and they make every possible noise IF they swallow the loss that this had extenuating circumstances and is not bank policy. Of course, they never disclose what the extenuating circumstances were, and neither will the customer, probably after being made to sign an NDA.

Some people just accept 'No' over the phone, and some scream and kick and turn into Michael Moore about it, but if it works, it works.