Banks do battle with debit-card fraud

Vaults won't repel a new breed of bank robber, which apparently has learned to drain debit-card accounts via electronic thievery. To secure their customers' cash, banks are searching for new high-tech watchdogs.

As part of a broader security initiative, Bank of America is offering to alert customers of any suspicious charges or changes to their account via e-mail or text messages almost as soon as they occur.

"We're giving customers more ways to detect fraud and keep an eye on their accounts," Sanjay Gupta, the bank's e-commerce executive, said in a statement. "They can decide what they want to hear about and where they want to be told."

Washington Mutual has also begun offering similar alerts. Both banks were among the scores of financial institutions forced to reissue thousands of debit cards in the past two months after hackers broke into the computer systems of a national retailer and made off with customer data--including PINs.

The robbers stole personal information belonging to as many as 600,000 debit-card holders, according to reports. Victims from numerous U.S. cities filed complaints with police about unauthorized charges being made overseas.

The new alert system could help customers spot fraud early, which is key to preventing big losses.

Bank of America will notify customers about changes to their passwords or when a purchase tops a customer-selected dollar amount. Account holders can receive a daily update of their balance and choose whether the alert goes to their BlackBerry, Treo 650 or office computer.

Similarly, Washington Mutual e-mails customers when changes are made to a customer's home or e-mail address, which could alert an account holder that someone is trying to hijack his or her identity.

A withdrawal that exceeds a certain amount or a balance that falls below a predetermined dollar figure will also trigger Washington Mutual's alert system, said Gary Kishner, the bank's spokesman.

[ordaj]

Will it never end?

Is this going to go on forever? If so, then we may as well stop all electronic commerce because your chances of being hit...at some point...are good.

It's just tiresome and I think banks and merchants are giving security lip service for the most part.

[pjdw]

PC's are too easy to breach apparently

Maybe they should switch over to Mac computers? I don't recall ever reading that Macs were ever broken into.

[ordaj]

Will it never end?

Is this going to go on forever? If so, then we may as well stop all electronic commerce because your chances of being hit...at some point...are good.

It's just tiresome and I think banks and merchants are giving security lip service for the most part.

[pjdw]

PC's are too easy to breach apparently

Maybe they should switch over to Mac computers? I don't recall ever reading that Macs were ever broken into.

[ordaj]

CNEt needs to drop Jive Software

The comments section and posting doesn't work well often. Or they need to upgrade their service. Or maybe the telcos are already throttling?

[pjdw]

Could be user error...this post is on banking

For your subject you should email tech support at CNET and not post to the boards. They will not see it here.

[ordaj]

CNEt needs to drop Jive Software

The comments section and posting doesn't work well often. Or they need to upgrade their service. Or maybe the telcos are already throttling?

[pjdw]

Could be user error...this post is on banking

For your subject you should email tech support at CNET and not post to the boards. They will not see it here.

[roundnround]

Why

Sure, e-mail an alert... I already suspect e-mails from banks as being phishing scams so I delete them. I would rather be called and talk to some one and then go to the bank if needed.
Yes it's inconvieneient but I'd rather be safe,
I do not trust e-mails and whoever made that decision at the bank should be fired. DUH!

[pjdw]

I disagree. Email alerts would be good.

I always open email from my bank. An alert will in no way be confused with a phishing scam. It will merely something like:

There has been unusual activity in your bank account. Please phone your local institution for more information.

There should be no invitation to provide any information online like phisher's ask.
Email alerts are better for two reasons: It will be less expensive and it has less chance of slipping through the cracks.

[roundnround]

Why

Sure, e-mail an alert... I already suspect e-mails from banks as being phishing scams so I delete them. I would rather be called and talk to some one and then go to the bank if needed.
Yes it's inconvieneient but I'd rather be safe,
I do not trust e-mails and whoever made that decision at the bank should be fired. DUH!

[pjdw]

I disagree. Email alerts would be good.

I always open email from my bank. An alert will in no way be confused with a phishing scam. It will merely something like:

There has been unusual activity in your bank account. Please phone your local institution for more information.

There should be no invitation to provide any information online like phisher's ask.
Email alerts are better for two reasons: It will be less expensive and it has less chance of slipping through the cracks.

[booboo1243]

Why are retailers keeping record of PIN numbers?

Why are retailers keeping record of PIN numbers?
Once the transaction is completed that information should be destroyed. As POS transactions are approved/disapproved LIVE, there is NO reason for the retailers to have that information stored at all.

[webworm95]

It is not the merchant

It is not the merchant

I wish people would quit blaming the merchants. The Merchants have been eliminated as the source of the breach according to independent investigations from news releases.

The problem comes from one of the following
It is either the merchant card processor or the card issuer processor.

I still dont know why they are being tight lipped about whos really at fault.

[booboo1243]

Why are retailers keeping record of PIN numbers?

Why are retailers keeping record of PIN numbers?
Once the transaction is completed that information should be destroyed. As POS transactions are approved/disapproved LIVE, there is NO reason for the retailers to have that information stored at all.

[webworm95]

It is not the merchant

It is not the merchant

I wish people would quit blaming the merchants. The Merchants have been eliminated as the source of the breach according to independent investigations from news releases.

The problem comes from one of the following
It is either the merchant card processor or the card issuer processor.

I still dont know why they are being tight lipped about whos really at fault.

[booboo1243]

Why are retailers keeping record of PIN numbers!?

Why are retailers keeping record of PIN numbers?
Once the transaction is completed that information should be destroyed. As POS transactions are approved/disapproved LIVE, there is NO reason for the retailers to have that information stored at all.

[booboo1243]

Why are retailers keeping record of PIN numbers!?

Why are retailers keeping record of PIN numbers?
Once the transaction is completed that information should be destroyed. As POS transactions are approved/disapproved LIVE, there is NO reason for the retailers to have that information stored at all.

[franishka]

A friend of mine got a call from wamu saying that someone had gotten his PIN and had incrementally withdrawn all his money ($800). The told him he would receive provisional credit, a new debit card, and affadavit form, and that an investigation would take place. After two weeks he had received no form, no credit. He received a letter in the mail saying that the fraud (which they alerted him to as being fraud) was not fraud because he had given someone permission to use his card. He did not, and in fact the card itself was not used for any of the transactions (the wamu rep. told him about many scenarios in which pin and card numbers are stolen). The letter said he would not get his money back. He has started the process again, filed a police report against wamu, has alluded to them that he will contact the FDIC. It seems like he may yet get his money (and certainly wamu will get it from the fdic either way.) I have to say that this all seems quite suspicious to me, I have heard and read about other people going through the same thing.