- The Washington Times - Sunday, August 23, 2009

In a country of card-carrying shoppers, the cybertheft of 130 million credit- and debit-account numbers can put a dent in consumer confidence.

But consumer advocates say it is debit-card users who should be the most concerned about security after the indictment last week of Albert Gonzalez, 28, of Miami, in what prosecutors called the worst identity-theft case in U.S. history.

That’s because debit cards - which are now used more often than that other kind of plastic - are less secure and expose users to greater losses.

And they are more attractive to thieves who tend to want cash rather than a new set of skis.

Some advise debit-card users merely to be more cautious and check their accounts regularly. Carrying a card is still much safer than carrying cash.

Others suggest tearing up the debit card and instead request a card to use at automated teller machines.

“If you lose your credit card and you report it, it’s the credit-card company’s problem,” said Jay Foley, executive director of the Identity Theft Resource Center in San Diego. “If you lose your debit card and you report it in the same period of time, the transactions that occur from the time the card was lost and the time you reported it are still going to land on your doorstep.”

Federal law limits credit-card holders’ liability in the event of theft to $50.

Debit-card users can be liable for up to $500, or for all the money lost if they wait more than 60 days to report the fraud.

Large issuers of credit cards take aggressive measures to combat fraud, using software to detect unusual activity - such as out-of-town or larger-than-usual purchases - and sometimes freezing the account until the credit-card holder can verify the activity.

The debit-card industry doesn’t use such methods, Mr. Foley said.

Banks and the debit-card network operators - Visa and MasterCard - say they offer zero-liability guarantees for credit and debit in most cases, and that using debit for Internet purchases is as safe as using credit.

Consumer advocates aren’t convinced.

Susan Grant, director of consumer protection for the Consumer Federation of America, said debit cards encourage spending discipline but that greater security and legal rights for fraud victims are needed.

“When unauthorized debits are made, consumers are in a much more troublesome situation … because the money’s been quickly withdrawn from their account,” she said. “With an unauthorized credit-card charge, you haven’t paid it yet.”

Consumers with overdraft protection, which is often provided without request, immediately can lose everything in their bank accounts plus the amount of their overdraft lines of credit and any overdraft or bounced-check fees.

While customers sort out the situation with the banks, checks could continue to bounce.

Stolen debit cards or their account numbers can be used even without a personal identification number, or PIN. The stolen card, or a dummy card programmed with the account number, can be swiped through the checkout terminal and the thief simply can press the credit button and scrawl his signature, Mr. Foley said.

That way, the transaction is not reported to the bank until the close of business and the thief can overdraw the account substantially.

The amount of debit transactions - little used 20 years ago - surpassed that of credit transactions last year, according to industry data.

That’s only partly because of lowered credit limits and reduced spending on the discretionary items for which credit cards are more often used.

“Consumers are shifting from credit to debit, and that’s fairly pronounced given the credit restrictions and other actions the credit-card-issuing companies have introduced,” said Thomas Goldsmith, spokesman for the Electronic Transactions Association in Washington, which represents payment processing companies and related companies.

The American Bankers Association says it’s good business to offer the same protections to debit users as to credit users.

“It makes more sense to make customers whole because these unauthorized transactions are occurring by and large through no fault of the customer,” said Doug Johnson, vice president for risk management policy for the bankers association.

Consumer advocates are skeptical about the industry’s guarantees.

“Consumers sometimes have problems getting companies to honor those zero-liability promises,” Ms. Grant said. “It would be even better if consumers had stronger legal dispute rights with unauthorized debit.”

She said consumers also should have the right to sue when lax security contributes to breaches.

Consumer groups and industry representatives agree that microchip-embedded cards of the kind used in much of the rest of the world would improve security.

The so-called “Chip and PIN” system is effective against cybertheft because thieves would need the embedded chip in order to steal funds.

In the United States, banks and retailers are quarreling over who will pay to roll out such a system.

The best protections come from consumers.

A study by Javelin Strategy & Research showed that while identity fraud rose last year as the economy weakened, 43 percent of the incidents involved stolen wallets, checks and cards, while 11 percent were caused by cybertheft.

LOAD COMMENTS ()

 

Click to Read More

Click to Hide