If you own one of the nation's 437 million debit cards, watch out. You might get scammed. Experts predict debit card fraud will rise by more than 10 percent this year, according to a recent survey by Actimize, a bank fraud consultant. That's because crooks are getting smarter and debit cards are becoming more popular.
And when it comes to card chicanery, not all plastic is equal. "Debit card scams are a nightmare," warns Ed Mierzwinski, consumer program director for the U.S. Public Interest Research Group (PIRG) in Washington, D.C. "You don't get the same consumer protection as with a credit card."
By federal law, your liability for unauthorized transactions with a credit card tops out at $50. But that $50 limit applies to a debit card only if you notify the bank within two business days after the theft occurs. Otherwise, you could be on the hook for up to $500. If you fail to report the bogus charges within 60 days after your bank statement is mailed, your liability is unlimited.
Debit cards now account for almost 60 percent of purchases made with plastic, and 90 percent of households with bank accounts have a linked debit card. The allure is obvious: With a tap, swipe, or signature, you can pay for everything from postage stamps to a fancy meal and have the money automatically withdrawn from your bank account. The cards are equally alluring to scammers, who enjoy the ability to suck money from the accounts of unsuspecting debit card customers. And once they start robbing you, it can be nearly impossible to get them to stop. "Some people have had to close their accounts to stop being billed," says Alison Southwick of the Better Business Bureau headquarters in Arlington, Va. "It's a bit of a nuclear option, but for some, that's the only way that worked."
Look for These Debit Card Scams
Here's the down and dirty on the three most common ways debit card information is getting swiped and how to protect yourself:
1. Pop-Up Ads
These ads show up on e-commerce sites after you've made a purchase with your debit card. The pop-up promises cash-back rewards once you click "Yes" on the ad. But you may not realize that you're actually agreeing to automatically sign up for a company's online membership service. And unless you cancel, your card will get charged every month, indefinitely. The scam, which also nails credit card holders, is legal but slimy. Sen. Jay Rockefeller (D-W.Va.) is investigating this type of pop-up ad fraud, which generates thousands of mysterious monthly charges to cardholders.
One New Jersey couple with debit cards connected to their joint checking account told MoneyWatch.com they recently got scammed for $80 in monthly subscription charges to two sites they had never heard of: one for adult content and one for "Internet service." They noticed the $39.97 and $39.95 charges on their statement and called the bank, but were told they had to either cancel their two cards or file a complaint. Frustrated, they deciphered the toll-free number for each hoax (the first nine numbers in the cryptic sequence listed on the bank statement) and called the companies to demand their money back. The first site refunded the cash. But the second refused, claiming that the company had processed the refund; it told the customers to call their bank to find out why the money had not been released.
Protect yourself: Take the time to really read, line by line, every charge on your bank account statement to be sure you can vouch for each one. Banking online can help you catch fraud fast, since it lets you monitor your account activity as often as you want, rather than waiting for a monthly paper statement. It's essential to detect this type of scam quickly enough for the $50 liability limit.
Since most of these scams are Web-based, be sure to double-check statement transactions ending with ".com." If, when you contact the company to cancel the charge, you're told to get the refund through your bank, don't believe it - you're likely being swindled. The company that charged you is the same one that should issue the refund, just as when you order from any respectable business.
If you were duped, search the Better Business Bureau's database to see if other debit card customers have had similar problems and how those problems were resolved.
You click on a link in an e-mail purportedly from your bank and end up at a Web site where you're asked to enter and "verify" your debit card number or Social Security number. "Criminals will use every trick in the book to convince you to provide personal information, right down to spoofing your bank's Web site design," says Brian Hale of the FBI's National Press Office in Washington.
Protect yourself: If you get this type of e-mail, don't respond. Instead, call your bank and report the fraud. Banks don't send e-mails requesting personal information or asking you to confirm any. The most personal banks get electronically is confirming that you reordered checks online (also a helpful safeguard against scammers) or announcing a promotional offer, such as a debit card rewards program. Red flag: Phishing e-mails often have typos.
The art of copying debit card data has grown far beyond the days when a dishonest waiter might have used a pocket-size electronic skimming machine to capture your info. In May, New York police reported that a fraud ring had stolen half a million dollars from hundreds of bank customers' accounts using sophisticated skimming devices attached to ATMs at Sovereign Bank branches in Staten Island. The skimmers even attached cameras to capture victims' keystrokes when they entered their PINs.
Protect yourself: Only use ATMs at bank branches, not at convenience stores or delis, since bank security cameras can offer evidence that fraudulent withdrawals with your debit card were not made by you. A recent study of New York ATMs by Manhattan Borough President Scott Stringer found that 85 percent of them lacked visible surveillance cameras and less than 4 percent had mirrors to let customers see someone approaching. Bank ATMs should have both types of security devices.
3 Ways to Prevent Debit Card Scams
You can take three steps to make yourself less of a debit card target:
1. Arm your computer with antivirus and antispyware software.
2. When shopping online with your debit card, make sure that the "http" in the browser bar turns to "https" on the checkout page before you enter any billing information. Many big sites also post the "VeriSign Secured" checkmark icon, which is another indication of safety, at the bottom right of the checkout page.
3. Turn off your computer when you're finished shopping. The Federal Trade Commission says leaving computers running 24/7 is a dream scenario for scammers who want to hack into your computers remotely.
More on MoneyWatch: