A Wealth of Notions

Summary: Do Not Give Anyone Your PIN, Password or Login for ANY Reason PERIOD.

I know I have’t been writing recently largely because I do this blog from my office at the credit union and 2016 has been a train wreck in terms of fraud attempts.

One of the biggest recurring situations we’ve had is called “Card Cracking” (and no, I have no idea who came up with that!) In Cracking, the Fraudster gets the Victim to willing give their PIN or login information, deposit invalid items, and withdraw on the deposit before the bank discovers the fraud. As dangerous as any fraud scheme is, Card Cracking is worse because the victim is a co-criminal.

Let me repeat that: Card Cracking Makes the Victim a Co-Criminal

I really need to be clear on this point: If you willingly give your Pin, Card, Password, or other account access information to anyone, you are responsible for any transaction they make. And if you file a Fraud Claim after allowing someone else to use your account, YOU are committing fraud.

And we at the financial institutions are running out of sympathy.

So here’s a general scam:

Vic Tem is a college student (or in the military, single parent, job hunter, etc.) and a “Friend”, Sam Shyster, (or FB page, or quick loan service, or the list goes on) says they can get Vic quick easy money and all Vic has to do is let Sam do a transaction on Vic’s bank account. Sam will make a deposit and a withdrawal, Vic will get a portion of the cash, nothing will go wrong and Vic can always get recovery from the bank if anything does.

So Vic needs money and believes Sam is honest (or thinks that there is no risk, or in many cases knows this is ‘shady’.) Vic gives Sam the ATM card and PIN (or the online or mobile banking login) and Sam deposits a counterfeit check.

 [Let me pause here and point out that it doesn’t matter which method is used, because Sam didn’t steal the access. Vic gave Sam the information, so Sam is now acting as Vic’s Agent. Vic gave Sam authorization to deposit the counterfeit check. This is spelled out clearly in the disclosures Vic got upon opening the account. Don’t believe me? Go to your bank’s website and read the account holder and online services agreement. I’ll wait.

Back?

OK, let’s move on.]

 As soon as funds are available, Sam withdraws them. Maybe a portion of the deposit was available immediately. Maybe Vic just got paid and had money available. Maybe Vic had a bank-to-bank transfer service and Sam withdrew funds from that.

Vic gave Sam permission to access the account, so Vic is responsible.

Two – five days later (depending on if it goes over the weekend), the fake deposit gets returned and the money is reversed from Vic’s account. Now Vic goes from having a little extra money, to being in the negative. Highest case I’ve worked on personally? $16,000+.

Again: The victim owed the bank more than sixteen thousand dollars. Are you seeing why this crime freaks me out?

Next, Vic has a conversation with the bank, in which Vic must explain where the deposit came from. Sam stops answering Vic’s calls or emails. Vic must return the funds, even if that means getting a loan to do so. And if Vic claims that Sam stole the access information, the bank provides a gigabyte of data showing that Vic knew every time Sam accessed the account and did nothing. (That’s why the bank insists on sending all those notification emails.)

Vic gave Sam permission to access the account, so Vic is responsible.

So, now you’re asking ‘Why isn’t this swindling? Didn’t Sam lie?’ The Answer: No. Sam didn’t need to lie. Regardless of the reasons Sam gave for wanting the access, Vic gave Sam the access. This is a contract dispute between the Agent (Sam) who had permission to act on the Principal’s (Vic’s) behalf. Vic must deal directly with Sam for restitution, not the financial institution.

So here is today lesson:

     Don’t give anyone your PIN

     Don’t give anyone your password

     Don’t give anyone your login information

     Don’t give anyone any financial access that does not appear pre-printed on a check – name, account number, and bank.

Let’s simplify this a bit. If Mom gives you her card saying go pull out $5 for lunch, and you pull out $10 for candy, Mom is still responsible for the withdrawal. The fact that you lied about why you wanted the money or how much you were supposed to take is irrelevant. Mom made you her Agent gave you permission to act on her behalf – and agreed to stand behind anything you did in her name. She can whoop the tar out of you when she finds out (mine would!), but she has no fraud claim against the bank.

And in the case of Card Cracking, neither does the victim.

Hope that Helps!

KasH

  More Links:

https://www.theguardian.com/world/2014/oct/31/chicago-police-arrest-rapper-and-28-others-for-cracking-cards

 https://www.consumer.ftc.gov/blog/card-cracking-not-what-its-cracked-be

Long time, no post. Sorry about that! This one was too good to let slip by, however.

Note the stat in the middle - I haven’t verified it, but apparently arbitrators side with companies in 94% of arbitration cases. Sounds shocking until you remember that arbitrators are selected by and paid by the companies involved.

Ok this is GREAT news!

However....

https://www.nacha.org/events/aap-recognition-day

AAP Day is the day the financial world takes a moment to thank all the button pushing IT/Accounting/Customer Service people who keep ACH safe, efficient and make it look easy.

Tax ID Theft is real and really really common from January through April. This link goes a brief what it is and what to do, here are some bullet points

Protect your SSN. Know who you are giving it to and when in doubt, don't give it!

File your return early - you will get your refund sooner, you still don't have to pay until 4/15 regardless of when you file, and you want to file before the fraudster does.

The IRS will ALWAYS contact you by mail first. They will only call you if you call them. They will only email you if you email them.

The IRS will NEVER threaten to arrest you, deport you, or take your license. They take you to court for that.

The IRS does not take payments over the phone - not debit, not credit, not pre-paid. They also don't take wire transfers or Western Union.

If the IRS calls you or emails you, and you did not call them first, hang up. Call them at 1-800-829-1040 confirm your tax status. You can apologize for hanging up if you feel guilty. DO NOT call the number that called you, because it is probably not the IRS.

Contact the IRS, the FTC, and/or the Treasury at:

     ftc.gov/taxidtheft

     irs.gov/identitytheft

     treasury.gov/tigta

Don't get taken!!!!

Hope that helps!

Every time there is a breach, I see the comment that your debit card is not protected and your credit card is.

This is NOT true.

Debit Cards and Credit Cards are both subject to the same Consumer Protection law - Regulation E. What might differ is whether the transaction used your signature or your PIN, but that difference is included in the Regulation. Think about it - why would our government take the time and brain power necessary to write new debit card legislation when credit card legislation already existed?

Don't believe me? Go read it - Reg E.

Note this definition:

(a)(1) Access device means a card, code, or other means of access to a consumer's account, or any combination thereof, that may be used by the consumer to initiate electronic fund transfers.

It does not specify debit, credit, charge, cash, gift, ATM, or other type of card. It doesn't even limit the protection to 'cards'. It covers all electronic funds transfers. And this rule applies to any entity - bank, credit union or other - that may issue consumer financial accounts.

Consumers, in brief have the right to:

Liability of not greater than $50 if the Consumer notifies the Access Device Issuer (aka the bank) in not more than two business days from the day the Consumer learns of the loss; or

Liability of not greater than $500 if the Consumer notifies the Access Device Issuer in more than two business days, but not more than 60 business days from the day the Consumer learns of the loss; or

If the State governing the transaction has better liability coverage for the consumer, the State Law supersedes the Federal; and

Losses may be reported by phone, in writing, or in person; and

You will receive at least a Provisional Credit of your loss within 10 business days.

In other words, let's say you lost your card - debit or credit - on Monday, Jan 1, and $1,000 worth of fraud happened.

If you report the loss to your bank before close of business on Wednesday, Jan 3 (two business days), you will take a loss of no more than $50; or

You will take a loss of no more than $500 if you report the loss after Jan 3, but before Mar 26 (60 business days); or

You may take less of a loss in either case if you have additional protections through State Laws; and

The Financial Institution may require the initial report to be followed-up by a form or written statement, but your Rights start as of the day you reported the loss; and

You will be credited $950 (or $500) no later than Jan 17 (10 business days) or 10 business days from reporting date, if after Jan 3.

  Now, the FI does have a few Rights here:

1)      The bank must credit you in 10 business days, but they have 45 business days to research the dispute and determine if the transactions were authorized or not. If they can prove that the transactions were valid, they can retract the credit (note the word 'Provisional' above). They do have to notify you in writing if that happens.

[Valid means that you or someone you gave the card to signed the transaction and the signature matches the signature in the bank's files, or that there is evidence (usually photographic) of you or someone you gave the card to using the PIN. Everything else is considered Fraud.]

2)      The bank can decide if they give you the Provisional Credit at the time you notify them, or before the close of business on the 10th day, or at any time in between. If they finish their research before 10 days and determine the transaction is valid, you will not get even a temporary credit.

3)      You have no specific Rights for losses reported after 60 business days from the day the Consumer learns of the loss. Most FIs presume Consumers learned of the loss the day they received their monthly statement. So effectively, unless the State Law extends the time frame, all dispute rights end 60 business days from the date of the first statement after the fraudulent transaction(s).

Using the time frame in the example above:

1)      The bank must finish researching the disputed transactions by Mar 4, or any Provisional Credit automatically becomes final.

2)      The bank can credit you on Jan 3 or on Jan 17, or on any business day in between, if the bank determines that the transaction is fraud.

3)      If you do not notify the bank before close of business on Apr 26, you will forfeit all rights, and the bank is not obligated to credit your loss.

  No difference. These Rights apply to both Debit and Credit cards, and to both Banks and Credit Unions EQUALLY!

What does sometimes differ is the policies. Some financial institutions give you the full Provisional Credit immediately, some wait until the 10th day. And some get business and calendar days "confused"; presuming that Consumers won't know the difference.

That is it. Those are the only differences. Still don't believe me? Fine.

Go get the Consumer Disclosure notice provide by law from both your debit card issuer and your credit card issuer. Put them side-by-side. If they are not identical, send me a copy. I'll tell you which one should be reported to which Agency for violation of Reg E protection laws.

Hope that helps!

Banking is scary enough, but what if your money was stored in one of these seven haunted banks? Learn more about the eerie sightings we uncovered.

Happy Halloween!

Let's add to the old rule:

If it seems too good to be true, it probably is; however, if it seems too bad to be real, it's not.

Here's the problem - the thieves let the IRS do half the work for them.

Americans are so afraid of the Tax Man, that they believe the threats of arrest and more. I have a case on my desk in which a woman was told she had 1 hour to come up with $2,000 - on a pre-paid card, not her bank card - and she did it. Why? Because that seemed reasonable from the IRS.

And if you or anyone you know gets this call, it is Fraud. Call the police, report the crime, then go to www.ftccomplaintassistant.gov and report it there, too.

Hope that helps!

The AAP Exam is given each year in October to certify electronic banking professionals in the art and science of ACH Processing. It's four hours of banking fun. Really.

I am helping a couple test-takers study this year, and wish them all the best of luck, and I'll be sending them Pop Quizzes and inspirational kitties for the next week. My advice in this final week, is to work on areas you have trouble with, but don't forget to review the areas you know well too. Because today, I remembered the worst test 'choke' I ever had and wanted to share it with 'the class'.

Trust me, when you are sitting there, looking at the test and drawing a blank, you are NOT alone. We have all been there.

(This, by the way, has nothing to do with e-banking.)

Before I got into Accounting, I was a Music Theatre major. I lived in Colorado for about 6 years and I was working with a local company on a new play, and because we were small, the writer/director/lead actress also did the box office before each performance. So, when the curtain went up each night, myself and another woman would sing - 2 songs each - while the lead got into her costume. One night, as the other woman finished her 2nd song, someone came to me, said there was an emergency in the dressing room (missing dress I found out later), and I should go sing 2 more songs to stall. So I did. And when I finished, I was given the sign from back stage to keep going. I had nothing rehearsed. So, I asked the audience for a suggestion [This, by the way, is the musical version of a Pop Quiz.] and someone yelled out Midnight Train To Georgia [look it up, if you don't know the song]. This was a song I grew up singing, and know very, very well....

....and could not remember at that moment to save my life. I drew a complete blank on everything except the chorus.

So, I sang that, and thank God, they were ready back stage as soon as I finished because I would have had a stroke and a heart attack at the same time if I had to sing another.

So, the lesson I learned is that I rehearse the stuff I'm scheduled to sing, but I also occasionally run through everything in my repertoire, because you never know which bit of knowledge you will need today.

And if you or someone you know is facing the AAP exam this month, my email is always open. Send me that question that is keeping you awake and I'll try to break the answer down into memorable pieces.

Learn more about AAPs and the AAP Exam here:

Hope that Helps!

Hold an iPhone 6 or 6 Plus up to a sensor, and the payment goes through.

I've said before on this blog that I'm still on the fence about mobile payments. But Apple is making the first massive step toward what I believe is the next US option (chip-and-pin is a waste of our resources, in my opinion.) What consumers use, merchants will use. And the under-30 set use iPhones.

The question that Apple can't answer yet is - how secure is this?

According to Forbes, Google Android and Apple share 93.9% of the smartphone market, and so far, cell phones cannot be hacked. Yet.

But if payment data moves from the desktop to the back pocket, then hackers, phishers, and all the rest will move there too. The Mobile Payments War will be fought on two fronts. The first will be the battle for market share.

For all those out there that keep the system moving:

The 2013 Federal Reserve Payments Study which was released in December 2013 was revised and re-released this month. I have not had a chance to read the whole thing, but here are the highlights from the Executive Summary:

Over the years, payments have become increasingly card-based. Card use may have replaced check use for certain payments, and the increase in the number of total card payments has far exceeded the decline in the number of check payments from 2009 to 2012.

The number of credit card payments, after showing a slight decline from 2006 to 2009, returned to growth from 2009 to 2012.

The number of debit card payments increased more than any other payment type from 2009 to 2012.

Paper check writing continues to persist as a significant portion of noncash payments, but interbank processing and clearing of these checks are virtually all electronic. As in 2009, almost all checks in 2012 were either cleared by electronic image exchange or converted to ACH payments.

Increasingly fewer checks enter the banking system as paper at all: in 2012 about one in seven checks was deposited by accountholders as an electronic image rather than paper.

The estimated annual number of unauthorized transactions (third-party fraud) in 2012 was 32.3 million, with a value of $6.4 billion.

In 2012, general-purpose cards had substantially higher total unauthorized transactions (third-party fraud) by number and value than ACH and checks. General-purpose card fraud rates by number and value were also substantially higher.

Among general-purpose cards, single-message (or PIN) debit card transactions (including both purchases and ATM cash withdrawals) in 2012 had the lowest fraud rates by both number and value.

Among general-purpose card payments in 2012, card-not-present fraud rates were estimated to be approximately 3 times card-present fraud rates. Card-not-present fraud rates by value were not, however, dramatically different from card-present fraud rates.

This and all the FRB studies are PUBLIC INFORMATION, so you don't need to be on the Senate Finance Committee to find out what how the monetary system is doing. Is that cool, or what?

Hope that helps!

Pull up a chair to hear about the time I tried to correct my credit report. Or would you rather learn about my late-night conversations with confused debt collectors? Oh wait, there’s a hilarious one about a bank losing a big mortgage check.

The Consumer Financial Protection Bureau (CFPB) many be the bane of many financial companies, but they are the next best thing to having a banking superhero on speed dial. I've spoken with their management team, and CFPB wants consumers to complain. CFPB can't fix problems they don't know about, and they can't regulate industries if they don't know that consumers are having trouble.

So, if the store where you cash your checks charges a fee that's too high, report them. If a lot of stores get reported, CFPB may be able to change the rules so that stores have to charge a reasonable rate. If your mortgage company is telling you one thing on the phone, but something else in letters you receive, report them. CFPB will investigate them. If any company offers to let you pay over time, for a fee, but doesn't give you a contract or breaks the contract, report them. Many companies that are not financial institutions do bank-like transactions; in the past they weren't regulated because they aren't banks. CFPB changes that.

CFPB regulates any company that does "consumer financial transactions" (not straight buying/selling goods/services) regardless of what industry the company is in. It covers grocery stores that sell insurance and money orders at the customer service counter. It covers convenience stores that cash checks. It covers car dealers that make small-dollar or short-term loans.

Bookmark this link. Give it to your friends and family. Report the Baddies so the Superheroes can stop them and save the day.

http://www.consumerfinance.gov/complaintdatabase/

Hope that helps!