These days, fraudsters are working overtime to steal your personal debit card data.
This year, Donald Trump’s hotels reported that it is investigating a possible data breach, while Wendy’s and Hyatt confirmed that they suffered the theft of payment card data. But they’re not alone; card data are also being stolen at gas pumps, big-box stores and other businesses in ever-increasing numbers.
The culprit is usually a fraudster skimming for your personal data. Using skimmers, thieves copy your account information from the magnetic stripe on the back of your card. They also get PIN codes so money can be withdrawn at an ATM with counterfeit cards, according to Consumer Reports.
The problem is that your debit card is especially at risk. With stolen data, fraudsters can siphon cash from your checking account, and if you report the loss after more than 2 business days, you can still lose up to $500, according to the Federal Trade Commission. The message: The burden is on you to check your account for any possible losses.
“That’s money out of my bank account,” says Robert Siciliano, an identity theft expert and CEO of IDTheftSecurity.com in Boston. “When your PIN is compromised, you risk not seeing that money again.”
Credit card users have it easier. When their data are stolen, the maximum out-of-pocket cost is $50.
The good news is that consumers can control their debit card risk. Here’s how.
The Bankrate Daily
2 of 7
Nazar Mukhtar / EyeEm/GettyImages
Experts say that gas stations are the riskiest places to swipe your debit card. Why? Because skimmers can easily be attached to gas pumps, making it difficult for busy gas station cashiers to catch fraudsters.
“These days, skimmers are also very advanced,” says Kellman Meghu, head of data center virtualization and infrastructure for Check Point Software Technologies in Ontario, Canada. “You’re hard-pressed to see them, since they’re so incredibly thin and small.” Skimmers can also be purchased online.
Siciliano says skimming-device memory chips and transmitters are thinner and lighter these days, making them harder to detect. Wireless cameras and overlays on ATM keypads also make stealing your PIN easier than ever. The upshot: Even covering the keypad while entering your PIN doesn’t help, he says.
To protect yourself, pay inside the gas station because the payment terminal probably isn’t compromised. Paying with cold, hard cash is also an option, Siciliano says.
RATE SEARCH: If you’re thinking of opening a checking account, get the best rates today at Bankrate.com.
3 of 7
Who doesn’t like dining out? But when the bill comes, watch out. Your debit card may be at risk here, too.
The reason is that restaurants are one of the few places where your card is taken and swiped away from you. Waitresses or other fraudsters can jot down your data or even use skimmers when swiping your card. “Restaurants are risky,” says Al Pascual, Javelin Strategy & Research’s research director and head of fraud and security. “They’re starting to fall in the same bucket as stores.”
But in this mobile age, some restaurants are starting to use mobile card readers, which are devices that process debit card information right in front of you. That’s a good thing because the card data aren’t seen by anyone, Pascual says.
Pascual also recommends paying in other ways, such as using the online payment service PayPal. As always, carrying wads of money or using your credit card can keep you safe, too, but they carry their own risks.
4 of 7
Mint Images RF/Getty Images
Need money fast but you’re not near your bank? In that case, stay away from nonbank ATMs, Siciliano says.
These ATMs are the riskiest places to swipe debit cards, he says. The reason: Nonbank ATMs aren’t regulated, and licenses differ from state to state. “You don’t even need to be a bank to buy and sell ATMs,” he says, which puts users more at risk from skimming.
Pascual says fraudsters easily can open up these ATMs and install software that steals card data. Security on these ATMs is minimal, too.
Instead, go to a bank branch with ATMs that are well-lighted, Siciliano says. He also uses an ATM-only card that doesn’t have MasterCard or Visa logos, since they’re considered safer and can be used only at ATMs.
5 of 7
Data breaches at retailers keep occurring regularly. But other types of retail fraud are springing up, too. For example, skimming devices are attached to the point-of-sale terminals where you swipe your credit card or debit card to pay for your purchases.
For example, the craft store Michaels was hit with debit card skimming in 2014, impacting 3 million customers. Fraudsters had tampered with the point-of-sale terminals, taking their credit card and debit card numbers and expiration dates.
Even mom and pop storefronts can be targets for fraud, Meghu says. “There are lots of tricks, since you have to give up lots of personal data and the skimmers are hard to identify,” he says.
To protect yourself from fraud, Eva Casey Velasquez, president of the Identity Theft Resource Center, recommends using credit cards to pay. “It’s much easier to dispute a charge,” she adds. “Do things to minimize your risk.”
Think that your hotel is a safer place to swipe your card? Think again.
Hotels usually keep your debit card data on file, Pascual says. “And you’re not sure who can see that card information,” he says. Big hotels aren’t skimming-free either. For example, some Marriott and Hilton properties had customer debit card data stolen through a data breach.
So, after you check into your room, monitor your bank account, Pascual says. Also, some banks offer security alerts that are worth signing up for so you can monitor transactions. “The more protections, the better,” he says.
And there’s another good reason to use that credit card: Hotels typically put a hold on debit card accounts for the estimated cost of your stay, which leaves you with less money to spend.
7 of 7
Like retail stores, medical offices can have unknown skimmers that steal your debit card data after paying for a doctor’s office visit.
Health care providers are especially at risk for fraud, says Pascual. “They’re high-profile targets because they have so much personal information on hand, such as your Social Security number.” On top of that, they usually aren’t experts at protecting data and may not catch fraud early.
Also, doctors usually keep your records on file for a long time, which can lead to theft and breaches. There already have been several cases of stolen patient data, as demand for these rich troves of medical and financial information grows, according to Privacy Rights Clearinghouse records.
Ask your health care provider not to keep your payment data on file, Pascual says. Also, monitor your bank account information regularly.