It’s a topic I’ve touched on several times: Debit cards have their uses, but high-dollar (“Death of a Debit Card”) and online purchases (“Debit Card Peril”) aren’t among them.
This morning my wife received an email from one of her online acquaintances — I’ll call her Barbara. Barbara’s letter read like this:
Unfortunately, I have become the latest victim of internet fraud. Even though I thought I was taking enough precautions to make online shopping safe — I use McAfee Firewall Protection, VirusScan, Ad-Aware, and ZoneAlarm to protect myself from viruses and hackers and made sure I was using “secure” sites — somehow the crooks still managed to steal my information.
It happened this week when I purchased theater tickets from telecharge.com using my Visa CheckCard. I ordered the tickets on the 16th – total $353.50. Yesterday, I saw the purchase posted to my account, but I also noticed a pending transaction for the same amount on the same date for an “Oliver and Wildgoose,” a company I never heard of. After spending hours on the phone with the bank and with Telecharge, I discovered that Oliver and Wildgoose is the name of a liquor store in the Bahamas.
I thought that since the transaction was listed as “pending,” I’d caught it in time to “stop payment,” like you can do with a check. It doesn’t work that way with a check card. “Pending” means the funds have already been extracted — they are just not officially posted to the account yet. So, the money is gone. Today I have to go to the bank to file claims, open a new account, order checks, etc. — I’ve been told it could be up to 90 days for the investigation to be processed. Hopefully, I will be able to recoup the $350. I also need to file a police report and put a fraud alert on my credit report in case this individual (who is evidently partying it up right now in the Bahamas) plans to steal my identity, too.
Ain’t online life grand? I consider stories like this — and it isn’t the first debit-card disaster I’ve heard — just more ammunition to strafe away at Dave Ramsey’s admonitions that “All you need is a debit card.” Here’s a little tidbit from DaveRamsey.com, in fact:
If you “have to” use plastic, I suggest a debit card. I use them for travel and the occasional convenience of ordering something over the Internet or phone. Other than that, I use cash.
Knowing what I do, I’ll state here and now that preaching “debit card exclusivity” is stupid advice. It’s horribly naive, in my opinion, and laughably unrealistic.
The last part of Barbara’s email also bears repeating here, I think:
The lessons I’ve learned that I’m passing on:
1. Don’t use a check card for any online purchases!!!
2. Don’t use a check card anywhere where you can’t physically watch the salesperson swipe the card — restaurants and gas stations included.
3. If you’re going to make an online purchase, find out if your credit card company offers a “disposable” number designed for one-time use. If you’re a Visa customer, sign up for Verified by Visa.
4. Monitor your accounts closely (luckily I do) and keep all receipts in a safe place.
5. Make sure you have up-to-date hacker protection!
6. Find out the privacy policies and security measures of any online merchant you use. Know that even “secure” sites can be hacked.
7. If you use a check card, find out what your bank’s policies are when it comes to filing fraud claims.
Caitlin wrote:
Sometimes I think I’m a crackpot for avoiding these…this just makes me feel like I’ve made the right choice.
I hate those things.
Anonymous wrote:
I guess I should probably look into getting a credit card now. thx for the reminder.
mahendra kumar dash wrote:
It is a rare case and an exception.
It normally does not happen as a matter of routine for all.Debit Card is safe as long as you keep the password close to your heart.There may be other good stories and experiences on debit card as well.
Barbara wrote:
Actually, the earlier comment that this is a rare occurrence is wrong. The customer service rep at my bank who has been handling my case said it personally happened to him and to another member of his family. He noted that *several* of these cases come in each week. How is the info being stolen? I don’t know for sure. But I can assure you that I’ve *never* shared my PIN with anyone EVER. I’m not saying debit cards need to be avoided altogether, but they should DEFINITELY not be used for internet purchases. And people should be aware that if it happens to you, your bank won’t necessarily provide the same protections that you’d have with a credit card. It’s frustrating to have to wait up to 90 days for an investigation to be completed before I can access MY money!
Anonymous wrote:
People I’ve heard that had identity theft on their debit card where always refunded by their bank. Why get a credit card? When you play with snakes, you will eventually get bit.
Jesse wrote:
>>When you play with snakes, you will eventually get bit.<< I just can’t agree with that statement. It’s said often by DR, and makes for good radio, but it just doesn’t hold true. If credit cards are handled maturely, and with discipline, they’re quite convenient – and the advantages far outweigh those of a debit card.
Anonymous wrote:
I am so glad that you posted this story. Just this weekend I purchased tickets through Telecharge and just saw today that the same amount as the cost of the tickets was also debited from my acount by “Oliver and Wildgoose”. I had also never heard of this name so I googled it and your story came up. I immediately called my bank and was able to put a stop payment on the charge, but if I would have noticed it tomorrow, it would have been too late!
I am sorry that you were not able to stop payment on yours, but thank you for sharing your story…it saved me the time it would have taked to investigate it.
Be careful when purchasing items online…especially through Telecharge!!!
Anonymous wrote:
The same exact fradualent act happened to me after purchasing tickets through telecharge Saturday, 14 January 2006 in the amount of $439.00. What surprised me is, upon searching on the Oliver and WildGoose this site immediately came up. However upon bringing it to the attention of Ticketmaster Management was not aware. They asked if I would forward this to them. Nevertheless, I am going through the same cleanup process – completing the police report, filling the bank affidavit to begin the investigations and I plan to take it a step further in reporting this incident to FBI with the additional information I obtained. I also agree with all of the lessons learned.
amarieb410@aol.com
Jennifer Tattenbaum wrote:
We at Telecharge.com wanted to provide an update on this issue. We take security breaches and fraudulent orders very seriously, and performed a thorough investigation of this issue. Our research revealed that there was no security breach or fraud, and no personal or financial information was obtained by any third parties. The problem was due to a bank processing error which caused a double charge–first to us at Telecharge.com, and then to Oliver and Wildgoose. We have worked with our bank to resolve the cause of the processing error, and the problem will not occur again.
Anonymous wrote:
Jennifer, it has been a year and this issue has not been resolved. Oliver and Mongoose still has authorization to access money from accounts off of your website ticket sales. It just happened to me. Now all I can do is wait and see how much money they will take…
Anonymous wrote:
I checked my Citi Bank account today and to my surprise there were two attempts to withdraw money from my account from Oliver and Wildgoose Feeport, The Bahamas. There attempt was not successful but the trail leads to Telecharge……….I thought that purchasing tickets from this company was a safe environment! I guess not!!!!!!!!!
ekadasia wrote:
I was just going through my comments and came across this article and my comments which is 4 years old.But still I stand by it.
Yes on purchases,may be where signature is required,there the ME trust the Crad holder and does not match the signature.
Hacking of PIN unless revealed by user is a very very rare phenomenon.
You can check again.Probably the Bank's agent is involved and it is the smell of a fraud which normally happens.But check with any agencies ,they will say hacking of ATM PIN is not a usual event like password heacking and specially if not done online.
I can provide as much details as you want.
Mahendra Dash
ISACA member ID 436532