So, over the weekend, my bank account was compromised. Interestingly enough, in my circle of friends, I think most would agree I'm the most security concious.
What happened? Without any hint, both my card data and PIN were snooped. I'm still not sure how. This (probably) isn't related to the large CitiBank breach, but most likely just common card snooping. With the fact that I only use ATMs of my home bank, the most common possibility is a fradulent vendor, like a convenience store.
The attacker, created a copy of my card to make a fake deposit (depositing money with an empty envelope) and immediately withdrew the maximum allowed amount of money. The bank, a day later, on the realization of a fradulent deposit, froze my account.
How could such information be snooped? Compromising the magnetic card reader. By making the reader store stripe data one could use that for future card printing. Then, watching or videotaping my PIN input woluld give them the access they need. In terms of security, it's really just promiscuous card activity. Every store I spend money at should be considered a potential security threat. Every time I reach for my bank card, I have to wonder, is this store trustworthy? Is the minimum-wage clerk behind the counter trustworty?
I don't think this is really something I want to constantly think about when spending money. Therefore, to me, this is a simple choice. Immediate withdrawls of money from home-bank ATMs removes the possibility from electronic fraud, and adds to the potential losses from being mugged. I think the increased account security and increase in anonymity is worth it, considering the probability of a mugging is largely a gamble of the contents of your wallet, having a few extra stealable dollars in there won't make me a large target. Being promiscuous with my bank card, however, does.
In wallet-related news, I noticed last thursday, that the Bomber on campus now swipes the drivers license cards of everyone at the door. Not the waterloo student cards, just drivers licenses. Do they realy have a reason for collecting people's licenses? So I think it's time for a BYID, to avoid having such personal information be stored whenever I go to a bar. Getting and using a secondary license could also work, but would voiding the magnetic stripe have unintended legal concequences? Much like the previous story with my bank card, this means that this makes me that much more succeptible to identity theft.
March 15, 2006 at 00:43:13 EST
I should get me one of those cards, for purposes of bar entrance are they also photo ID? That whole swiping the drivers licence is pretty sketchy. I would complain to the school upon the grounds that the Bomber is putting into action a conspiracy that has
March 15, 2006 at 10:08:06 EST
Hey Ryan, Long time no talk/see. That sucks about your bank card. As for the bomber, I'm pretty sure you can avoid the swiping. Any place that does swiping (the post office does as well) you can just say that you would like to refuse it. I'm not sure abo