Tuesday, 3 June 2008

Think Before You Chip and Pin

In a world where you tip by waving your Oyster Card and feed the parking meter by phone, some first hand experience on how safe "Chip-and-Pin" is, and on how to deal with the aftermath of being ripped off and seeing your money disappear to Romania.

Last year during the run-up to Christmas, I stopped at the cashpoint at Cannon Street Station to get some money since the excessive consumption of egg-nog lattes had left me short of cash. Coincidentally checking my bank account online a few hours later, I saw the record of the withdrawal, but surprisingly noticed another withdrawal of a strange amount ending in 74p. Whilst I was still trying to figure out how I would possibly have taken out such an odd sum, I could not rule out that it had been a transaction done a few days ago that had just come through.

In an effort to be diligent and vigilant I contacted my bank (or rather their overseas call centre) in order to find out details about the withdrawal. While they had no more information at hand, I was promised that they would find out more within 24 hours and would contact me once that was the case. In the meantime I cautiously blocked the card.

Within the next day, the call centre called me back but - about half a dozen security questions later - only to tell me that more information had not come through yet. In the meantime, I had realised that not only my card but all my accounts were actually blocked. Which was particularly unfortunate since my -- 2007/credit-crunch/(but nonetheless) -- bonus had just come in which I couldn't access.

A few days, many phone calls later -- with the excuse of technical problems -- I was told that the transaction was a cash withdrawal made in a town that I didn't know. However, Google helped me locate it in the province of Romania. That explained the odd sum, but not how somebody stole my money somewhere in Central Europe.

Naively I believed (in particular given that the Romania and the Cannon Street withdrawals were about one hour apart) that this was quite obviously fraud. To my surprise the (overseas, call centre) clerk revealed to me that my bank would not be able to refund the money since clearly it had been me who had given the details to somebody else.

Well, let's rest here for a second: That's my bank - who I believe am a fairly good client of - calling me a fraud.

I was furious, and after threatening to close my accounts (which since blocking them about a week earlier had actually cost me more in interest than the sum withdrawn to begin with) he reiterated his statement referring to company policy.

Swearing to myself that this was the last time I would ever deal with a help line located further east than Canterbury, I decided to face the enemy and walk into the next branch, ready to cut my ties with this institution.

I would have, if it hadn't been for the fact that the employee in the branch (1) was friendly and apologetic beyond belief and (2) confirmed immediately that they would have fraud departments dealing with this and (3) stated that fraud like this happened pretty much all the time.

Apparently, depending on where you shop, sometimes dodgy employees sell on debit card details (he even knew the price - 20 GBP), get your PIN off security camera tapes, and then -- usually in Eastern Europe -- somebody gets to your money with a fake card, because the ATMs down there cannot read the Chip yet but only the magnetic stripe which is easier to forge.

While this episode had left me furious at times, it also left me with some valuable (and probably very obvious) lessons learnt:

  • Always, always cover your hand typing in the PIN. There are so many security cameras on you all the time, there's likely to be one on you when you Chip-And-Pin.
  • Being the victim of theft, no matter how "clean" and remote it might occur in these digital days, leaves you with the feeling of your privacy being invaded. And even if common sense prevails at the end and you get your stolen money refunded, this is not a good feeling to be left with.
Originally published on HereIsTheCity on 20Jan2008. The original article is available here.