Is your credit card safe at cruising altitude?

Maybe it was the Bloody Mary that got Jean Shanley into trouble on a recent flight from Louisville to Las Vegas.

She paid for the $5 beverage with her American Express card and then slipped the card back into her pocketbook, where it stayed for the rest of her vacation. When she returned home, Shanley, a sales associate for a department store in Burlington, Ky., found $1,300 in fraudulent charges on the card — and she suspects that Southwest Airlines is responsible for the security breach.

Travelers are easy prey for “carders,” who take illegal credit card impressions in a crime called cloning or skimming. Airline passengers such as Shanley may feel extra vulnerable, because on a plane, plastic is often the only payment option for beverages, meals or duty-free items. (Airlines euphemistically call it a “cashless environment.”)

Apart from the timing of the charges, several other clues point to Southwest as the responsible party. First, Shanley says, the flight attendant took 15 minutes to return her card; and second, she’d never had a fraudulent credit card charge until she made the in-flight purchase. “I think it’s strange that the charges showed up two days after that flight, and I have never had a problem before,” she says.

Southwest says it isn’t responsible. “Cardholders tend to focus on the last known legitimate charge as being the point of compromise,” airline spokeswoman Linda Rutherford says. “However, our security folks advise us that it could be any number of merchants where the card was used prior to the Southwest flight.” She says Southwest has “no reason” to suspect the crew on Shanley’s flight but agreed to forward her complaint to management “for their review.”

Shanley’s credit card company reversed the bogus charges.

But Shanley’s problem raises two bigger questions for air travelers who want to buy something on board: Is it safe? And is there a way to protect your card?

Here’s the bottom line: Fraud can take place anywhere, even at cruising altitude, and no protection measures are airtight.

Could a flight attendant moonlight as a carder? You bet, says John Sileo, an expert in digital privacy. The gadgets used to perpetrate these crimes are small enough to be concealed in a pocket. “There are skimming devices that are only slightly larger than a matchbox,” he says. “I’ve seen waiters hold the check folio in such a way that they hide a skimmer and are able to skim the credit card while standing at the table.”

An accomplished carder can clone a credit card right in front of you without your knowing it, he adds. “They make it look like they’re sliding the card into the check folio,” he says, “but they’re actually swiping the card.”

The credit card security experts I spoke with say that Southwest isn’t necessarily to blame, because a card can be skimmed anywhere, and the bad charges don’t always appear immediately after the theft. Any time you hand over your credit card, you’re exposed, because you’re giving a potentially dishonest clerk an opportunity to make an illicit copy of your card information from the magnetic strip.

“Once the thief has the credit or debit card data, he or she can place orders over the phone or online,” says data-security expert Robert Siciliano. But thieves can also copy that data onto blank cards, which are called “white” cards. The plastic can even be dressed up to look like a legitimate card, he said.

Such data theft creates a massive money drain. The most frequently cited statistic is a 2010 U.S. Secret Service estimate that skimming is an $8-billion-a-year problem. (It includes ATM skimming, which, as the name implies, happens when you use your credit or debit card at an automatic teller machine.)

I know that it’s a problem, because my own card has been cloned, and I’m not entirely sure how it happened. The last place I’d used the card before the fraudulent charges popped up was in a sandwich shop in British Columbia. But that means nothing. Carders can wait weeks before running fraudulent charges, and I’d like to think that the deli was as honest as the tuna sandwich they made to order.

How do you avoid being skimmed? Identity-theft expert Rob Douglas says that using cash whenever possible is the only way to be safe. He recommends forking over greenbacks for minor purchases typically associated with this kind of fraud. “That includes cab rides, coffee and newspaper kiosks, meals in restaurants located in high-tourism locales, airport vendors and similar operations where a carder can obtain a large amount of card data with little risk of any single stolen transaction being tracked,” he says.

Experts say that the only long-term fix is to tighten security on credit cards by requiring PINs and using security chips that are far more difficult to copy. But American credit card companies have been slow to embrace such changes, citing higher costs and downplaying the security risks.

The next time they do that, maybe they should talk to Shanley or Southwest Airlines — or me.

Do you feel safe using your credit card on a plane?

View Results

Loading ... Loading ...
Older Comments
  • TonyA_says

    One more Bodega, I understand that the fallback procedure if the handheld terminals don’t work is to use CASH. So they can accept CASH, they just do not want to.

  • Walhon

    As a merchant, I have the option to set up my terminal so any charge of less than $25 does not require a signature nor a PIN number, at the same time, my guys I the field are also prohibited from processing an identical transaction within 10 minutes of each other. Ie there would have to be a 10 minute wait between those bloody marys!

  • Walhon

    It is against the merchant agreement with both visa and MasterCard to charge the merchant fees to the customer. They can add the fees into the price of the product, but cannot add surcharges for using a card.

  • TonyA_says

    Maybe Not anymore??? http://www.nytimes.com/2012/08/09/business/smallbusiness/visa-and-mastercard-settle-lawsuit-but-merchants-arent-happy.html?pagewanted=all

    Wanna pay your New York tax by credit card?
    The State website even tells you that a convenience fee will be added to the tax you will pay http://www.tax.ny.gov/pay/all/pay_by_credit_card.htm
    Good Luck disputing that.

  • TonyA_says

    Walhon, I also have to explain the nature of airline ticket credit card sales by travel agents.
    Most of our CC sales are pass through were the airline itself becomes the CC merchant (via a payment settlement processor called ARC). So the airline actually pays the merchant fees to the CC company (and not us).
    When the airline refuses to do this (no longer wants to become the merchant) the TA must process the CC through its own Merchant account. So the TA now eats the approx 4% merchant fee (high because it is usually card not present). So the TA must pass that added cost to the buyer in some form. If the TA does not make any commission from UA, then it has no choice but to pass it on.

  • Ed Boston

    Doesn’t apply in California. California Civil Code 1748.1 specifically prohibits merchants from doing that. Other states may also have such exclusions.

  • TonyA_says

    Same here in Connecticut. I think there are 10 States that explicit forbid this anyway. It is also supposed to be illegal in NY but I just showed a link where NYS explicitly allows its tax processors to add it :-) So maybe charging a CONVENIENCE FEE is ok.

  • bodega3

    How merchants get around this is to state the cost and if you pay cash, there is a lower price. Happens daily in our business and others, too.

  • jpp42

    Many (most?) domestic mainline flights now have online capabilities, using the ship-to-ground communication facilities provided for Internet. This was one of the reasons that credit card acceptance for purchases suddenly became common/required around the time in-flight Internet was installed on many airlines.

  • TonyA_says

    Yes for the inflight entertainment including internet (i.e. Row44, Panasonic, GoGo, etc.), as well as the phone companies, because these companies themselves built the billing mechanisms. Obviously they need to charge the passenger.
    Now you can’t imagine that the airline will pay these companies just to authorize a $5 vodka (small) bottle. It makes sense only for large items like those luxurious stuff seen on magazines.

  • AUSSIEtraveller

    why is the US banking system so dodgy & so 3rd world ?
    We’ve had PIN’s for credit cards for years now in Australia.
    Oh I forgot, it was the super dodgy US banking system & even dodgier bankers that caused the GFC !!!
    You really should do something about your banking system & your bankers who are ripping you off blind !!!

  • ExplorationTravMag

    @TonyA_says:disqus – but isn’t that how it is in today’s world? Selective editing is used in the MSM all the time to create the greatest amount of angst for the reader.

    No, no, no, no, no, don’t bother with telling the whole story. If we do then people might actually start thinking for themselves.

  • TonyA_says

    Also there is more than one way to look at a story.
    The first is to be completely legalistic and technical without regards to customer service or the feelings of the customer.
    The second is try to understand where the customer is coming from and give them the benefit of the doubt.
    Of course the airlines (a private company) can dictate how they want to get paid. They do not have to accept US currency if they don’t want to. There is no federal law that obligates them to accept cash.
    But then common sense dictates to normal people that if you are a US registered carrier (taking advantage of US taxpayer’s money) maybe you ought to be more patriotic and take US currency.

  • MarkKelling

    The answer is no. WN accepts CREDIT cards only or debit cards with visa/ MasterCard logos that can function as credit cards (i.e. no PIN).

  • MarkKelling

    Most airlines had a continuous data feed back and forth to their planes. They piggyback the credit card transactions on that link (there is surprisingly little data that has to move to get a transaction authorization). And the actual cost of the inflight internet is very low compared to what they charge the passengers anyway.

  • MarkKelling

    Yes, the networks used by all the major credit card companies are secure. They are triple DES encrypted at the very least.

  • MarkKelling

    Have not had my water confiscated on international flights. Just got back from London post Olympics and carried 3 bottles with me I bought in the Heathrow terminal. just over a year ago I flew back from Frankfurt and also carried water visibly in my hand with no issues.

  • TonyA_says

    Always confiscated from Asia. I will test again soon.

  • bodega3

    It isn’t across the board at all international destinations. CUN is where friends had their confiscated.

  • pauletteb

    Southwest is lying through its teeth, and I doubt this is the only instance of CC fraud involving this particular FA. Chris’s bringing this incident to the public’s attention might well uncover additional claims by other passengers on this FA’s flights.

  • http://www.facebook.com/profile.php?id=1275578005 Noah Rosenthal

    I’ve never purchased anything on SWA, but I have on other airlines. When I have, the FA is carrying around a card scanner, and they run the card right in front of me. If that’s how it usually works on SWA, it seems very likely that the FA is to blame. Where was he or she for 15 minutes with the card? Why was he or she gone at all???

  • Ed Boston

    You have no basis for blaming the FA. We only have the OP’s accusation the the FA took the card for 15 minutes. Did the OP order her drink during the regular drink service or did she order it afterward? If ordered afterwards, it’s very likely the FA wasn’t carrying around the terminal or the drink and had to go to the galley to prep it. During that time, other issues may have come up that needed to be address, like maybe the FA had several drink orders. Bottom line is we don’t have enough information and calling the FA a thief (that is basically what you are doing by putting the blame on them) is out of line. We don’t know where else she used the card before or after the flight. Anyone who has handled her card at any time could be to blame.

  • http://www.facebook.com/karaokestar Emanuel Levy

    I am not concerned about someone cloning my credit card. The card company is out the money and if they have enough losses then they will push for more secure cards.

  • http://www.facebook.com/nancynally Nancy Nally

    Like another commenter pointed out, this is just another reason to love Virgin’s seatback system where you scan your card right in the seat back and place and pay for all your orders for entertainment, food and drink right there. It’s convenient (can order food and drink anytime, not just when the food cart happens to go by) and more secure.

  • http://www.cardauthorizer.com/ Accept credit cards

    I won’t even go in to the personal safety risks with carrying a bunch of cash in an unfamiliar or tourist area. When that pickpocket on the metro reaches in to your jeans and lifts your money clip, you’re hosed. Good luck if you’re early in your vacation.

Older Comments