Is your credit card safe at cruising altitude?

December 2, 2012

Maybe it was the Bloody Mary that got Jean Shanley into trouble on a recent flight from Louisville to Las Vegas.

She paid for the $5 beverage with her American Express card and then slipped the card back into her pocketbook, where it stayed for the rest of her vacation. When she returned home, Shanley, a sales associate for a department store in Burlington, Ky., found $1,300 in fraudulent charges on the card — and she suspects that Southwest Airlines is responsible for the security breach.

Travelers are easy prey for “carders,” who take illegal credit card impressions in a crime called cloning or skimming. Airline passengers such as Shanley may feel extra vulnerable, because on a plane, plastic is often the only payment option for beverages, meals or duty-free items. (Airlines euphemistically call it a “cashless environment.”)

Apart from the timing of the charges, several other clues point to Southwest as the responsible party. First, Shanley says, the flight attendant took 15 minutes to return her card; and second, she’d never had a fraudulent credit card charge until she made the in-flight purchase. “I think it’s strange that the charges showed up two days after that flight, and I have never had a problem before,” she says.

Southwest says it isn’t responsible. “Cardholders tend to focus on the last known legitimate charge as being the point of compromise,” airline spokeswoman Linda Rutherford says. “However, our security folks advise us that it could be any number of merchants where the card was used prior to the Southwest flight.” She says Southwest has “no reason” to suspect the crew on Shanley’s flight but agreed to forward her complaint to management “for their review.”

Shanley’s credit card company reversed the bogus charges.

But Shanley’s problem raises two bigger questions for air travelers who want to buy something on board: Is it safe? And is there a way to protect your card?

Here’s the bottom line: Fraud can take place anywhere, even at cruising altitude, and no protection measures are airtight.

Could a flight attendant moonlight as a carder? You bet, says John Sileo, an expert in digital privacy. The gadgets used to perpetrate these crimes are small enough to be concealed in a pocket. “There are skimming devices that are only slightly larger than a matchbox,” he says. “I’ve seen waiters hold the check folio in such a way that they hide a skimmer and are able to skim the credit card while standing at the table.”

An accomplished carder can clone a credit card right in front of you without your knowing it, he adds. “They make it look like they’re sliding the card into the check folio,” he says, “but they’re actually swiping the card.”

The credit card security experts I spoke with say that Southwest isn’t necessarily to blame, because a card can be skimmed anywhere, and the bad charges don’t always appear immediately after the theft. Any time you hand over your credit card, you’re exposed, because you’re giving a potentially dishonest clerk an opportunity to make an illicit copy of your card information from the magnetic strip.

“Once the thief has the credit or debit card data, he or she can place orders over the phone or online,” says data-security expert Robert Siciliano. But thieves can also copy that data onto blank cards, which are called “white” cards. The plastic can even be dressed up to look like a legitimate card, he said.

Such data theft creates a massive money drain. The most frequently cited statistic is a 2010 U.S. Secret Service estimate that skimming is an $8-billion-a-year problem. (It includes ATM skimming, which, as the name implies, happens when you use your credit or debit card at an automatic teller machine.)

I know that it’s a problem, because my own card has been cloned, and I’m not entirely sure how it happened. The last place I’d used the card before the fraudulent charges popped up was in a sandwich shop in British Columbia. But that means nothing. Carders can wait weeks before running fraudulent charges, and I’d like to think that the deli was as honest as the tuna sandwich they made to order.

How do you avoid being skimmed? Identity-theft expert Rob Douglas says that using cash whenever possible is the only way to be safe. He recommends forking over greenbacks for minor purchases typically associated with this kind of fraud. “That includes cab rides, coffee and newspaper kiosks, meals in restaurants located in high-tourism locales, airport vendors and similar operations where a carder can obtain a large amount of card data with little risk of any single stolen transaction being tracked,” he says.

Experts say that the only long-term fix is to tighten security on credit cards by requiring PINs and using security chips that are far more difficult to copy. But American credit card companies have been slow to embrace such changes, citing higher costs and downplaying the security risks.

The next time they do that, maybe they should talk to Shanley or Southwest Airlines — or me.

Loading ...

http://flyicarusfly.com/ Fly, Icarus, Fly

Like you said, this can happen anywhere. If the limit for which you’re responsible is $50, then personally, I probably wouldn’t take any countermeasures (like having loads of cash on me). That said, I’d probably change my tune if my card did get cloned and I had to wade through the hassle of setting it straight…
bodega3

Is card safe being used on a plane? Just as safe as any place else. What all travelers should have are at least 2 cards, if not 3 with them so if they check their accounts while traveling and have to cancel one, there is still one left. I called my credit card company about a charge on my bill that wasn’t mine and while I was speaking to them, my card was being used at a major department store, but I wasn’t the one using it. Credit card thieves have ways most honest people don’t even thing of or know about in obtaining your card information.
Leslie

My Best Buy card got cloned — it happens – and the fraudulent charges were reversed. It happens – its inconvenient and annoying but that’s the way it is
sirwired

It’d be pretty tough to be a “carder” on-board an aircraft. The space is just too cramped, making it way too easy to get caught. In addition, any carder that uses the skimmed number so quickly is going to get caught, FAST. All it takes is a few people that pay for their drinks with they same card they use to book the flight; the full ticket information is part of your credit card bill; the bank knows what day you were supposed to fly.

Frankly, Credit Card Fraud is such a low-impact crime for consumers, I have a hard time getting worked up about it. You call your bank, they reverse the charges, issue you a new card, end of story. Maybe the merchants get burned, maybe their bank, or your bank, takes it in the shorts instead…

As a vaguely-related side-note: If this had been a non-PIN-Debit, this story could have been much worse for the OP. Friends Don’t Let Friends with Access to Credit Carry non-PIN-Debit.
http://elliott.org Christopher Elliott

Well, that’s the thing — many airlines have card-only policies for paying for items on board, so we have not choice but to use a card.
TonyA_says

Can you use a pin only debit card onboard a southwest flight to buy food?
lost_in_travel

I agree the most important thing is to carry more than one card so if a problem arises, one can still function. And don’t forget to tell your cards when you travel – especially out of the country. I joke that I often don’t tell my mother as much about my travels as I have to tell my credit card companies, but my mother does not monitor my activities as closely either!
I try to use one card for all the charges on one trip so my book keeping is easier, but the back up card is always ready.
And don’t forget about the “holds” that various hotels and gas stations put on. The gas station on the highway put a $100 hold as well as the $54 charge for the gas that went into my tank on my card. And the two hotels each with about $50 beyond the room charges. Fortunately at this time in my life, it is no big deal on my credit limit, but there was a time that this would have been very important to me.
Cybrsk8r

How about a re-loadable card for use on planes? You stop at a kiosk in the airport, stick-in two $20 bills, insert the card and presto, you now have a limited liability card for use on the plane. Similar to those use-once throw away American Express numbers for use online. Scammers would not bother trying to skim these cards since the small amount they’d get wouldn’t get enough to make it worth their time.
technomage1

I’ve had my credit card number stolen and used twice. Both times it was embarrassing (having your card declined at the register is not fun). But a quick phone call and confirmation of the purchases I did and did not make solved the problem. It was a pain waiting for a new card to arrive in the mail too. Still, though, I’ve never been on the hook for any fraudulent charges and I’d rather the credit card companies deactivate my card when they see questionable purchases.

As others have pointed out, it happens everywhere. Unfortunately, it’s the price we pay for having the cards.

I will note though, credit cards and debit cards can differ in their protection for consumers. I refuse to use debit cards because if they do get that number, they can wipe out your bank account and you have less protection with a credit card, in addition to any pain you may feel from checks bouncing, etc. Instead, I use my credit card and have set it up so it deducts from my account automatically every month. Essentially, I’m using it as a debit card but I still have all the protections of the credit card plus bonuses like cash back.
technomage1

I disagree that credit card fraud is a low impact crime for consumers. Merchants actually pay the credit card companies a fee to be able to offer their services. Now, this varies but is typically a percentage of the total sale. It ranges from .5 to 2 percent for most merchants. This rate covers the credit card companies expenses and profits. The credit card company usually is the one to “eat” the fraudulent charges. So they pass that along to the merchant in terms of higher fees, who passes it along to consumers in terms of higher prices. Yep, we all pay a higher price in the store for the ability to use credit cards and for fraud on those cards.

It would be better to say that credit card fraud is not as visible to consumers, but it sure has an impact on us.
TonyA_says

If you read the reason why airlines moved to card only on board, it is because Cash was disappearing between the FA -Station – and HQ. In other words there were dishonest FAs for the same reason there are dishonest cops and stockbrockers.
Having said that, then why should anyone be surprised that an airline employee can be a thief?
Ed Boston

“It’d be pretty tough to be a “carder” on-board an aircraft.”

Not true. In the case of this story, it sounds like the attendant took the card away to be processes (First, Shanley says, the flight attendant took 15 minutes to return her card). If they go somewhere else to process the card, you put yourself at greater risk of carders. I also remember a story some time ago about a pair of carders working together on a plane. The attendant got the card information and then sent their partner the info while they were still in the air.
TonyA_says

It also harder to save money when one has a credit card or credit for that matter. People tend to buy more when they can charge it. That has profound socio-economic effects. Just ask young grads with massive school loans and credit card debts. Promoting the use of credit is the wrong message to send to anyone.
Ed Boston

A $100 hold at a gas station? I have never seen that happen. I see a $1 “hold” that is used to validate the card is good. If it is a terminal at a pump, the station, from what I have been told, has no control over the processing and couldn’t change it. If you take it in, that is a different story. In that case, I would report the station to the card issuer and if it is a brand name station, report it to the company headquarters and never shop at any of those stations again.
Ed Boston

In regards to that $50 liability limits, a lot of card issuers even waive that fee. All the cards I have had over the past several years waived the fee. When shopping for a new card, that is one item that should be on the check list. If not, keep looking.
NakinaAce

How could you possibly write this whole piece without mentioning even once that the card holder is only ever responsible for the first $50 and nothing after that and after you report a problem you are responsible for nothing. That is a matter of law. All this jazz the CC companies give you about protecting is really only about protecting themselves. That is fair enough except when they routinely deny charges based on some far fetch model that doesn’t include someone like yourself.
TonyA_says

I understand that some airline onboard credit card terminals or scanners do not have online communication capabilities so they do not have the capability of checking a bogus card or authorizing a sale. That said, what is to stop the public from using bogus cards or disputing their purchases alltogether?
scapel@suddenlink.net

It is just as safe as being used anywhere else. I have had a card comprimised in the past and also had a fraudelant check hit my bank account. One has to go through the process of changing the account number. Witha all the automatic withdrawels and social security deposits that can be a pain to change. I have a card that automatic charges are posted to, but that card never leaves my house.
technomage1

True, you need to be able to have some fiscal discipline with my method. Guess that excludes Congress from using it, huh?
TonyA_says

The longer your card is out of your sight, the more unsafe it becomes.
Of course, this assumes you are not putting the card through a skimming device yourself.
TonyA_says

The government is the worst example since they can print money and spend it.
http://www.facebook.com/tjwoody Tim Woody

OK. It’s too expensive to provide more secure credit cards??! Preposterous! If you have a card that with annual charges It is certainly within the realm of reason to expect that the annual fee would be used to provide a more secure card. After all, once the security system is in place the cost of maintenance is significantly lower than the establishment of the system. Card fees, however stay the same or creep up. It is absurd to think that it is “too expensive” to establish a more secure credit environment. The cost of fraud and identity theft overshadows the cost of the security system.
mikegun

I understand the risks of using a debit or credit card vs. carrying cash. I prefer using a credit card when traveling.

I have yet to encounter a situation on-board where I was forced to pay for something mandatory. I can skip the Bloody Mary. I can pay cash for a sandwich at Subway and bring it on-board. I can even bring my own entertainment and headphones. In other words, I can easily boycott.

I can also adapt If I choose not to carry a credit or debit card. I could keep a MC/VISA/AMEX or Discover gift card in my wallet for situations like this. As someone else mentioned having a gift card dispenser at the airport for buy on board sounds like a good idea.
TonyA_says

Chip and Pin? And handheld terminals. Like in Europe.
Ed Boston

“Too Expensive” to the card companies means the cost of fraud has not exceeded the amount they have allocated to losses from fraud. Once the cost to the bottom line from fraud loss exceeds this amount, then it won’t be too expensive. Until then, the money lost in fraud is built into the merchant fees and card holder interest rate and fees.
SoBeSparky

One does not want to use a debit card anywhere you suspect fraud is prevalent, as money is transmitted immediately from your account.

Someone observing the PIN and skimming the card can easily take a lot of cash from your account. That is cash you no longer have for your trip. at least temporarily.

Fraud with a credit card means you owe more money, up to a maximum of $50 usually. Fraud with a debit card means the cash is gone. The terms of getting money back with debit card fraud are different. According to federal law and regulations:

“For example, if you report the (debit card) loss within two business days after you realize your card is missing, you will not be responsible for more than $50 for unauthorized use. However, if you don’t report the loss within two business days after you discover the loss, you could lose up to $500 because of an unauthorized transfer. You also risk unlimited loss if you fail to report an unauthorized transfer within 60 days after your bank statement containing unauthorized use is mailed to you. That means you could lose all the money in your bank account and the unused portion of your line of credit established for overdrafts.”

Your bank may or may not offer more protection than federal law. The point is that using a credit card is almost always a safer proposition than a debit card. So on line, or in public, you usually get more fraud protection through a credit card. In certain circumstances your cash can be drained by a debit card without recourse.
lost_in_travel

Yup, Gulf station on the Mass Turnpike at the pump. My car can’t hold that much fuel, but a pick up truck can. I should have filled my tank before I left home, but I did not. Next time I will.
Ed Boston

“How do you avoid being skimmed? Identity-theft expert Rob Douglas says that using cash whenever possible is the only way to be safe.”

Carrying cash may be the best way to avoid being skinned, but the risks in carrying cash I think far out weighs the risks. When you carry cash, if you lose your cash or, heaven forbids, you get robbed, your cash is gone. Bye-bye. Never expect to see it again. However, if you lose your card or it is stolen, Most you can lose is $50 and as I have mentioned before, that is often waived. Personally, I will continue to carry plastic over paper in my day to day activities. When I travel, I do carry some cash, but not a lot and never in my wallet.
Ed Boston

It’s not the cost of the new secured cards and terminals, but the underlying infrastructure that has to be in placed to support it. Secured cards have been around for years and really are not that expensive. It’s a reliable system to handle the security that is the issue.
Ed Boston

Did some googling on it and sure enough, found several references to stations doing this this. That is just outrageous. Like I said, I would report them to the credit card company, the card issuer, and in this case, the corporate headquarters and never get gas at a Gulf station again.

I haven’t seen a Gulf station in years and didn’t realize they were still around. If I ever see one again, I’ll be sure to keep on going.
Luc Terje

This is exactly why one should NEVER use a debit card to buy anything. Her bank account would have been drained while she was on vacation, and she’d have to duke it out with her bank to eventually get her money back (2-3 weeks).

With a credit card, she’s not out any money, and just calls the card company to fill out a report to get the charges removed.
TonyA_says

My question is can you use it? How will a user input his Pin on a southwest terminal
Ed Boston

Not seeing the terminal used it would be hard to tell. It most likely has a keyboard, how else could they tell the terminal how much to charge. So if it has a keyboard, the PIN could be entered by the user by handing the device to them to enter the number. What would probably determine if it could be used for PIN purchases is the type of data connection they have during flight. If they have a live connection, then it *could* be set up for PIN use.
TonyA_says

Are you serious? You mean the telecommunication networks used by Visa, Master and others are not secure? I thought the card information is stolen at the point of sale or from a Merchant database if they store the info.
LBJROCK

So, the airlines removed cash because they don’t trust their employees, but we’re supposed to hand our credit cards over to them to pay for things?? Yikes.
Stephen0118

I believe some credit card companies offer you the option of using a ‘variable’ cc number where it’s only good for that transaction. I know of one mine does that (I can’t remember which one.
Ed Boston

That is not the infrastructure I was referring to. Hopefully the telecommunication network used are secure. It’s the infrastructure inside the card company’s IT department the secured external network talk to. You have to have a system that can process the secure ID information being sent to determine if it is valid. That is where a lot of the expense can occur.

You also bring up another point a lot of people don’t realize. A lot of merchants processing systems record your CC number. I have had several instances (Best Buy and Walmart being two large companies I have had this happen with) where I was returning a product. They scanned the receipt and put the credit back on my card without me even showing them the card. How can they do that without storing the number? A lot of the large data breaches have been because someone hacked into a merchant’s system where the numbers were stored unencrypted (.i.e. TJ Max). Merchants are allowed to save your CC number as long as it is secured, which requires encryption. When such a breach occurs, the card companies can go back to the merchant to recover the money because they violated the merchant agreement.
Ed Boston

Yes, but that is only for online transactions. Kind of hard to present a card with a variable number unless you have an embossing machine with you. :)
TonyA_says

Everyone should read this http://www.flightglobal.com/blogs/runway-girl/2011/07/free-beer-in-flight-but-only-i.html
Ed Boston

Looks like that story answers your question about PIN purchases inflight. Without real time validation, it can’t be done. They are not allowed to record your PIN like they can with the number.
Catherine

You can set up alert systems with your credit card to get an email every time your credit card is charged. If you do have trouble with it..you will know it right away. Also traveling with more than one card is important so that you have a backup on a trip.
Ed Boston

Those alerts are dependent on the issuer. Not all of them have that feature. I do on my cards and I use it. However, the alerts can be delayed. I had one alert come 2 hours after the purchase was made. Most of the time, I get the email while I am still at the register or before I have left the store. Even with the delay, that is plenty of time to notify the issuer of a problem.
TonyA_says

As far as I know CC companies have low limit caps for onboard charges for this reason.
Qatar airlines, as far as I know, worked on a solution with their handheld terminal vendor so they could charge high value duty free items onboard. Unless airlines are willing to pay ARINC for using their credit card transmission application then the airlines need to figure out how to get online authorization up in the sky.
mikegun

It’s not only because of missing cash, it’s also more efficient to not handle cash. Makes the turn more efficient once they land.

Skimming is a problem in any establishment that handles cash.
Ed Boston

That’s really not that hard. Satellite network connection are available. They have automated tracking systems for the satellite dish to keep the connection. The issue is the costs to the airlines. Is it worth it? Seems most of them are saying no at this time.
cjr001

“First, Shanley says, the flight attendant took 15 minutes to return her card”

Well, this would certainly be the center of my argument, were I in Shanley’s position.

Why did the flight attendant walk away with the card at all? Does Southwest not use handheld card readers like United and Frontier (the only two airlines I’ve flown in recent years)?

Such readers at least keep your card in sight and no more than a few feet away. Yes, there are skimmers, as the article points out, but with your card in sight, it at least prevents some opportunities… like it disappearing for 15 minutes.
Ed Boston

That’s true Mike. I remember several flights where I had a seat in the back and the attendants would have to spend a good portion of their time counting and recording not only their till, but verify the amounts of the other attendants. That required at least two attendants to be away from their primary job of safety. It also required the aircraft to be equipped with a secured drop box or safe to store the money in.
MeanMeosh

“How do you avoid being skimmed? Identity-theft expert Rob Douglas says
that using cash whenever possible is the only way to be safe.”

Suggesting that you keep a big wad of cash on your person on vacation is quite possibly the worst advice you could provide. I won’t even go in to the personal safety risks with carrying a bunch of cash in an unfamiliar or tourist area. When that pickpocket on the metro reaches in to your jeans and lifts your money clip, you’re hosed. Good luck if you’re early in your vacation. While a pain, a credit card can be replaced.
TonyA_says

So they passed the problem to us, the passengers :-)
cjr001

Also, when you get down to it, credit card companies really are partly to blame. As the article notes, they have been pathetically slow in adopting the pin system used in Europe. How can it possibly cost more to switch to that system than they’re paying now for credit card fraud?

Share: