Is your credit card safe at cruising altitude?

December 2, 2012

Maybe it was the Bloody Mary that got Jean Shanley into trouble on a recent flight from Louisville to Las Vegas.

She paid for the $5 beverage with her American Express card and then slipped the card back into her pocketbook, where it stayed for the rest of her vacation. When she returned home, Shanley, a sales associate for a department store in Burlington, Ky., found $1,300 in fraudulent charges on the card — and she suspects that Southwest Airlines is responsible for the security breach.

Travelers are easy prey for “carders,” who take illegal credit card impressions in a crime called cloning or skimming. Airline passengers such as Shanley may feel extra vulnerable, because on a plane, plastic is often the only payment option for beverages, meals or duty-free items. (Airlines euphemistically call it a “cashless environment.”)

Apart from the timing of the charges, several other clues point to Southwest as the responsible party. First, Shanley says, the flight attendant took 15 minutes to return her card; and second, she’d never had a fraudulent credit card charge until she made the in-flight purchase. “I think it’s strange that the charges showed up two days after that flight, and I have never had a problem before,” she says.

Southwest says it isn’t responsible. “Cardholders tend to focus on the last known legitimate charge as being the point of compromise,” airline spokeswoman Linda Rutherford says. “However, our security folks advise us that it could be any number of merchants where the card was used prior to the Southwest flight.” She says Southwest has “no reason” to suspect the crew on Shanley’s flight but agreed to forward her complaint to management “for their review.”

Shanley’s credit card company reversed the bogus charges.

But Shanley’s problem raises two bigger questions for air travelers who want to buy something on board: Is it safe? And is there a way to protect your card?

Here’s the bottom line: Fraud can take place anywhere, even at cruising altitude, and no protection measures are airtight.

Could a flight attendant moonlight as a carder? You bet, says John Sileo, an expert in digital privacy. The gadgets used to perpetrate these crimes are small enough to be concealed in a pocket. “There are skimming devices that are only slightly larger than a matchbox,” he says. “I’ve seen waiters hold the check folio in such a way that they hide a skimmer and are able to skim the credit card while standing at the table.”

An accomplished carder can clone a credit card right in front of you without your knowing it, he adds. “They make it look like they’re sliding the card into the check folio,” he says, “but they’re actually swiping the card.”

The credit card security experts I spoke with say that Southwest isn’t necessarily to blame, because a card can be skimmed anywhere, and the bad charges don’t always appear immediately after the theft. Any time you hand over your credit card, you’re exposed, because you’re giving a potentially dishonest clerk an opportunity to make an illicit copy of your card information from the magnetic strip.

“Once the thief has the credit or debit card data, he or she can place orders over the phone or online,” says data-security expert Robert Siciliano. But thieves can also copy that data onto blank cards, which are called “white” cards. The plastic can even be dressed up to look like a legitimate card, he said.

Such data theft creates a massive money drain. The most frequently cited statistic is a 2010 U.S. Secret Service estimate that skimming is an $8-billion-a-year problem. (It includes ATM skimming, which, as the name implies, happens when you use your credit or debit card at an automatic teller machine.)

I know that it’s a problem, because my own card has been cloned, and I’m not entirely sure how it happened. The last place I’d used the card before the fraudulent charges popped up was in a sandwich shop in British Columbia. But that means nothing. Carders can wait weeks before running fraudulent charges, and I’d like to think that the deli was as honest as the tuna sandwich they made to order.

How do you avoid being skimmed? Identity-theft expert Rob Douglas says that using cash whenever possible is the only way to be safe. He recommends forking over greenbacks for minor purchases typically associated with this kind of fraud. “That includes cab rides, coffee and newspaper kiosks, meals in restaurants located in high-tourism locales, airport vendors and similar operations where a carder can obtain a large amount of card data with little risk of any single stolen transaction being tracked,” he says.

Experts say that the only long-term fix is to tighten security on credit cards by requiring PINs and using security chips that are far more difficult to copy. But American credit card companies have been slow to embrace such changes, citing higher costs and downplaying the security risks.

The next time they do that, maybe they should talk to Shanley or Southwest Airlines — or me.

Loading ...

Ed Boston

Like that is anything new for the airlines. Passengers have always gotten the shaft from the airlines. *grin*
TonyA_says

You still may need to buy bottled water :-)
Ed Boston

The CC companies could save a lot of money if they switched. But the problem is, they have already built in an amount of loss to fraud in the business model they use. As long as the fraud loss is below that limit, they are not going to change, even if it does save them money. Why? Because change involves risks and the costs of those risks are perceived to be greater than the savings.
Ed Boston

It’s been awhile since I have flown, but are the airlines no longer providing cups of water anymore?
TonyA_says

That is the point of the article.
The passenger or the OP got quite inconvenienced by the dishonest airline employee. How about throwing a bone, a certificate?
TonyA_says

Too high a bacteria count! I will buy bottled water instead.
For domestic flights, you can take the one you buy in the terminal.
For international flights to the USA, extra security before you board will confiscate water bottles bought inside the terminal.
Ed Boston

I agree with the airline in this case. How do we know it was a dishonest airline employee? Now if she can prove it was an airline employee, then yes, I think the airline does owe her some sort of compensation. Otherwise, the airline is just one of several possible sources of the breach. Should every merchant she used the card with offer her compensation?
TonyA_says

So now they use card SKIMMERS since no more cash :-)
phenomenallass

I’m flying later this month and had planned to purchase a Visa gift card for small purchases – like this – while traveling. Can be used anywhere a traditional card can be used. Airports are hotbeds for this kind of activity. Why put myself at anymore risk?
TonyA_says

Did the airline bother to investigate the employees that handled the card?
I have had my card skimmed a number of times, mostly in restaurants.
Each time I do report it as a crime with my local police force and each time I bother to call the establishments where I suspect it was done. Most times, I talk to the manager.
I was most impressed by the way Friendly’s handled my problem. The regional manager dug up my charge receipt and identified the waitress that scanned my card. He made an investigation and I was satisfied it wasn’t her. The manager sent me a personal note together with a free meal certificate for the whole family. I had another charge right before that ice cream visit. I took the kids to TGIF in the mall. The TGIF manager told me the store was too busy to track their employees. Hmm, a bad sign.

Anyway my point is we never returned to that TGIF but we still go back to Friendly’s.
I never used my Friendly’s certificate because I did not feel it was right for me to do so. So how about some good PR by sending the OP a small certificate and a sorry note.
Ed Boston

Given that the airlines probably don’t have a live connection, I’m not sure a gift card would work or not. Do you know anyone who have used one on a flight to be sure? The type of card being used is encoded into the CC number and they could be set up to exclude the gift cards. Might want to make sure about this before leaving.
Bill___A

No one should ever disappear for 15 minutes with a credit or debit card. Flight crews need to be educated.

As for the chip and pin thing, I think pretty much everywhere else has it. Going to the USA is like going to a third world country as far as credit cards are concerned. I was in the Samsung Store at the Westfield Mall in London. They actually turned away a man who only had a stripe! I’m sure that is against their card agreement, but the bottom line is that they did it. They said people without chip and pin usually end up paying cash.
Bill___A

Where I live, the pay at the pump device asks you how much fuel…maximum $100 and that’s put on the card as hold. It happens. Apparently, some people have in the past driven off without paying for their fuel, which is probably why they do that.

Ed, you’re not going to change the world. There are some things you can do something about and some things you cannot. You will just make things difficult for yourself if you go off complaining about something like this. It has been pretty widespread up here for years….and no one complains about it.
Rebecca O’Shaughnessy

The gas station sites have control over the processing. They contract with a merchant bank who puts the holds. Also, don’t let them tell you there’s a limit on the amount you can pump imposed by credit cards. They implement the limits at chargeback limits. And if there’s ever an unnecessary hold you need removed, call and ask for a supervisor in the fraud dept. They can reverse the hold. If they tell you they can’t, they’re not a supervisor. Ask for theirs.
Ed Boston

Gee. That’s a good reason to avoid a business. How dare they not perform a function they are neither setup for or required to perform. I know you run a business and take credit cards. How exactly would you investigate a claim one of your employees (if you have any) was responsible? What type of investigation could that regional manager at Friendly’s really of performed? Unless they have access to the transaction from the business where the fraudulent activity took place, they really can’t do anything in the way of an investigation. The fraud took place against the credit card company. Not you. Not the business. Both you and the business have methods for relief and are not responsible for the fraud as long as you have followed the rules. The only entity that can really request an investigation is the credit card company.
Ed Boston

put your credit cards in the same place and carry and extra card? Are you saying to carry the extra card with all your other ones? And is this extra card on the same account as one of the other cards you have?
mikegun

I usually buy a bottle post security anyway. I think water is usually free anyway, poured from a bottle into a cup.

I can’t recall paying for soft drinks.
mikegun

I remember an East Coast to LAX transcontinental non-stop where I paid $5 for the movie. Gave the FA a $20 bill and didn’t get my change until her last pass before landing at LAX. I kept reminding her about my $15 change throughout the flight with the “I’m working on it!” response each time. I kept having to remind myself to not forget my $15. I would have GLADLY had her swipe my card so I could relax!
mikegun

How do we know it was the FA?
TonyA_says

We both IDed the server. And he convinced me her record in the store was pretty good. In fact, she served me ice cream again and again until they shut the store down.
TonyA_says

Who else had 15 minutes of her card?
Ed Boston

So you ID the server and she has a great record in the store. That proves nothing as to her guilt or innocent. I’m pretty sure if she was the one who did it she wouldn’t have done it inside the store. How did he know what she was doing outside the store where the fraud would have taken place?

That is my whole point. A store has no way to really investigate the criminal activities of any of their employees unless the activity happens in the business. And expecting a business to do an investigation is absurd. I noticed that you didn’t bother responding to the part about how you would investigate one of your employees if your business was accused.
Ed Boston

What does it matter? It only takes a second to use a skimmer. The question would be more, “Who else had access to her card?”
TonyA_says

No Ed, what is absurd is your questioning the judgement of the cardholder and the action of the store management.
TonyA_says

No Ed, what is absurd is your questioning the judgement of the cardholder and the action of the store management.
Ed Boston

I am not questioning their judgement, just their ability to perform an meaningful investigation. In the case of the Friendly’s manager, I’m sure his judgement of her inside his business is valid. It’s just they don’t have any valid bases to make a judgement of the employee’s action outside the business. It is absurd to expect any business to perform a criminal investigation when they are not equipped, authorized, or required to do so.
TonyA_says

Southwest does use a hand held terminal so it is unexcuseable for your card to disappear beyond your sight.
I believe they use http://www.guestlogix.com/
mikegun

There’s something bugging me about this that doesn’t seem to add up. How often would someone do this? Is it worth it to just do it once? It seems like the credit card company would see a pattern that Southwest on board purchases appeared on a significant amount of cards that ended up having fraudulent activity. The airline could determine what flights people with fraudulent charges took and compare the FA list of those flights and see common names.

If someone only did it once, I imagine it would be easier to get away with it. But is the investment in the “skimmer” and time to learn how to do the act once worth it?
mikegun

I haven’t seen the other charges on her statement.
TonyA_says

Respectfully, I think you and others are missing the point. Simply stated, by not accepting Cash, the airlines have opened us (and themselves) to more fraud.
mikegun

I think that my question actually makes that point. Very easy to determine if there is a pattern with an FA being a “skimmer”.
TonyA_says

Is half a million bucks good enough to convince you?
http://milepoint.com/forums/threads/former-airline-employee-accused-of-skimming-480-000.3017/
mikegun

Convinced of what?
Ed Boston

Respectfully, I think you are missing the point. The fraud is not against the consumer or the business, but the credit card company. If the credit card company does not feel it is worth going after, there is really nothing you as a consumer or business user can do other than not to use the card.
phenomenallass

These cards don’t function any differently than a secured credit card. They have a real credit card number, cvw2 number and expiration date. Worst that happens is I have to fly without a beverage – no big loss.
Ed Boston

From the user’s perspective, they do not function any differently. However, from a processing stand point, they do. The issuer of the gift cards can put restrictions on what they can be used for or how they can be used. For example, some cards cannot be used for online purchases, even though they have a number and the security code. That requires that before the card can be processed, the merchant’s system must be able to validate the proper use of the card.

Now a merchant can setup an agreement to go ahead and process them regardless. But in those agreements, the merchant also has to accept the responsibility for the fraudulent or improper use of gift cards. Most online merchant agreements have this restriction that since they did not swipe the physical card, they will have to cover certain losses.
TonyA_says

Are either of you an FA? If counting cash causes a safety issue, I bet it would already be subject to a grievance issue since SWA has a union. I believe APFA questioned an airline for it but that was not WN.
jmastron

This sounds like a great reason *to* use credit cards wherever possible, as opposed to cash, checks, or debit cards. Cash can be stolen, change can be “forgotten” or miscalculated (“sir, you gave me a $10, not a $20″ — and in the cash days, it was common for them to take your larger bill and come back much later with the change), can be pickpocketed or taken from your carryon while you’re in the restroom.

And when it happens, you have very little recourse, especially at the moment. With a credit card, you simply aren’t responsible for the fraudulent charges. Sure, there’s some hassle in documenting/detecting/handling it, but less than trying to recover hundreds of dollars in cash. It is definitely a good idea to have an extra card (preferably with a different bank) as a backup.
TonyA_says

How about EXACT CHANGE? Why is that not an option. Look at SWA’s inflight menu. Liquor, Beer and Wine are all five bucks each. It is so easy for folks to prepare to have correct bills. So why did Southwest rob them of the capabality to pay with exact change?
Ed Boston

“Are either of you a FA?” What does that have to do with any part of this discussion?
dourdan

I usually fly Virgin and on Virgin there are card readers on every seat. You scan your card yourself then the flight attendant gets your order (somehow) and your items magically appear.

I think that is perfectly safe.

but any airline where i would have to hand over my card and the flight attendant disappears with it- not so safe.
Ann Lamoy

Agreed. I got a phone call one day from Discover about two years ago inquiring about some large charges on my card. One was for $700 for shoes for an on-line store. I disputed it (since I hadn’t made it) and the rep on the phone went through the last two weeks of charges to see what were mine and what were not. She said it was flagged as a purchase outside my norm. There were four charges totally almost $1000 they ended up reversing.

After that, I went and set up alerts on all my credit cards and am vigilant at checking them every couple of days for charges just in case.
TonyA_says

Here is what he said (without editing) completely:

Identity-theft expert Rob Douglas says that using cash whenever possible
is the only way to be safe. He recommends forking over greenbacks for
minor purchases typically associated with this kind of fraud.

You purposely left out his next sentence (in Chris’ article). Rob Douglas makes a good point using cash for MINOR purchases.
TonyA_says

Here is what he said (without editing) completely:

Identity-theft expert Rob Douglas says that using cash whenever possible
is the only way to be safe. He recommends forking over greenbacks for
minor purchases typically associated with this kind of fraud.

You purposely left out his next sentence (in Chris’ article). Rob Douglas makes a good point using cash for MINOR purchases.
http://twitter.com/PlayYourDay Play Your Day

I would just never use CC on a plane. Why not to use old – fashioned money? They should accept it do they? I’m not sure about US anyways but Im more than sure in Europe..
bodega3

According to our sources within the industry, the carriers were not getting all the money that passengers were giving to FA’s. Some carriers are paying the FA’s a commission on items sold which burns my hide since they don’t pay us anymore for selling their tickets!
bodega3

According to what we have been told, FA’s were not reporting all the money earned on cash sales.
TonyA_says

Well that is the problem the airline was trying to solve (employee theft of airline money). By moving to cashless cabins, the airline had eliminated employee theft of company money, but the bad employees moved to skimming cards instead. There always will be bad apples.

Card skimming is not a victim less crime even if your credit card company waives your $50 liability. At a minimum, the pax is hassled while on the road and when he gets home.

Freedom from Cash benefits to pax is bogus. It penalizes people who want to or need to pay with cash (i.e. UMNR kids who need to buy a meal). Why can’t an airline accept both plastic and cash? Because these airlines only care about their own efficiencies. Too much work for flight attendants? How did we manage to do that work for decades? Did we all suddenly become lazy? Nope, I suppose the airlines did not want to keep on disciplining employees that stole money because that became a thorny union issue ??? So, too bad for passengers who want to pay with cash, both the airline and their employees could care less.

In the future, the airlines will depend on plastic more to sell ancillary services onboard. All of the new for-fee advanced inflight entertainment and communications (IFEC) services need plastic payments. So the message is clear. Use your cash elsewhere except the airlines.
TonyA_says

Wait till they make us pay the Merchant Fees.
Didn’t UA try that some time ago?
Of course you know they do not accept CC for Bulk Fare to Europe – so that is inconsistent with Plastic only in the cabin. The difference is the TA carries the risks.
TonyA_says

You see that is the whole problem. Some people and airlines REFUSE TO ACCOMMODATE YOUR NEED TO PAY WITH CASH or some form that you feel safe with. Some people even refuse to understand why you may want to pay with cash. Imagine an Unaccompanied Minor needing to purchase a cabin meal? How to do that. buy them a gift card???

I don’t charge small items to my card, especially when I am traveling. I feel more secure doing that. So just like you I will skip that beverage :-)

Share: