PIN Paranoia: We Need Consistent Payment Security Standards

I’ve tried it several times in varying positions, and it is not possible to cover your hand over your other hand when entering your PIN at a drive-up ATM while you’re sitting in the driver’s seat of your car.

I’ve tried it with my seatbelt buckled, unbuckled, using my left hand or right hand, and I just can’t do it, even though the little diagram on the ATM indicates that’s how I should be entering my PIN. I know I could get out of the car, but I don’t feel like being that person, while other people in their cars behind me mumble, “What is that dummy doing?”

It’s a drive thru, not a walk thru.

When paying at the gas pump, I’m very comfortable using my entire body and a couple of smoke bombs to conceal my PIN entry, just to be safe.

At Walgreens, I’m not above using distraction techniques such as saying to the person behind me in line, “Hey, there’s a spider on your leg,” while I quickly tap in my four numbers. I’ve started calling this phenomena “PIN paranoia.”

I can and do take all of the precautionary PIN safety steps that are encouraged by the Better Business Bureau: Place my hand over the keypad, avoid using standalone machines and check my account frequently. None of that does any good when there’s some dude in a car 30 feet away collecting my account information with a Bluetooth-enabled skimming device.

As of late last year, there were only about 30 states with laws on the books that make skimming illegal.

Shocking. Not shocking.

I live in Texas. A state that’s incredibly large. A state that gets a little warm in the summer. It’s also a state that is rotten with credit card skimmers. A report earlier this year by the payment processing firm Wex indicated that people living in the Greater Houston area are more likely to have their credit card information stolen by skimming devices than ANYWHERE ELSE IN THE UNITED STATES. Impressive, I know.

Here’s a possible new tourism slogan for Texas: Come For the BBQ, But Don’t Use Our Gas Pumps Because They Probably Have A Skimmer Inside And Our Laws Don’t Do Much To Help – Y’All, Come Again.

As I’m writing this, and just to prove my point about how often skimming at gas stations happens around here, I’ve included a screenshot from my phone of a local news alert of the latest skimming incident.

Last month, Texas Gov. Greg Abbott signed a bill into law that makes it easier to report and prosecute credit card skimming crimes. Until this law goes into effect this fall, if you’re a victim of credit card skimming, you have to figure out where the skimming happened and file a report with that specific town or county. Each place has a different set of laws and one town might not communicate with the county, which then won’t communicate with the town because of the different forms you must fill out. So, good luck to you, person who just blew through Houston on a business trip and found that their card was compromised at a gas station out by the airport. Because, depending on what side of the airport you drove to in order to fill up your rental car, you might be in Houston or you might be in the small town of Aldine, Texas – different laws and different jurisdictions.

Once this new law goes into effect, gas stations will be required to report any skimming crimes to the new state Payment Card Fraud Fusion Center. All of the reported skimming crimes happening around Texas will then also funnel into the PCFFC, which is expected to cut the red tape for consumers/victims to report a crime. Will the PCFFC help solve these crimes and help the victims? The set-up of the new fraud center is pretty light on the details and structure. It seems similar to the CFPB in that there are even conflicting reports of what the organization is actually called: Payment Fraud Fusion Center, Payment Card Fraud Fusion Center and The Center. All we know is that the PCFFC is expected to lose $1.7 million over the next five years while they figure out how The Center is going to work.

Another thing I want you to understand about the PCFFC and the state’s new laws surrounding payment card skimmers: Skimming will become a Class C Misdemeanor for the first offense (the lowest level of criminal offenses in Texas – a possible fine and that’s it), Class B Misdemeanor for the second offense (a couple of weeks in jail and possibly a fine) and a Third Degree Felony offense for the third time caught (two to 10 years in prison).

The lesson here is maybe we should all live in Texas and become skimmers. Just get caught once and then be done. The up front cost to you is just $15.99 for a very-well reviewed “MSR90 USB Swipe Magnetic Credit Card Reader” on Amazon. If you’re an Amazon Prime member, it’s free shipping! Although, if you want to go all Bluetooth fancy, you can get the “Deftun Bluetooth MSR-X6 Card Reader” for $195.

According to news reports, the money being made by skimming criminals appears to be very lucrative. Local and state law enforcement haven’t compiled how much money has been stolen over the past handful of years because they are never sure how long skimming devices are in place before they are discovered. By that time, the criminals are long gone.

No, I’m not seriously advocating to break the law. I’m simply frustrated that our country, states, counties and towns cannot work together to keep our payment systems safe for consumers and members. Not one lawmaking or legal entity appears to want to take this on and own it. I’m holding out a tiny bit of hope that some kind of foolproof payment security bill might come together under the data privacy legislation that credit union organizations and others are supporting. To me, payments and data have merged into the same thing. Our lives, data and money are all connected and it’s time lawmakers figure this out and lock it down.

For me, my security fix is using Apple Pay almost exclusively for gas, groceries, prescriptions and basically everything. If a gas station or retail store doesn’t use Apple Pay, I’m not shopping there because it’s become too risky to use an actual credit or debit card. Down here, those things are dangerous.

Michael Ogden is editor-in-chief for CU Times. He can be reached at mogden@cutimes.com.