The Toronto Star
Tuesday, January 20, 1998

Huge jump in debit card fraud

by James Daw, jdaw@thestar.ca

Computer spying may affront our privacy watchdogs, but it could have helped Shirley Miles and Obadia Ariss.

Thieves who went on spending sprees with their debit cards could have been stopped in their tracks if computer systems at Toronto Dominion Bank were more watchful.

The trouble is that TD and other Canadians banks still lack the necessary computer systems to monitor unusual account activity with debit cards.

So customers, in rapidly growing numbers, are getting taken to the cleaners by crooks.

Banks have the fine print in their contracts to hold customers responsible if they fail to protect their secret access codes or personal identification numbers (PINs).

Chosing an obvious PIN, sharing it, or writing it in your wallet is like leaving your assets flapping in the wind.

But the good news for absent-minded customers is that their banks are looking for computer software that might help protect them from some losses.

Last year I wrote about Ariss, a talented young piano student from Georgetown who left his jacket unattended at the Royal Conservatory of Music.

A thief snatched his wallet and guessed correctly that Ariss had used his birth year as his PIN. At an automated teller machine, the thief discovered $60 in Ariss's account. Pretending to deposit $1,286, the thief was able to withdraw $400 and spend $319 at a beer store and bars.

The bank refused to come to the rescue, as it would have if Ariss had protected his PIN or if a thief had forged his signature to use a stolen credit card.

Now Shirley Miles, an American retiree living in Toronto, has complained to me about thieves racking up a similar string of unusual withdrawals.

She suspects her wallet, a TD debit card and a Visa credit card were stolen during what seemed like an innocent bit of jostling on a transit bus last Oct. 14.

The thieves went out for a $422 lunch on her credit card, then discovered that Miles had mistakenly kept a record of her PIN in her wallet. They travelled from beer store to beer store spending another $2,600.

"It's a big loss to me and it really ruined my Christmas, I can tell you", Miles said. "If the bank had been on its toes, surely someone should have realized a senior lady would not be going into breweries for all this money."

As was the case with Ariss, the thieves had finished before Miles realized her wallet and cards were missing.

The beauty of automation is that only computers are watching your money most of the day and night, never taking a coffee break or earning credits toward a pension.

Branch employees alerted Ariss's parents the morning after their son's card was stolen when they noticed the empty deposit envelop in the bank machine.

Miles said she simply couldn't remember the strange numbers she was first assigned, and kept forgetting to get into a branch to change them to her liking.

Steven Phillips, director of access cards at TD, said the security of bank cards will always be based primary on customers protecting their PINs.

Scott Saunders, who is responsible for risk management for Visa and debit cards at TD, said "fraudulent activity on debit cards is a relatively new event".

Recent, but growing rapidly. Saunders guessed fraud with debit cards was up 60 to 80 per cent last year from a small base in 1996.

He said all banks are getting ready to have their computers track unusual account activity.

"We are working to be able to track unusual account activity as soon as possible", he said. "A basic system is in place, and we hope to make improvements by the end of year."

The goal, said Phillips, is to have a system that will prompt a telephone call to customers without inconveniencing them or interrupting normal activity.

"We certainly treat this problem very seriously", he said.

Don't count too much on the computer, though. Your PIN will still be your first line of defence.

Copyright © 1998 by The Toronto Star. All Rights Reserved. Reprinted with permission.