It was an enjoyable Saturday night, when a friend of mine suddenly received an SMS notification telling him that his card was charged at least 550 EUR… in Greece. “What the…?”, was all he could say. While we were engaged in a vivid discussion and called the bank to block his card, the people in Greece did not waste any time; my friend’s bank account lost another 1200 EUR.
This occurred six months ago. The bank — I won’t mention its name, but rest assured that it is a highly rated bank— refused to cover the loss. My friend resorted to suing them, provided his wife is a lawyer and has knowledge of these things. Ultimately, they lost the case, with the court ruling in favor of the bank.
The arguments that the bank used to claim self-defense were pretty straightforward: the transaction at the Greek ATM involved the credit card and the correct PIN, which is sufficient for authorization. There was ample proof that the legitimate cardholder was somewhere in Moscow’s outskirts at that time, yet it was not enough.
We are all aware of the hordes of hackers, phishers and other misfits who constantly seek out ways to strip our pockets of money and our devices of data. But this story is not about the Internet. The fact that these culprits used a magnetic strip and a PIN proves this was all being done offline.
It is likely that the card was hijacked when my friends went to a Bulgarian ski resort. They used the card to pay at several local restaurants. The waiters would take the card away, giving them many opportunities to swipe the card through a scanner. Looking at a PIN while one types it on a POS terminal is not difficult; usually we are a bit apprehensive to cover the key pad when entering the code, as if ashamed of ourselves, thinking someone would consider us some sort of paranoid weirdo.
But what about encryption built into the chip? Well, there was no encryption as there was no chip. The bank thinks it is better off issuing basic cards with a magnetic stripe, although in that case forgery becomes a piece of cake, even for petty criminals.
"Five lessons I’ve learned from having my credit card hacked" https://t.co/TQHBbK0Oqw
— Eugene Kaspersky (@e_kaspersky) November 13, 2014
This next story happened to me. I went to a conference in the US accompanied by friends and colleagues. We decided to devote some of our time there to a little tour in Northern California, where we could see hot springs and sequoias, do some hiking and breathe some fresh air. Upon arrival to San Francisco, we rented a car and went up North. After a tiresome flight we stopped in a small town to rest.
We parked our car a few dozen meters away from the canteen, leaving our luggage in the trunk (‘What could possibly go wrong? It’s the US, after all, it’s safe everywhere.’). By that time, all of us had been to the US several times, so we took exhaustion as a legitimate excuse for lax security.
After a half an hour, feeling well-fed and satisfied, we left the canteen only to find the car’s window broken and our rucksacks gone, along with all of the priceless contents they held: laptops, cameras and many other valuables, including passports.
Upon seeing the degree of destruction, we called 911 and listened to the ladies suggesting that we file a complaint online (without our laptops, sure). We urged the canteen to show us their surveillance recordings (in vain). We wandered around (hoping the thief had thrown out any ‘unnecessary’ contents). We drove through the town in search of a precinct (again no luck in the dead of the night).
We even tried to hitchhike with a police car. We talked to policemen, who empathically and wearily admitted they could be of no help, explaining that the district was dangerous, and such things happened daily. We imagined how cumbersome it would be the next day when we returned to San Francisco and had to go to the consulate in an attempt to restore the necessary documents to go back home.
We got lucky. The next morning, the management of a nearby hotel found our passports and stripped rucksacks. Having found confirmation documents from our motel, the owner called there to check. Thank you universe for having such people in the world.
Obviously, all of the valuables were gone, including expensive Carl Zeiss lenses, totaling up to $10K+. We decided to stick to the route, though we had to resort to shooting landscapes of unbelievable beauty by the mediocre cameras on our mobile devices.
A little bit of healthy paranoia would not do any harm. It has its merits, even on holidays.
Tweet
The thing that struck us most was that none of us would have left valuables in a car in Moscow, especially documents; everybody knows it’s dangerous and no one would find the lost possessions should anything happen.
What is the takeaway?
Christmas vacations are coming. Some of us are looking forward to overseas vacations and some of us will stay home. Whatever the case is for you, you will surely want to relax and get rid of all your daily thoughts and problems.
Go for it, but keep in mind that a little bit of healthy paranoia would not do any harm. It has its merits, even on holidays.