Man is charged $4,300 for four burgers. Basically the cashier entered entered the numbers twice. He used a debit card so even though he got the money back it was locked up for a few days. Yet another reason to avoid the things - a hit like that against a credit limit for a few days probably doesn't stop important things from going through like it does with a bank account. Reminds me of this.
While Europe has been using chip & pin for a while, debit cards are just recently starting to catch on in the US. Something that's always bugged me about them (and smart cards without keypads), is that you're entering the secret that's supposed to keep your info secure into a system with unknown security. Whether it be an inadvertent keylogger or as in the case of the recent financial stuff the system storing them someplace it shuoldn't, once it's entered you have no control over it other than to trust the remote end. You have to trust the entire chain to keep your data secure. Schneier has some good info on the recent rash of theft from accounts using ATMs. The part that sucks for consumers on this is that debit cards have no federal consumer protections the way credit cards do. This kind of thing is why the future is definitely going to need to be smart card with keypad or something similar. It's also an example of why biometrics are really bad - if compromised this way, the PIN can be changed. You can't change your biometrics. On the semi-positive side, maybe this will get people to realize typing passwords (including PINs) on random computers is a bad idea.
Copyright ©2000-2008 Jeremy Mooney (jeremy-at-qux-dot-net)