Identity theft issue

When I got a mini-statement at an ATM two weeks ago, there were some withdrawals entered on it which I did not make (I verified this later with the bank). The bank duly voided the ATM card I had at the time, and issued me another one–which I have waited to validate. The last time I reported the loss of an ATM card (before the last one I had was issued ansd validated), I had properly reported thus to the bank.
What I want to know is whether it was possible for a bank ATM card I’d lost–which I assume the bank voided after my report–to be used by anyone, me or any other person, after the fact.

IF the bank properly voided the card like they said, then the old card would not be valid for any electronic transactions after that point. Two possible exceptions:
[ol]
[li]If someone used the card (and got authorization) after you lost it, but before you reported it lost, those transactions would probably go through, and may take several days to clear.[/li][li]Transactions where the merchant does not do electronic verification, but submits paper copies of credit card transactions (are there any of these places still around?)[/li][/ol]

Well, assuming No. 2 is the case (I had lost the card two months before), then the business that accepted the card (the same one each time!) will be in deep trouble with the bank!

Point 2 is moot is the card is just an ATM card, although nowadays do banks ever issue “just an ATM card”? Or is it always a Visa/MasterCard-branded debit card?

Yup, I have a “just an ATM card”, with none of that new-fangled debit branded stuff.

I specifically requested it with Key Bank, got issued a new one when Key was gobbled by Dime Bank, and got another one when Wamu ate Dime. Wamu’s issued me a replacement when my original expired, and it’s still got no Visa/MC logos on it, front or back.

A few months ago I was at a used book store that actually did do that, with the little machine that ran the carbon paper over the embossing on the card. Yeah, I was surprised to see it, too, but I suppose if you’re going to encounter something like that, a used book store would be the place.

My horror story involved a debit/ATM card, so may not fit here, but I went through several cards trying to fix an identity theft problem, and also several checiing and savings accounts, all with that bank. Trouble was, charges that came in on any of the dead cards still got dinged to my account. As long as I’m the same person, they said, they were going to hold me responsible.

Each time, they’d credit things I told them were theft, so eventually I’d recover all the funds. Trouble was, my account would still start bouncing checks because of the temporary losses - as well as all my time fighting this.

Finally I asked them if they had the ability to charge an incoming debit to my new account if it were at another bank. “Well, no, we wouldn’t have any way of doing that.” “OK, then, can you guess what’s going to happen next?”

There is another exception:

  1. If used in an ATM that is out of communication with the authorizing bank computer.

ATM’s normally are connected to the bank, either directly or thru a network of banks, and can verify from the banks’ computer the account and the available balance. But on occasion, the phone lines are out or something similar cuts off this communication. To avoid angry customers, the ATM’s were programmed to still work, if the user entered the same PIN as was stored on the card. But generally they greatly reduced the cash withdrawal limit, often to something like $50 or $100. And things like balance inquiries obviously wouldn’t work.

This was the practice many years ago, when banks were still trying to ‘sell’ people on using ATM’s, and wanted to make sure they always worked for the customer. At that time, some ATM’s, in obscure locations, did not have a full-time connection to the banks computer – they actually dialed up whenever a customer used them. And sometimes got a busy signal.

I no longer work in bank data processing, so I don’t know if this is still true. But it’s quite possibly still programmed as the fallback position.

Of course, if you have properly reported the lost/stolen ATM card prior to the time that it was used in such a machine, the bank, not you, should take the loss of that $50 or $100 cash withdrawal.

My personal gripe with the whole credit system in the states…

Don’t forget to check your check your “chex-systems” record. This is a database banks hold on you that IS NOT PUBLICIZED AT ALL. It is NOT include in the standard credit agency databases everyone tells you to check when your ID is stolen (Experian, et al), but it IS covered by the same laws (they have to give you a report for free). If the guy whole stole your ID has opened another account in your name there will be erroneous entries in here:

They make sure their web-page is hard to find (and easy to confuse with one of the multitude of “free credit report” scam pages out there):
https://www.consumerdebit.com/consumerinfo/us/en/index.htm

Now I’ve only looked at one card, mine, but the pin was not stored on it. Not even encrypted, all numbers were, er, accounted for. Plus it wouldn’t make sense to put the pin on the card, in any way, shape or form.

P.S. You can change your name on the card and it still works and the ATM seems so much friendlier.

The pin is stored in the information that is recorded in the magnetic strip. Not in a form you can read with the eye.

No, it is not. The pin is only stored in your bank’s computer system. It is not encoded in the mag stripe in any way, shape or form.

Seconded on the manual transactions - we could also do a manual transaction with an ATM card. It only ever arose when the network was down, the customer had no cash, and the option was to remove the petrol from their car…

Look again at your cite. "The PIN can be either in the bank’s computers in an encrypted form (as a cipher) or encrypted on the card itself. ".

It’s true, it CAN be on the card. But to the best of my knowledge it’s not, and hasn’t been for a while, AFAIK. There is a space on track 3 for an encrypted PIN, but I don’t know of any institutions which make use of it. I guess I won’t say categorically that they’re not out there, but it’s unlikely, IMO. It made sense before widespread computer network technology was available, but now storing it on the bank’s computers seems much more secure.