Join 3,433 readers in helping fund MetaFilter (Hide)


But my debit card is so photogenic!
July 2, 2012 2:36 PM   Subscribe

Please quit posting pictures of your debit cards, people.
posted by pashdown (145 comments total) 31 users marked this as a favorite

 
wow. Just. wow.
posted by sweetkid at 2:39 PM on July 2, 2012 [9 favorites]


Yeah, this is painful.
posted by PhoBWanKenobi at 2:39 PM on July 2, 2012


Why do I get the feeling that e privacy debate will be rendered moot by everyone sharing pictures of every they own all the time?
posted by The Whelk at 2:40 PM on July 2, 2012 [7 favorites]


First thought: please tell me people aren't really that stupid.

click

Second thought: Wow, I'm a dumbass for hoping that people weren't that stupid.
posted by deadmessenger at 2:40 PM on July 2, 2012 [68 favorites]


There needs to be some sort of Darwin awards type website for this stuff. An identity suicide by inane-social-network-post catalog.
posted by M Edward at 2:40 PM on July 2, 2012 [1 favorite]


I just don't understand this. Do these folks think a debit card is somehow different than a credit card? They're used the same way, so why think the numbers on a debit card can't be used fraudulently the same way as a credit card?
posted by HarshLanguage at 2:40 PM on July 2, 2012


Hey guys, the new MacBooks are out!
posted by phong3d at 2:41 PM on July 2, 2012 [43 favorites]


Nice debit card bro! But I'm sure your photo ID and birth certificate are lame in comparison...
posted by East Manitoba Regional Junior Kabaddi Champion '94 at 2:41 PM on July 2, 2012 [43 favorites]


I just don't understand this. Do these folks think a debit card is somehow different than a credit card?

Hopefully these folks don't qualify for a credit card
posted by East Manitoba Regional Junior Kabaddi Champion '94 at 2:42 PM on July 2, 2012 [1 favorite]


The locks to my house are so easily broken! Too bad i'm never at home between 10am and 4pm. Please keep an eye on 546 Main Street to make sure nothing happens
posted by Sticherbeast at 2:43 PM on July 2, 2012 [32 favorites]


Give us all your money
posted by Blazecock Pileon at 2:44 PM on July 2, 2012 [3 favorites]


Hopefully these folks don't qualify for a credit card

Yeah, give it a few weeks and I don't think that's going to be a problem.
posted by Holy Zarquon's Singing Fish at 2:44 PM on July 2, 2012 [4 favorites]


wow. those people are special.
posted by ruhroh at 2:44 PM on July 2, 2012


Let's not be snide, people. Fledgling identity thieves and amateur fraudsters sometimes need the ball put right on the tee for them.
posted by sarastro at 2:44 PM on July 2, 2012 [13 favorites]


We've cracked the secret plan that explains why Facebook bought Instagram for $1B:

Credit card skimming of the grossly naive.
posted by demiurge at 2:45 PM on July 2, 2012 [14 favorites]


Why would anyone do that??? The stupidity of people never ceases to amaze and disgust.
posted by mermayd at 2:47 PM on July 2, 2012


Good thing no one ever sees my credit card nor takes it out of my sight to a back room. Why, the front of my credit card is a secret to everyone!

Of course it's not very bright to post a photo of a card to the Internet for all to see. But the real flaw is the American credit card system where we all pretend some frequently-used data is a secret.
posted by Nelson at 2:47 PM on July 2, 2012 [36 favorites]


Oh my. Are people really that naive? I opt to think that rather than thinking that they are grossly stupid.
posted by arcticseal at 2:47 PM on July 2, 2012


uh.

hey if these people are this .. is dumb even right word?.. what are the chances there's much money ON these cards?
posted by ninjew at 2:48 PM on July 2, 2012 [1 favorite]


New show: Bait Card.
posted by (Arsenio) Hall and (Warren) Oates at 2:49 PM on July 2, 2012 [2 favorites]


If anything it just confirms my believe that these folks have no idea what credit is or how this card works, just that they admire it as a symbol.
posted by 2bucksplus at 2:49 PM on July 2, 2012 [3 favorites]


This is just sad.

Also, there are multiple Hello Kitty debit cards there. I wonder if that means anything.
posted by chemoboy at 2:50 PM on July 2, 2012 [1 favorite]


The increasing urge of otherwise sane people to share every factoid about their life has moved beyond annoying and into the depressing stage.
posted by dios at 2:51 PM on July 2, 2012 [10 favorites]


Hey man, we all know that all online retailers are super diligent about checking and verifying CVCs, right? Right?
posted by kmz at 2:52 PM on July 2, 2012 [4 favorites]


This is why we can't have anything nice.
posted by Benny Andajetz at 2:53 PM on July 2, 2012


I have lived too long in the internet age to be even a little surprised by this.
posted by zzazazz at 2:54 PM on July 2, 2012 [3 favorites]


Oh, dear.
posted by brundlefly at 2:55 PM on July 2, 2012 [2 favorites]


We have cameras.
posted by inigo2 at 2:55 PM on July 2, 2012 [2 favorites]


A friend of mine recently posted his new passport photo (by taking a picture of his entire passport) on facebook. With public privacy settings. I texted him and reminded him gently that he was ripe for identity theft when he did stuff like that. Needless to say it reappeared photoshopped moments later. Sometimes people just need a little nudge. Off a cliff.
posted by msbutah at 2:55 PM on July 2, 2012 [1 favorite]


This is why i have everything nice that I do!
posted by sfts2 at 2:57 PM on July 2, 2012 [3 favorites]


Could you, um, flip that over for me really quick? Yeah, there should be a, right, a three-digit...KTHNX.
posted by obscurator at 2:57 PM on July 2, 2012 [4 favorites]


"Hey all! The new entry card to the nuclear silo is here! Bummer, look at that hard to memorize numeric confirmation code. I like the russet decal though!"
- Some soon to be speedily retired air force officer, @HotFlyBoy
posted by Iosephus at 2:58 PM on July 2, 2012 [1 favorite]


When I went as a debt crisis last year for Halloween, I took two old credit cards and punched holes in them to make earrings. I punched a few extra holes over the numbers of these expired cards and I was STILL paranoid that people were staring at my ears for the wrong reasons (the right reasons being, "Hey, are those credit card earrings...why yes indeedy!)
posted by iamkimiam at 2:58 PM on July 2, 2012 [5 favorites]


This is like a pre-qualified shortlist for relatives of foreign princes who just need some short-term help getting their untold riches out of the country.
posted by argonauta at 2:58 PM on July 2, 2012 [2 favorites]


It's almost sweet in its innocence. Mostly alarming though, like seeing a baby crawling into traffic.
posted by sarastro at 2:59 PM on July 2, 2012 [13 favorites]


This shit just destroys my obviously woefully limited understanding of parameters of stupid.

It's actually disorienting. Whoah.
posted by Skygazer at 2:59 PM on July 2, 2012 [2 favorites]


Anybody want pizza?
posted by fearfulsymmetry at 2:59 PM on July 2, 2012 [7 favorites]


Oh, it's not a swindle. What you do is, see, you give 'em tweet pictures of all your credit card numbers, and if one of them is lucky, they'll send you a prize.
posted by Effigy2000 at 3:00 PM on July 2, 2012 [5 favorites]


Hey man, we all know that all online retailers are super diligent about checking and verifying CVCs, right? Right?

Aren't they, actually, pretty diligent about that these days? How much damage do you think you could do armed with someone's name and 16-digit debit card number?
posted by eugenen at 3:03 PM on July 2, 2012


I can think of a few places that don't ask for CVCs online, but I thought most did now? And if they do ask for it, it's not like they need to "[be] super diligent about checking and verifying" them, is it? I'm assuming it's part of the same verification process that checks the validity of the card and availability of funds.
posted by Joakim Ziegler at 3:04 PM on July 2, 2012


Not ALL people are this stupid. I figure about 80% of people are this stupid. Think about it, 20% is still a lot of people and tricks you into thinking it's "most" people.

Sadly, not.
posted by humboldt32 at 3:06 PM on July 2, 2012


How much damage do you think you could do armed with someone's name and 16-digit debit card number?

Potentially, a lot. Once the money is debited from the account associated with the debit card, that's it. Unlike credit cards, you have little or no recourse for dealing with fraudulent transactions. You can report the card stolen, but if there are charges applied before the report, you may be on the hook for them. Someone could clean out your account and you would have no legal options available to you.
posted by Blazecock Pileon at 3:07 PM on July 2, 2012 [6 favorites]


I would expect better from someone named Brandy Fagsack.
posted by Alvy Ampersand at 3:09 PM on July 2, 2012 [13 favorites]


Don't you need a PIN to be able to do anything with that number? Or is that not true in the US?

Some store receipts (in Canada at least) print the whole debit card number, and people just drop them on the ground.

Still, I'd be more paranoid about my debit details being leaked than my credit card number. At least with a credit card you can phone up the bank and get fraudulent charges reversed easily.
posted by Pruitt-Igoe at 3:10 PM on July 2, 2012 [1 favorite]


So this is a thing now?
posted by scratch at 3:11 PM on July 2, 2012


I would expect better from someone named Brandy Fagsack.

At better credit limit, at least.
posted by Blazecock Pileon at 3:11 PM on July 2, 2012


Oh the New Hampshire Fagsacks?
posted by The Whelk at 3:13 PM on July 2, 2012 [10 favorites]


So this is a thing now?

Can we please go back to the days of planking.
posted by naju at 3:14 PM on July 2, 2012 [2 favorites]


Is this something you would need to not have chip and pin to understand? Shops won't sell me anything without my PIN number, and online sellers want my three digit security code.
posted by Jehan at 3:14 PM on July 2, 2012 [1 favorite]


>Once the money is debited from the account associated with the debit card, that's it.


Yeah, I'm (another Canadian who is) not seeing the problem, particularly. How would anyone get to the account with just a debit card number?
posted by not_that_epiphanius at 3:16 PM on July 2, 2012 [1 favorite]


Use the three digit number on the back of your credit card to find out how you'll die! Don't forget to post back what you get!

Use the first digit to find out where you will die
0. On the moon
1. In Russia
2. On a ferris wheel...
posted by amarynth at 3:17 PM on July 2, 2012 [40 favorites]


So without their personal PIN number we can't use these in an automatic ATM machine, right?
posted by Floydd at 3:18 PM on July 2, 2012 [19 favorites]


If I had all kinds of charges I wanted to dispute I would "accidentally" post a pic of my card online, just sayin.
posted by Ad hominem at 3:18 PM on July 2, 2012 [1 favorite]


Phone orders usually just ask me for the card number and expiration. You could totally order pizza with these numbers (just don't be an idiot and have it delivered to your home, obviously.)
posted by naju at 3:19 PM on July 2, 2012


Naju, not sure I believe you. Send me a picture of your card and we'll test it.
posted by Potomac Avenue at 3:21 PM on July 2, 2012


This is HOW why we CAN can't have EVERYTHING anything nice.

Fixed.
posted by Fizz at 3:21 PM on July 2, 2012 [10 favorites]


Potentially, a lot. Once the money is debited from the account associated with the debit card, that's it. Unlike credit cards, you have little or no recourse for dealing with fraudulent transactions. You can report the card stolen, but if there are charges applied before the report, you may be on the hook for them. Someone could clean out your account and you would have no legal options available to you.

I don't think that's true anymore, as most banks have fraud protection to a certain amount for debit. Case in point: Someone living on the opposite coast somehow had gotten my debit card number (no, I didn't post it on Twitter) and decided to by plane tickets. I called my bank up and they treated it exactly like a credit card fraud and had a case worker assigned to me. I got my money refunded and luckily it wasn't a huge hassle.
posted by littlesq at 3:24 PM on July 2, 2012 [5 favorites]


Can we please go back to the days of planking

Well, at least people won't die doing this.
posted by ChurchHatesTucker at 3:25 PM on July 2, 2012


For the PIN questioners:

Most bank ATM cards can be used as debit and credit cards. You don't need a PIN when you use it as a credit card, and lots of places don't bother to ask for the security code on the back.
posted by Benny Andajetz at 3:25 PM on July 2, 2012 [3 favorites]


How much damage do you think you could do armed with someone's name and 16-digit debit card number?

With some of these you could do plenty of damage. Some store cards, gas cards, etc. don't have CVCs in the mag stripe. If you had the format, a picture of the front of the card, and a mag stripe writer you could create a duplicate card. You wouldn't have to print or emboss it to use it at certain places like pay at the pump gas, places where you swipe your own card on the counter (more common every day) and can do it without the clerk really seeing it, etc. I could easily pick some of those out, clone them, and go give them a shot in the next few hours. There are smarter people with better equipment at their disposal and weaker morals than me out there...

What I don't understand is why people are posting these pictures in the first place. It honestly doesn't make any sense to me. The only slight exception is cards with funky backgrounds or "hey look I cut up my card!!" But to just post a picture of a generic card for the world to see?
posted by Clinging to the Wreckage at 3:26 PM on July 2, 2012 [1 favorite]


Yeah, I'm (another Canadian who is) not seeing the problem, particularly. How would anyone get to the account with just a debit card number?


If the debit card has a Visa/MC logo it can be used as a credit card for online purchases etc.
posted by AceRock at 3:26 PM on July 2, 2012 [1 favorite]


Even with CVC required, you still have a 1 in 1000 chance of getting it right. That's magnitudes better than most lotteries.
posted by ymgve at 3:26 PM on July 2, 2012 [1 favorite]


Well what the HELL were these people SUPPOSED to do?
posted by mazola at 3:27 PM on July 2, 2012 [2 favorites]


I despise debit cards. The idea that a VISA/MC authentication schema allows a merchant to dip into my actual bank account makes me cringe.

I do not have one. I made the bank send me an ATM card.
posted by linux at 3:30 PM on July 2, 2012 [2 favorites]


Most bank ATM cards can be used as debit and credit cards. You don't need a PIN when you use it as a credit card, and lots of places don't bother to ask for the security code on the back.

I once signed a credit card receipt "DO NOT AUTHORIZE, CARD STOLEN" to see if the charge would be rejected, it wasn't.
posted by nathancaswell at 3:30 PM on July 2, 2012 [6 favorites]


Most bank ATM cards can be used as debit and credit cards. You don't need a PIN when you use it as a credit card, and lots of places don't bother to ask for the security code on the back.

In Canada you can't use a debit card for credit card transactions. Debit is handled here with Interac, not VISA/MC. I think that's where my confusion comes from.
posted by Pruitt-Igoe at 3:32 PM on July 2, 2012 [3 favorites]


I just found out ATM cards and debit cards are not the same thing in the US. I should probably leave this thread.
posted by Pruitt-Igoe at 3:33 PM on July 2, 2012


I once signed a credit card receipt "DO NOT AUTHORIZE, CARD STOLEN" to see if the charge would be rejected, it wasn't.

Maybe they just thought you were a really dumb/honest thief, and let it go through out of pity.
posted by Alvy Ampersand at 3:34 PM on July 2, 2012 [4 favorites]


You Canadians are adorable. See here in the United States, the number alone is all you need to charge something to a Visa or Mastercard, whether it's a debit card or a credit card. To be specific the "number" is actually three things: the 16 digit card number, the 4 digit expiration date, and the 3 digit CCV. But all are visible on the card for anyone to see. And widely stored in databases, and easily purchasable online from black market sites.

If you have those numbers, you can make charges. This is why there is massive credit card fraud in the US. The cost is passed on to the businesses and thence to consumers. The entire system is insane.
posted by Nelson at 3:34 PM on July 2, 2012 [3 favorites]


I made the bank send me an ATM card.

Even my credit union (BECU) tried pushing a debit card on me, and I had to say no several times before the guy behind the desk understood my answer. I wonder if the relative lack of regulation over debit cards, compared with credit cards, makes it a much more profitable operation for merchants (fewer charge-backs) and for banks (fewer charge-backs, reduced or eliminated rights of cardholders to challenge charges, roughly similar merchant fees as with credit cards). They sure were pushing hard.
posted by Blazecock Pileon at 3:36 PM on July 2, 2012


When was the last time you saw a zip-zap machine?
They're like rotary phones - they're from a different world. A LOT of people have grown up now and, having never seen a card used non-electronically, it never occurs to them that they have any such capability. It's like discovering your email-connected phone has a built in address that the post office will actually deliver to.

Sure, you can figure it out if you do enough non-paypal online purchasing using a CC to figure out that the security number is not actually needed for the transaction (only for the merchant's protection), but I really don't think this is as obvious as it seems. It's something most people need to be told at some point. Few people figure it out on their own.
posted by -harlequin- at 3:39 PM on July 2, 2012 [3 favorites]


I feel bad about this. No doubt this behavior is extremely stupid and risky, but a lot of these people are kids with no understanding of internet safety. They're not necessarily being dumb — they're excited to show off their new responsibility to all their friends as they've done with pretty much everything else in their lives, unaware that strangers might be able to get to this information and use it in nefarious ways. Yeah, they probably shouldn't have gotten debit cards to begin with, but is teaching them a lesson in this way really a good thing to do?

We can afford to be snide because most of us didn't grow up with social networks. These kids been conditioned to post every little detail of your life on the internet from birth.
posted by archagon at 3:45 PM on July 2, 2012 [3 favorites]


This is why we can have nice things!
posted by lekvar at 3:47 PM on July 2, 2012 [5 favorites]


Most bank ATM cards can be used as debit and credit cards. You don't need a PIN when you use it as a credit card, and lots of places don't bother to ask for the security code on the back.
In what country? The folk posting fotos of their cards are from all over. In my country, you need to input your PIN to use your card for anything in a shop or such, or a security code online. I have never ever used my card without one of these two things. Many of these posters may come from similar countries, so the looseness of their security (and I do agree that it's best not to put up fotos of your card) is relatively understandable.
posted by Jehan at 3:53 PM on July 2, 2012


Wait, how do all you people who refuse debit cards get cash out?
posted by griphus at 3:57 PM on July 2, 2012 [1 favorite]


I think I missed whatever terrible thing people were doing to their privacy this time, so can someone explain what it was? Twitter is now telling me the page doesn't exist.

As it is, I'll just have to imagine people taking naked pictures of themselves and covering strategic areas with their financial information.
posted by Kutsuwamushi at 3:57 PM on July 2, 2012


In what country?

My apologies, Jehan; my ethnocentrism is showing. I was referring to ATM cards in the USA.
posted by Benny Andajetz at 3:58 PM on July 2, 2012


Wait, how do all you people who refuse debit cards get cash out?

For walking-around cash I use a credit union ATM once a month, maybe once every other month.
posted by Blazecock Pileon at 3:59 PM on July 2, 2012


> 0. On the moon
> 1. In Russia
> 2. On a ferris wheel...

Colonel Mustard, the library, lead pipe.
posted by jfuller at 4:01 PM on July 2, 2012 [2 favorites]


Amazon says my new Kindle, skis, and butt warmer should be here by July 17. Many thanks to Adriana Barnes and Daquan Godley.
posted by reenum at 4:01 PM on July 2, 2012


Yeah, here in the US, a PIN is not required except when using the card in an ATM or otherwise clearing through one of the ATM networks. (IOW, when they ask you "debit or credit" and you answer "debit") If the charge is under $25, thus obviating the need for a signature, I have the clerk use the credit option, which clears through Visa or Mastercard. If it's over $25, I have them use the ATM network, as it's faster to enter the PIN than it is to sign the slip. Basically, I do whatever is fastest.

My real preference has become Google Wallet on my NFC-enabled phone or tapping an NFC-enabled card, but that only works at a few places around here. With NFC, the policy seems to be that no signature is required regardless of the amount.

griphus, it is possible to get an ATM-only card. They are generally usable at places that display the PLUS/Cirrus/whatever logo. (it works the same as a debit card using the "debit" option, and requires a PIN) The downside, of course, is that you can't use it with merchants who can't process ATM/debit transactions on their POS machines.
posted by wierdo at 4:01 PM on July 2, 2012


I think I missed whatever terrible thing people were doing to their privacy this time, so can someone explain what it was? Twitter is now telling me the page doesn't exist.

It trolled the Twitternets for posts that included a picture of the user's debit card, with all relevant information visible, and retweeted them.
posted by Holy Zarquon's Singing Fish at 4:01 PM on July 2, 2012


That's nothing! My social security number is ███-██-████! I love the way it looks. It's just so... ME!
posted by not_on_display at 4:01 PM on July 2, 2012 [2 favorites]


eponysterical
posted by East Manitoba Regional Junior Kabaddi Champion '94 at 4:02 PM on July 2, 2012 [8 favorites]


Isn't retweeting the pictures doing much more harm than good? Or even having the post here for that matter. The picture goes from being seen by a few friends to being seen by millions. Yes the fact that it's on the internet means it could be seen by almost anyone, but retweeting it to the masses and spreading that link all over the place now means that it will.
posted by Danila at 4:02 PM on July 2, 2012 [1 favorite]


Wait, what kind if withdrawal limits to those ATMs have BP? Chase Manhattan is like 400 and that is so not a month's worth of funds.
posted by The Whelk at 4:03 PM on July 2, 2012


I should note that it is apparently now possible to get chip-and-pin cards from a few banks, but there are so few readers in the wild that it doesn't make sense to bother unless you travel often to places that use them.
posted by wierdo at 4:04 PM on July 2, 2012


Yeah, I used to have to pay my rent in cash, which means I know exactly what my bank cut-off on cash was and it definitely wasn't a month's worth of money.
posted by griphus at 4:04 PM on July 2, 2012


Debit card consumer protection sucks compared to credit cards. I use my debit card just enough to get rewards from my credit union; everything else goes on credit.
posted by East Manitoba Regional Junior Kabaddi Champion '94 at 4:05 PM on July 2, 2012


Clinging to the Wreckage: ""What I don't understand is why people are posting these pictures in the first place. It honestly doesn't make any sense to me. "

Because they're Twitter users. See also: Attentionmus Whorimus.
posted by KevinSkomsvold at 4:05 PM on July 2, 2012 [1 favorite]


griphus, it is possible to get an ATM-only card. They are generally usable at places that display the PLUS/Cirrus/whatever logo. (it works the same as a debit card using the "debit" option, and requires a PIN) The downside, of course, is that you can't use it with merchants who can't process ATM/debit transactions on their POS machines.

And in the USA, it's a lot of stores that can't process debit cards (unless they can run them as credit cards). The USA runs on credit cards the way some other places run on eftpos.
posted by -harlequin- at 4:06 PM on July 2, 2012 [1 favorite]


Top card belongs to Brandy Frazier. Instagram shows her address.
She has 550 followers and an unknown number of stalkers.
posted by Cranberry at 4:07 PM on July 2, 2012 [1 favorite]


Man Attempting To Scat Accidentally Divulges Social Security Number.
posted by smithsmith at 4:08 PM on July 2, 2012 [3 favorites]


I'm face palming so much I have a concussion. What. The. Fucking. Fuck?
posted by KevinSkomsvold at 4:09 PM on July 2, 2012 [3 favorites]


What I don't understand is why people are posting these pictures in the first place. It honestly doesn't make any sense to me. "

*You* said I'd never be responsible enough to ever have a credit card! Well I proved YOU wrong!
posted by mazola at 4:09 PM on July 2, 2012 [4 favorites]


And in the USA, it's a lot of stores that can't process debit cards...

Ah, that explains those cards I used to get but couldn't run through the credit card machine.
posted by griphus at 4:09 PM on July 2, 2012


Is this the place where I say that I found a wallet full of credit cards in the street last night, checked directory on my phone for the guy's name and gave him a call so he could come get it?

I felt hella smug.
posted by Sebmojo at 4:10 PM on July 2, 2012 [2 favorites]


So without their personal PIN number we can't use these in an automatic ATM machine, right?

Their personal personal identification number number?
posted by palbo at 4:10 PM on July 2, 2012 [16 favorites]


What Twitter should do is pay me to develop the card version of facial-recognition software, so it automatically notices when someone uploads any pic containing a credit card, and forwards to me hides the link, and cautions the user, so these details never falls into the wrong hands.

I promise not to use this technology for evil.
posted by -harlequin- at 4:10 PM on July 2, 2012 [1 favorite]


Their personal personal identification number number?

Minus ten points for a broken irony detector.
posted by stopgap at 4:11 PM on July 2, 2012 [11 favorites]


Their personal personal identification number number?

That's the one1!
posted by -harlequin- at 4:11 PM on July 2, 2012 [2 favorites]


Wait, what kind if withdrawal limits to those ATMs have BP?

In my case, there are two limits: the total amount I can withdraw per day, and the number of withdrawals per month (from my savings account; apparently this is a federally-specified limit, to encourage saving).

The first limit is set by the credit union and is high enough that I can go through the month only making about one ATM withdrawal a month, while having cash on demand. (And then I keep some "under the mattress", in case of emergencies, inability to get to an ATM, 2008-era bank run potentialities, etc.)

To get more real-world friendly limits, you might do well to switch from Chase to a credit union, if researching it shows it makes sense (it might not). If it does, you could keep both accounts and switch over gradually, so that you can figure out gotchas with paying bills, etc.
posted by Blazecock Pileon at 4:12 PM on July 2, 2012


hunter2
posted by fragmede at 4:13 PM on July 2, 2012 [1 favorite]


Wow. Ok. They are dumb.

Here's the next tumblr meme: people taking nude shots of themselves holding their credit card.

While planking.
posted by quadog at 4:20 PM on July 2, 2012 [2 favorites]


fuckyeahoddlyspecificfetish.tumblr.howdidyouguesssrsly?
posted by griphus at 4:21 PM on July 2, 2012 [1 favorite]


Does anyone know how this thing started?
posted by vidur at 4:35 PM on July 2, 2012


Proposed scenarios differ radically. Some examples are the Hartle–Hawking initial state, string landscape, brane inflation, string gas cosmology, and the ekpyrotic universe.
posted by East Manitoba Regional Junior Kabaddi Champion '94 at 4:43 PM on July 2, 2012 [22 favorites]


When financial education for young people is nonexistent, from credit, personal savings, budgeting and data security...this is exactly what you should expect.
posted by punkfloyd at 4:53 PM on July 2, 2012 [1 favorite]


Does anyone know how this thing started?

Somewhere back at the dawn of humanity some stupid showoffy teenage caveman was bragging via cave painting to his stupid showoffy teenage caveman friends about where he hid his pile of hides from the last aurochs hunt.
posted by elizardbits at 5:18 PM on July 2, 2012 [1 favorite]


On the other hand, what better way to defeat surveillance?
posted by telstar at 5:39 PM on July 2, 2012


One time on pinboard, I found a bookmark that turned out to be some guy's entire password file, base64 encoded and saved as a bookmarklet, generated by a Mac desktop product called 1Password. It had bank account info, credit card info, passwords, etc. I figure if I can figure that out... So I notified the site admin who notified the guy, etc. I'd think twice about using 1Password now.
posted by hwestiii at 5:43 PM on July 2, 2012 [1 favorite]


$20 to the first person who trains a computer vision algorithm to recognize credit cards / debit cards in photos. Simple undergrad-level machine learning project.

Extra credit for generation of list of possible credit card numbers from partial matches when not all numbers are in the picture, using standard CC checksum algorithms.

I'll assume the taker of said bet takes credit cards.
posted by formless at 6:03 PM on July 2, 2012 [1 favorite]


Or what -harlequin- said.
posted by formless at 6:09 PM on July 2, 2012


Interesting, another difference between the USA and Canada.

I would never expose my physical credit card, but my debit card? It's got a chip* (TheExchange, AccuLink, Cirrus, Accel, and Interac capable) and PIN; merchants in Vancouver switched really *really* fast. So fast that I suspect that the banks made it easy/cheap for merchants to upgrade their point-of-sale (POS) machines. The only places that don't have chipped readers are sketchy low-rent corner stores (bodegas) that still have typically-hacked 3rd party ATMs in the back corner. My chipped debit card isn't even embossed. No need, and anyway a minimally effective countermeasure.

FWIW, my credit card (VISA) is also chipped (and PIN-ed). There was no opt out (credit union), everyone was simply issued a chipped credit card once it got rolled out.

I wonder if I can use my debit card on any American POS and whether they'll require a PIN.

Wow, credit cards used to be so insecure - used to pay taxi drivers with cc and they'd just make an emboss of my card. I can't believe that cabbies salting their cc embosses with stolen/fake cc's isn't more of a thing. Signature doesn't look right? "The fare was drunk off their asses." Then again, most cabbies have wireless card readers now that are chipped. On the gripping hand, taxi price rates are probably the highest in N. America for anyplace with more than one cab company.

Does anyone have a feel for when things started switching to credit cards? I was in Iowa from '96 to '00 and I had a debit card from a small-town bank that was on the Cirrus network. iirc, it also worked on VISA (but non Cirrus) machines and even the VISA only machines asked for a PIN.

In the US, can you withdraw money from your credit card at ATMs? I think we can do that here in Canada but there's a monthly limit (typically very low, and a tiny fraction of the credit limit) and the interest rate is exorbitant compared to the already high regular credit card interest rates.

And... what ever happened to having mugshots of the owner being printed on cards? I remember it was hyped a few years ago, but I guess the efficacy isn't worth the cost?

--

*still has a mag strip, and it works, but still requires a PIN. However, there's one terminal at the liquor store (Crown corporation/government run) that sometimes hangs when people chip their debit (not not credit) cards into it and the cashier either has to reset (pull the plug, re-plug) the unit and it's still only 50/50 of it working whereas swiping the mag stripe on a chipped card to elicit the "your card has a chip, for christsake, use it" message. Chipping the card then works just fine. Is this a telltale for some sort of electronic scam, or just weird hardware/software bug?
posted by porpoise at 6:17 PM on July 2, 2012 [1 favorite]


One time on pinboard, I found a bookmark that turned out to be some guy's entire password file, base64 encoded and saved as a bookmarklet, generated by a Mac desktop product called 1Password. It had bank account info, credit card info, passwords, etc. I figure if I can figure that out... So I notified the site admin who notified the guy, etc. I'd think twice about using 1Password now.
I doubt you could blame 1password. The guy is an idiot who posted his entire password file to pinboard. You're probably better off using a password manager so you can always use different passwords on different sites. I always use randomly generated passwords at this point.
posted by delmoi at 6:21 PM on July 2, 2012


When financial education for young people is nonexistent

Oh come on, every time a bank has sent me a card it includes plain English warnings about security such as 'do not give the number out to anyone'. Some people are just stupid.
posted by anigbrowl at 6:22 PM on July 2, 2012 [1 favorite]


Also, I doubt anything bad will happen to these people. In theory most banks are going to refund your money if it's taken from a debit card account, even if they don't have to (like with a CC)

The thing is, people who seriously steal money with stolen CC numbers don't sit around looking for pictures of cards on twitter hopping to get a 1/1000 CVV number correct. They look for huge lists of numbers from hacked sites.
posted by delmoi at 6:24 PM on July 2, 2012


This is assuming a lot, but -- I wonder how many of these accounts are at least partially owned by parents, and if they know about their kids posting this stuff online.
posted by Fig at 6:39 PM on July 2, 2012


Tried, but IMG tag broken. Mods, please address.
posted by Oddly at 6:40 PM on July 2, 2012


I think you meant: Mods, please give me a dressing down.
posted by vidur at 6:48 PM on July 2, 2012


delmoi, I'll be more charitable, I doubt the guy even meant to do that. He just uploaded a set of local browser bookmarks. I doubt he had any notion that 1Password saved all his precious password and account info to a JavaScript database stored as base64 string bookmarklet. His only error was to use a trivial password.
posted by hwestiii at 7:05 PM on July 2, 2012


Wanting to swap -

Me: Naked pictures taken while planking.
You: Debit card pictures, front and back. You get to see me naked front and back, so it's only fair.
posted by Samizdata at 7:11 PM on July 2, 2012


How? Are you planking on a glass-bottomed boat?
posted by East Manitoba Regional Junior Kabaddi Champion '94 at 7:43 PM on July 2, 2012 [2 favorites]


plain English warnings about security such as 'do not give the number out to anyone'. Some people are just stupid.

Q: Okay, sir, that will be $59.95. May I have the card number?
A: YOU'RE NOT CLEARED TO RECEIVE THAT INFORMATION.
posted by AkzidenzGrotesk at 8:12 PM on July 2, 2012 [2 favorites]


When was the last time you saw a zip-zap machine?

We had one at a store I worked at in 1998, and even back then people were amazed at the antiquity of it.
posted by Rock Steady at 8:14 PM on July 2, 2012 [1 favorite]


planking on a glass-bottomed boat

dot tumblr dot com
posted by elizardbits at 8:18 PM on July 2, 2012 [2 favorites]


I've seen one in use in the last year or two, when the store's POS terminal was on the fritz (or the payment network was, or the phone, or something, I forget). Fairs and street markets, too, where there's not much infrastructure, most transactions are cash, and the seller maybe doesn't want to buy a device and service plans if they only operate once a month or something.
posted by hattifattener at 8:46 PM on July 2, 2012


Isn't retweeting the pictures doing much more harm than good? Or even having the post here for that matter. -- Danila

It is like the website that used to exist, stealmystuff, where they'd find people who posted expensive stuff they bought on Facebook, along with the fact that they lived alone, and were at that very moment somewhere other than at their apartment.

The point was to shame (and laugh at) these people. Their friends would see them on these sites and call them up and tell them how foolish they were. If you just Tweet your debit card and no one notices, then you won't realize your mistake until too late. If you are public shamed, you'll probably find pretty quickly, and can do something about it, like cancel the cards.

So it is a good thing (and it is entertaining to boot).
posted by eye of newt at 9:00 PM on July 2, 2012 [2 favorites]


Can't help notice that many (but neither the majority nor all, obviously) of the pictures in the stream are from South East Asian kids (kids meaning "adults younger than me")(That I've begun to segregate eligible voters into those older and younger than me is a sure sign that I've hit 30's), a clear demonstration of the whole Five Aspirational C's mentality that's prevalent in these parts.
posted by the cydonian at 9:02 PM on July 2, 2012


That's the thing, if the cards were issued from outside the US, they probably have actual security features like the chip and PIN system, so posting pics of their cards isn't a big deal
posted by peppermind at 3:28 AM on July 3, 2012 [1 favorite]


Why would anyone do that???

Among the very young (read: teenagers), there's a weird sort of disconnect with the Internet I've run into. They sort of operate with the assumption that everyone else will ignore stuff that's not their business, out of sheer politeness; Brandy Fagsack posted that card for her friends to see, and since I personally don't know Brandy, my taking a look would be rude because it's not my business, and people should know better than to be rude, you know?

I used to hang out on a BBS that had a lot of teen girls who had that kind of mindset, and some people would use their actual names as their screen names and their actual hometowns as their location, with pictures of themselves as an avatar. The regulars would all warn them to change something and they'd sass back "well who would be so rude as to try to find stuff about me and what could they find anyway?" I would privately send them links to just about everything I could find on them online, and explain how easily it was for me to find things like "Here's a picture of you at the lacrosse match last Wednesday - oh, and your local paper interviewed you, I see, so now I have your age because they mentioned it in the article; oh, and you go to this church and you are in this grade at this school, and...."

Usually they'd change things pretty quickly after that, once they got a sense that personal data protection is not governed by etiquette.
posted by EmpressCallipygos at 7:11 AM on July 3, 2012 [2 favorites]


To be specific the "number" is actually three things: the 16 digit card number, the 4 digit expiration date, and the 3 digit CCV. But all are visible on the card for anyone to see. And widely stored in databases, and easily purchasable online from black market sites.

The whole point of the CCV is that it isn't encoded in the stripe or stored in the database.
posted by smackfu at 8:15 AM on July 3, 2012


Yes, but the CCV is right there visible on the back of the card. On an AmEx, the CCV is even visible on the front. And I've typed it into scores of web forms. Sites aren't supposed to store it, which is some marginal security, but there's so many other ways this non-secret can be copied it's hardly any extra protection.

In 2010 a CC# with expiration and CCV was worth about $2 / account on the black market (original source is a 2010 RSA report). Cheap as chips.
posted by Nelson at 8:27 AM on July 3, 2012


Interesting it's so low, because that implies it must be hard to get a return on the investment.
posted by smackfu at 8:39 AM on July 3, 2012


hwestii wrote:
One time on pinboard, I found a bookmark that turned out to be some guy's entire password file, base64 encoded and saved as a bookmarklet, generated by a Mac desktop product called 1Password. It had bank account info, credit card info, passwords, etc. I figure if I can figure that out...
[Disclosure: I am the Chief Defender Against the Dark Arts at AgileBits, the makers of 1Password]

If that was a 1Password bookmarklet (and it sounds like it), then the usernames, passwords, and credit card details would have been encrypted, although over information (the user assigned title of each item, for example, would not have been.

Still there were legitimate security concerns about the bookmarklet, and we no longer allow users to create them. So a very brief summary of the situation is
  1. The password data and credit card details and so on are encrypted (not just base64 encoded) within the bookmarklet.
  2. The bookmarklets were optional. Users must go out of their way to create them, and were advised to use them for low security items only.
  3. We've discontinued the ability to create these.
There is also a old blog post in which we discuss in a few more details the security changes that involved, among other things, the removal of the Login Bookmarklets.

Cheers,

-j
posted by jpgoldberg at 9:01 AM on July 3, 2012 [4 favorites]


In the US, wouldn't just the information on the front of the card be sufficient for anyone to use it by typing the info into a card-reader at a self-checkout, like at the grocery store or gas station? Or do those require the CCV?
posted by amarynth at 9:24 AM on July 3, 2012


I've been working on an article (not ready yet) about how people could make the mistake that they did. As already noted, if you buy in bulk, you can get credit card details, CVV, and billing addresses for a bit more that 1USD per record. So posting those pictures of cards, while not very wise, is not really going to have a practical impact on people's security. Basically your credit card details have already been stolen a dozen times over. (These are mostly stolen from breaches of traditional retailers. Hotel booking systems seem to be a favorite target.)

So how to people make this mistake?

First, people are confused about the public nature of Twitter. That is, because only followers "normally" see tweets, people forget that tweets are visible to the world.

More interestingly there is a confusion between "identification" and "authentication". The problem is clearer with Social Security numbers. SSNs were never designed to be secret. They were designed to identify an individual to the tax authorities. But banks screwed it up for everyone by treating knowledge of a SSN as proof of identity, that is knowing the SSN should that the person was authentic.

Think of a username is being about identification and a password as being about authentication. What has happened over the decades is that credit card numbers of switched from an identifying role to an authenticating role. But they were never properly designed for that latter purpose.

So because the actual security system is incoherent, we can't be too harsh on people who get confused about what is and isn't secret. (But we can sill laugh.)

Cheers,

-j
posted by jpgoldberg at 9:27 AM on July 3, 2012 [4 favorites]


In the US, wouldn't just the information on the front of the card be sufficient for anyone to use it by typing the info into a card-reader at a self-checkout, like at the grocery store or gas station? Or do those require the CCV?

No CCV, but they do require a physical card. So you need a card mag stripe writer and blank cards. Presumably not hard for criminals, but not something your average jerk is going to have around. And a lot of gas stations now ask for the ZIP code of the cardholder's address to stop fraud... I think they are frequently used to test numbers since there are no people around.
posted by smackfu at 9:48 AM on July 3, 2012 [1 favorite]


Neither the card nor the CCV is required for the transaction to occur. It's simply that most merchants have decided to ask for these extra details for their own protection, because they're the ones on the hook if the transaction is fraudulent. (The card owner gets their money back, the card issuer takes the money from the merchant (ie a chargeback), their merchandise is already gone, and they eat the loss.)

Basically, the merchant is the only party with any financial incentive to maintain security. The other parties don't suffer.
posted by -harlequin- at 11:04 AM on July 3, 2012 [1 favorite]


For those of you asking about CVC/CCV verification:

You should know that just because an online retailer asks for a CVC number, that doesn't mean they're actually checking it--or anything else other than the credit card number. Many online payment processing systems have a setting where you can tell it to allow the transaction to go through even if AVS (billing address verification) and CVC verification fails. This is of course terrible practices, but some smaller online merchants choose to do this because they think the risk of having those charges later reversed doesn't outweigh the benefit of the transaction going through and putting the money in their pockets.
posted by rhiannonstone at 11:10 AM on July 3, 2012 [1 favorite]


I just want to chime in that I use 1password and think it's great and have no security concerns about the service. My online life is MORE secure because I'm using strong unique passwords everywhere. That LinkedIn password debacle? Not a worry for me. Same for other past password leaks.
posted by misskaz at 4:01 PM on July 3, 2012


Quite a few of the photos have disappeared. I guess a few people got the point.
posted by deborah at 9:13 PM on July 3, 2012


I'd like to laugh at this but two different banks (in two different countries!) have sent me unrequested 'virtual' debit cards for my accounts this week. They are like debit cards but without the annoying security of not being easily usable for online purchasing. Now they have fixed that!

I haven't read through all the terms and conditions yet but I wonder if they still maintain the cardholders full responsibility for security like the original debit cards did.
posted by srboisvert at 11:24 AM on July 6, 2012




I just don't understand this. Do these folks think a debit card is somehow different than a credit card? They're used the same way, so why think the numbers on a debit card can't be used fraudulently the same way as a credit card?


I might be wrong here - my card was cloned online a while ago, thankfully the company noticed - but in the UK at least you can't use a card online without entering the security number on the back. On websites where my card details are saved, I still have to type it in each time. I've had cards rejected when I've accidentally put in the wrong expiry date so I'm sure the wrong CVV would prevent a card from being used?
posted by mippy at 8:05 AM on July 12, 2012


Most bank ATM cards can be used as debit and credit cards.

My bank issued me with a debit card. I can use this to withdraw cash, and I can use it to buy things online, but I can't do either if I've spent all the money in my account. I can't get into debt with it (save having an overdraft). Debit card use is so common here that I almost never carry cash.
posted by mippy at 8:13 AM on July 12, 2012


« Older Who could forget young Jonathan Krohn (previously)...  |  Tracy Widdess is an Canadian a... Newer »


This thread has been archived and is closed to new comments