Posts Tagged ‘debit card’

Even Maine’s attorney general can’t avoid online thieves


Posted Nov. 30, 2015, at 9:47 a.m.

Maine’s attorney general knows firsthand what debit card fraud means.

Last month, a debit card belonging to Attorney General Janet Mills was breached. A spokesman for Mills said her credit union luckily spotted unusual activity and alerted Mills before the thief racked up too many charges.

CardHub says unauthorized use of debit and credit cards totaled $11.27 billion in 2012.

Card issuers and merchants absorb virtually all losses involving credit cards. Prompt reporting is critical to minimize a consumer’s liability in case of debit card breach or loss.

On Oct. 1, new rules made merchants liable for losses if they had not installed new card processing equipment. The aim was to make chip-embedded cards universally acceptable and to get outdated, magnetic stripe cards out of circulation. Card issuers embraced the chip, but many continue to require a signature as supposed authentication.

Technology known as chip-and-PIN, or personal identification number, boosts security sharply. A consumer can’t vary his or her signature; the consumer can change a PIN at will, and that’s an ability that consumers in about 80 other countries already have.

Mallory Duncan, senior vice president and general counsel of the National Retailers Federation, said recently that “continued reliance on an illegible scrawl isn’t good enough to protect American consumers when the technology of a secret, secure PIN is readily available.” Duncan’s remarks supported efforts by Mills and eight other attorneys general to get card issuers to embrace chip-and-PIN.

On Nov. 16, the eight attorneys general wrote to top officials of American Express, Bank of America, Capital One, Citigroup, Discover, JP Morgan Chase, Mastercard and Visa. Their letter calls for swift adoption of chip-and-PIN.

“Absent this additional protection, your customers and our citizens will be more vulnerable to damaging data breaches,” they wrote. “This is something we cannot accept, and nor should you.”

Debra Berlyn is president of the Consumer Privacy Awareness Project, an effort to educate consumers about online privacy issues. In an OpEd in this newspaper on Nov. 23, Berlyn echoed the attorneys general’s call, charging that “the big banks and credit card companies are cutting corners to cut costs, forgoing the added PIN feature to reduce the amount they would have to invest in new cards.”

Critics contend that requiring PINs could cause confusion among some consumers. Given the need for a PIN in many modern transactions, we doubt serious problems would arise.

An official of the Federal Reserve Bank wrote in 2013 that signature verification in the U.S. was likely to continue for some time. Fraud on lost or stolen cards would likely not drop as a result.

“Fraud may even rise,” Richard J. Sullivan wrote, “as fraudsters, unable to commit fraud on counterfeit cards, begin to target payments with relatively weak security, such as transactions that allow signature authorization.”

The attorneys general say they’re not interested in mandating any particular technology in law. Instead, they call on the executives “as good corporate citizens” to use and continue using available technologies that offer the best protection to consumers.

A spokesman said Mills will be receiving a new debit card, one that includes chip-and-PIN technology. She’s hoping more institutions will make similar shipments in the near future.

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer, ME 04412, visit or email


JP Morgan Chase data breach may have affected 1,300 Mainers


By Russ Van Arsdale, Executive Director, Northeast CONTACT
Posted Dec. 15, 2013, at 1:01 p.m.
Breach. It’s a word that strikes fear in the hearts of company CEOs, bankers and consumer protection officials everywhere.
The breach of J.P. Morgan Chase and Company’s computer data may have affected as many as 465,000 consumers. But it’s the company’s response — rather than the breach itself — that is drawing the most media attention.

The breach occurred sometime in July and affected data on holders of U-Cards. Those are debit cards Chase issues to a variety of government bodies to pay claimants of unemployment insurance and other benefits. In Maine, roughly 1,300 people who collect unemployment benefits via the U-Cards may have been affected.

Data on claimants is usually encrypted in the Chase servers. However, during the breach some of that data appeared as plain text, there for the hackers to read. The data may have included claimants’ card numbers, dates of birth, user ID and email addresses. Their personal identification numbers apparently could not be viewed.

Maine uses unique identifiers, rather than Social Security numbers, to identify recipients. While many people whose data were accessed might understandably be concerned about their data being misused, the lack of connection to their SSNs should offer some comfort.

That does not mean those claimants should have no concerns. The Maine Department of Labor, which was informed Dec. 4 of the breach, is advising people who have the U-Cards to check their accounts for any suspicious activity. While state officials don’t believe the breach resulted in any loss of funds, they can’t check individual accounts; they suggest recipients call Chase’s customer service number at 866-315-1011 to be sure.

Chase officials have said, since there was no loss of funds, they don’t plan to issue new cards to those whose data were involved in the breach. Chase spokesman Michael Fusco is quoted as saying the bank acted appropriately.

“When we detected this issue, our first priority was to protect our systems, cardholders’ data and accounts,” Fusco said. After an internal investigation to find out what accounts and data might have been exposed, Chase alerted authorities and started notifying affected cardholders.

The word didn’t reach the Maine Department of Labor until Dec. 4, although the breach was discovered in mid-September. That gap did not make people like Labor Commissioner Jeanne Paquette happy. “The Department of Labor is looking into the situation surrounding the breach and why we were not informed sooner of this event,” Paquette said in a news release Dec. 6.

Maine law requires notification of those whose data were breached “without unreasonable delay” or, when law enforcement officials advise that notification will no longer impede their investigation, within seven days. Some consumer advocates are suspicious of longer delays, suspecting that companies whose data have been breached may shop around for sympathetic cops to approve delays while the firms get their ducks in a row.

The investigation into the Chase breach is continuing. Affected Mainers might also want to get a free credit report (we’re entitled to one each year from the three reporting agencies). Find the free ones online at

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer 04412, visit or email


Ratewatcher and JP Morgan Chase and Co. Breach – WABI morning news

Posted Monday, December 9th, 2013 at 8:25 am.

Russ and Joy had a couple of topics to talk about. VIDEO

The first topic Russ talked about is the Ratewatcher Telecom Guide. This guide helps consumers find the best services and latest prices for Internet, telephone, and cell phone service in our state. If you are not one of their subscribers, you can got online to to download and print this years guide for free.

The second topic Russ discussed Monday morning was the JP Morgan Chase and Co. breach. In mid-September. Chase discovered that web servers used by the site for the u-card debit cards had been breached. This breach apparently happened around mid-July. The data that may have been viewed during this breach may have included claimants card numbers, dates of birth, user ID, passwords, and email addresses. The claimants Personal Identifying Numbers (PINs) were not viewed.

The Maine Department of Labor advises claimants to call Chase to find out if they were affected by this breach.

To reach JP Morgan Chase customer service call 1-866-315-1011.

Chase is emailing apologies to those affected and also offering one year of free credit monitoring. The company says that no evidence has been found where any individuals information has been used improperly, but they are asking claimants to watch their accounts and call JP Morgan Chase customer service on the back of their cards, if they see purchases they don’t didn’t authorize.

Russ also mentioned that it is a good idea for anyone to check their credit report by going online at, this is a free credit report service.


JP Morgan Chase Informing 1,300 Maine Unemployment Claimants of Data Breach

12/06/2013 11:18 AM EST

*State systems not affected*

AUGUSTA-The Maine Department of Labor has been informed by JPMorgan Chase & Co., the contractor that manages the debit card system for unemployment benefit payments, that the bank detected a data breach and is informing the affected 1,308 claimants via email on Dec. 9, 2013. People concerned about whether their account was affected should call JP Morgan Chase’s customer service number, 1-866-315-1011.

“We will hold JP Morgan Chase responsible to ensure the security of our citizens’ rights and personal privacy,” said Governor Paul R. LePage. “We are greatly concerned about this lapse and want Mainers to know that we take seriously the need to keep data safe.”

“The Department of Labor is looking into the situation surrounding the breach and why we were not informed sooner of this event,” said Commissioner of Labor Jeanne Paquette. “Unfortunately, the department does not have access to individual debit card account data and cannot answer questions related to the status of individual accounts,” she noted. “Current and former claimants who have used the debit card system should call JP Morgan Chase to find out if they were affected by the security lapse.”

The bank advised the department late on Dec. 4 that the web servers used by its site, had been breached in the middle of September. It then fixed the issue and reported it to law enforcement. Since notification, the department has been working with the bank to learn what steps they were taking to inform claimants, when that would occur, and why the breach occurred and how security will be improved going forward.

No State of Maine information systems or other unemployment system data were breached in this event. This did not affect other debit card programs operated by the State of Maine. Several other states’ unemployment and other debit card programs that have JP Morgan as a contractor were affected.

The information that may have been exposed during the security lapse could include a claimant’s card number, date of birth, user ID, password and email address. The claimant’s PIN number could not be viewed.

JP Morgan Chase is sending an email to the affected claimants with an apology and an offer of free credit monitoring for one year. The bank told the department that it has found no evidence that any individual’s information was used improperly, and they will continue to monitor the accounts. They also are asking cardholders to watch their accounts and to call
the customer service number on the back of the debit card if they see purchases they do not recognize.

Unemployment benefit payments are made in one of two formats, either via direct deposit to a checking or savings account or to a prepaid debit card that can be used at ATMs, financial institutions and anywhere that the Visa logo is displayed but transaction fees apply. The debit cards may be active for up to three years, even if the person is no longer unemployed.

Reuters article from December 5, 2013

Northeast CONTACT suggests anyone with concerns request a Free credit report.

Fraud Alert: Company claiming to hire laborers stealing debit card funds from ‘new hires’

AG Mills and Commissioner Paquette warn job seekers to report companies that require new hires to purchase pre-paid debit cards before their first day on the job

AUGUSTA—Attorney General Janet T. Mills and Commissioner of Labor Jeanne Paquette are warning job seekers about a scam that aims to steal money via pre-paid debit cards. A person claiming to be hiring laborers has been telling candidates that they need to purchase a $60 “Green Dot” pre-paid debit card from Wal-mart before their first day of work.

The person calling the job seekers claims to be working for “Wipe-Out Windows and Construction” from Charleston, S.C., and says his name is Craig Thompson. This appears to be a made-up name, and a similar scam has been targeting people in other states using the name Brandon Williams.

The scammer, through false postings on the Maine Job Bank that use a legitimate Florida business’ name, is advertising for workers. When job seekers accept the referral from the job bank, the scammer contacts the worker, tells them they are hired and then tells them to purchase the debit card and that he will meet the workers at the local CareerCenter.

The scammer explains to the job seeker that the money on the card is to cover the expense of a uniform and training, which is a clear violation of both state and federal employment law. Once the worker has the card and contacts the scammer, the scammer asks the job seeker to read the card number over the phone. The scammer does not show up to the prearranged meetings at the CareerCenter, and the job seekers then find that the debit card account has been wiped out.

Commissioner Paquette stated, “We have more than 7,000 jobs on the Maine Job Bank, and all of those employers have been vetted by the department. This appears to be a rare but serious case where someone is impersonating a legitimate business. We have notified the U.S. Department of Labor and other states so that the national Job Bank referral system can be on alert for similar postings to protect job seekers.”

Attorney General Mills added, “Even if the employer actually appeared and gave these people work, the requested payment is illegal. Anyone looking for a job should know that they cannot be asked for this kind of payment to secure employment. If they are asked, it should be a big red flag that something is wrong.”

Commissioner Paquette noted, “Job seekers should continue to register with the Maine Job Bank and continue to use legitimate online job banks to search for work, because that is the twenty-first century method of job hunting. However, if people are asking you to pay money to get a job or do not bother with a face-to-face interview, that should raise concerns. If you have questions about a job posting, do not hesitate to contact the Department of Labor or your local CareerCenter to find out more information about that job or to report a suspected violation of employment law.”

To protect themselves from being a victim people should:
– Never feel pressured to make a payment to secure employment – it is illegal for an employer to ask for this. They cannot require an employee to cover costs associated with training, paperwork or uniforms. – Ask to meet a potential employer in person before agreeing to work for them – any legitimate employer would want to meet you, too. – Never give out your personal information over the phone to an unverified person.

Employees concerned about their rights on the job or in the hiring process should call the Maine Department of Labor at 207-623-7900 (TTY users dial Maine Relay 711). The Wage and Hour Division of the Bureau of Labor Standards provides information about the rights of employees at .

The Maine Job Bank, free for both employers and job seekers, is available at . Job seekers looking for additional assistance in finding their next job or training should visit their local CareerCenter or go to .

Get a check from the federal government? Watch out for scams

By Russ Van Arsdale, executive director, Northeast Contact
Posted Jan. 13, 2013, at 5:41 p.m.

Ever since the federal government said it would stop sending paper checks in favor of using direct deposit, scam artists have been hard at work. With a March 1 deadline for the switch coming, expect crooks to ramp up their illegal efforts.

Scammers call, write or email to phish for personally identifiable information, such as Social Security numbers. Once they have enough information, the crooks can claim a false identity and set up an account to receive federal payments.

The U.S. Treasury Department is getting the word out that the switch to direct deposit will be complete as of March 1. Everyone who receives Social Security, veterans’ or other federal benefits should be aware that many such payments will no longer be made by paper checks.

There are two basic reasons for the change, which has been under way for a number of months. Right now, about 93 percent of all federal payments are directly deposited. The Eastern Area Agency on Aging, or EAAA, estimates 3,200 recipients in Hancock, Washington, Penobscot and Piscataquis counties are still receiving paper checks. Fully implementing direct deposit is expected to save the government $4.6 million a month, or a billion dollars over the next decade.

It’s also intended to make those federal payments more secure. Federal statistics show that more than 440,000 Social Security checks were stolen in 2011, and $70 million in checks were fraudulently endorsed. Direct deposit is expected to cut those figures dramatically.

Dyan Walsh, EAAA’s director of community services, says about 300,000 Mainers use direct deposit. “It’s a safety issue,” Walsh says, “to reduce the chance of anything happening to those payments.”

However, there are still risks. Those scammers are already on the phones, claiming to be government officials and asking people for the information that will help the crooks steal their money. Be aware: Governments don’t call or email and ask personal questions; if someone calls you claiming to be a federal official and wants personal information, just hang up.

Instead, you should take the initiative to make sure your payments are secure. The Treasury Department has launched the Go Direct campaign, explaining and promoting the change at Information is also available through a toll-free call to 800-333-1795, from 8 a.m to 8 p.m. Eastern time, Monday-Friday.

You can arrange for direct deposit to your bank or credit union account, either by phone or online. Christopher Pinkham, president of the Maine Bankers Association, says people in the industry are ready to answer customers’ concerns, especially about safety.

“It’s remarkable how well [direct deposit] works,” he told me.

Visit your bank or credit union and ask questions directly, if using the phone or email makes you uneasy.

You may opt to receive your payments by way of what’s called Direct Express Debit Mastercard. There’s no charge to sign up for the prepaid debit card, and most services are free. Those who have not arranged direct deposit by March 1 will receive their payments this way.

When making the switch you’ll need your Social Security number or claim number; 12-digit federal benefit check number; amount of most recent federal benefit check; financial institution’s routing transit number, and your account number and type — checking or savings. Work with a trusted friend or relative if you need help.

Consumer Forum is a collaboration of the Bangor Daily News and Northeast CONTACT, Maine’s all-volunteer, nonprofit consumer organization. For assistance with consumer-related issues, including consumer fraud and identity theft, or for information, write Consumer Forum, P.O. Box 486, Brewer 04412, visit or email

Protect your credit during holiday shopping


By Russ Van Arsdale, Executive Director, Northeast CONTACT
Posted Nov. 27, 2011, at 3:34 p.m.

The last thing you might be thinking about during the holiday season is protecting your credit. However, it may be just the time of year to double efforts to safeguard your good credit.

That message came last week from Anne Head, Commissioner of Maine’s Department of Professional and Financial Regulation. “The holiday shopping season is a prime time for credit and debit card problems — from unauthorized charges to overcharges and identity theft,” she said in a news release.

The commissioner also took specific aim at gift and bank cards. Experts advise consumers to take a close look at the fine print. While gift cards have appeal to many for their convenience, some of them have fees or other provisions that can reduce their value over time. The cards may have limits on where they can be used, and card holders’ options may be limited if cards are lost or stolen.

Lloyd LaFountain III, Superintendent of the Department’s Bureau of Financial Institutions, urges buyers to know all the important terms, including:

  1. Any fees that apply during or after the sale that reduce the value of the card
  2. Expiration date
  3. What to do if the card is lost or stolen
  4. What to do if there are problems with the card
  5. Where the card can be used
  6. How to claim any unused portion of the card

If you don’t find the above information on the gift card or packaging, try to find a toll-free number or website to learn those details. Continue reading

%d bloggers like this: