Use cash

I use a credit/debit card online. But when I’m in a physical store, except in rare cases, I use cash. This is one of the reasons why:

Clothing store chain Eddie Bauer said today it has detected and removed malicious software from point-of-sale systems at all of its 350+ stores in North America, and that credit and debit cards used at those stores during the first six months of 2016 may have been compromised in the breach.

I work in security and POS systems are one of the things we watch and worry about a lot.


21 thoughts on “Use cash

  1. Slightly OT: My former employer would sell a POS terminal or credit card making machine to anyone who walked in the door with the cash to buy one. Eventually, the feds asked us to be a little more discriminating as the bad guys were making copies of cards until the machine crapped out, then toss it in the dumpster. And we wouldn’t get much repeat business, either.

  2. Cash is good, but I still hang my information out on the internet. A lot. Buying on-line is just too convenient, and sometimes it’s the only viable option. I’ve had only one instance of card fraud against me, from some jackholes in some backwater shithole of a country [the kind Obama identifies with] and it was quickly fixed (on my bank account anyway, justice being another matter entirely).

    Joe; It seems to me that our justice system is not at all serious about catching this kind of criminals and bringing them to justice, that they find it kind of OK for the most part, loving chaos as some of the crazier Progressives do. Credit card fraud is also very closely related to what our every day politicians do as a matter of course.

    What is your opinion of the feasibility of catching them in large enough numbers that the crime would be substantially diminished, given enough dedication? I’d like to see it as a priority; treating international credit fraud as something approaching an act of war if there’s a scintilla of evidence to indicate government complicity or even complacency.

    It’s the kind of crime you don’t just happen to get mixed up in through a transient lapse of good judgment, but through a very deliberate process. They’re committed to it. It requires dedication. Therefore a seek-and-destroy policy makes perfect sense to me, and would be all kinds of entertaining besides. Just hang the motherfuckers in droves and be done with it.

    But you have to find them, so I ask you. What would it actually take?

    • I don’t know what it would take considering ‘way back when, CitiBank’s big ad promo was touting an 80% reduction in fraud due to putting the card user’s photo on the back of the card. A survey found almost no clerk bothered to check the photo. Wrong sex, wrong race, wrong age didn’t matter. So CitiBank moved the photo to the front. No significant improvement. My point is that ain’t nuthin’ gonna get better if the clerks don’t give a hoot and run the card.

    • Many of the criminal organizations operate out of Russia.

      Even someone in the same country can bounce through a proxy or three in other countries before coming back. It requires international cooperation with the FBI and a lot of tough Internet tracking (hopping through a few countries makes it very tough).

      They are getting some extraditions and convictions but not in the numbers we would like.

    • Lyle,

      I think you are starting with the wrong target. If possible, I would target the malware clowns. Crowd-funding for a hunter/killer group to nail them, with video confirmation, perhaps. Credit card fraud hits a small number of people compared to malware, I think. Making it obvious that spreading bad software can get you dead would have millions of people cheerleading and paying for it.
      More difficult than tracking down fraud, I suspect. Confirming you have the right targets would be critical. The whole endevour would be wildly popular.

    • No such thing as a free lunch; those losses get passed on to the consumers in the form of higher rates and fees.

  3. “I use a credit/debit card online. But when I’m in a physical store, except in rare cases, I use cash.”

    This is my exact practice. 25 years in the Tech biz, in and out of gov. Cash is king.

    • Except when it’s not. I was flying back from Alaska on the plane today. The cart came down the aisle and I asked to buy something from it. They didn’t take cash – credit card ONLY.

  4. CC all the way. I only use my debit/ATM card at major banks (which is, really, no guarantee anymore what with skimmers and such)..

    I never use my Debit card eo purchase ANYTHING….

    I have great credit. Too many cards. If one is compromised, I will cancel it and use others. Further, I use one for gas, another for groceries and another for clothing….yet another online.

    Helps to prove fraud, if and when.

  5. I’ve also spun-up a semi-anonymous QFC rewards card. They have an opportunity to tie it to me at the gas pump, I suppose. But on the whole, I’m just not interested in providing fodder for _anybody’s_ data mining. So at restaurants, ranges, cigar stores, grocery stores, movie theatres, convenience stores, etc. I’m very much into cash. The gas pump, Amazon, various recurring bills (none auto-pay), airlines, and bigger ticket items get the card. I’m missing out on tons of “rewards points”, but every year I do get to turn my bucket of pocket change into mad money.

    • But that little bit of discount for using the data mining tag is more than enough reward for lots of people to use it.
      A man will sell his birthright for a mess of pottage. Considering what we inherited (at several generations’ remove) from the founding fathers, America has done exactly that.

  6. Supposedly the new chip cards should cure this problem. Unfortunately, it seems that the card processing companies are slowing down the deployment of those cards: I’ve seen any number of stores with chip reader terminals unable to accept chips because of the processors. And even though they are not at fault, the stores are still made to eat any bad charges. Amazing.

    • That’s because it’s turned out to not be as secure as thought, using a Man-In-The-Middle attack.

      • Interesting. Can you give a reference?
        I wonder if this is another example of a crypto system designed by the unqualified. Something like WEP, or the infamous weak cell phone cipher.

      • Say more: what MIM attack works when the only data the man-in-the-middle can get is already encrypted?

    • Somewhat contra Rolf, it’s ALSO because implementing the interface to the chip-card readers is not trivial and lots of small AND big retailers got caught out on this.

  7. You are probably old enough to remember “Butch Cassidy and the Sundance Kid”. Remember the railroad guys chasing them. This is what the banks need to do with credit card fraudsters. But they won’t because the Feds always bail them out.

    • Old histories describe bank robbers being stopped by armed guards. These days, every few days there’s a TV news report of a bank robbery committed with just a piece of paper. Robbers have nothing to fear during the act (though they do tend to get caught later on).

Comments are closed.