5 Things You Should Know About Prepaid Cards

Right now, there probably are three different types of plastic in your wallet or purse. Each type has different rules, disclosures, government regulations, and fees. So, wise consumers use the best type of plastic instead of cash.

Most consumers are familiar with credit cards and debit cards -- the first two types of plastic. Credit cards include an interest rate applied to all purchases, plus a variety of fees (e.g., overdraft, annual usage). Debit cards are offered by banks to their account-holders to access money in their checking and savings accounts.

Prepaid cards often look like debit cards but have several important differences. Prepaid cards must have value stored or "loaded" onto them before they can be used. Usually, consumers use cash to add value to a prepaid card. Then, the consumer uses the prepaid card for purchases, which are deducted from the balance on the card until there is no value left on the prepaid card. Then, more value must be added to the card before it can be used again.

Retail stores, restaurants and malls offer prepaid cards, usually called gift cards. Chances are you may have already received a prepaid card as a gift. I've received and given several prepaid cards as gifts. Customers use the Dunkin' Donuts prepaid card are the chain's retail stores. Prepaid cards from The Old Spaghetti Factory, Starbucks, and Target all operate similarly. Some retailers use their prepaid cards to track customers' purchases for rewards for loyalty programs.

Besides retail stores, many other companies and entities offer prepaid cards. Some employers pay their employees via prepaid cards, often called payroll cards. These payroll cards are designed for employees who don't have checking and savings accounts. Behind every payroll card is a bank that handles the transactions.

Some employers offer their employees prepaid cards only for qualified healthcare spending purchases. Some golf clubs offer prepaid cards for their members to use at the club's golf store and restaurant.

Some banks offer prepaid cards, too, for consumers who lack checking and savings accounts. With all of these prepaid cards in use, it is important for consumers to to know the advantages and disadvantages. There is a pretty good CNN Money article that discusses what consumers should know about prepaid cards:

"Watch out for the fees: The average prepaid card charges nearly $300 in basic fees a year, such as monthly charges, ATM fees and reloading fees, a recent NerdWallet study found... many prepaid cards also charge activation fees, transaction fees, bill payment fees, declined transaction fees, inactivity fees, customer service fees and paper statement fees."

"They don't build credit: Using a prepaid card doesn't help you build credit with the three major credit bureaus... don't be fooled into thinking they are doing anything to boost your credit score."

To browse the entire list of five tips, read the CNN Money article. To learn more about the differences between the three types of plastic in your wallet/purse, read the FDIC alert about consumers' rights. You can also select Prepaid Cards in the tag cloud in the near right column.

What has been your experience? What prepaid cards have you used?

Data Breach At Opening Ceremony

BankInfo Security reported details of a data breach at Opening Ceremony, a New York-based clothing and shoe retailer. Hackers inserted malicious software on the company's website server.

The data stolen included the payment card information of customers who purchased products online between Feb. 16 and March 21. the company has already notified customers affected by the breach. In a May 4 letter to affected customers (Adobe PDF), Opening Ceremony has contracted with ID Experts for complimenary credit monitoring and resolution services.

 

Report Analyzes Breach Notifications Affecting Massachusetts Residents

Last week, the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) released its findings from an analysis of four years of data breach notifications reported to the state. A chief finding was that sensitive data often was not encrypted.

Any businesses or entities storing consumers' personal information has been required since Oct. 31, 2007 to report data breaches to the OCABR. Through September 30, 2011, the OCABR received 1,833 breach notices affecting about 3.2 mikllion people, or an average breach size of 1,727 stolen or lost records. 73% (1,336) of the breaches involved electronic files and affected 97% of breach victims.

The financial services industry reported the most breaches (955) during the last four years, affecting 901,156 people. Most of these breaches were the credit- and debit-card transactions at processing centers and retail stores. The health care industry has had fewer breaches (214), but affected far more people ( 983,746), including the South Shore Hospital breach in 2010.

In March 2010, new laws went into effect requiring entities that store, own, or license personal information about Massachusetts residents to develop, implement, and maintain a comprehensive written information security program (WISP) describing how it will protect sensitive information. the new law required entities to encrypt sensitive information if it is transmitted over public networks, the Internet, or carried on portable devices.

The of breaches each year have remained pretty steady, ranging from a low of about 415 to a high of about 470. Other findings:

"... stolen or lost portable electronic devices are most often not secure. Of the 365 devices reported lost or stolen, only 13 were encrypted. The lost devices led to exposure for 409,572 people. By contrast, the 27 encrypted machines kept information secure for 24,269 people... of the 75 lost or misplaced portable devices reported; only one was encrypted, compromising 1.2 million pieces of information. Of the 290 stolen portable devices stolen, 12 were encrypted, protecting 4,110 pieces of information. The 277 unencrypted devices exposed 220,000 pieces of information."

The types of devices lost/stolen included desktop computers and computer tapes. The types of portable devices lost or stolen included laptop computers, thumb drives, and storage discs (CDs). The report concluded:

"If all portable devices were encrypted from 2007 to 2011, the number of residents whose personal information was compromised would be remarkably lower by 47 % or 1,490,308 people. If all portable devices were encrypted from march 1, 2010 the number of compromised residents would have decreased by 29 percent or 909,992 people... compliance with the encryption requirement is a powerful to to safeguard the personal information of millions of residents"

Download the OCABR data breach report (Adobe PDF, 948K bytes).

Consumer Reports Reviews Several Prepaid Cards

This blog previously warned consumers about the differences between the three types of plastic in your wallets/pursues. Consumer Reports published the findings of its review of several prepaid cards, and concluded:

"... although fees are beginning to come down, they aren't always disclosed upfront. Moreover, prepaid cards offer weaker consumer protections than those provided by traditional debit cards..."

Some of the higher fees Consumer Reports found with prepaid cards:

• Activation or initiation fees ranging from from $3 to $14.95.
• Monthly fees as high as $10
• Fees to get cash as high as $2.50 per withdrawal
• Fees to contact customer service as high as $2.99 per call.

Obviously, consumers should ask for and read closely the terms and conditions or prepaid card agreement before purchasing a prepaid card. It is wise to understand the different types of prepaid cards.

Related posts:

• Your Rights And The Differences Between The Three Types Of Plastic In Your Wallet Or Purse
• How To Evaluate a Health Care Debit Card Plan From Your Employer
• Bank of America Merchant Services And Money Network Announce New Payroll Solution
• Move Your Money To... Walmart? A Good Deal?
• How To File A Complaint About A Bank

Hackers Target Facebook Users With New Malware Tool To Steal Credit Card Information

In case you haven't heard, scammers and identity thieves have targeted social networking users. Trusteer reported a new scam by identity theives using a new version of the "Ice IX" malware.

After a Facebook member (within an infected computer) has logged into their Facebook account, the "Ice IX" malware spawns a new browser with a fake Facebook page which prompts users to enter credit card information for supposed additional data security protection. Of course, no security protection is provided, and the malware steals both the consumer's credit card information and other sensitive personal data stored on your computer.

This is another fine example of the creativity and persistence of scammers and identity thieves. Visit the Trusteer website to view screen images of the fake Facebook page. To learn more about how to protect yourself when using Facebook.com and its mobile apps, see the links in the "Using Facebook Safely" module in the near-right column.

Global Payments Breach Affects 1.5 Million Consumers

Last week, debit and credit card payments processor Global Payments Inc. announced that its systems had been breached by hackers and perhaps as many as 3 million credit and debit card numbers had been stolen. Global Payments processes transactions for Visa and MasterCard for retailers and card issuers.

In a statement released Sunday, Global Payments revised downard the number of stolen cards:

"... it identified and self-reported unauthorized access into its processing system. The company believes that the affected portion of its processing system is confined to North America and less than 1,500,000 card numbers may have been exported. The investigation to date has revealed that Track 2 card data may have been stolen, but that cardholder names, addresses and social security numbers were not obtained..."

The company has not disclosed how hackers breached its systems, nor the duration of the breach. The company's Monday-morning conference call focused on earnings and left little time for questions about the breach details.

The term "Track 2" refers to certain data elements stored in the magnetic strip on the back of debit and credit cards. Also on Sunday, Visa removed Global Payments from its list of "compliant service providers." Forbes magazine reported that the company expects to quickly correct the Visa compliance issue:

"Global Payments chief executive Paul Garcia is quoted in the company’s statement as saying that “We are making rapid progress toward bringing this issue to a close,” and emphasized that all major brands of cards still allow Global Payments to act as a payment processor."

After a breach like this, card issuers (e.g., banks, credit unions, retailers) will usually notify directly those cardholders with stolen account information, and whether replacement cards and accounts will be issued. And the card issuers usually seek reimbursement from the payments processor to cover the costs of issuing replacement cards to consumers.

Another payments processor, Heartland Payment Systems, experienced a much larger breach in 2008, after which multiple lawsuits resulted as card issuers provided replacement cards and accounts. With a reported 800,000 merchants and 3.5% market share, Global Payments is a smaller payments processor, when compared to First Data Corporation's 22.6% market share.

The largest banks, like Bank of America, have subsidiaries with joint venture arrangement with processor First Data to process card transactions. It seems to me that hackers have smartly figured out a way to steal valid credit/debit card information is to attack the transaction processors instead of retailers, like T.J.Maxx, or banks directly.

I called Global Payments to see how many retailers they may have lost already due to the breach and their inability to process Visa transactions. The public relations rep referred inquiries to the company's data breach site: www.2012securityupdate.com, which includes this statement to its merchants/retail clients:

"We are still processing all of your transactions, including Visa transactions, and will continue to work with the card associations in response to this incident."

Time will tell if and how long that continues. The company's breach web site also advises affected cardholders who suspect fraud to monitor their accounts, contact their card issuer, and place a Fraud Alert on their credit reports.

The Global Payments breach highlights the fact that several companies are involved in debit/credit card transaction flow, from the time yo swipe your card until when payment is completed. And, the security of that transaction flow is only as strong as the weakest link, or company, in the flow.

CFPB Accepts Complaints From Consumers About Checking And Savings Accounts

By now, you have probably heard about the new Consumer Financial Protection Bureau (CFPB), a federal agency designed to ensure that financial products and services for consumers are beneficial for consumers. Previously, the CFPB accepted complaints about credit cards and mortgages. Consumers can now submit complaints about checking and savings accounts to the CFPB. The website has a different form for consumers to share their stories about experiences with financial products.

Also, the CFPB is investigating how checking account overdraft programs affect consumers. Part of this investigation the CFPB seeks feedback from the public about a proposed “penalty fee box” disclosure on a consumers’ checking account statements to clarify the amount overdrawn and total overdraft fees charged.

Reportedly, the average overdraft fee ranged from $30 to $35 in 2011. A 2008 study (Adobe PDF) by the Federal Deposit Insurance Corporation (FDIC) found several alarming trends and statistics about overdraft programs.The CFPB has four concerns about overdraft fees:

1. Transaction Re-ordering that Increases Consumer Costs: the way that overdraft fees are applied by some banks increase costs to consumers. One practice is the co-mingling of all checks, bill payments, debit card transactions, and ATM withdrawals each day and processing the largest transactions first -- rather than in the order received. This maximizes the number of transactions that will trigger overdraft fees.
2. Missing or Confusing Information: the CFPB is analyzing how consumers anticipate and avoid overdraft fees given current banking disclosures -- and if there is a better way.
3. Misleading Marketing Materials: the CFPB is investigating reports that consumers have received misleading marketing materials about overdraft fees, since opt-in rates to overdraft programs vary widely by bank.
4. Disproportionate Impact on Low-Income and Young Consumers: The CFPB is concerned that overdraft programs disproportionately affect certain groups. The same 2008 FDIC study found several alarming statistics, including that 9 percent of checking account customers pay about 84 percent of overdraft fees.

You can view a prototype of this "penalty fee box" at the CFPB website (Adobe PDF). To submit feedback about overdraft fees, include the Docket No. CFPB-2012-0007 with your submission by:

• Online instructions: www.regulations.gov,
• Email: cfpb_overdraft_comments@cfpb.gov
• Postal Mail: send letters to Monica Jackson, Office of the Executive Secretary, Bureau of Consumer Financial Protection Bureau, 1500 Pennsylvania Ave, NW, (Attn: 1801 L Street, NW), Washington, DC 20220.

The CFPB began operation on July 21, 2011. In its annual report (Adobe PDF) to the U.S. Congress, the CFPB reported that by December 31, 2011, it had received 13,210 complaints from consumers, including 9,307 credit card complaints and 2,326 mortgage complaints. 44% of all complaints were submitted through the CFPB website, and about 15% via telephone calls.

The FTC advises consumers who experience identity theft or fraud with financial products to both submit a complaint to the CFPB and submit a complaint to the FTC.

CFPB Reports List Of Consumer Complaints About Financial Products

In its annual report, the new Consumer Financial Protection Bureau (CFPB), a federal agency designed to ensure that financial products and services for consumers are beneficial for consumers, listed the leading complaints submitted by consumers. The CFPB accepts complaints about credit cards and mortgages.

The CFPB began operation on July 21, 2011. In its annual report (Adobe PDF) to the U.S. Congress, the CFPB reported that by December 31, 2011, it had received 13,210 complaints from consumers, including 9,307 credit card complaints and 2,326 mortgage complaints. 44% of all complaints were submitted through the CFPB website, and about 15% via telephone calls. The leading types of credit-card complaints received:

Leading Credit Card Complaints Reported By Consumers to CFPB. July 21 - Dec. 31, 2011	Number	Percent
1. Billing Disputes	1,278	13.7%
2. Identity Theft / Fraud / Embezzlement	1,014	10.9%
3. APR or Interest rate	950	10.2%
4. Other	854	9.2%
5. Closing / Cancelling Account	478	5.1%
6. Credit reporting	437	4.7%
7. Credit Card Payment / Debt Protection	383	4.1%
8. Collection Practices	378	4.1%
9. Late Fee	364	3.9%
10. Other Fee	334	3.6%
Total for Top 10 complaint types	6,470	65.9%

The types of mortgage complaints received:

Mortgage Complaints Reported By Consumers to CFPB. July 21 - Dec. 31, 2011	Number	Percent
1. Problems when you are unable to pay (Loan modification, collection, foreclosure)	889	38.2%
2. Other	540	23.2%
3. Making payments (Loan servicing, payments, escrow accounts)	501	21.5%
4. Applying for the loan (Application, originator, mortgage broker)	235	10.1%
5. Signing the agreement (Settlement process and costs)	96	4.1%
6. Receiving a credit offer (Credit decision/Underwriting)	65	2.8%
Total Mortgage Complaints	2,326	100.0%

The FTC advises consumers who experience identity theft or fraud with financial products to both submit a complaint to the CFPB and submit a complaint to the FTC.

I like the CFPB's mission and its website. The agency's consumer response mechanisms are still new and in their infancy. They will become more beneficial as the agency identifies and resolves problems. What is your opinion of the CFPB?

Plenty Of Collateral Damage From a Credit Card Theft

There is a good article in PC Magazine that describes the scope of damages from identity theft when credit cards, smart phones, and spammers intersect. Jacqueline, a sales manager, had her credit card stolen and cloned, which resulted in over $2,000 in fraudulent charges. (Damages #1.) Her bank cancelled the exisitng credit card account and issued her a new credit card account. You would assume that was the end of the story, but sadly it wasn't.

Then, the credit card theft and card cloning happened with the replacement credit card -- which suggests an insider identity-theft problem at the bank Jacqueline uses.  Her bank cancelled the replacement credit card account, and issued her a second replacement credit card. End of the story, right?

Wrong. Next, Jacqueline and her contacts began to receive a flood of text message and phone call spam from unknown phone numbers. Apparently, the identity criminals had also stolen Jacqueline's mobile phone number (Damages #2.) along with her credit card information. Jacqueline's company-issued Blackberry-brand smart phone had been spamming people and phishing for consumers' Sovereign Bank sign-in credentials.

Jacqueline doesn't work at Sovereign Bank. After more investigations by the IT department at Jacqueline's employer, her mobile carrier, Verizon, informed them that the text message spam wasn't coming from its network, but from a computer pretending to be Jacqueline. Apparently, the credit card thieves re-sold Jacqueline's personal data and mobile phone number to other identity criminals, which included a spammer (Damages #3.):

"Someone had gotten a hold of her mobile number and was spoofing other phones using her digits. It turns out there's software designed specifically for businesses to send bulk SMS to lists of phone numbers from a computer."

Wow! What a mess. This saga highlights several issues, including the:

• Creativity and persistence of identity thieves,
• Efficiency of online forums where consumers' stolen personal data is resold and traded,
• Value of consumers' (digital) personal information, and
• Duration of damages from identity theft and fraud.

The average consumer doesn't think about how valuable the various bits of their personal information are. But, identity criminals think about it deeply.

The good news in this story was that the IT department at Jacqueline's employer was able to rule out any leaky smart phone apps that could have compromised her data security.

Today, there's not much more Jacqueline or her employer's IT department can do. Her personal identity information is out there in the thieves' domain. As I see it, all she can do is file police reports to document the trail of theft, and lock down her credit reports to keep the damage from spreading to her financial accounts. If the thieves also have her Social Security number, then they can obain fraudulent identification cards and drivers licenses. And, there's nothing to restrict the thieves' action with the USA borders.

Traveling Outside The Country? Before You Leave, Notify Your Credit Card Issuer So Your Purchases Aren't Denied

With the increase in identity theft and fraud during the past few years, many banks have increased their security efforts to fight identify fraud. This includes proactively flagging or automatically denying credit card purchases in another country. This increased security has both good and bad news.

The good news: consumers are better protected against fraud. The bad news: valid purchases by cardholders traveling outside the the country may be denied. The last thing anyone wants to experience is a denied credit card purchase when you are in a different country and low on cash in the local currency.

To avoid this, I notified my credit card issuers before my recent vacation travel. Credit card issuers will want to know your card number, travel destinations, travel start/stop dates, and cardholders traveling.

The letter I used, which you are welcome to adapt for your upcoming trip:

"This regards the [insert Visa/Discover/MasterCard/Amex/etc.] account ending XXXX. I am the cardholder for the above account. This letter is to inform you that I will be traveling on vacation from November 22, 2011 to December 9, 2011, and visiting the following locations: Mexico, Guatemala, Panama, and Colombia (Cartagena). Hence, you will see purchases on my [insert Visa/Discover/MasterCard/Amex/etc.] card at these locations, and from the XXXXXXXXX cruise line."

With some credit card issuers, you can report upcoming travel via a toll-free phone number. I prefer a written letter which documents the communication. The address to use is on your monthly statement. Check the website for your bank or credit card issuer about how to report upcoming travel.

Banks Promote Credit Cards Over Debit Cards

Remember this Visa commercial from 2006-07:

Now, watch this 2011 commercial:

Do you notice the shift? In 2007, banks pushed debit cards. They mentioned "debit" since the emphasis then was speed and convenience. The newer commercial never uses the word "debit." Why?

Now that swipe fees have been reduced and banks see the difficulty in charging consumers monthly fees for debit cards and checking accounts, the push seems to have shifted back to credit cards -- where the banks can make more money.

During the last four years, consumers have switched from credit cards to debit cards as they pay off their debt. Bloomberg News reported:

"Consumer credit in the U.S. unexpectedly dropped in August by the most in over a year. The $9.5 billion decrease followed an $11.9 billion increase the previous month,.."

And, consumers are paying off other debt too:

"Non-revolving debt, including educational loans and loans for autos and mobile homes, dropped by $7.23 billion in August, the biggest decrease since Aug. 2008. Revolving debt, which includes credit cards, fell by $2.27 billion."

Sure, this is affected by unemployed consumers and consumers who lack confidence in the economy. My point: decreasing debt affects the banks' ability to make money.

It would seem that banks now want consumers to go back to the way it was, since banks can make money from interest charges on credit cards. I would advise consumers to pay with the payment method that best suits your needs, not the banks' needs. Keep paying off your debt, too.

Will you switch back from debit cards to credit cards? I won't, and I hope that you won't either.

Making Data-Sharing Choices With Incomplete Information

This morning, I signed into my Discover credit card online account to read the new privacy policy which the bank had sent several e-mail messages about. Since writing this blog, I have learned two things: banks constantly tweak their terms and privacy policies, and it is important to read the fine print. Frankly, I found the online experience unsatisfactory.

The new policy clearly describes what Discover shares about sharing cardholders' personal information. Some of this personal data sharing is necessary (and appropriate) for banks to report consumers' balances to credit reporting agencies (e.g., Equifax, Experian, TransUnion). Note that the policy includes three types of companies (e.g., Affiliates, Non-Affiliates, and Joint Marketing):

The new policy also defines the three classes of companies Discover does business with and shares cardholders' personal information with:

This new policy doesn't list the actual company names within each category. It leaves cardholders to guess, and make an uninformed decision about whether to share their personal data where Discover allows above. And, you can't make your sharing decisions online at the website. you have to call the toll-free number.

This incomplete disclopsure makes the new privacy policy pretty useless for the following reasons:

1. The policy doesn't provide enough information (e.g., specific company names by category) to make an infomred decision,
2. For one class of companies, cardholders have to go hunting in another document,
3. The new policy didn't highlight what had changed from the old policy, and
4. The whole data-sharing decision process forces Discover cardholders to be financial experts about Discover's business relationships in order to make a decision about whether to share their personal information.

The new Discover Privacy Policy is also available to the public here. The above policy is not full, honest, transparent disclosure. Not even close.

While at the website, I sent this secure message to Discover to try and get an answer:

"This morning, I read online your new privacy policy about changes in information you share with affiliates, non-affiliates, and joint marketing companies. I found the whole online experience unsatisfactory, since it never provides examples of actual companies in each category. This makes it difficult for customers to make informed choices. When will you update the policy with actual company names?"

To try and learn more, I also started an online chat with one of the Discover customer service representatives. The text of that chat is below. Note that the representative provided only an example of a corporate affiliate:

"Katie: Thank you for visiting Discover.com. What questions can I help you with today?
George: I have a question about the new privacy policy. Which companies are affiliates, non-affiliates and joint marketing?
Katie: That's a great question! Our corporate affiliates are GE Money Bank (Sam's Club and Wal-Mart Discover Cards) as well as HSBC as we do offer a Discover Card through them."

Hmmmmm. I didn't say anything but I recognize the GE Money Bank and Wal-Mart company names from this prior post. The online chat session resumed:

"Katie: As to who is included as a joint marketer; I am not sure. I can forward that information to a specialist and email you back as soon as I hear from them.
George: Is there a list somewhere, so I can make an informed decision about whether or not to share my personal data?
Katie: Those partners should be listed in your most recent Cardmember Terms and Agreement. Would you like me to mail you a copy of that document?
George: Yes, please.
Katie: Thank you. Can I help you with anything else today?
George: It would be nice if you listed the companies online at the website privacy policy and terms policy. Please tell your managers of this request.
Katie: I can certainly forward your feedback! Have a great day, Mr. Jenkins!"

Sadly, Discover isn't the only bank that does this. Many banks and non-financial companies have similarly incomplete privacy policies.

Move Your Money To... Walmart? A Good Deal?

This blog has covered extensively the ways banks have "mugged" consumers via higher fees, higher interest rates, traps, and tricks. I was surprised to read in the Tuesday the New York Times a report about some consumers moving their money to Walmart Money Centers, instead of to banks or credit unions. Move your money to Walmart? Really?

After reading the newspaper article, I visited the Walmart Money Centers website to learn more:

By offering several a la carte banking services (e.g., debit card, money transfers, bill pay, money orders, credit cards, check cashing, and checks), Walmart has wormed its way into banking. If it walks like a duck, sounds like a duck, and smells like a duck -- then it must be a duck. How was this allowed to happen?

Apparently, many consumers who don't have a checking account (e.g., referred to as the "unbanked") are using Walmart Money Centers to cash they paychecks, since the fees are lower than at many banks. I have mixed feelings about this. Here's why:

Advantages:

• It benefits consumers to have a competitive choice since Walmart Money Centers offer lower check-cashing fees than banks and payday lenders. That could create a downward pressure on banks to lower their fees to remain competitive
• I see the benefit to Walmart of paying its associates via Walmart debit cards. This removes or lowers the middle-man processor costs

Now, the disadvantages.

First, "banking" with Walmart is still very expensive for consumers. A $3.00 fee to cash a $800.00 weekly paycheck is really an effective annual interest rate of 19.5% ($3/$800 x 52 pay periods per year). That same $3.00 fee on a $400 weekly paycheck equals a 39% effective annual interest rate.

The Walmart MoneyCard (e.g., debit card) is expensive, too. The $3.00 fee to load money onto a card, plus the $3.00 monthly maintenance fee is really an effective annual interest rate of 18% (assuming a $300 paycheck and 26 pay periods per year). So, a consumer is paying 18% to access their own money. What? That 18% is a rate similar to many credit cards, where a consumer can avoid the interest charges by paying their balance in full at the end of the month.

While Walmart Money Centers may seem like an attractive option, it's really expensive "banking." Better to find a credit union with free checking and save both the $78 in annual check-cashing fees and $108 in annual debit card fees.

Second, I can understand the benefits for Walmart of paying its associates via Walmart debit cards. The benefits for Walmart Associates are questionable at best, given the above debit-card fees. The lack of banking choice is troublesome:

"Walmart associates may receive their pay either by direct deposit or through the First Data Money Network program and may access their wages through the Money Network MasterCard Paycard(R) or Money Network(TM) Checks."

This reminds me of the old "company store" practice from the 1800's where companies forced their employees to shop only at the company store, and kept them in debt bondage -- only it's worse today. How? Keep reading.

Third, the lack of disclosure and transparency is extremely troubling. If a consumer left Bank of America for a Walmart Money Center, then you are still banking with some of the same companies that perform outsourced, back-office financial transactions. According to a 2009 Reuters press release:

"Walmart, MasterCard Worldwide and First Data today announced a new, more sustainable payroll program designed to reduce the number of paper paychecks and pay stubs distributed each year to Walmart and Sam's Club associates... "

Alert readers will remember that First Data is a joint venture partner with Banc of America Merchant Services to process BofA debit card transactions. When I asked Bank of America to explain this joint venture, they declined to comment. And, there's more.

Wal-mart operates its Money Centers by outsourcing functions to Moneygram. According to Hoovers, Moneygram:

"... sells MoneyGram-branded cash transfers and money orders at some 227,000 locations around the globe. It is the leading provider of money orders in the US, issuing some 175 million annually. Wal-Mart is MoneyGram's largest money-transfer and money order agent, accounting for more than a quarter of the company's revenues. MoneyGram also offers in-person and electronic bill payment services, letting users pay everything from mortgages to utilities, and processes official checks for financial institutions."

In September, Fitch Ratings announced in a press release:

"MoneyGram has been informed that it is being investigated by a federal grand jury in connection with its consumer anti-fraud and anti-money laundering program matters for the period 2004 to early 2009. A prior similar investigation led to MoneyGram paying an $18 million fine..."

Thomas H. Lee Partners and Goldman Sachs own about 85% of MoneyGram.

Fourth, I thought that Walmart was prohibited from banking. The New York Times reported:

"Four years ago, Wal-Mart abandoned its plans to obtain a long-sought federal bank charter amid opposition from the banking industry and lawmakers, who feared the huge retailer would drive small bankers out of business and potentially conflate its banking and retail operations. Ever since, Wal-Mart has been quietly building up à la carte financial services, becoming a force among the unbanked and “unhappily banked,” as one Wal-Mart executive put it."

Fifth, the fine print about the Walmart MoneyCard states the following about its debit card:

"The Card is issued by GE Money Bank, member FDIC, pursuant to a license from Visa, U.S.A. Additional services provided by Green Dot Corporation. Not available in all states. Issuance fee, monthly fee, and other fees apply..."

This means that Walmart outsources its debit card operations to GE Money Bank, where cardholders' money and accounts are insured by the Federal Deposit Insurance Corporation (FDIC) which insures banks. So, the FDIC is effectively insuring Walmart! I'll bet you didn't know that. Neither did I until I read the fine print. How did this happen?

I hope the New York Times reports more about all of this.

My main point: if consumers choose to "bank" at Walmart Money Centers, you should know who you really are doing business with. The Walmart brand name appears the retail stores, but several outsourced companies actually process its financial transactions -- just like the big banks.

Me? Walmart Money Centers do not appeal to me for both the reasons above, and plus several Walmart business practices. Hence, I have boycotted Walmart since 2000.

What do you think? Are Walmart Money Centers a good option? If you have moved your money to Walmart, share your experiences.

A Primer: Finding A Credit Union To Move Your Money To

Many consumers feel "mugged" by the big banks and their many banking fees, and are moving their money to a community bank or credit union. If you are looking for a credit union, there are a few things you should know. I am looking for a new bank or credit union, given the new debit card fees and poor treatment.

To learn about credit unions, first I visited the National Credit Union Administration (NCUA) website. The NCUA is the independent federal agency that regulates and supervises federal credit unions. The NCUA operates the National Credit Union Share Insurance Fund (NCUSIF), which insures deposits at federal credit unions and most state-chartered credit unions. Deposits are insured up to $250,000 per account.

The NCUA website explains what a credit union is and how they operate. Some consumers like credit unions because they believe all banks will ultimately add fees for checking accounts. Besides offering low and no fees compared to the big banks, the attraction of a credit union is:

"... cooperative financial institution that’s owned and controlled by the members. Since they’re not-for-profit, they exist to serve you, the member. Not for profit, not for charity, but for service is a credit union motto. As a member, you have a say in how the credit union is run..."

I like the idea of having a say, since that is not happening at the big bank where my accounts currently are. At the NCUA website, I used the find a credit union to develop a short list of three or four credit unions located near where I live. The tool delivers summary information about each credit union: name, address, phone, CEO name, credit union type, number of members, charter number, status, and other pertinent data. I found this information useful with creating my custom list of prospective credit unions to apply to.

To join a credit union, you have to apply. Some have specific membership criteria; others do not. You will probably want to find credit unions located near you, since their network of ATM machines is not a broad as the big banks. To me, that is a small consequence to avoid the numerous fees charged by the big banks.

To learn more, you can also follow the NCUA on Facebook. Or you can also visit the National Association of Federal Credit Unions (NAFCU) website. While the NCUA website focuses on the needs of consumers, the NAFCU website provides information for both its members and for consumers. You can also follow the NAFCU on Facebook.

The NAFCU also provides a credit union locator tool to find a credit union, and a compare rates tool, to compare the interest rates by type (e.g., savings, mortgages, consumer loans, and credit cards) at credit unions. I found the compare rates tool not very useful, since it only lets you compare all interest rates in a state by type, or rates by type nationally. The compare rates tool doesn't let you compare rates by type within a state.

To be fair, while I like a lot of the information about banks in articles at Bankrate.com, its compare rates tool includes interest rates for a variety of financial products (e.g., checking, savings, CDs, credit cards, mortgages, auto, student loans) at banks, but lacks relevant checking and savings fees. In 2009, this blog first covered the Move Your Money Project (MYMP) website. At that time, the search tool only included community banks. The search tool was upgraded last year and includes both community banks and credit unions.

The Find a Better Bank (FBB) website lets consumers search across both banks and credit unions. I found many of the questions in the FBB search tool intrusive on privacy, and just wanted the site to simply display a list of nearby banks with their key check/savings interest rates and relevant fees.

What search tool have you used to find a credit union or a community bank to move your money to? If you have used any of the above search tools, please share your experiences: good or bad.

[November 1, 2011 Update: In a Facebook message, the NCUA announced today, "We have launched the completely restructured and redesigned www.ncua.gov and rolled out phase II of our consumer-focused website www.MyCreditUnion.gov. The site www.ncua.gov is now exclusively tailored toward the business aspect of the agency, whereas consumer content moved to www.MyCreditUnion.gov with an identity aimed at attracting web-surfing consumers who either want to learn about credit unions or need help with their credit union. The new site incorporates the latest functionality in web technologies and features."]

Data Breach At Vacationland Vendors Affects About 40K Consumers

Vacationland Vendors, a supplier of arcade equipment and vending machines, announced at its website a major data breach affecting consumers who used their debit- credit-cards at the Wilderness Resort locations in Wisconsin or Tennessee during the period from December 12, 2008 to May 25, 2011. The company released very few details in its breach notice:

"Based upon its investigation to date, Vacationland Vendors reasonably believes that a computer hacker improperly acquired credit card and debit information. This incident did not involve an internal security issue within the Wilderness Resort."

While company did not disclose the number of consumers affected by the data breach, the Credit Union Times reported that an estimated 40,000 consumers were affected. Vacationland Vendors advises affected consumers to closely monitor their bank accounts for fraudulent charges, report any fraudulent charges to their bank, and then place a fraud alert on their credit reports.

Vacationland Vendors needs to do much more to help affected consumers, and explain more about its investigation, why the breach went on for so long -- over two years, and what the company is doing so another hack doesn't happen for so long a period.

How To Recognize Disaster Related Scams

You have just survived a natural disaster event. Perhaps you have some damaage to your home. Nobody wants to be victimized twice: once by the natural disaster and then by scam artists and identity thieves.

To help consumers and businesses deal with disasters and the scam artists that often follow, the U.S. Federal Trade Commission (FTC) operates the Disaster Recovery website. The website contains a variety of content including emergency preparation tips and advice about scams.

Unfortunately, several types of disaster-related scams target consumers:

• Debris Removal Scams: The FTC advises consumers to get a written work estimate from any company promising to remove debris from your property. Don’t make the final payment until you have inspected the job and are happy with it. Shop around and compare prices to make sure you are not overcharged.
• Fake Disaster Officials: Some scam artists claim to be government officials offering assistance to qualify for disaster relief payments. A “processing” fee is often included. Others masquerade as safety inspectors or utility repair workers who claim that immediate repair work is required. Some claim they can get you FEMA funds, for a fee. FEMA does not charge application fees. In fact, no government agency charges application fees. Always ask for identification from any officials who visit your home or your temporary shelter. Call the local agency office to confirm the person's identity.
• Home Repair Scams: often the scam artists claims that the work must be done "now or never." Collect phone numbers to verify identities. Demand the time to consider the offer overnight. Before selecting a contractor, get at least two bids, get references, get the contractor's business license, check the Better Business Bureau website, deal with established vendors, don't give out personal financial information (e.g., credit card numbers), and structure payments in installments (e.g., upfront, 50% of work completed, 100% of work completed). The U.S. Federal Emergency Management Agency (FEMA) operates a Disaster Housing Program to help homeowners who have been forced out of their homes by disasters. This includes Disaster Home Repair Assistance, which provides grants to homeowners for minor but necessary disaster-related repairs. Call the FEMA Disaster Helpline at 1-800-621-FEMA. The U.S. Small Business Administration makes low interest loans of up to $200,000 to homeowners to repair or replace damaged or destroyed real estate.

To learn about more types of scams, visit the FTC Disaster Recovery website. Often, many of these scams lead to identity theft and fraud. The website recommends when you should and should not disclose your sensitive personal information (e.g., bank account numbers, credit card numbers, Social Security number, birth date, mother's maiden name).

Data Breach At A Retailer Has Affected BofA and Citi Customers

A data breach at a retailer has affected cardholders at both Bank of America and CitiBank. Both banks have deactivated some credit cards. According to American Banker, the banks have not disclosed the name of the retailer. According to Bloomberg, Bank of America sent several debit card customers new cards as a precaution after a possible breach. The banks have not disclosed the name of the retailer.

From my view, the two events are related and the retailer's breach is significant. A reader wrote to me yesterday:

"Wow. This morning BOA contacted me about suspicious activity on my debit card...3 transactions at some international art market. On the 3rd transaction, BOA caught it and declined the card. The rep said she thinks they had a fake card made. But wow! What the hell? Do you think this is a coincidence or could it be related?"

It's probable that this reader's debit card information was skimmed and cloned. It's great that BofA acted proactively and notified the reader of these suspect transaction, but the fraud has already happened. This reader's bank account information is out there among identity theft and fraud criminals. Now, this reader needs to get a new bank account and replacement debit card; plus update all of her online bill payment settings.

I encouraged this reader to use credit cards instead of her debit card when shopping at online and brick-and-mortar retail stores. Sure, debit cards are convenient, but the risk is just too high. When breached, it gives criminals direct access to your bank checking account.

Think of it this way: every time you shop with your debit card at a retail store, you are trusting that retail store and its employees to:

1. Protect your sensitive bank account information,
2. Protect their customer databases from hacks,
3. Protect its point-of-sale terminals from skimming devices,
4. Encrypt wireless transmissions of purchase transactions between it and its banks,
5. Implement a "red flag" program to controla ccess to sensitive customer data and to discover insider identity theft,
6. Comply with state laws to protect and delete certain transaction information within the appropriate deadline, and
7. Comply with merchant guidelines (e.g., from Visa International, MasterCard)

So, the next time you enter a brick-and-mortar store, look around and ask yourself if you feel comfortable that that particular establishment has the resources, skills, and commitment to do #1 through #7 to protect your sensitive bank account and payment data. If the answer is "no," then use cash or a credit card. At gas stations, use your card inside and not at the pump. Learn how to avoid being a victim of skimming. Learn more about whether to shop with cash, debit, credit, or a charge card.

Me? I use my debit cards only at my bank's ATM machines.

If you are a Citi or Bank of America customer, were you affected by this latest breach? Did you receive replacement debit/credit cards, or did you have to demand them? If so, please share your experience below.

Consumer Receives Email Inquiry From Calgary Police About Stolen Credit Card

What would you do if you received an e-mail from a police department in another country claiming that your personal and financial information had been stolen? This happened last week to my friend, Beth (her name has been changed upon request). Beth lives in Boston received the e-mail message below:

From: Calgary Police Service
Date: Wed, Aug 3, 2011 at 4:31 PM
Subject: Police Inquiry - Identity information recovered

[Beth's personal information removed for security reasons.]

I am a constable with the Calgary Police Service (CPS) in Calgary, Alberta, Canada. The CPS recently executed a search warrant at a Calgary residence and one of the items seized was a sheet of paper bearing the personal information of 144 people; this information included credit cards, expiry dates, full names and addresses. The above information, accompanied by your e-mail address was listed. It is my intention to charge the suspect with unlawfully possessing credit card and identity information. In order to prosecute, I require confirmation that the above information is (or was) correct.

Your personal information appears to have been compromised. Therefore, I am recommending that you notify the bank that issued your credit card to have it cancelled immediately. I would also encourage you to contact your local credit reporting bureau and check to ensure that your personal information has not been used to obtain any other banking services or products.

This is a legitimate law enforcement inquiry and my credentials can be verified via the Calgary Police Service website at www.calgarypolice.ca. If you are unsure of the legitimacy of this e-mail, please present it to your local law enforcement agency, so they might assist in this investigation.

Cst. K Grier #4572
District 3 GIU
Break and Enter Detail
Calgary Police Service

First, I would like to thank Constable Grier and the CPS for catching and prosecuting identity-theft criminals. It is always good to see local law enforcement in action.

I spoke with Constable Grier about her e-mail. Since most of the identity-theft victims in this case were from other countries outside Canada, CPS notified banks and took the added step of notifying theft victims directly, when possible. Constable Grier suspected that the credit card information was either stolen from a website or accounts were hacked. Like all law enforcement, CPS appreciates the assistance the public and breach victims can provide.

This case has several implications. First, it highlights the fact that identity-theft criminals often commit other types of crimes -- in this case, burgulary. While pursuing a burgulary suspect, CPS discovered the credit card thefts. So prosecuting and jailing identity-theft criminals can also stop other crimes.

Second, this case highlights potential gaps in cross-border breach notification laws. While local law enforcement in another country may promptly notify breach victims' banks, my understanding is that there is no guarantee of data breach notice to U.S. citizens across country borders. I did some light reading and the current Red Flag Rules do not apply to breaches at bank branches located outside the USA (PDF document). Perhaps some legal scholars can expand and clarify on international laws regarding cross-border breach notification.

Third, it highlights the need for breach victims to take action. I am sure many readers want to know what to do should you receive an e-mail like the one above. Beth found this situation scary as she had never visited Calgary. She wondered if the above email was real or a scam.

Since there are so many online scams and phishing e-mail messages, I advise consumers to first verify the e-mail via an alternate method. By "alternate method" I mean an independent, different method than the format of the suspect message. Don't disclose any more personal information until you have verified that the message is real. Example: If the suspect message is an e-mail, don't press the "Reply" button. Instead, independently verify it via the phone (or an in-person visit to your local law enforcement). Example: if the suspect message is a phone call, independently verify it via e-mail or the Internet. Or, ask your local police department for help with verification of an inquiry from another police department.

In this case, verification was easy. I performed a Google search to independently find the CPS website, since I didn't want to rely on the contact information in the e-mail. At the CPS website, I found the main phone number for District 3, and called to verify that Grier is a Constable there.

I shared all of this with Beth, who started to feel better. Later she contacted Grier. The thief had stolen credit-card information for an account Beth had already closed a long time ago. While consumers may ignore the situation because credit-card theft liability is small and often limited to US $50, helping law enforcement is important. As this case highlighted, identity theives often commit other types of crimes. So, prosecution for identity theft can stop other types of crimes, too.

The Calgary Police Service Identity-theft page has advice for consumers to both avoid becoming identity-theft victims, and for identity-theft victims. If you are an identity-theft victim, CPS advises:

• File a report with your local police department and obtain a case number.
• Notify all creditors by phone and in writing about the crime.
• Keep a log of all your contacts.
• Use a credit bureau sample dispute letter.
• Look at the crime before & after the event to learn how it happened. This will often help to lead investigators to multiple crimes.
• Prepare to complete an ID Theft Affidavit.
• Learn as much as you can!!

Would You Recognize This Credit Card Phone Scam?

[Editor's Note: this is part one in a three-part series about telemarketing or phone scams.]

Would you recognize this scam? During Tuesday morning last week, I received a phone call from a company, Card Services, offering a lower interest rate on my credit cards of 10%. The offer sounded interesting but suspicion.

A lower credit card interest rate is always of interest, but I was also suspicious because my landline phone is already listed in the Do Not Call registry. I listened to the phone representative's pitch for a couple minutes. The rep asked three questions:

1. Do I have a Visa or MasterCard?
2. Do I owe more than $3,000.00 on my credit cards?
3. Is my current credit card interest rate higher than 10%?

I answered yes to all three questions just so I could hear his pitch. I pay my credit card bills in full every month, so I do not incur any interest charges. During the phone call, I then asked the representative which bank he worked at. He said he works "with" all of the major banks -- and rattled off a list of bank names.

Next, I asked him to clearly state his company's name. He said "Card Services." I had never heard of Card Services before, and I definitely wanted to know more about this company before revealing any personal information.

Next, I asked him for his phone number. He hung up.

So, this clearly was a phone phishing scam where the scammer tries to trick consumers into revealing their sensitive personal information: name, address, credit card number, security code, and if you are gullible enough: your online banking sign-in credentials (e.g., ID, password).

A brief search of the Internet found similar phone scam experiences reported by consumers at Honeypot. I did not try a Better Business Bureau search, since I only had a company name and no address. There are simply too many companies in the BBB database that use the "Card Services" name.

It seems that many credit card issuers and banks have an internal department often called "Card Services," which the scammer is hoping that consumers will mistakenly believe is calling.

The Fraud And Identity Theft Prevention page at the Capital One website advises consumers:

"Never give your account number to someone calling you on the phone, even if the caller says it will be used to claim a prize or award."

Instead of a prize, this scammer offered a lower interest rate credit card. Thankfully, I was alert and knowledgeable enough to spot this cam and avoid being a victim. If you have experienced a phone scam like I did, or if you have been a victim, experts advise consumers to report it to the U.S. Federal Trade Commission at FTC.gov/PhoneFraud, and to your state's attorney general office. While at the FTC website, I reported this scam.

The phone scam I received was just one version of telemarketing fraud scams. Watch this FTC video to learn how to spot telemarketing fraud:

If you have received a phone call from Card Services, what was your experience?

Why Does First Data Know So Much About Consumers?

[Editor's Note: This blog post was first published on September 10, 2008. I am posting it again since several banks have decided to sell consumers' debit card shopping habits, and since consumer tracking has increased greatly during the years. Banks have a sacred trust to their customers -- to serve and protect consumers' sensitive personal information, not sell it all. Guest author William Seebeck has written several posts for this blog. "Bill" and I worked together at Lexis-Nexis headquarters in Dayton, Ohio during the 1980's. Bill sent to me his comment below which he also submitted as a reply to the ZDNet blog post by Tom Formeski about First Data Corporation. Bill's message deserves the widest audience possible, and it includes advice First Data, the big banks, and consumers would be wise to listen to.]

I'm sure that it is true, as Mr. Capellas states, that he knows more about what we (the American public) are likely to do next than we do ourselves.

However, I hope that Mr. Capellas also knows that he and First Data Corporation hold a special trust as the guardians of that information as it represents the most private of American consumer information.

Why does First Data know so much?

In part it is because First Data Corporation, now a private corporation, represents both sides of most electronic transactions. It represents more than 50% of the banks and other financial institutions that issue credit/debit cards and other electronic instruments. It also represents more than 50% of all merchants that accept credit cards at their stores, restaurants on the streets of America's towns and cities and also on the electronic highway that transits our Internet community. First Data also represents more than 50% of all the ATM's that Americans use every day.

This means that First Data Corporation has knowledge of your bank accounts, credit activity, purchasing data, and much, much more.

I think most Americans would agree Mr. Capellas that as a result of the role your company plays in all aspects of financial transactions that you and your company are in a very unique and most singular position. You hold a sacred trust it seems to guard the privacy of such transactions rather than thinking up new ways to monetarily benefit from the use or sale of this most private information.

Those of us who are pioneers in the use of electronic information and e-payment services believe that companies like First Data should be much more transparent. It is bad enough that America's consumers feel held hostage by the credit reporting agencies, it doesn't need another company to exploit them.

Mr. Capellas, most Americans don't know that you have access to their bank accounts, their store accounts, their phone records and their Internet activity. I strongly suggest that you keep what you and your company know about what is in those accounts to yourself. Show the people of America what keeping a sacred trust is all about.

William B. Seebeck
August 8, 2008. © William Seebeck.