Skip to content

In Canada, you are innocent until you’re proven guilty.  It would appear that our banking system has forgotten this simple fact.

Lyndsay Passmore (http://www.theprovince.com/Woman+issues+warning+after+thieves+ring+thousands+credit+cards+bank+says/11333047/story.html)  had 4 credit cards stolen.  When she noticed them missing, she contacted the appropriate banks.  In the interim between the cards being taken and her reporting them stolen, the thieves had taken approximately $15,000 in cash advances and charges.  Her bank, while absorbing some of the charges, tried to put Ms. Passmore on the hook for $4000, citing the fact that her Personal Identification Number (PIN) was inputted correctly the first time (which it seems meant to the bank that the person(s) who took her cards knew her PIN).  Ms. Passmore’s example raises so many interesting points, but also so many questions:

Her 4 cards were stolen – did she have 4 separate PINs?  How often was she changing her PINs?  As a long term customer, did she have an advisor at her bank who could coach her on how to keep her accounts safe?  How did her cards go missing?  It seems her purse wasn’t stolen, so was the thief a person who knows her and knew where to find her cards?  Did her driver’s licence, care card, and other important cards go missing?  Did she open up a file with the local police to report her cards stolen?  Has she notified the credit bureau to put an alert on her accounts in case the thief tries to apply for more credit?  How long was the time between when her cards went missing and she noticed they were missing (this is also not clear from the article – was her cards missing for hours, days, weeks?)?  Is there any way to know that information? 

I’ve been advocating for years against using PINs as the sole identifier for debit and credit cards.  The use of PINs, as opposed to signatures or presenting identification, puts the onus on the customer, because the suggestion is that someone must have known your PIN to hack into your card (and by default, the customer must have supplied the PIN).  The bank’s logic behind the PIN is not only to prevent outside theft, but also to prevent localized fraud, which happens in surprisingly high rates (especially couple fraud, where a person steals their partner’s card – or sometimes where both partners are in on it).  The idea is to force the consumer to protect their PIN and not share that information with anyone, including spouses, children, other family members, or friends.  The conflict emerges when innocent consumers, who haven’t shared their PIN with anyone, become victims – through technological means (infrared technology, double swiping methods, PIN readers, etc.) or physical theft/loss. 

It would appear, then, that the bank’s attitude is that the consumer is guilty until they are proven innocent.  The assumption is that you’ve supplied your PIN to someone else, or that you’ve created a PIN that is too simple or easy to guess – both of which are explicit ‘No Nos’ in many debit or credit card agreements.  The shift from signing for our purchases and possibly showing our identification to entering  a PIN number into a pinpad and being gone in a flash – or worse – using ‘tap technology’ to avoid even inputting our PINs – is creating a flourishing environment for bank fraud.  Literally, without even trying that hard, a thief could find a debit card on the ground and use the ‘tap technology’ to buy themselves a full tank of gas, lunch, clothing – whatever they want (within a dollar limit).  And ultimately, who pays the price?  If you’re looking in a mirror, you’re looking at the right person.  You, the consumer pay the price of bank fraud.      

I am on the side of the consumer.  The consumer should not be on the hook because the bank is tired of paying for fraudulent charges.  The solutions are simple – increase penalties for people who are committing bank fraud and identity theft, or put procedures in place to prevent it, such as mandatory signatures and identification checks (or better yet, both solutions!).  Perhaps bank machines should have a secondary verification process in place to affirm your identification, separate from your PIN.

Since I believe that informing and protecting yourself is essential, here are a few tips to prevent bank fraud from happening to you:

  1. Don’t tell anyone your PIN and choose a unique code.  These are a ‘no brainer,’ but I would like to reiterate this.  No one should know your PIN, not even your partner or children.  In this day and age, where anniversaries and birthdates are shared on social media, creating a unique PIN can be challenging.  Choosing something from your past, especially childhood, is a great strategy.
  2. Have different PINs for each card.  Keeping a different PIN for each card seems irritating, but it’s worth it.  Rotating through your PINs can help (or maybe hurt) your efforts, depending on your perspective.  This way, if your cards are stolen, the thief may only have access to one card (if they know your PIN). 
  3. Change your PIN regularly (every 3-4 months).
  4.  Keep cards separate.  Chances are, you don’t need all of your credit and debit cards in your wallet!  Only take what you need for the day, and leave the rest at home in a safe spot.
  5. Use cash.  Leaving your cards at home forces you to only spend what you have on hand (no unplanned purchasing) and ensures that no one is privy to over the shoulder PIN stealing.
  6. If you are a victim of fraud, ensure that you do the following: Contact your bank(s) immediately; change your online banking passwords from a virus-safe computer; contact the two major Canadian credit bureaus (TransUnion and Equifax) to have them put a notation and an alert on your file; contact your local police department to place a report of your stolen items (**this is important in case your situation turns into identity theft or your fraud case worsens); monitor your credit bureau every few months to ensure that there’s no suspicious activity. 

Maura Drew-Lytle, a spokesperson for the Canadian Bankers Association, claims that stealing a PIN through thermal imaging “[…] would be a lot of work for [the thieves].”  Considering that stealing is their ‘job,’ I would argue that the payoff would be worth the work for thieves – and in this case, the payoff from theft was $15,000, so business seems good.  There’s something just as devastating about this case, and it’s not just the financial loss.  Ms. Passmore  laments that she’s frightened to use her cards in the future and she isn’t sure how to protect herself from future fraud; unfortunately, the answer is simple – pay in cash, keep your receipts, and leave the cards at home.  Until banks are ready to reclaim their stake in the fraud debate, protecting yourself from the bank is really your only option.  

Back To Top