It does not matter how cute it is, or how relieved you are to finally find it after having lost it, or how mad you are at those hacks over at your bank for misspelling your name. It cannot be stressed enough that it is always a terrible, terrible idea to post pictures of your credit or debit card on the Internet.

We figured this went without saying until we noticed the slew of reports published online this morning regarding a Twitter account, @NeedADebitCard, that aggregates tweets in which users candidly posted pictures of their credit and debit cards. Thankfully, at least for these Twitter users who unwittingly exposed themselves to serious risk of credit card fraud (if you can even call it that), many of the Twitpics and Instagrams that once revealed credit and debit card information have since been removed, perhaps resulting from this morning’s publicity.

The silver lining here appears to be at least a small handful of individuals learned their lesson, but the fact that such a Twitter account can even exist begets another, larger problem altogether. If this is going on somewhat regularly on Twitter, imagine how often this sort of thing occurs on Twitter’s exponentially more populous counterpart, Facebook.

Categories: Social Engineering

Comments (9)

  1. Anonymous
    2

    In my town, during the breaks between periods of the college hockey games, there is a “game” that is sponsored by a regional bank.

    This “game” is to hold up your debit card (their brand) and wave it around.  Whoever is last shown on the big screen gets a prize of some sort.

    I sometimes take pictures of my neighbors cards.  :)

    I can usually get clear pictures of 1 or 2 front and back by the time the “game” ends.  Especially if I have an older couple seated in front of me – they tend to wave slower and not stand up to do this (making the picture easy to take).

    I always thought it was funny that a bank encouraged this.

  2. jmartin
    3

    Picture or no picture, there is no way for me to “expose {myself} to serious risk of credit card fraud”. Most cardholder agreements do not require the cardholder to pay fraudulent charges. This risk is held by the bank that issues the credit cards.

     

  3. Jeffrey Deutsch
    4

    If consideration for others’ money and your own time and convenience doesn’t induce you to care about your account security, if you’ve got a business account maybe this will:

    Zero Liability is a consumer (and very small business) concept only. That means if you’re a decent-sized business and your account gets drained through identity theft, hacked or otherwise stolen from – it’s your problem. (Unless – unlike most business folks – you already have fraud insurance with specific coverage for cybercrime and fraudulent bank transfers. And if you do, your insurers will have something to say about your security practices.)

    Check out the New York Times’ recent article: “Owners May Not Be Covered When Hackers Wipe Out A Business Bank Account” – Even if you’re “just an employee,” good luck with your career after you’ve just cost the owner tens or hundreds of thousands of dollars (and maybe even destroyed the business) through your recklessness.

    Jeff Deutsch

  4. Jeffrey Deutsch
    5

    Hello Brian,

    Thank you; I already saw that story (in which an appeals court found a bank’s security measures to be commercially unreasonable). I interpreted it as establishing minimum security standards for the banks, and if they met them they would still be free to force customers to bear their own fraud losses. Certainly, bank security measures seem irrelevant when customers post pictures of their cards.

    Indeed, I’d like to clarify my earlier comment. Credit/debit cards issued to very small businesses may still enjoy Zero Liability courtesy of the card networks – which want more people, including businesses, to use their cards.

    However, I do not know if even those businesses would also enjoy Zero Liability if hackers invaded their bank accounts directly – not involving their cards. Under those circumstances, any and all businesses could still be on their own. 

    As an entrepreneur with a business account, I’m concerned – and wish more would join me.

    Cheers!

    Jeff Deutsch 

  5. Brian
    6

    There is no reason to take a picture of your credit or debit card, let alone post it on the Internet.

     

  6. Anonymous
    7

    While it is true that banks do hold the liability, it can still be a huge hassle for all parties involved. 

    As a person who works in the credit card industry, I feel it helps underline the risk you heap on all parties involved. 

    Banks favor their customers, and what normally happens to the business that the fraudster uses the card at is they get fined, even though there’s no easy way to specifically prevent some types of fraud. 

    So, long story short, the customer doesn’t have to pay, but other people’s businesses end up suffering. 

  7. Anonymous
    8

    I don’t know that I would be that confident about that.  At some point, banks will bite back and say, “look, we may cover it, but we’re not covering total idiots who invite this sort of thing.”

  8. Brian Donohue
    9

    The New York Times piece is an excellent read. However, we published this story last week in which an appeals court seemed to decide exactly the opposite. Definitely worth a read.

Comments are closed.