It seems you goofed, the PIN can be read

In one of my travels abroad I remember spending some time in a very comfortable Lufthansa Business Class lounge at the Frankfurt Airport waiting for an early morning connecting flight to Italy to attend an international launch of a new model of a very popular tire brand for my Motoring Today TV show. Having more than an hour to kill I decided to browse through some of the magazines available in the well-appointed lounge. Although I cannot remember the publication I picked at random, I recall it was a magazine on travel and leisure. And there was one article in the magazine that immediately caught my attention. Its headline was, "Careful with your plastic money." Of course it was referring to credit cards.

It was really a very apt article on a travel magazine as it warned travelers to be careful in handling their credit cards. The article said that there were already many reported cases about people traveling abroad getting the surprise of their lives upon coming back home finding out that many purchases have been made through their credit cards, which they have no knowledge about and even made in places where they have never been – all victims of credit card fraud.

The article also described how one could fall victim to such fraud while simply having a meal in a restaurant. How, upon paying for your meal using your credit card, an accomplice (maybe the waiter or the cashier), would simply hand your credit card to a waiting hacker, who’s in the restaurant too, probably disguised as a patron sitting in one of the tables. The hacker would have a decoding machine on hand to suck out all the info (name, account number, pin etc.) from the black strip of your credit card before having it returned to you. With all the needed info, the hacker would now clone your card and would merrily go shopping, charging everything to the unsuspecting card owner. Those who have traveled abroad would attest that cashiers rarely compare the card's signature to the invoice, thus making the scam so much easier to pull.

I’m citing this article, which I had the chance to read some two to three years ago yet, to dispute what the BPI wrote to one of their depositors who lost more than P80,000 in their ATM system, a victim of a scam which appears to have been already known for quite a while now to the banking circles, including BPI, known as the Lebanese Loop. This is a banking system fraud where an ATM user’s card would be made to disappear or swallowed by the machine and when the victim leaves, the fraudsters get hold of the card, skim the data from it and dry up the account.

If I may refresh the memory of our readers, the said depositor, who’s even supposed to enjoy a BPI Preferred Banker status, being a longtime client and having some modest placements in the bank, lost this huge amount of money due to this ATM scam. The depositor feels that the incident is mainly due to a security breach in the BPI ATM system and also partly due to the lack of effective information dissemination on the part of BPI to warn its depositors about the perils of using their ATM system.

However, to the dismay of the depositor, when the incident was reported to the BPI, a letter was sent in response citing a lot of technical mumbo jumbo saying that the BPI ATM PIN cannot be compromised and that nobody can read your PIN using a card reader. To the victim and to the many who read the BPI letter, it was tantamount to saying that the BPI doubted the report of the victim in its entirety. They now ask the question, "Is the BPI running away from its responsibility and now turning the depositor from being a victim to a suspect?"

As I have mentioned before also in this column, being a long time depositor of the BPI, I would not like to think so. I still believe that BPI is a bank of integrity. However, with this incident, I am personally beginning to doubt the effectiveness and sincerity of its customer services. I still hope though that I would be proven wrong.

Now, add to the above article, which I read a good two to three years ago, and to further my doubts about BPI’s claim that their ATM PIN are unreadable here are some cyberspace inputs from the Retail Council of Canada (HYPERLINK "http://www. retailcouncil.org/rpn/loop.asp" http://www.retailcouncil. org/rpn/loop.asp), which also warns of ATM card frauds. It describes the variety of forms that The Loop ATM Card Fraud has taken and to quote, "The new loop devices skim data and collect the PIN number when the ATM card is inserted."

The guys from BPI’s Card Banking Division, who wrote the victim claiming the BPI PIN cannot be read better do their homework before writing letters doubting BPI depositors who fall victims to the loop scam and hurting the feelings of your longtime clients. It appears that modern technology as cited by the Canadians has worked for the bad guys. Or maybe this is already worldwide and you just did not know it. I would rather think that the BPI did not know of this new development than entertain the idea that it would rather not admit that they knew about it and just cast the doubt on the victims to skirt responsibility. No, it cannot be naman. We'll see.

The BPI ATM Loop Card Fraud saga continues.

Mabuhay! Be proud to be a Filipino.

For comments: (e-mail) HYPERLINK "mail to:[email protected]" [email protected]