Is the debit card really scary? ? I asked people directly who were victims of unauthorized use.

It's been a while since I last wrote a blog post, Morita !

The world is experiencing an unprecedented sauna boom . The drama "Sauna Road 2021" aired its final episode, but this trend is likely to continue expanding. I think we might even see a drama focusing on sauna therapists (those who use towels to blow hot air into saunas)

Just as I was thinking about writing a blog about saunas, I learned that a friend of mine the victim of a crime . Thinking that this was a serious matter for those of us who work in information security, I enlisted my friend's help and conducted an interview.

To raise awareness, I will state the conclusion first:

・Check the debit card function of your cash card and suspend it if it is not needed

Please implement this!

That's all I have to say, but if you'd like, please read on

Debit card fraud?

---- in order to "prevent any more victims like yourself ." What should I call you during the interview?

??? ?　 Just keep it Shibahara Shibahara's website )

----Really?! I was thinking it might be more realistic if you hid the names or something..

Shibahara (hereafter S) : Then do as you like.

----Now, let's talk about Mr. S! I was surprised when I saw your Facebook timeline, but what kind of damage did you actually suffer?

I was caught up in S　 debit card Unknown withdrawals were made from my bank account several times ...

----Wow, that's scary

S: I received three consecutive emails from a certain online bank in the middle of the night on Friday, September 13th. Since it was the middle of the night and I was asleep, I didn't notice them at the time.

The next morning, I received a call from an unknown number. It turned out to be from a certain online bank. I discovered that my debit card information had been used fraudulently

According to the operator on the phone, had been used to charge a certain electronic money account somewhere .

As a result, was suspended and could not be used to prevent the damage from spreading

--So that means you can no longer withdraw money?

S: That's right. I didn't even have a bankbook. Fortunately, it wasn't my main account and the damage wasn't huge, so it didn't affect my life.

this was my main account and the entire amount was lost.

----How did a certain online bank respond to this?

a certain online bank, this is all they can do for now. They said they can't do anything until they receive the payment confirmation data from a certain electronic money company. I called the certain electronic money company, but they said they couldn't do anything until they received a request from the certain online bank, so I was stuck in the middle

Five days later, the final data arrived at a certain online bank, and they said they would send me a form to request an investigation into fraudulent use. They said that if I submitted it with a description of the damage, they would conduct an investigation. Five more days later, the form finally arrived. At this point, it had been 10 days since the damage occurred.

I also reported it to the nearest police station. To my surprise, I heard that there had been other reports of similar incidents on the same day . I had no idea was such a common crime

----What happened after that?

S : The procedure has now ended, and the investigation is still ongoing (the interview was conducted on September 24th). I wonder how long it will take. They say the damage will not spread, but I worry every day.

I didn't eat much lunch today either, and only managed to eat 300 grams of steak

----(Well, that's enough.)

S: too scared to get my debit card reissued .

Can even those who are knowledgeable about computer security be victims?

----You over 30 years of programming experience work extensively with computers , so you must be knowledgeable about security . You're also very cautious person in general .

S : Yes, because of the nature of my job I pay a lot of attention to security. When using online services I always make sure to use available security measures two-step authentication and multi-factor authentication make sure all my passwords are unique and different

----So even people who are knowledgeable about this can still become victims

S: I hate to say it myself, but I'm very cautious, so I've never shown this debit card to anyone and have only taken it outside once , to deposit money into a convenience store ATM.

Of course , I had 3D Secure

--What does the actual method look like?

S: I'm not sure. I heard from an operator at a certain online bank that if you have your debit card number, name, and expiration date, you can pass the authentication. However, as I said earlier, I've never shown it to anyone, and I've only taken it out once to deposit money at a convenience store ATM. If it had been skimmed there, it would have become a bigger problem in the neighborhood, and it would probably come up when I go to the police.

However, thinking about it again, it is strange that there were similar complaints on the same day

I also consulted with a colleague who is knowledgeable about security, but since there are multiple keys required for authentication, a random attack would be nearly impossible, so I can't think of a way to do it

If there had been any leak of internal information, it would have been a hot topic

--Have you taken this opportunity to gather information about debit card fraud?

Twitter and the internet. It seems that there are cases where young people who cannot use credit cards are using debit cards. Some of these people are falling victim to high-value fraud.

Unlike credit cards, debit cards are directly linked to bank accounts, making them vulnerable to theft . This is why it can have an immediate impact on your life, which is scary. Even if you have a balance remaining, your cash card will be frozen, making it impossible to withdraw funds.

With credit cards, the payment period is long, and if the use is deemed fraudulent, the payment will not be deducted at all

I think this difference is big

--Are there any self-defense measures?

In fact, many people may not even realize that cash cards have debit card functionality . These days, it's common for cash cards to have this functionality when you open an account. Everyone should check it out. If you don't need it, we recommend you disable the debit card functionality immediately.

This incident also made me think about security once again. It's sad, but I have to assume that there are malicious people out there. I will continue to take the security measures I have already implemented, but I will also be even more careful not to own unnecessary cards or accounts

Maybe that's all we can do

----Indeed, not owning unnecessary things is the best self-defense measure. I will also try to organize unnecessary cards and accounts. Thank you for today!!

summary

There are various types of fraudulent use, but the most frightening of all is when money is withdrawn directly from a bank account

again,

・Check the debit card function of your cash card and suspend it if it is not needed

I hope everyone will implement this

From next time onwards, I'll be writing a blog about saunas!!