Francis Porretto over there at Liberty’s Torch (I read them every day, don’t you?) asks a great question about the security of checks versus the security of credit cards. Since I do stories on information security, I thought it would make a good topic for a post here. Let me start by saying that I ran this by my wife, who actually teaches banking and finance, which was the topic of her Masters degree. She’s way smarter than I am on this topic. Here is our take:
Those numbers that are on the bottom of your check are the routing and account numbers that tell the check processing companies (called the automated clearing house, or ACH) where to go in order to get paid. When a scammer has your bank account and routing numbers, they could set up bill payments for services you’re not using or transfer money out of your bank account. Getting those numbers is easy, because they are printed right there on your check, and most companies store that information on their computers, you know- the same computers that keep having data breaches. Scammers can create fake checks using your numbers and then use those fake checks to pay for purchases — or simply cash them. Know, too, that with technology scammers could digitally scan the check (called a “demand draft”) and deposit the amount into their bank account. Many banks now allow you to deposit a picture of a check. How and why does this happen?
It used to be that physical, paper checks had to be exchanged in order for banks to get paid. Shipping paper checks all over the country was costing them quite a bit of money, so they lobbied the government for a solution. Enter the Check Clearing for the 21st Century Act (Check 21 Act), which became effective on October 28, 2004. The Check 21 Act authorizes a new negotiable instrument called a “substitute check,” which is a reproduction of an original check, is the legal equivalent of an original check. In other words, all someone must do is have those numbers on the bottom of your check, and they now have access to your money. There is no way to password protect your account from this sort of scam, because Check 21 doesn’t mandate that the banks secure you from this sort of scam. Some banks will for PR reasons, but they mostly do not. It’s expensive to monitor fraud, and there is no real financial incentive for banks to do so with this sort of scam.
So a thief gets ahold of your checking and routing numbers, what next? The only defense is closing your bank account and getting another one. That’s a inconvenience, for sure. The bank may or may not be able to reverse the fraudulent transactions, but don’t count on it. Check 21 doesn’t say that they have to. While it doesn’t happen often, when scammers get those numbers, you frequently lose everything, and there is nothing that the bank can do. One charity I found fell victim to this and lost over $10,000.
Credit Card Security
Credit cards have a bit more legal protection. The law here is called the Fair Credit Billing Act, which requires creditors to give consumers 60 days to challenge certain disputed charges over $50 such as wrong amounts, inaccurate statements, undelivered or unacceptable goods, and transactions by unauthorized users. Also, the Act limits liability of consumers for transactions by unauthorized users to $50. Since this law forces banks to absorb losses for fraudulent charges over $50, banks have a financial incentive to monitor for fraud, and they do. In fact, if you report fraud, most banks don’t even worry about the $50.
Note that this law only applies to credit cards, not debit cards. Debit cards are treated the same as checks from the perspective of the law. I don’t EVER use my debit cards to pay for anything. I use them at bank owned ATMs only, and I keep my debit cards locked in the safe most of the time.
I myself have had my credit card numbers compromised on a few occasions. The last time was over two years ago, when someone was using my Barclay’s card to make unauthorized charges. The bank was telling me that the charges were legit because IMO, they didn’t want to eat the cost. The $845 that was stolen from me wasn’t worth the cost to hire a lawyer, but luckily the bank finally saw it my way and reversed the charges. I no longer use that card because Barclays was too difficult to deal with in the matter. I shouldn’t have to fight that hard to get a bank to follow the law.
Still, it was easier to switch credit cards than it would be to get a new checking account.
All forms of payment are vulnerable to electronic fraud, even though it’s relatively rare. You have more legal protections, and banks have a more robust fraud detection plan, when you use credit cards than when you use checks. Whenever possible, use credit cards to do business online. In fact, I have a couple of cashback cards that give me great benefits. One that I have gives me 5% cashback on all Amazon purchases, and another gives me 2% cashback on all purchases. I pay for everything with them, and pay them off at the end of each month. Stay disciplined and don’t spend more in a month than you can pay, and it’s a great way to give yourself a 2% raise and keep your money secure.