How Can I Protect Myself from CIBC Debit Fraud Through Online Purchases, Mail Order or Phone Purchases?

We have an old chequing account at CIBC which is useful for shifting money into and out of our CIBC Investor’s Edge brokerage accounts. For years, I had a simple “Convenience Card” which I could use at the CIBC bank machines to make deposits and withdrawals. A year or so ago, though, a replacement bank card came in the mail. It’s called an Advantage Debit Card and is branded with both the VISA and the Interac logos.

Why I Disabled the Interac Flash Payment Option on This CIBC Advantage Debit Card

When I first received the card, I saw it had the Interac Flash logo. That bothered me because I never make debit purchases from this bank account. I’m not quite sure whether the Flash and Tap cards are easier for fraudsters to get data from although I’ve read stray comments that suggest they may be somewhat vulnerable.

Given that I never intend to use this option, I asked the service representative at my CIBC branch to “turn off” the Tap option used for Interac Flash. According to the flyer that came with the card, you can also phone the main CIBC number and ask to have the Flash or Tap feature disabled.

So that seemed good and I tucked the card away to use at the bank machine.

Why You Should Read Those Letters That They Mail With Your Bank Card

Imagine my surprise when almost a year later, desperate for something to read within reach of the telephone while waiting on hold because my call “is important” I browsed through the cover letter that I got with my CIBC Advantage Debit Card.

The letter states
“Your CIBC Advantage Debit Card details (for example, card number and expiry date” may be used to make debit purchases online, by phone or by mail order without a PIN or the card being present.” “….you could be liable for losses.”

Say what?!

Don’t they need a PIN or at least the security number off of the back of the card to use it to make a debit purchase?

Nope.

What I Did to Protect Myself from Fraudulent Theft Using My CIBC Debit Card

I phoned in to CIBC to ask them how I could prevent purchases made
“online, by phone or by mail order” without a PIN or the card being present.

Unfortunately, they couldn’t simply turn off those three types of sales.

What they could do was block the use of the card for any and all purchases. In other words, remove the ability to use the card for debit of any kind other than a bank withdrawal from the bank machine or from the teller.

They did this by setting the limit for purchases to $0.00.

Because I will not be using this card as a debit card, I was happy to accept this solution.

What I’d Like CIBC and the Other Banks to Consider

That said, I’d like CIBC and all banks to consider just how weak the security is around this type of card. Given how they have invested heavily in a Chip and PIN technology, it seems bizarre to go back to having anyone who physically steals the card being able to make purchases using it. In fact, anyone who can “borrow” a card long enough to scribble down a few numbers could use it illegally. I know we are supposed to guard our cards endlessly, but I suspect many wallets get left unattended for a few minutes at a time, particularly in large secured offices.

In the meantime, if you have one of these cards and you don’t intend to use it for any debit purchases, consider turning it off. It’s one less thing to have to be paranoid about.


Related Reading

Join In
Do you have more than one debit card? Have you got Tap, Flash and online debit enabled on all of them? What steps do you take to keep your money safe? Please share your experiences with a comment.

New CRA Scam: an Email Called Pending Tax Refund

There have been several CRA scams recently many of which have caused people to lose money and live in fear. The most recent one I encountered came as an email into my regular Bell email Inbox. The “sender” was listed as the Canada Revenue Agency and the “subject” was listed as “$288.54 Pending Tax Refund.” Of course I recognized it was a scam right away–because I haven’t even filed my taxes yet!

What Did the Text of the Fraudulent Email I Received Claiming to be from the CRA Say?

(Note: I cut the text from the email and posted it into Notepad, then copied it from Notepad into this note to exclude any links.)

Тах Rеfund Νоtіfісаtіоn
Dеаг Ѕіг/Μаdаm,

Аftег thе lаѕt аnnuаl саlсulаtіοnѕ οf уοuг fіѕсаl асtіνіtу, wе hаνе dеtегmіnеd thаt уοuг аге еlіgіblе tο гесеіνе а tаx геfund οf СΑD 288.54 , Рlеаѕе ѕubmіt thе tаx геfund геquеѕt аnd аllοw 6-9 dауѕ іn οгdег tο ρгοсеѕѕ іt.
Fіlіng dеаdlіnе: Аρгіl 5, 2017

Рlеаѕе fіlе уοuг іnсοmе tаx аnd bеnеfіt геtuгn οn tіmе tο mаκе ѕuге thеге аге nο іntеггuρtіοnѕ tο уοuг Саnаdа сhіld bеnеfіt, GЅТ/ΗЅТ сгеdіt, аnd сhіld dіѕаbіlіtу bеnеfіt ρауmеnt.

[Big Red Button titled: Claim Tax Refund]

Rеgагdѕ,
2017 Саnаdа Rеνеnuе Αgеnсу (СRΑ)
Rеfund Dеρагtеmеntѕ.

How Do I Know This CRA Refund Email Is a Scam?

  • The CRA does not send you email directly. It sends you a note telling you to sign in to your CRA account and read their email there.
  • I did not file my income tax return yet.
  • I will not be getting a refund.
  • The CRA does not need you to do anything to claim your refund. They just mail you a cheque via Canada Post or make a direct deposit into your bank account. If they can’t find you, they are happy to keep your money forever.

What Should You Do If You Get This Scam Email NOT from the CRA?

If you get this note or a similar fraudulent email,

  • do NOT click on any links!
  • report it to your internet service provider
  • delete the note after reporting it and empty your Trash bin

You may wish to run a scan on your computer for viruses as well.

Please be careful. There seems to be a new CRA scam invented every week or two!


Related Reading

Have you received this email, too? Or did you get one of the so-called phone calls from the CRA asking you to pay your back taxes by mailing them iTunes cards? Please share your fraud story with a comment.