Right on schedule last week my debit card fell apart. The chip fell out of it. The same thing happened two years back and two years before that, IIRC. It's a design flaw, it's bound to happen eventually when a rigid chip is embedded in a flexible card. I've discussed the matter with my account managers a few times and all that they ever recommend is that I try avoid bending the card. That's difficult when it resides in a wallet which stays as much as possible in the back pocket of my trews - it's inevitable that it'll be flexed twixt butt and seat when I sit down anywhere. The irony is that I have a Flex Account...
Anyway, I'd phoned for a replacement card last week and it arrived this morning. I did all the right things - I signed the reverse side of the new card, I destroyed the old card, I broke the old chip, I updated all of my online accounts. It was only when I came to tear up the three-section folded accompanying letter that I noticed something odd... something worrying...
- The upper section which had been between the card and the envelope bore a "carbon-copy" of the front of my card - the embossed characters had pressed the paper against the blue-printed inside of the envelope and the result was a clear-as-day blue-on-white "brass-rubbing" image of my card details.
- The middle section had been pressed directly against the card-front and so the card's embossed details were indented into the paper. Again, apart from being reversed, the details were clearly legible.
- The best bit was the lower section where the back of the card had been - the indents of the three-digit security code (and the last four digits of the long card number) are light indents filled with black pigment, and that pigment clearly wasn't dry when the letter and card were married together - there on the paper was a reversed yet clear black-on-white contact-print of my security code.
In short, all of the details needed to go shopping on the phone were there for anybody to read. Indeed, along with my name and address as printed on the letter, and a quick online search to find my D.O.B., there are sufficient details there to get through the phone-banking security checks and do some serious account-hacking.
Now I know that we're advised to take care when disposing of sensitive documents but when compiled properly these accompanying letters should bear no account details apart from the recipient's name and address, and the address of the issuing bank or building society, so the letters should be perfectly safe. Based on that assumption, some folk might just scrunch up their letters and dispose of them. And if they haven't noticed that the traces of their card details are there for others to see, and if that letter goes whole into the paper-recycling bin, and if some cheap-labour eco-migrant paper-sorter finds it down at the recycling centre, then it's phone-shopping party-time for somebody and financial hell for the card-holder.
I've told the phone-banking peeps about it and I've been into branch to show them the letter, they've never seen such a situation before and they're quite concerned about the security implications. They say that they''ll "take measures..." I should point out that this isn't the fault of the bank or building society, it's a problem at the agency that they contract to make and package the debit cards.
So please be advised: next time you get a new card, be careful about how you dispose of the leftovers. We give eco-migrants far too much already without giving them free and easy access to our personal savings.
That's a tad alarming. It'd be more alarming from a personal point of view if there was ever any actual money in my account, but nonetheless...
😯