I apologize, AC, if my use of the word "loophole" offended you. The editors are free to substitute it with another.
Nothing in the Forbes article, my submission or my reply to you is suggesting that people shouldn't use clever, tax-saving strategies.
What makes this story interesting are a) that clever, tax-saving strategies were patent-able and b) as of a few days ago, they no longer are.
OK, how about a "tax hack:" Using the tax code in a way it was never intended to be used.
For example, the article describes a patented process by which you avoid the gift tax by funding "grantor retained annuity trusts or GRATs with nonqualified stock options."
In the US, most debit cards double as credit cards. The HSBC cards in question are no exception.
All a mail thief needs to do is sign for the transaction or enter the card online to use it. No PIN required.
They are NOT sending out the card with the PIN printed on them so nobody can use them fraudulently anyway.
Once again, these are debit cards with a MasterCard logo on it. A mail thief can use them as credit card anywhere MasterCard is accepted. No PIN required.
I do expect they send the pre-activated pin on a different shipment, on a different day. (The usual is about a week apart). TFA doesn't give any information on this crucial point.
Actually TFA does:
Sign up for an HSBC checking account online, put money in the account and days later, an activated MasterCard debit/ATM card appears in your mailbox. A few days after that, the PIN number arrives in a separate envelope.
But that's missing the point. These are MasterCard-branded debit cards. You don't need a PIN to use them. Just take the new card out of the envelope and start charging anywhere MasterCard is accepted up to the amount of money available in the checking account.
I think that pre-activated credit card are much worse...
The pre-activated debit cards have all the red flags you cite. However, in this case, the fraudulent transactions come directly out of the victim's account. On a credit card, the victim simply disputes the transaction without actually paying for it.
In the case of HSBC Direct, you can request an ATM-only card. It doesn't have a MasterCard logo and cannot be used as a credit card. A PIN is required to get cash.
As it happens, just recently my debit card was used fraudulently online, and pretty much emptied the account to the tune of ~$4,500. The bank phoned me up...refunded (immediately, as in, the money was there when I logged in while talking to the agent on the phone) all the cash, and asked me if there was anything else they could do. The new card arrived two days later by courier...
That's good to hear that HSBC took care of you so well in this extreme case of debit card fraud.
Last year, I had $500 stolen via an HSBC card linked to my Bank of America account. It took BofA three weeks to return my money.
...they ordered me a new (unactivated, for the record) debit card...
Did you attempt to use the card before calling to activate it?
Both HSBC divisions I tested had the sticker claiming activation was required. The sticker was a lie.
This is a bunch of bunk. If your debit card is issued through Visa, you have the exact same protections as with a Visa credit card.
Yes, AC, using a debit card as a MasterCard/Visa card does offer the same fraud protection as a standard credit card. The difference, as the OP explains, is you are on the hook initially for fraudulent transactions. They instantly flow out of your checking account.
When the bank gets around to agreeing with you that the charges are fraudulent, they will return the cash. This will be weeks later. You're bills may be due much sooner.
Yes, you do get your money back eventually. According to one of my sources, the banks are obligated to replace the funds in two weeks.
In practice, it may take longer.
I was hit by a card skimmer last year. It took over three weeks for Bank of America to replace the $500 stolen from my account. (I never got the $3 foreign ATM fee back, FWIW.)
As LostCluster points out, having an empty checking account when you're not expecting it can put you in a tight spot with your landlord/mortgage holder, etc.
Details please, AC.
HSBC is a big, international company with many divisions. I'm not making this claim about all of them. Just the two I personally tested.
Also, how do you know the card you received wasn't preactivated? All of the cards in question had the standard "You must activate" sticker on it. The sticker was a lie.
Actually, we're talking about MasterCard branded "check cards." No PIN required. Just swipe or enter online anywhere MasterCard is accepted.
You're right, though, it's not exactly a credit card. It's worse.
As a debit card the money comes directly out of the linked checking account. If it were a credit card the victim would simply dispute the charges and never pay for them.
Easier to authenticate anonymously and cause mischief? More people using the network because it's now free, therefore more targets for break-in?
Really, I'm racking my brain here trying to figure out the increased security risk.
I'm not sure how pay vs. free changes this. They've always had an unsecured Wi-Fi network. You can sniff packets whether you're authenticated or not.
Please enlighten us.
Heavier than air flying machines are impossible. -- Lord Kelvin, President, Royal Society, c. 1895
