Tag Archives: debit card

Nothing New Under the Sun: The Walmart Cashback Hoax Lives

There are some hoaxes that just keep. Coming. BACK.

They’re like slasher-movie villains. “Oh, so you strapped him to a small nuclear warhead, which you then detonated inside a warehouse full of knives and lava? Well, here he is again…bigger and stronger than ever! Sequel number six, comin’ atcha!”

The “Bill Gates is giving money away to strangers” hoax recently went full Jason Voorhees, and according to my site traffic another slice of antique Internet alarmist lore has begun to resurface: the idea that Walmart cashiers all over the country are requesting $20 or $40 cash back on card transactions without telling the customer, and pocketing the money.

This so-called “scam warning” dates back to 2004, and made resurgences in 2009 and 2013. A quick online search shows that it’s making the rounds again in 2017. If you think of them as sequels, it makes this year’s version Walmart Cashback Scam Hoax IV: The Final Chapter, I guess.

(Only it’s never really the final chapter, is it? Watch for Walmart Cashback Scam Hoax V: A New Beginning in 2021 or so. By 2030 we’ll be on Bill Gates’ Free Money Vs. Walmart Cashback Hoax. And then a reboot after that…)

Here’s the whole problem with the warning: there is only one person who can request cash back during a transaction at Walmart, and it’s the customer, by pressing the correct button on the card swipe terminal. There is no secret “cash back” button on the register itself.

From Snopes.com:

We investigated a number of different WalMart stores in different areas…[i]n not one single case did we find a store with a checkout system that allowed cashiers to initiate cash back transactions on customers’ cards on their own, without any involvement, knowledge, or approval on the customer’s part. There was simply no way for a cashier working at any of these businesses to surreptitiously place a cash back charge on a customer’s card and furtively pocket the money, all without the customer’s requesting or knowing about it.

So why are so many people convinced they’ve been defrauded by greasy cashiers? Snopes again:

In every case of customers’ complaining about getting cash back from credit/debit card purchases without having requested it that we were able to track down, the cause turned out to be that those customers didn’t pay close enough attention to the prompts on the card processing keypads or simply pressed the wrong keys by mistake.

Nobody likes to admit they made a mistake, do they? “There’s no way I pressed a button I didn’t intend to. I’m perfect. It was that mean ol’ cashier.”

Also, the typical Walmart cashier has more cameras pointed at them than a blackjack table at a casino. It would be an impressive feat of close-up magic indeed to be able to pull off this alleged scheme, even by reaching over and pressing the buttons on the swipe terminal for the customer. And if a cashier was doing that over and over, you can bet somebody would notice.

Furthermore, it fails the most basic test of all: the cashiers actually handed the correct cash back amount to the customer. From Snopes (last one, I promise):

[I]n nearly every one of those cases it was verifiable that the complaining customers had in fact been handed the appropriate amount of cash back by their cashiers (even though they insisted they hadn’t requested it).

Now, I’ll admit I haven’t seen everything this world has to offer, but I have yet to come across a scam where the basic mechanic is, “I’m going to let you keep the money that’s already yours, and then I get nothing.” Most real scams have a profit motive.

Further furthermore, many of the stories claim the customer was using a credit card. They specifically mention it because the overage would “count as a cash advance.” The problem is, as far as I know, you can only request cash back with a debit card during a retail purchase. Whatever those self-proclaimed victims thought was happening, it wasn’t that. Which may explain why this thing has gone (and continues to go) so viral: people see the warning, then something unusual happens during a purchase (an item rang up incorrectly, the cashier didn’t know the PLU for parsnips offhand, their debit card gets denied for insufficient funds) and they try to retro-fit their experience onto the thing they read earlier. “Yeah, that happened to me, too!”

Here’s one more clue that you’re looking at a hoax: the warning is often accompanied by the same image of a receipt from 2013, but it always happened “recently” to “someone I know.” All the receipt proves is that someone selected $40 as their cash back amount when prompted by the card terminal one day four years ago. There is nothing about it that proves a crime was committed.

Here’s the original article, of which I have pasted whole chunks into this article: http://www.snopes.com/fraud/atm/cashback.asp

Of data breaches and phishing

Pretty much everyone who pays attention to anything is aware that an awful lot* of credit and debit card information was stolen from Target stores by hackers. That card data almost immediately showed up for sale on Internet forums used by cybercriminals.

It is the biggest data breach story to date. A lot of people shop at Target, and even more people shop at Target between Thanksgiving and Christmas.

But, as with everything else, it can’t just stop there. Other scammers have to get their fingers in the pie, too; phishing attacks have begun to surface that mention the Target breach. These messages claim to offer protection from fraud, or ways to see if your card data was one of the compromised few.* And like every other phishing attack, they’re just trying to harvest your account information.

Even if you shopped at Target between November 27 and December 15, 2013; even if you’re really worried; even if you’ve already experienced fraudulent charges…a phishing attack is still a phishing attack. Never trust anyone who contacts you out of the blue and asks for personal or account information, whether by phone, email, text message, telegraph, smoke signal or semaphore.

As for what to do about the actual breach (now that you’re immune to the phishing attacks)? Keep tabs on your credit and debit cards. Get online access to your accounts if you don’t already have it (and use a good, strong password). If your card issuer offers email or text alerts for card activity, sign up for them. If you see something suspicious, report it to the card issuer immediately. Above all, don’t let your guard down when you get emails or text messages the refer to the data breach. Falling for a phishing attack can only make things worse.

*110 million or so.