Thieves are targeting California’s refund cards. Here’s what to watch out for

A hand inserts a debit card into an ATM in Pittsburgh.
Be careful when using prepaid debit cards — scammers have found ways to capture card information and drain accounts.
(Gene J. Puskar / Associated Press)

To ease the pain caused by high gasoline prices, the state of California has been sending a Middle Class Tax Refund of $200 to $1,050 to eligible households.

Unfortunately, a portion of that amount has wound up in the hands of thieves.

The thefts have targeted Californians who received their grants in the form of a prepaid debit card distributed by the Money Network, a contractor for the state Franchise Tax Board. An undisclosed number of residents have reported that their card’s account was drained by fraudsters after they started using it.

Some Californians said that their money was taken even before they activated the card, according to KGO, the ABC TV affiliate in San Francisco. And many of the victims who tried to reach Money Network for help couldn’t get through, KGO reported.


Money Network didn’t respond to a request for comment from The Times.

Andrew LePage, a spokesman for the Franchise Tax Board, said the board was aware that some recipients had filed fraud claims with Money Network, adding, “Under the terms of FTB’s contract with Money Network the MCTR debit card program is expected to run with less than a 1% fraud rate, and currently Money Network reports that the rate is well below that level.”

With more than 9 million cards issued, though, just 0.5% would still be a large number of victims — 45,000, representing potential losses of $9 million to more than $47 million.

“Given the size of the MCTR program, we anticipated the possibility of fraud,” LePage said. “FTB and Money Network take all fraud claims seriously and will investigate each claim reported on an individual basis. We will ensure recipients get the payments that they’re eligible for.”

Here are some tips for protecting the money the state sent you, as well as what you should do if you think you’ve been victimized by scammers.

The new California ‘tax refund’ isn’t really a tax refund. But what is it? The uncertainty is why the taxability question is hard to answer.

Oct. 7, 2022

Why are prepaid cards vulnerable?

At least some of the Money Network cards have gone out without a security chip that would make it harder to steal the information stored on the card, such as the recipient’s name, account number, the expiration date and the three-digit security code on the back. As a result, those cards are more susceptible to a technique called “skimming.”

To use one of those cards at a retailer or restaurant, you have to swipe its magnetic strip through a card reader, then either enter your PIN into the reader or sign a copy of the receipt. But some card readers have been altered by thieves with a “skimmer” that collects the information on the magnetic strip. The thieves then use that information to make purchases with the card online, where no PIN or signature is required, draining the balance.


In some cases, thieves will also have hidden a pinhole camera to record the PINs entered into the keypad to go along with magnetic strip information captured by the skimmer.

“The whole secret to the prepaid debit card,” said author and cybersecurity expert Adam Levin, “is that the holder is the owner, whoever may be holding it.”

In other words, the card is designed to behave like cash, which can be passed from person to person. And having the information from the magnetic strip is akin to holding the card, at least when making transactions where the card doesn’t have to be present.

This problem isn’t unique to the tax refunds — skimming and other forms of fraud are potential problems for any prepaid card. For example, CBS News reported in 2021 that skimming devices used by thieves apparently targeting unemployment benefit debit cards were found at five ATMs near Thousand Oaks.

If you have a card with a security chip, you can make purchases just by tapping it on a card reader that’s equipped to work that way. But those cards also come with magnetic strips because some businesses — for example, gas stations with older pumps that have built-in card readers — still rely on the strips to complete transactions. So they’re potentially vulnerable to skimming as well.

And Levin noted that both types of cards are equally vulnerable to “e-skimming.” That’s when hackers load malicious software onto a retailer’s website to capture the credit-card information typed in by shoppers. Sadly, he said, “there’s absolutely no way for consumers to know it’s happening.” They’ll find out only after their account is tapped by thieves.


Money Network and the FTB aren’t revealing how fraudsters have been able to hijack some Californians’ refund cards, and there may be other explanations besides skimming. For example, Levin said, card recipients’ computers could have been infected with malware that recorded them entering their card information while making a purchase online.

“You’ve got a number of extremely sophisticated rings” defrauding the public, he said, including state-sponsored ones in North Korea and other countries. These groups are constantly trying to gain information, whether through hacking or trickery, that they can use to bleed funds out of their victims’ accounts.

Beyond that, Levin noted that data breaches such as the massive one at the Equifax credit bureau in 2017 have resulted in huge amounts of sensitive personal information being available online, making millions of people susceptible to identity theft. “We’re living in an era where we are incredibly vulnerable,” he said.

And if some people’s cards really were drained before they were activated, that’s not a skimming issue. Instead, Levin said, that suggests thieves gained access somehow to key account information before the cards were sent out.

There is no way to completely prevent your identity from being stolen. But taking these steps can help make it less likely, and lessen the impact if it does happen.

Oct. 26, 2022

How to protect yourself against fraud

The simplest way would have been to sign up for direct deposit from the FTB, so your Middle Class Tax Refund could have gone directly into your bank account. According to the board, about 7 million people received their money that way, compared with 9.1 million who have been issued debit cards.

But for people who already have cards, as well as the relatively small number still due to receive them, there are a few things you can do to reduce your risk:

  • Transfer all the money on your debit card to your bank account, if you have one. You can do so at no charge through, via the Money Network mobile phone app, or by calling (800) 240-0223. Money Network lays out the steps on its Frequently Asked Questions page. One problem with this approach, though, is that you have to create an account with Money Network, a process that requires you to divulge personal information that the company can pass on to third parties. Alternatively, you could link your debit card to your account at PayPal, Venmo or other online money-transfer service, withdraw the money from the card and deposit it into a linked bank account — often for free. If all else fails, you could withdraw cash from the card at an ATM, then deposit it at your bank. But you’ll face a fee of at least $1.25 per transaction if you use an ATM that’s not part of the AllPoint or MoneyPass networks. To find an ATM on the network, check Money Network’s map.
  • Download the Money Network mobile app and sign up for transaction alerts. That way you can find out quickly if someone is using your card without your permission. You can use the app to lock the card to prevent any money from being withdrawn if you suspect a problem, or if you know you won’t be using it for a while. The Money Network also suggests reviewing transactions and checking your balance regularly through the app.
  • Follow the FBI’s advice on how to avoiding skimming. This includes not using ATMs or card readers that have loose, crooked, damaged or scratched parts (which might be a sign of a skimmer); sticking to ATMs in well-lit indoor locations; covering the keypad when you enter your PIN; and being especially wary in tourist areas, which are often targeted by criminals.
  • Ignore text messages, emails or calls asking you to “activate” or “reactivate” your prepaid card. According to the state attorney general’s office, “The FTB will not contact you by text, email, or phone. Do not share personal information with anyone who is contacting you this way, even if they claim to be with the government.” Nor should you be taken in by authentic-looking emails, texts or phone numbers because all such things can be spoofed by scammers.
  • As the FTB says, do not disclose your card details unless speaking directly with Money Network or your bank, or making a purchase from a trusted seller. And remember, neither your bank nor the Money Network will ever ask you for your account password, your card’s PIN or your full Social Security number.

A stolen wallet precipitates a reporter’s years-long fight against identity thieves — and a system that doesn’t care and won’t help.

Oct. 26, 2022

If thieves steal from your prepaid card account

By law, you are entitled to be reimbursed for any unauthorized charges on your card.

The FTB and Money Network say that if you suspect your card has been used without your authorization, you should call Money Network right away at (800) 240-0223. Be forewarned, though: the FTB says that the phone line is staffed only from 8 a.m. to 5 p.m., Monday through Friday.

You’ll have to wade through a series of automated scripts and responses to get where you’ll need to go. When asked, press 1 to access customer service, then enter your card number. After that, you’ll need to press 2 to continue to the main menu, then press 6 to dispute the unauthorized charges.

LePage said the FTB and Money Network are “jointly engaged in work to investigate potential fraud to ensure taxpayers are protected and receive the funds they are entitled to.” But you’ll have to wait to be made whole — the FTB says fraud claims can take 45 to 90 days to resolve.

About The Times Utility Journalism Team

This article is from The Times’ Utility Journalism Team. Our mission is to be essential to the lives of Southern Californians by publishing information that solves problems, answers questions and helps with decision making. We serve audiences in and around Los Angeles — including current Times subscribers and diverse communities that haven’t historically had their needs met by our coverage.

How can we be useful to you and your community? Email utility (at) or one of our journalists: Jon Healey, Ada Tseng, Jessica Roy and Karen Garcia.