She paid for the $5 beverage with her American Express card and then slipped the card back into her pocketbook, where it stayed for the rest of her vacation.
When she returned home, Shanley found $1,300 in fraudulent charges on the card, and she suspects that Southwest Airlines is responsible for the security breach.
Travelers are easy prey for "carders," who take illegal credit card impressions in a crime called cloning or skimming. Airline passengers such as Shanley may feel extra vulnerable, because on a plane, plastic is often the only payment option for beverages, meals or duty-free items. (Airlines euphemistically call it a "cashless environment.")
Apart from the timing of the charges, several other clues point to Southwest as the responsible party. First, Shanley says, the flight attendant took 15 minutes to return her card; and second, she'd never had a fraudulent credit card charge until she made the in-flight purchase.
Southwest says it isn't responsible. "Cardholders tend to focus on the last known legitimate charge as being the point of compromise," airline spokeswoman Linda Rutherford said. "However, our security folks advise us that it could be any number of merchants where the card was used prior to the Southwest flight."
She said Southwest has "no reason" to suspect the crew on Shanley's flight, but agreed to forward her complaint to management "for their review."
Shanley's credit card company reversed the bogus charges.
But Shanley's problem raises two bigger questions for air travelers who want to buy something on board: Is it safe? And is there a way to protect your card?
Here's the bottom line: Fraud can take place anywhere, even at cruising altitude, and no protection measures are airtight.
Could a flight attendant moonlight as a carder? You bet, says John Sileo, an expert in digital privacy. The gadgets used to perpetrate these crimes are small enough to be concealed in a pocket. "There are skimming devices that are only slightly larger than a matchbox," he said.
An accomplished carder can clone a credit card right in front of you without your knowing it, he said. "They make it look like they're sliding the card into the check folio," he says, "but they're actually swiping the card."
The credit card security experts I spoke with say that Southwest isn't necessarily to blame, because a card can be skimmed anywhere, and the bad charges don't always appear immediately after the theft. Any time you hand over your credit card, you're exposed.
"Once the thief has the credit or debit card data, he or she can place orders over the phone or online," said data-security expert Robert Siciliano. Thieves can also copy that data onto blank cards, which are called "white" cards. The plastic can even be dressed up to look like a legitimate card, he said.
Such data theft creates a massive money drain. The most frequently cited statistic is a 2010 U.S. Secret Service estimate that skimming is an $8-billion-a-year problem. (It includes ATM skimming, which, as the name implies, happens when you use your credit or debit card at an automatic teller machine.
I know that it's a problem, because my own card has been cloned, and I'm not entirely sure how it happened. The last place I'd used the card before the fraudulent charges popped up was in a sandwich shop in British Columbia. But that means nothing. Carders can wait weeks before running fraudulent charges, and I'd like to think that the deli was as honest as the tuna sandwich they made to order.
How do you avoid being skimmed? Identity-theft expert Rob Douglas says that using cash whenever possible is the only way to be safe.
He recommends forking over greenbacks for minor purchases typically associated with this kind of fraud. "That includes cab rides, coffee and newspaper kiosks, meals in restaurants located in high-tourism locales, airport vendors and similar operations where a carder can obtain a large amount of card data with little risk of any single stolen transaction being tracked," he said.
Experts say that the only long-term fix is to tighten security on credit cards by requiring PINs and using security chips that are far more difficult to copy. But American credit card companies have been slow to embrace such changes, citing higher costs and downplaying the security risks.
The next time they do that, maybe they should talk to Shanley or Southwest Airlines -- or me.
Christopher Elliott is the ombudsman for National Geographic Traveler magazine and the author of "Scammed." Read more travel tips on his blog, www.elliott.org or email him at email@example.com.
© 2012 Christopher Elliott/ Tribune Media Services, Inc.
More Life Headlines
I shot for the moon, and Twitter shot back Explore a wetland, without getting wet, at Northwest Stream Center Role models matter: Keys to helping your children find strong mentors Tips to help kids and parents in digital age A galaxy far, far away that you can see with your eyes Get a thorough nature education thanks to web cams N. Cascades open but smoky scent lingers Facebook testing emojis to change how users ‘like’ posts
Our to-do list full of ideas for your weekend
Our new comment system is not supported in IE 7. Please upgrade your browser here.