Fraud has become pretty rampant these days and criminals are getting smarter and smarter, while the credit card companies and banks have neglected to update their procedures and technology.
Just a few days ago, Yahoo stated that a number of their users’ passwords and usernames were hacked. Read this if you’d like to know what to do if you’ve been affected by this latest scam.
My business and personal credit cards have both been compromised/hacked in the past; although I didn’t shop at Target or the other places that have been mentioned in the press. The credit card companies have done a pretty good job alerting me of suspicious activity and putting a hold on suspect charges until I’ve called them – however recently I had another experience that is even more concerning.
My business card was hacked a few weeks ago, even though the card never leaves my wallet/sight and I take all the necessary precautions to keep the account safe. I have a few programs on auto-bill and they are the same companies I’ve used for years; none of which have reported a breach up to this point. After my card was hacked at the end of December my account was flagged with the Fraud Department and earlier this month I had to call in because they put a hold on a few charges that were legitimate – they sent me email alerts and I called a number that I KNEW was legitimate (just as I don’t click on hyperlinks in emails, I don’t call the number listed in emails – I go straight to a statement or the card for the number).
This week I received a phone message saying they wanted to confirm that I added a new user to my account and they left a phone number; this was a number that I had no record of – so I didn’t call that number either. Instead I called the Fraud Department number directly from my earlier experiences. Here is where things took an upsetting turn.
The Fraud Department asks several questions to confirm that they are actually talking to the right person, that’s great – but they are the same questions the industry has been asking for years. Of course it’s the same information that can be easily obtained by the criminals! If they have your credit card number, they probably have your full name and address, as well as your phone number, etc.
I told the agent about the phone call and that I did NOT add anyone to my account. He informed me that according to their records I called in twice on the 22nd’ and then again on the 26th to make changes. I told him that I most certainly did NOT call them on either of those days, the last time I contacted them was on the 17th – I document EVERYTHING when it comes to something like this. He then actually told me that I must be mistaken because they ‘confirmed’ it was me!
He proceeded to tell me that I shouldn’t worry because nothing actually happened to my account and they didn’t add anyone. He repeated this several times during the conversation – however you have to go with your gut and my instincts were telling me to pursue this; and boy am I glad I did!
Once again I told him that was not me, I don’t care if the person they talked to knew my information – that is easily obtainable these days and they really need to update their policies and start asking for something that is not of public record. I then inquired what time the calls came in and if they had the incoming number. The number that was used was a 918 area code at 3 a.m. Central Time; my area code is 301 and I’m East Coast! I said I do not recognize that number, and the area code and time zone does not match, etc. The kicker – the agent tells me the phone number checks out and is ‘good’! ‘Good’ by whose standards? I just finished telling him it wasn’t mine and I didn’t call – then I asked to speak to a supervisor.
When I spoke to the supervisor I found out a new person WAS added to my card, it was a man’s name and obviously someone I’ve never heard of. The address the card was to be sent to was a different state; the phone number did not match, etc. Somehow the thieves were convincing enough to scam the credit card company into believing that they were talking to me on three separate occasions – after all, they had all of my info! If I had just let it go like the first agent suggested, the credit company would have been out untold amounts of money and my credit would have been adversely affected and taken who knows how long to get it fixed – if ever.
I will say that the credit card company put a hold on the card before sending it, apparently because the incoming phone number was suspicious; something the first agent neglected to tell me. The first agent also said nothing happened/changed with my account; yet the supervisor said it was the first set of notes on the account. I also received a letter in the mail a few days later to confirm I added this person, however the phone call that I received was not from the credit card company (that number has been reported, as well as the other number and name used).
I asked the company to add a password to my account so anyone that called in needed to know the password – their current verification process is outdated and obviously does not work. If the criminal had used a 301 area code number when they called this probably would not have been caught until I reviewed my statement. Unfortunately they do NOT have a field to add a security password!!!! Ultimately the agent made it the last note in my file so it is the first thing an agent sees when they review the account – however I will need to have an agent do this every time I call the company to keep it visible. They also tagged the account for the next six months in the Fraud Department.
I appreciate everything the credit card companies and banks are doing to catch the fraud activity and in my case the companies have acted quickly. However if I hadn’t been proactive and persistent, this last incident could have turned out much differently.
Take control of your accounts, be proactive and safeguard your information as much as possible, and don’t be intimidated to call the companies directly; be persistent if need be. Agents require more training and the credit card companies need to update their procedures; let them know this – that’s how change happens.
In summary, here are a few tips to avoid credit card fraud and protect your account:
- Review your accounts online each month. Use a link from the main website – not from an email. Small, unauthorized charges on your credit card are the first indicator of fraud. Look for small charges (i.e. $1.97, $11.23, $89.99) – these are a good indication that your card has been compromised. There is a specific number being used in a lot of cases – look for $9.84 – as this seems to be popping up a lot.
- Change all of your passwords and security questions on a regular basis to be safe. Use a strong password, mix upper and lower case letters and include at least 1 number, if not more. If possible, also use special characters, such as ‘@’ or ‘! You can read more about safe password tips here: https://bit.ly/1lwiMfF
- Use a good password manager, consider getting RoboForm or LastPass. Personally I’ve used Roboform for over 10 years and it’s my #1 piece of software – it gets installed immediately on every new machine.
- Only share your credit card number or other personal information on calls you make to customer service using the number on the back of your credit card or from your statement. Do not return calls to a phone number left on your answering machine and don’t give your credit card number to anyone who calls requesting the number for verification. Credit card thieves will pose as credit card issuers and other businesses to convince you into handing over your credit card number and other personal information.
- Use your shredder to destroy any papers with your credit card number on it. This will prevent any thief from obtaining your number by going through your trash. Any old credit cards that have expired should also be destroyed.
- Don’t leave your credit card out where someone can steal it, or even take a picture of it. After you buy something, put your credit card away immediately and make sure you have it on your person before you leave.
For more information visit some of the following resources:
- FTC Consumer Information: https://www.consumer.ftc.gov/articles/0216-protecting-against-credit-card-fraud
- Bankrate.com: https://www.bankrate.com/finance/credit-cards/reporting-credit-card-fraud.aspx
- The Motley Fool: https://www.fool.com/investing/general/2014/01/25/beware-this-984-credit-card-charge-isnt-as-harmles.aspx
Good grief – what a nightmare! It’s a good thing you were so “persistent” or you would really have had a mess on your hands.
We have an American Express business card through Costco that is absolutely great! Last November I ordered a Jot Script Stylus for my iPad (which I love) from the Evernote store – they immediately rejected the sale as suspicious and within minutes I had both an email and a phone call asking me if I’d made the purchase. I actually had to “fight” with them before they would believe it was legit LOL
I’ve been using Dashlane as a password manager for over a year now and have been very happy with it.