Sophisticated crooks, or an inside job?

Get credit card fraud help: For victims of credit card fraud and identity theft, and those that can help.
9 posts
dragon452
Platinum Member
Platinum Member
 
Posts: 77
Joined: Fri Apr 18, 2014 10:30 pm
Location: South Florida

Sophisticated crooks, or an inside job?

Postby dragon452 » Tue Jun 24, 2014 7:23 pm

Yesterday (June 23rd) I retrieved my e-mails in the early evening. Two messages from Capital One regarding my MasterCard account (I am signed up for security alerts/changes to my account): 1) Your address has been updated, if there is a problem, call customer service 24 hours a day, etc. 2) Your telephone number has been updated, etc. Well I SURE DIDN'T change my address and phone number, so I immediately called the banks Fraud Dept. and sure enough, the Fraud agent told me that somebody called in during the day and changed my address and phone number to something else. The agent could not/would not tell me what the "new" address and phone number were, despite my insistence. There had been no charges made to my account however, so the bank simply closed out that account number, and transferred everything to a new account, a new card and PIN will be sent to me. No damage done? I caught it in time? YES damage: of course, somebody used my name, current address, current phone number, and birthday to identify me, (easy to get info), BUT: how did they match up my SS#, the last 4 digits of the account number AND my mother's maiden name as well? In other words, they had everything needed to change the address and phone number using the bank's telephone customer service system. I never gave out my mother's maiden name anywhere except to banks (to use as an ID), and I never give out my SS# to anybody but banks or Government agencies. My worry is that some crook now has enough information to apply for NEW credit cards and loans, and I may not find out about it until too late. BTW, in addition to fraud alerts with the banks, I use a monitoring service called "PrivacyGuard" to advise me if new loan applications were made in my name or if information was changed, or public records published about me (with the Experian Agency). But the damage is already done at that point. Where does this all end???


takeshi
Centurion Member
Centurion Member
 
Posts: 1733
Joined: Wed Jun 05, 2013 3:12 pm
Location: US

Postby takeshi » Wed Jun 25, 2014 11:33 am

Have you set up security freezes with the CRA's?

dragon452
Platinum Member
Platinum Member
 
Posts: 77
Joined: Fri Apr 18, 2014 10:30 pm
Location: South Florida

Postby dragon452 » Wed Jun 25, 2014 1:16 pm

No, I haven't. I guess I was depending too much on that "PrivacyGuard" service to keep me informed (and quickly). Is this something I can do by phone, and is it free, or do I have to write letters to the three agencies? Thanks for any extra info!!!

JamieCampbell
 
Posts: 1
Joined: Sun Jun 29, 2014 11:42 am
Location: Petersburg, VA

Postby JamieCampbell » Sun Jun 29, 2014 12:12 pm

dragon, the bad guys are organized crime and some have data centers with many servers and data bases. They can combine data from several sources. So, you need to go to a new level of paranoia.

1. Does Capital One offer what's called "Two Factor Identification?" At Bank of America this is called "SafePass." The idea is that when you make a high risk change, such as changing your address or setting up a new merchant for paying bills, the bank sends a text to your phone with a pin. Unless the bad guy has your phone, he can't make the change.

2. Give a different password for each account and web site. I use LastPass to generate long passwords and to remember which password I used for which web sites. That way the only password you have to remember is the LastPass password and they store an encrypted copy of your passwords on their servers, so you can access them from several devices or recover them when your PC crashes or is stolen.

3. When you set up an account, don't give the correct answer to the security questions and give different answers for each account. I use LastPass secure notes to keep track of what I told each web site, but you can use OneNote or lots of other tools. Just be sure that a password protected copy is stored on SkyDrive, DropBox, D-Drive, etc, so you can get it back if your computer crashes.

I still don't have all my answers and passwords on all my accounts unique, but I'm working on it.

dragon452
Platinum Member
Platinum Member
 
Posts: 77
Joined: Fri Apr 18, 2014 10:30 pm
Location: South Florida

Postby dragon452 » Mon Jun 30, 2014 10:54 am

Jamie, thank you for your tips and insights, it is appreciated. Actually, I am signed up with my credit card banks to receive e-mail alerts if personal information is changed: this is what saved me in this Capital One fiasco, as I was able to find out within a couple hours of the unauthorized changes. My "Privacy Guard" service monitors the credit bureaus for changes as well, AFTER they are reported to the agencies (how long does THAT take), plus they have a "Hotline" service to shut down any or all accounts when you call them with a fraud complaint (again, the damage is already done). I have stopped using "Mother's Maiden Name" as part of the telephone ID questions they ask you, and dreamed up weird passwords instead. I'm still wondering if I should now have security locks put on future credit reports at the three major bureaus...any opinions on this, anybody?

dragon452
Platinum Member
Platinum Member
 
Posts: 77
Joined: Fri Apr 18, 2014 10:30 pm
Location: South Florida

Postby dragon452 » Tue Jul 08, 2014 1:54 pm

Quote from my last post: "I have stopped using "Mother's Maiden Name" as part of the telephone ID questions they ask you, and dreamed up weird passwords instead." Please note: Chase bank told me that while the Security/Fraud Department will ask you for your telephone password to fully identify you, the regular customer service reps. WILL CONTINUE to ask for the usual name, address, last for digits of the SS#, AND the mother's maiden name! So, what I did for my Chase Visa & MasterCard was to have the fraud dept. change the "Mother's maiden name" answer from the actual answer (which the crooks can get hold of or already have), to a random password. The crook WON'T know this password unless they actually got the info. from the bank itself (an inside job)! The Fraud specialist agreed that this was a good step to take. I hope this helps!

benhollberg
Centurion Member
Centurion Member
 
Posts: 353
Joined: Mon Apr 29, 2013 6:51 pm
Location: Salt Lake City

Postby benhollberg » Tue Jul 08, 2014 8:54 pm

dragon452 wrote:Quote from my last post: "I have stopped using "Mother's Maiden Name" as part of the telephone ID questions they ask you, and dreamed up weird passwords instead." Please note: Chase bank told me that while the Security/Fraud Department will ask you for your telephone password to fully identify you, the regular customer service reps. WILL CONTINUE to ask for the usual name, address, last for digits of the SS#, AND the mother's maiden name! So, what I did for my Chase Visa & MasterCard was to have the fraud dept. change the "Mother's maiden name" answer from the actual answer (which the crooks can get hold of or already have), to a random password. The crook WON'T know this password unless they actually got the info. from the bank itself (an inside job)! The Fraud specialist agreed that this was a good step to take. I hope this helps!


That is a very good idea. Just make up another password for these security questions. I think I will start doing this for new accounts and existing accounts.
American Express Platinum Card
American Express TrueEarnings Card from Costco
Marriott Rewards Premier Visa Signature Card
Chase Sapphire Preferred World MasterCard
Discover It

Ikarus
Centurion Member
Centurion Member
 
Posts: 146
Joined: Thu Feb 07, 2013 4:53 am
Location: USA

Postby Ikarus » Wed Jul 09, 2014 8:25 pm

That's almost too much information. I wonder if someone heard you on the phone with a rep at some point to gain that information.

Do you think someone in your household could have done it?
Merrick Bank (Hooters) 4100
Cap One Quicksilver 2800
Discover it 2500
Citi Forward 5400
Chase Freedom 1000
AMEX Blue Cash Everyday 5500
Citi Dividend 5600
Cap One Visa Platinum 750 (CLOSED)

dragon452
Platinum Member
Platinum Member
 
Posts: 77
Joined: Fri Apr 18, 2014 10:30 pm
Location: South Florida

Postby dragon452 » Thu Jul 10, 2014 3:20 pm

Good questions. Personally, I live alone with no authorized users on my card. Of course, as far as who may hear the "secret" security questions being answered...that's why my post is named "sophisticated crooks, OR an inside job?" As fellow poster Jamie Campbell said, basically there are databases on everything that a crook can use for reference, and "mother's maiden name" is not a hard question to answer. BUT: If you dreamed up an individualized fictitious answer to this question, AND THEN a crook gets through the bank's telephone customer service security (meaning he HAD all the correct answers), then you can be almost positive that the crook is somehow mixed up with the bank itself. This is, of course not a cure to the problem, but it would narrow down the question of where the crook got his information from! Thanks for asking.



Return to “Credit Card Fraud”

Who is online

Users browsing this forum: No registered users and 0 guests