Saturday, February 1, 2014

Does Your Bank Read the News? Apparently, Chase Doesn't

I always tell my son something along the lines of "a little bit at a time adds up to something big." Not earth-shattering news. And I'm not sure he's really listening to me. But someone with a long list of stolen credit-card numbers is listening. Intently. And listening to the sound of ca-ching, as they charge your credit card $9.84 at a time.

Living in the age of internet rumors and dramatic Facebook alerts about whatever the fake freakout of the week is, I wasn't immediately alarmed about this whole $9.84 fraudulent charge thing. But then I heard it on the radio. I saw it on the news. And I looked into it. No foolin' this time.

The Better Business Bureau posted a scam alert last week advising people to look for fraudulent credit card charges on their bills. Specifically, a charge for $9.84 on your credit card bill. The "merchant" is typically a .com name of some sort.

I checked my statement. I found the charge. Yep, there was a charge for $9.84, as advertised. In my case, the merchant was listed as EETSAC.com. Nope, not the source of any recent purchases. Or non-recent purchases for that matter. Damn.

So, naturally, I started with my bank. For the purposes of this post, we'll call it "Chase." (Because it's Chase.) First I went to the website, we'll call it chase.com, and tried to search for 9.84. But you can't search. I found a link for security on the home page. Lots of links about their policies, but nothing about current alerts. But, eventually a link to a page that tells you how to report fraud by phone.

Excellent. This should be simple.

Menu navigation through the press-this-button-to-be-fully-annoyed system. Hold music that cuts in and out for 8 minutes, with interruptions to remind me how much I'm valued. And then, a human. Although I've called the fraud-reporting number, and pushed all the little appropriate numbers to report fraud, she has to transfer me to the fraud department. Huh?

The system estimates my hold time will be 7 minutes. At least they're getting those calculations pretty close.

And now Paul is the fraud specialist. I "get to" repeat all the information I've already provided through my keypad or to the previous human. And when he asks for the reason of the call, I tell him I have a fraudulent charge for $9.84, thinking I'll hear some sense of recognition in his voice.

Nope. Instead I get to go through the whole process of making sure my claim is legit. I tell him about the articles, the BBB scam alert. Crickets. So to get them to investigate the charge, remove the charge, and get my card replaced, I have to go through the whole report process?

Well no, he says, you can skip it if you want to pay the charge.

Fabulous.

Here we go:
  • Are you sure you didn't make this purchase? 
  • Did you give the merchant your credit-card number? 
  • Do you know how the merchant got the number? 
  • Have you purchased from this merchant before?

Yes, no, no, no.

Apparently that's satisfactory. Whee. Now for phase two of interrogation:
  • Do you have possession of your card?
  • Have you had possession of your card since prior to the charge?
  • Did you lend your card to anyone?
  • Did you give anyone your card number?

Yes, yes, no, no.

Krebs on Security posted about $9.84 on January 6th and did some digging into the sources. And hey look, there's EETSAC.com right there in the article. He also posts an extended lists of domain names that have been used in the same scam.

Huffington Post covered it last week. Consumers don't typically notice or question a relatively small charge on their accounts, often assuming it's something they forgot. And bank algorithms look for breaks in your spending patterns, typically tied to spikes in purchase amounts.

And small charges aren't often worth the cost of investigation. Until they add up.

My new card is in the mail.

What annoys me is that with all of the visibility of this particular fraud in the media, my credit card company didn't look into that massive database of theirs -- the one they use so well to market to me -- to do a simple search for 9.84 and identify the merchants to see which were valid. Nor did they apparently provide information about it to their fraud response center.

With all the questioning around a well-known issue, I suddenly felt like my card was guilty until I could prove it, and myself, innocent of handing my card number to someone to use.
#cx #fail

No comments: