Bank of America security alert....

[HarryT]

Quote:

Originally Posted by Apache

Credit Card Companies never send emails. They will send you a letter or call.
Apache

In fairness, BoA do send emails; they send one each month to tell you that your online statement is available, for example (their Amazon card is a purely online one - no paper statements), so it's not unreasonable to get email from them. It's just that they don't send emails in this particular circumstance.

[banjobama]

Even a phone call might be a scam. A few months ago in my area there was a big thing where people would get a call from Wells Fargo saying "your account has been compromised. Press 1 to unlock it." Then the person presses 1 and the scam program proceeds to collect information about the person (asking for SSN, account number, what-have-you). I got the call, and since I have 3 accounts with Wells Fargo it spooked me, but when I hung up on the recording and called the bank itself they said nothing was wrong. Then I looked online and saw many people had reported the same types of calls.

Basically if they send you an email about it, or they ask for your account number (it's the bank, they have it!), it's a scam.

[Fbone]

I find it strange Amazon would use B of A for UK customers. Does B of A have a presence in Europe?

[carpetmojo]

Thanks for all the advice, but......... it's a letter ! Sorry I didn't make that clear.

I do know that email is never to be answered, and phones should be treated with caution.

Gives me a date my card will be stopped, and new ones issued, freephone number to call, letter under Bank of America heading, through subsidiary company MBNA, Card services , Chester.

Shall call the 0800 number tomorrow, and report back.
I'm interested in asking why I get a possible danger alert, and then give a date beyond which I'll be safe, and also why they don't stop it NOW
But they do say if it gets mis-used I won't have to pay - nice to know, gives me a warm glow.


I must say, a positive blizzard of replies - just shows this is the place to pick up stuff like this.

[theducks]

Quote:

Originally Posted by carpetmojo

Thanks for all the advice, but......... it's a letter ! Sorry I didn't make that clear.

I do know that email is never to be answered, and phones should be treated with caution.

Gives me a date my card will be stopped, and new ones issued, freephone number to call, letter under Bank of America heading, through subsidiary company MBNA, Card services , Chester.

Shall call the 0800 number tomorrow, and report back.
I'm interested in asking why I get a possible danger alert, and then give a date beyond which I'll be safe, and also why they don't stop it NOW
But they do say if it gets mis-used I won't have to pay - nice to know, gives me a warm glow.


I must say, a positive blizzard of replies - just shows this is the place to pick up stuff like this.

MBNA got bought up by BofA
MBNA made a business of issuing 'branded' cards for clubs and charities, so an Amazon Branded card makes sense.

I would call (and pay close attention to your statement). They may have had/detected a breach on that brand.

[Apache]

Quote:

Originally Posted by HarryT

In fairness, BoA do send emails; they send one each month to tell you that your online statement is available, for example (their Amazon card is a purely online one - no paper statements), so it's not unreasonable to get email from them. It's just that they don't send emails in this particular circumstance.

Sorry. That's what I meant. I just worded it incorrectly.
Apache

[Shopaholic]

Quote:

Originally Posted by taustin

In my experience, they'll usually tell you if you call them and ask.

Never! They're not legally allowed to tell you anything. The schlep on the phone doesn't even know the information. Only someone high up in the fraud department would actually know where it was breached or compromised.

You have to understand that most of the companies themselves are victims. They're not actually skimming your card. Your credit card issuer saying it was store XYZ would only victimize them again by you not shopping there & telling 1000 of your closest friends on the internet.

They are legally not allowed to tell you where the compromise took place. Often times it's just a protection for you that they shut you down. You may have used your card at a location that was compromised and if someone did actually have fraudulent activity on their card, they shut down everyone that used their card there to prevent it from happening to them. It's a PITA to be sure but better than to lose money right?

[ScalyFreak]

Quote:

Originally Posted by Shopaholic

Never! They're not legally allowed to tell you anything. The schlep on the phone doesn't even know the information. Only someone high up in the fraud department would actually know where it was breached or compromised.

There is also the more important consideration that there has already been one security breach on the account, and now a person is calling and asking for information about it. Red alert!

See, there is no proof that the person we're talking to isn't in fact the identity thief, calling to get more info, so they can make the fraud more lasting and harder to detect.

In addition to that, the company has to assume the worst, because charge-backs and fines over not protecting personal information would cost the company a crap-load of money. And trust me, the employee that causes this large loss of money and good-will could very quickly find themselves with a pink slip and an escort out. Personally, I have always found that particular part to be a very good reason to deny everything whenever an irate customer demands that I help them catch an identity thief.

So yes, if you call and ask for details on a fraudulent card charge, any company with half a brain will stone-wall you until you die of old age.

[kiwipippa]

When my credit card was compromised I had no warning - I just went to use it one day and it was declined (very embarrassing as I had not other payment option so had to leave the shop). When I called the bank they said it had been compromised so they had cancelled it and a new card was on the way to me. And as the others said, they wouldn't tell me what happened.

However, I found out the next day when it was on the front page of our local paper. 10,000 cards had been stopped because payment machines at city car parks had been skimmed and I was a frequent user of the car park.

[laughingdragons]

Quote:

Originally Posted by HarryT

I've just phoned BoA to check, and they say that there's no problem, and that, if there was, they'd always phone the customer or send a letter.

2 different times I've had a credit card number used illegally (tried to charge $4800 on one card) and BOA did call me and didn't allow charges to go through. I didn't get an email.

I forget what whas the other card I think it was chase and they did the same thing they called me and didn't let charges go through.

[carpetmojo]

OK, rang B of A , ie MBNA, in Chester.
Got through after 20+ minutes....
The missive was genuine - had a bit of fun carrying out a security check of my own on them, which made a change.

This notification apparently means that, as suggested, somewhere I used/use the card has reason to believe that "my" account may be, or has the potential to be compromised, but not necessarily just my account - by leak/theft/hack/clone/cock-up...whatever, either at the store or in the payment process somewhere along the line, even, presumably, at the card issuer.

Which was fine.
However, when I asked why the presumed "ill-doers" had another 10 or so days to get on with their evil deeds, they were completely stymied, and struggled to find an answer.
At least one that made sufficient sense to me. The nearest one to reason was that the problem has been "identified as possible" and it took time to set things in action.

See, that's what the marvels of the computer age can do - take quite a few days to carry out presumably urgent action !

The letter took 4 days to get to me for a start......

Oh, and I have, this a.m. recieved phish scam emails from Halifax and Santander - possibly a sign the economy's picking up ?

[HarryT]

Thanks for the extra info. Sounds as though a potential problem was identified at one of the places you used the card, rather than it being a problem at BoA. Better to be safe than sorry with these things.

[Shopaholic]

Carpetmojo, what happens where I work is that when a card has been used at a location that has been identified as being compromised it goes on a watch list. They watch the activity on that card and when there is usage that is out of the norm for the actual account holder, they shut it down.

If they immediately shut down all cards that were used at a location that has been compromised it would be a huge inconvenience for patrons because sadly, it happens a lot. Some people would end up constantly getting new cards.

Now, I have no actual proof of this but logically I think about vulnerable locations like gas stations. Think about it. You've got a couple of employees inside the store watching for gas & dashes, shoplifting, robberies etc and they've got 4 to 9 or more pumps outside to watch. Those 4 to 9 pumps all have credit card processors for customers' convenience. It's also a skimmers dream. One or two people can't possibly see everything all the time. Those devices are exposed where anyone can put a device on them to skim the cards that use them.

Again, I have absolutely NO proof of this but to me, it just makes sense. It happens in stores too, but gas stations units are so vulnerable.

[taustin]

Quote:

Originally Posted by HarryT

As I said, when I phoned them they said that, in such a situation, they would NOT send email, so any such email is undoubtedly a fake.

Kinda like any telephone solicitation for charities for police for fireman assocations, who never, ever, ever do telephone solicitaitons because of all the scams. Good way to get the scammers to never call you again is to tell them you know that, and that you're going to report them.

[taustin]

Quote:

Originally Posted by Apache

Credit Card Companies never send emails. They will send you a letter or call.
Apache

Er, they never send emails about that sort of thing. They will send you advertisments, though.