The other day reader Dave wrote us because he’d noticed a bunch of strange debits from Sprint on his bank account. Since he uses Sprint, he thought it was a billing error, albeit a serious one, because Sprint had debited $1,717.49 in the past two weeks. Dave hadn’t been able to find anyone at Sprint to help him reverse the charges and wrote to us for advice. Yikes!
We suggested he immediately call his bank and report the debts as fraud. We also gave him the Sprint executive customer service number.
It turns out that the charges were originating from someone who was swiping Dave’s actual debit card and using his PIN. One problem: His account is only 2 months old and he has never, ever, ever used his debit card. So how did a scammer get it?
I’ve been a Sprint PCS customer since late 2005 and haven’t made any changes to my account. Each month my bill is automatically paid through my bank.
2 weeks ago, however, Sprint started automatically withdrawing large sums of money from my bank account with no apparent reason.
12/27 – $300
12/27 – $300
12/31 – $300
12/31 – $300
01/10 – $300
01/10 – $217.49
$1,717.49 total taken out of my account in the last two weeks.
I called Sprint and talked to 3 representatives, all of whom had no idea what is happening, and they could not commit to resolving it in a timely manner. All they could do is take a report and have the “back office team” take a look.
Have you ever heard of that happening before?
We replied, telling Dave that we thought he should call his bank immediately, and shared the number for Sprint’s executive customer service team.
Thank you. I’m talking to Ann Howell at the number you gave me and she is being very professional and helpful. Hopefully she will able to get this resolved. I sure appreciate the number.
I’ll email you again with an update.
The update contained bad news.
Bank of America is telling me that the charges were created by someone in Reston, VA who is actually swiping my debit card and using my PIN to conduct the transaction.
The thing is, though, that this debit card has NEVER been used. I only opened the bank account 2 months ago and have never used (or even intended to use) the debit card.
The debit card that automatically got sent to me when I opened the account has sat on my desk in my home, and has never been used. It hasn’t even been touched by anyone except for me.
The only possibility here is that someone has breached the security at BofA, stolen the account number and PIN, and generated their own card using this information. There is no other explanation.
Unfortunately, the fraud department works for BofA so I can probably forget about the idea of getting a fair investigation into this.
Anyway, that’s the update.
We asked Dave if he was going to be reimbursed for the fraud:
They put the money back in my account, calling it a “Temporary” adjustment.
So the implication is that if they decide that the fault is not with them, I guess they’ll take the money back again. This is the problem: the company is investigating themselves and there’s no third party oversight.
I’m very disappointed in Bank of America and I am quickly moving my funds to Wells Fargo and will be canceling my BOA account. I am also going to have to freeze my credit, as I have no idea how much information BOA leaked.
I am absolutely convinced that there is a security breach of some sort on their side. It’s the only possibility.
Dave is right, there obviously has been some sort of security breach. It’s possible that Dave is the victim of pretexing. Pretexting is a name for a variety of techniques that scammers use to trick individuals or institutions into revealing valuable personal information that they can use to help them commit fraud. For example, a scammer may call your bank and pretend to be you, using information that they have about you, in order to get the bank to disclose your account numbers or issue them a debit card in your name.
Here are the steps to take when you think you’ve been the victim of pretexting:
1) Call your bank and report the fraud. Close your accounts and open new ones. You may want to switch to another bank.
2) Call one of the three major credit reporting agencies and tell them to flag your account with fraud alert notice.
Equifax: call: 1-800-525-6285 and write: P.O. Box 740241, Atlanta, GA 30374-0241
Experian: call: 1-888-EXPERIAN (1-888-397-3742) and write: P.O. Box 949, Allen, TX 75013-0949
Trans Union: call: 1-800-680-7289 and write: Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92634
You can also “freeze” your credit report. Click here for instructions.
3) Contact your local police and file a report. The report will be valuable for your records even if the police don’t catch the scammer. Since Dave’s case may involve an inside job, we’d also suggest reporting it to the FBI.
4) Finally, you’ll want to contact the FTC. File a complaint with the FTC by contacting the FTC’s Identity Theft Hotline: 1-877-ID-THEFT (1-877-438-4338); TDD: 202-326-2502; by mail: Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580; or online: www.consumer.gov/idtheft.
Your state may also have resources that can assist you, such as an “ID Theft” passport. Call your state’s attorney general’s office and ask for more information.
Anyone else have advice for Dave? Have you been there? What did you do?