A Stranger Is Using The Bank Of America Debit Card That Is Sitting In My Desk Drawer

The other day reader Dave wrote us because he’d noticed a bunch of strange debits from Sprint on his bank account. Since he uses Sprint, he thought it was a billing error, albeit a serious one, because Sprint had debited $1,717.49 in the past two weeks. Dave hadn’t been able to find anyone at Sprint to help him reverse the charges and wrote to us for advice. Yikes!

We suggested he immediately call his bank and report the debts as fraud. We also gave him the Sprint executive customer service number.

It turns out that the charges were originating from someone who was swiping Dave’s actual debit card and using his PIN. One problem: His account is only 2 months old and he has never, ever, ever used his debit card. So how did a scammer get it?

I’ve been a Sprint PCS customer since late 2005 and haven’t made any changes to my account. Each month my bill is automatically paid through my bank.

2 weeks ago, however, Sprint started automatically withdrawing large sums of money from my bank account with no apparent reason.

12/27 – $300
12/27 – $300
12/31 – $300
12/31 – $300
01/10 – $300
01/10 – $217.49
$1,717.49 total taken out of my account in the last two weeks.

I called Sprint and talked to 3 representatives, all of whom had no idea what is happening, and they could not commit to resolving it in a timely manner. All they could do is take a report and have the “back office team” take a look.

Have you ever heard of that happening before?

We replied, telling Dave that we thought he should call his bank immediately, and shared the number for Sprint’s executive customer service team.

Thank you. I’m talking to Ann Howell at the number you gave me and she is being very professional and helpful. Hopefully she will able to get this resolved. I sure appreciate the number.

I’ll email you again with an update.

Dave

The update contained bad news.

Bank of America is telling me that the charges were created by someone in Reston, VA who is actually swiping my debit card and using my PIN to conduct the transaction.

The thing is, though, that this debit card has NEVER been used. I only opened the bank account 2 months ago and have never used (or even intended to use) the debit card.

The debit card that automatically got sent to me when I opened the account has sat on my desk in my home, and has never been used. It hasn’t even been touched by anyone except for me.

The only possibility here is that someone has breached the security at BofA, stolen the account number and PIN, and generated their own card using this information. There is no other explanation.

Unfortunately, the fraud department works for BofA so I can probably forget about the idea of getting a fair investigation into this.

Anyway, that’s the update.

Dave

We asked Dave if he was going to be reimbursed for the fraud:

They put the money back in my account, calling it a “Temporary” adjustment.

So the implication is that if they decide that the fault is not with them, I guess they’ll take the money back again. This is the problem: the company is investigating themselves and there’s no third party oversight.

I’m very disappointed in Bank of America and I am quickly moving my funds to Wells Fargo and will be canceling my BOA account. I am also going to have to freeze my credit, as I have no idea how much information BOA leaked.

I am absolutely convinced that there is a security breach of some sort on their side. It’s the only possibility.

Dave

Dave is right, there obviously has been some sort of security breach. It’s possible that Dave is the victim of pretexing. Pretexting is a name for a variety of techniques that scammers use to trick individuals or institutions into revealing valuable personal information that they can use to help them commit fraud. For example, a scammer may call your bank and pretend to be you, using information that they have about you, in order to get the bank to disclose your account numbers or issue them a debit card in your name.

Here are the steps to take when you think you’ve been the victim of pretexting:

1) Call your bank and report the fraud. Close your accounts and open new ones. You may want to switch to another bank.

2) Call one of the three major credit reporting agencies and tell them to flag your account with fraud alert notice.

Equifax: call: 1-800-525-6285 and write: P.O. Box 740241, Atlanta, GA 30374-0241
Experian: call: 1-888-EXPERIAN (1-888-397-3742) and write: P.O. Box 949, Allen, TX 75013-0949
Trans Union: call: 1-800-680-7289 and write: Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92634

You can also “freeze” your credit report. Click here for instructions.

3) Contact your local police and file a report. The report will be valuable for your records even if the police don’t catch the scammer. Since Dave’s case may involve an inside job, we’d also suggest reporting it to the FBI.

4) Finally, you’ll want to contact the FTC. File a complaint with the FTC by contacting the FTC’s Identity Theft Hotline: 1-877-ID-THEFT (1-877-438-4338); TDD: 202-326-2502; by mail: Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580; or online: www.consumer.gov/idtheft.

Your state may also have resources that can assist you, such as an “ID Theft” passport. Call your state’s attorney general’s office and ask for more information.

Anyone else have advice for Dave? Have you been there? What did you do?

Pretexing [FTC]
FBI Field Offices [FBI]
HOW TO: Get Through Having Your Identity Stolen
ID Theft Help [FTC]
How To Freeze Your Credit Report

Comments

Edit Your Comment

  1. darkened says:

    I pray to god the rest of the stories I’ve read her about BofA and fraud involving them don’t make your story be a repeat.

  2. youbastid says:

    I doubt this error came from BoA. But rest assured Dave, you will most likely get your money back permanently. I had a similar situation where I lost my card. I called up to report it lost and BoA cancelled the card and sent me a new one. A year later, $500 of charges were made to the card, and when I called their fraud dept they said the charges had been swiped – with the OLD card.

    The reason you don’t really have to worry is because your BoA check card is also protected by Visa’s rules regarding theft liability.

  3. BubbaJudge says:

    2 years ago BoA allowed someone to supposedly come in off the street and open up a private and business checking account in my name with only a Costco picture ID. This highly implausible explanation was all I could ever get their fraud dept to admit to me, and I never found out the real details.

    Of course i didnt find out about these new accounts until BoA called me, and wanted me to pay up on over 30k in overdrafts.

    I dont have the time to go into how long this took me to get cleared up, but bottom line, I wouldnt trust BoA to take my trash out.

  4. forever_knight says:

    i love that the victim decided to email consumerist before talking to his bank….

    the consumerist: we’ll dish out common sense if we have to!

    snicker

  5. ManicPanic says:

    This happened with a company credit card at one of the companies I worked at. The bank (a local Ohio bank) called us with regards to POS transactions taking place in Mexico. We had the card in our possession–seems someone was able to make a copy of the card and use it. Very scary. They did refund us the charges and issue us a new card but REALLY??? These scammers are getting GOOD which is scary.

  6. ncboxer says:

    I’m not getting something here- if it was only BofA, what does the Sprint thing have to do with it? Sprint does have his bank details, minus his PIN number. The money was taken from an ATM I assume (I thought ATM’s had limits to how much you could get out in one day from them). Why does the statement show Sprint as having took it? I’m just really confused…

  7. bohemian says:

    @BubbaJudge: Banks let this kind of thing slide under their radar but ding customers for every action they take to pull in more cash. Wouldn’t it make more sense to do more to deter large fraud like this and not lose the money in the first place rather than looking for new fees on customers to make up for it?

    Has anyone had a nightmare story like this with a small bank or credit union? They seem to always come out of the big banks like BoA, Wachovia or Wells Fargo.

  8. bohemian says:

    If someone actually obtained the card itself AND the letter with the PIN number somewhere between them being printed and the rightful owner pulling them out of the mail box those are all potential fraud points.

    Are these printed in a secure facility owned by BoA with BoA employees. Or is this another thing farmed out to a third party? Do those letters ever sit somewhere other than the post office? Are BoA employees taped where they are processing them? Otherwise the only other possible sources would be postal employees or someone stealing it out of a mail box. Someone could take the envelope out of the mail box, steam it open copy the card, reseal and put back in the box. Sounds paranoid. But our rural route boxes right on the road sit with mail in them all day long while everyone is at work. There was something I read a few months ago about postal employees grabbing netflix movies out of the mail and taking them home to watch them. It wouldn’t take much for a postal employee to borrow your card and pin letter for a day either.

  9. TechnoDestructo says:

    Dave might be able to tell for sure what happened if he tries to use his card. I’m pretty sure it wouldn’t work, if someone else had reported his card lost or stolen in order to get a new card and PIN.

  10. diesel1 says:

    This is scary, the same thing actually happened to me on 1/10/08. Bank of America alerted me that someone swiped a physical card to make purchases in states I’ve never been to with my BOFA check card. What scares me the most is that I live ten miles from Reston Virginia. I think something is amiss at Bank of America and they arent telling everyone the full story.

  11. UpsetPanda says:

    @bohemian: That’s a good point…I don’t know if mail is printed with the account number or if it just prints with xxxxx and then your last four digits.

  12. robdew2 says:

    I had a very similar thing happen to my BofA account two weeks ago. It still continued AFTER the card was cancelled.

    I left BofA because of this.

    It was the first time I ever felt my money was not safe in the hands of a bank.

  13. DallasDMD says:

    Card numbers follow a known format. Anyone who knows the algorithm or has access to a number generator can generate valid credit card numbers. It is just a matter of finding one that corresponds to a valid bank or credit account (not that hard).

    Additionally, magstripe programmers can be had or built from parts very cheaply and easily. Viola, instant credit card with someone else’s account number without ever taking their card.

  14. Nighthawke says:

    I’d be playing call a clearing house on this bit. Giving Visa a jingle will let them know that something funny is happening at BoA and they will give them hell over it. Their next to zero tolerance policy carries over to distributors.
    Someone post some fraud complaint numbers to raise some of the major CC companies?

  15. Rando says:

    Actually Dave is shit out of luck.

    It’s one thing for the card to be present, but its another for the card to be present and the PIN used. Visa will NOT do a chargeback no matter what and the fraud department more than likely will not take a hit. You’ll have to pull some very nice strings through BoA to get this one fixed buddy.

    Sorry, but I also find it hard to believe.

  16. sleze69 says:

    @robdew2: It still continued AFTER the card was cancelled.

    And THAT is why I will never open any kind of personal credit card with BoA (I am forced to use my work card from them).

  17. croeso says:

    The problem isn’t just with BofA. I shuddered when Dave mentioned that he pulled his money out of BofA and put it in Wells Fargo. I had a wallet stolen and despite promptly reporting it to both the police and Wells Fargo, for months afterward Wells Fargo was honoring checks on the account and debit card purchases. Finally a Wells Fargo employee told me that since my wallet with it’s drivers license was stolen, the thief had access to so many pieces of identification that even if I opened a new account, the thief could still access it by simply saying he lost the account number. I pulled everything out of Wells Fargo and put my money in the Patelco Credit Union, one of California’s largest. Because many Credit Unions have agreements with others around the country, I can use other credit union offices as if they were my own bank, and their ATM’s without a fee. Because I travel extensively for work, I’ve made use of this nationwide.
    Just as good as using one of the major banks… and with credit union benefits.

  18. Michael Belisle says:

    @forever_knight: Ditto.

    Dave’s animosity towards BofA without knowing what happened seems premature. Perhaps he should wait until Bank of America’s fraud department makes a statement before complaining about lack of third party oversight. They did credit his account and they’re no evidence from his story that they’re predisposed to screw him over and decide to reverse that.

    And then if the outcome isn’t satisfactory for Dave, it’s time start rallying the torches and pitchforks.

  19. JiminyChristmas says:

    @ManicPanic: I had a similar experience with one of my own cards a few years ago. I got a phone call from my CC company asking if I had recently tried to buy $800 worth of groceries at a Publix in Florida. Both me and the card in question were home in the Upper Midwest at the time, and I hadn’t been to Florida since 1984.

    Apparently what happened was the scammer attempted to use a counterfeit card, which just happened to have my account number. Luckily, the charges never went through and I was set up with a new account right away.

  20. Buran says:

    @youbastid: But not by federal law — which is why I no longer have an actual debit card, just an ATM card, which can’t be used to buy things in stores since it doesn’t have the VISA logo.

  21. johnva says:

    @youbastid: It’s not necessarily covered by Visa zero-liability rules if it’s a PIN-based transaction.

  22. vision4bg says:

    I had my Bank of America details stolen as well – from an unused debit card. Definitely seems like a security breach… not sure if it’s actually BoA’s fault or craft scammers trying bulk numbers of cards or what though. Aside from this I’ve had nothing but a great experience with BoA.

  23. Buran says:

    @randotheking: I doubt he’s the one who screwed up, and if they really aren’t his charges he should well be able to recover the money, even if he has to fight hard for it. If he can prove he wasn’t in the store where the charge went through, he should be OK.

  24. ekoshyun says:

    Same thing happened to me while using Wells Fargo. Debit card in my pocket and someone was using a pin number.

  25. Jim says:

    @JD: This has concerned me greatly for years, both my personal and company credit card companies include the full account number on all communications. Same with banks. My former bank even printed the full account number and my name on ATM receipts! (I think that has been fixed since, but if your money is at Arvest, take a look). Bohemian‘s steamed envelope idea is completely plausible and has kept me up more than one night.

    @bohemian: I had a similar situation with a small local bank years ago. By coincidence a college roommate and I banked at the same institution. Somehow, when he changed his address at the end of the year, my address was changed as well. He received my statement and account info, ordered some checks and had a grand old time.
    A few months later, my dad called me because I was in the newspaper on the court docket for check deception. All of the banks’ bounced check notices were going to “me” at the roomie’s address. Back in those days, I didn’t pay much attention to my finances, I just went by educated guessing that I was spending less than I was depositing – meaning I never even noticed I wasn’t getting my statements.
    Everything got sorted out eventually, roomie went to jail, I learned to balance my checkbook and call the bank if I don’t see my statement when I think I should.

  26. stanfrombrooklyn says:

    This thing happened to me a few years ago with a different bank. I was in LA and checked my balance online. There were 8 withdrawals from an ATM at a truck stop in New Jersey. The card never left my possession and the bank said the money was taken using the ATM card. When I pressed for details how it could happen that my card in LA could be used to take money out of a truck stop ATM in New Jersey, I got absolutely no details. They did put the money back in my account but they didn’t seem too interested in figuring out how it happened.

  27. uricmu says:

    Years ago someone used my debit card to buy gas in Germany. For some reason, Visa didn’t bother flagging it as suspicious even though the same day I had transactions on another continent.

    Luckily, they fixed things and refunded me immediately.

  28. TechnoDestructo says:

    @randotheking:

    But did they use HIS PIN, or did they get a new PIN issued?

    Simple enough to find out.

  29. johnva says:

    Here’s my guess about how some of this may be happening: compromised POS terminals. Some of these terminals can run custom software, and they obviously “see” the PIN in the clear before it’s encrypted to be sent to the banks. If someone were to install some kind of malicious software on one (either remotely or as an inside job at some merchant) they could steal a lot of PIN’s and card numbers. However, this does not explain a situation where the card was never used. That would seem to suggest a larger security breach of some kind.

  30. Buran says:

    @johnva: Or mail theft, possibly. I’m always a bit paranoid about sending stuff through the mail like credit cards, but when my MC expires in March I will have to have a new one sent to me before that — by mail.

    At least with check cards, if this ever happens to me I can say “Hey, I cancelled my check card and went ATM-only when I dropped my card and cancelled it right away, this is therefore fraud no matter how many times you swear it has a PIN attached, check your records. If you don’t cancel the debits I’ll be leaving, and suing you”.

  31. bohemian says:

    @Jim: You want to know how easy ID theft would be if you had enough information? I do most of our day to day financial tasks because my SO is just too freaking busy to. I need access to statements for two of his loans so I can look at transaction data. I can only get limited information on one of them over the phone because I’m not officially on his loan. But there is absolutely nothing stopping me from setting up an online account for that loan & bank account. He knows I am going to so I have his permission to do that so I can monitor the loan payments etc. But anyone with the account information and a valid email address could fake their way in. Shudder.

  32. shadow735 says:

    Sorry but when you make purchases on your visa/mastercard atm card you dont need your Pin number unless you are swiping it at a machine, if Sprint charged his card you dont punch in your pin over the phone.
    You can use it and have the $ taken right from your account but it doesnt require a pin number.

    Also you have multiple withdrawls one on 12-27, another on 12-31, and another on 1-10 why didnt you call the bank and cancel your cards and/or account? Were you on vacation and not aware? I check my accounts everyday I watch for all my transactions to clear its how I balance my bank account so I notice anything out of the ordinary. If I see something I call my bank right away.
    Pay attention and monitor your life or you will get taken in big time. Its easier to clear up fraud and identity abuse if you catch it right away, harder if you let it go for months.
    Opps that reminds me I need to get a print out of my credit report heh heh

  33. shor0814 says:

    All the scammer needs is the account number, especially for a new account. I can see it now:

    Hi, I just opened a new account and I haven’t gotten my debit card.
    Sir, we sent it out on XX/XX/XXXX
    Oh that explains it, I forgot to give you my change of address, I recently moved and used the old address.
    Oh ok, can you give me your new address?

    New card, new pin, and the old one in the desk drawer is probably deactivated.

  34. Rufdawg says:

    Most of these posts are filled with uninformed and unfounded paranoid rantings. In general, depositors’ accounds held in federally chartered banks are mostly protected from liability from unauthorized electronic transfers under Regulation E. See 12 CFR §205 (2007). As long as a customer tells their bank that either 1. their card was stolen/lost within two days or 2. unauthorized charges appeared on their account statement within 60 days liability is limited.

  35. teapartys_over says:

    Strange, this same thing just happened to a friend of mine with Sprint – minus the debit card issue. She had them billing her on automatic deduction and they deducted the same amount from her bank account several times, causing her to bounce checks.

    Also, this is why I do not allow banks to issue me a debit card. I don’t believe in having a card where money can be taken from my account directly. As much as the bank says you’re protected, it’s at their discretion to reimburse you or not. I feel so much more secure having a credit card that I pay off every month. i don’t see what is so hard about that for people, and debit cards are dodgier than you realize.

  36. Rando says:

    @TechnoDestructo: Companies dont send the PIN and Card out together. Since he has admitted to already having his card, but the card is magswiped, there is no way it’s fraud.

  37. Rando says:

    @shor0814: It’s not that easy. You have to be calling from the home phone number listed on the account, if you aren’t then additional security questions are asked. If you fail, no deal, if you pass, information changed.

  38. julieannie says:

    I had a friend whose account number somehow got linked to another person’s ATM card so when the other person withdrew, it came from my friend’s account. The other person notified their bank when they noticed deposits weren’t showing up (but of course not when debits weren’t showing) and my friend had already flagged her account and after a few weeks they figured out the issue.

  39. gingerCE says:

    He’s being told the person used his PIN. Most likely, the purchases are credit card type purchases on a dummy card with his number debit card number on it.

    What’s surprising is if you look at the dates, there’s a good 2 weeks on time between all those purchases. Why didn’t BofA contact him first letting him know there might be suspicious activity on the card? I’ve had my credit card company call me when I made several 1 dollar transactions on ebay. BofA should’ve stepped up to the plate on this.

  40. Amelia Subverxin says:

    In the Chicagoland area, there was been reports of someone installing skimming devices to ATMs that steal account number with a camera that records PINs. It’s probably not what happened in this case, but the technology is out there. [www.abclocal.go.com]

  41. connecticutmrs says:

    Interesting, this just happened to me as well. Except with another bank (People’s) and there was a Sprint Charge (Reston, VA which I think is where their bills go), Direct TV and Cablevision. All services that I don’t use. They are currently investigating but I did get a provisional credit. I find it totally baffling how this can happen while I have my card in my possession.

    I hope to hear more comments on this, especially since I’m experiencing it now.

  42. starbreiz says:

    Pretexting? Didn’t that used to be called ‘social engineering’?

  43. SacraBos says:

    @Jim: Sorry about that. I had a druggie roommate in college for about two weeks. Didn’t like me too much since I tended to open the doors/windows in the summer, the drafts making rolling joints difficult. About a month after that, he got busted for forging his new roommates checks.

  44. elislider says:

    bank of america has gone to shit. its terrible.

  45. econobiker says:

    His card was cloned and is being used as a credit card -screw the pin info.

    I got hit with the TJX data breach in late ’05 early ’06. Nimrods at my bank (former amsouth) tried to claim in my initial contact that someone had gotten the card and used it. I was able to counter- 1. card is in separted spouses name, 2. card had been in bottom of file cabinet for 9 months prior, 3. former spouse did not leave my state on superbowl weekend for a $2100 jaunt in one day in NYC (they got Bananna Republic NYC for total of $1700 in two transactions in two hours).

    Later had an Chase card which I hadn’t used in 5 months get cloned and used just at a gas station in Florida. Also probably TJX or similar.

    Always have at least one active and one reserve checking account available to you – if not two active if you do alot online or deal with creditors. The days of just one checking account are gone…

  46. dave4dave says:

    I’m the “Dave” of the article.

    I didn’t notice the theft until 2 weeks after the first incident because I don’t check my bank account every day like most people on this site seem to do. I’m an average person who does not constantly check all my assets. It was bill-paying day and that’s why I was logged into my bank’s website.

    A note of clarification:

    1) The card was supposedly swiped, and the PIN was supposedly entered. The PIN on this card is the same would have to be the same one the bank assigned; I never changed it as I never planned to use it. So the perpetrator somehow found out the PIN of the card that was originally assigned to it, or they changed it with social engineering/pretexting.

    Quoted: “Since he has admitted to already having his card, but the card is magswiped, there is no way it’s fraud.”

    Ahem. I -NEVER USED THE CARD-! It arrived in the mail, I set it on my desk next to my computer monitors and that’s where it has been since day 1. It’s never been swiped on any machine, period.

    A final note of clarification: I’m a Sprint customer but have always paid the bill with a credit card issued by Chase. Sprint shouldn’t even know where I bank.

  47. ExtraCelestial says:

    @ncboxer:
    Interesting. I *think* (and I could be wrong) that maybe the perp used the card to pay for his Sprint bill using the debit feature rather than credit and signing. If this was online, I know ATT doesn’t actually ask for your PIN to use it as debit (not sure about Sprint), you can just check a box and complete the transaction never knowing or entering your PIN. I’m just assuming by debit they don’t mean ATM card they mean checkcard with Visa logo. I’m also just kind of shooting in the dark here though.

  48. ExtraCelestial says:

    @gingerCE:
    Agreed. I bought gas twice in one day and ING DIRECT freaked, put a hold on the card, and called me as I was mid- pump.

  49. I had some odd charges show up on my BoA card but decided to wait until the end of the week to check on them because they were all temporary charges for like $1 from PayPal and I figured that it was probably just a temporary authorization from something I did legitimately buy. The next day, I got a call from BoA saying that they saw suspicious charges on my card and they closed my account until I verified the charges. When I went onto my account, none of the charges I thought were suspicious were listed on the fraud watch and I figured that they were just being careful because I had made charges in Baltimore during the day at school, Hanover, PA at 2 AM (late night Wal-Mart run), and then again in Baltimore the next day. However, just to be safe, a couple days later I had checked my account again and somewhere between $500 and $700 had been charged to my card. Even though it was about 10PM when I called, I was able to get customer service, though. They informed me that I had to call again the next day when the offices opened at 6AM. Even though it was Saturday, at this point, I was able to get through and have my issue resolved first thing in the morning in a short enough time that I wasn’t even late for work. They credited all of the charges back to me, changed my account number, sent me a new card, and all I had to do was tell them which charges were fraudulent and sign the affidavit that came in the mail. It really was about as pleasant of an experience that you can expect given the circumstances.

  50. neverest says:

    I actually had a similar experience with BofA – new account, opened for less than 3 months, and somebody tried to use my new debit card and the PIN to change the account address from MA to San Francisco. I do use my debit card actively although not that specific one at the time – it was a brand new debit card (with different numbers) that I don’t even think had been activated for very long, so I was using my old debit card linked to the same account as the primary.

    One day I got a call from their fraud department asking me to call them back at a non-800 number in Florida, which raised my suspicion that this was an attempted phishing. As it turned out, this person wound up being legit (after having her call into a bank branch using their internal line while I was present, with credentials verified). She was very helpful in seeing through the whole process and gave me instructions as to what to do from that point on – close account, open new one, alert the credit bureaus and place a fraud alert on my file, etc.

    So same story, different ending. They luckily caught the mistake – whether or not this was due to their internal breach is questionable and I won’t assume one way or another – and I had a chance to react before this identity thief had a run at my other accounts and/or credit. I give them credit for catching this and attempting to verify it with me. The process to fix all this was a major PITA but at the end of the day, there was no monetary damage done.

  51. Myotheralt says:

    I keep getting emails from BofA to my army email address explaining about possible security breaches. The thing is though, I dont have any BofA accounts.

  52. hals000 says:

    @myotheralt: almost certainly a phishing scam

  53. siberian1967 says:

    I don’t know about you all but the USPS routinely opens our mail for us. The fun part is that its not ALL mail they open, just the stuff that contains financial details.

    In fact just tonight they opened my Fidelity Mutual Fund ‘you changed your PIN’ recently. Thank goodness they did not print my pin in there.

    Seriously, no joke. But whatcha gonna do, its probably not the local office.

  54. @neverest: I was beginning to think that maybe I was the only one who was actually getting good customer service from BoA. Then again, the fact that one of the charges to my account actually had someone else’s name on it probably made it much easier for them to figure out that I was telling the truth. I didn’t actually go to one of the banks, but I did not go to the website I was told to go to over the phone until after going to view my account on the website and seeing the same link on BoA’s website, and I only called numbers that were from their website.

  55. cyberkni says:

    This happened to my fathers business account multiple times with Fleet(before Bank of America took over). He went through at least 2 cards before they fraudulent charges stopped happening.

    The bank was very quick to fix the situation for my father(it helps when you pay them money for holding your money). However, it still shows there is some sort of weakness in the way that the credit cards and PIN numbers are created and distributed.

  56. I check my BofA account online twice a day: once in the morning and once before I go to bed.

    This is how much I distrust them.

  57. Mary says:

    I’m intrigued by the detail that the thief was in Reston, VA. Is this just the site where he’s swiping the card? Could it be where the security breach happened?

    I’m curious about this because I live in Reston. I don’t bank with BoA, but a friend does. And we’ve both fallen victim to debit card fraud in the last six months.

  58. johnva says:

    @randotheking: Completely, 100% wrong. You realize that magstripe cards can EASILY be cloned with equipment that is available quite cheaply, right? And PIN’s CAN be stolen. It’s harder than stealing just a credit/debit card number, but it’s definitely possible via many of the ways that have been discussed in this thread. All the thieves would have to do is clone a magnetic card to contain the stolen number and then enter the stolen/reset/guessed PIN (it sounds like the PIN might have still been set to the default). The problem is that the banks (and people like you, inexplicably) seem to consider PIN entry + magstripe some sort of magical security measure that can’t be breached. It’s not.

  59. BubbaJudge says:

    I find it amazing that members of this site would still side with BoA and not Dave. Makes me suspect we have BoA employees here. I count roughly 5 people who said they had similar problems with BoA so its not a anomaly. Myself, though not the exact same problem, but the same company and fraud dept, spent 6 months filled with phone calls, faxes affidavits and trips to the police dept, to finally get BoA to get their act straight and not destroy my credit because of their !@#$ups.

    Good luck Dave, I feel for you man, I wouldn’t wish BoA on my worst enemy, although my nasty side would love to seem some here get innocently nailed by our screwed up, no oversight, banking system so they understand what a hell it can be.

  60. NoWin says:

    @dave4dave: 1) The card …So the perpetrator somehow found out the PIN of the card that was originally assigned to it, or they changed it with social engineering/pretexting.

    The default PIN could be one of two: 1234, or the last 4 of your SS. So even if anyone gets a card they dont want to use, change the PIN right off the bat.

    It’s fairly easy to make counterfeit cards, it’s not that much harder for organized e-gangs to try random but known-sequence codes to see if un-used card numbers can be activated.

    One question not asked to the Dave the OP: does he have a maid service or any house-workers that have access to his den/office? Just a thought.

  61. Ben Popken says:

    @randotheking: PINS can totally be stolen, like from retailers who are supposed to wash out from the system all those PINS people punch in on the keypads, but then don’t.

  62. dave4dave says:

    “One question not asked to the Dave the OP: does he have a maid service or any house-workers that have access to his den/office? Just a thought.”

    No, we don’t have anybody in our house except my wife and our four small children (all under 8 years old). Nobody is allowed in my home office except my wife and myself. We don’t have friends who come over (we just moved to this new city) so nobody else is ever in our house.

    The PIN they assigned is completely random and 6 digits. It doesn’t match anything (it’s not the last numbers from a SSN, for example).

  63. johnva says:

    @dave4dave: Is this happening at a POS PIN-entry pad (like at a Sprint store, perhaps)? I’m trying to understand where Sprint would be processing a PIN-based transaction.

    Do you think someone could have tampered with your mail? Do you have a locked mailbox, for example?

  64. That70sHeidi says:

    @NoWin: “The default PIN could be one of two: 1234, or the last 4 of your SS.”

    Stupidest thing I’ve heard today. This isn’t 1954, they don’t do that anymore. I haven’t had a recognizable PIN on any credit or debit card in the last 10 years. It’s random.

  65. compuguy1088 says:

    @DallasDMD: I don’t want to be particulary picky in the error department. But its Voilà, not Viola. A viola is an instrument

    The story sounds creepy that they are able to make a copy of a card and have the pin even if they do not have the physical card. Sound like an inside job indeed. It is also creepy that the fraud occurred in Reston. I only live less than ten miles from there….

  66. compuguy1088 says:

    @myotheralt: That is a phishing scam. Brick and Mortar banks do not do this.

  67. fankoush says:

    I can’t help but add one “semi” positive story, this past staurday the fraud department of BoA contacted me to let me know that my card is being used in Egypt to purchase Jewlery! About 6K worth! Last time I was in Egypt, 1990! They acted quickly closed the account, reversed the charges and sent me a new card. Ofcourse my card was never stolen but someone has managed to get the number, but the security code was a bad guess.

  68. freedom69 says:

    Let me give you some valuable information. This is a classic counterfeit card and not a real big deal as far as perps are concerned. No one hacked into the banks system but more than likely some Atm system that the card was in. The bank is not the only company to have your card and pin number info. Anyway as far as catching the guy that did this…well don’t count on it, but thinking that opening another account with another bank will keep you safe it won’t.all banks have fraud just go ahead and ask them. If you have no intentions of using the card and its just going to collect dust, just have the damn thing closed out. That way no one can steal the card number.

  69. freedom69 says:

    @fankoush: No , all card numbers run in sequence so if you fall into the sequence of stolen numbers, then there is very little you could do to prevent it. But the security code on the card has nothing to do with anything because merchants often don’t ask for that.

  70. freedom69 says:

    As an FYI this is a purchase made with a stolen card number meaning it does not need the pin number in order to go through. more than likely it was done over the phone or on the internet. If thats the case then the perp did not need a pin because it is not being used as a debit. It can be used as both debit or credit and the perp used it as credit.