"For Security Purposes, This Card Is Not Active" Is A Lie

When you get a new or replacement credit card in the mail, you have to call the number on the back to activate it, or else you can’t use it, right? Wrong. Despite the sticker on the back that says, “For security purposes, this card is not active,” credit card companies are mailing out cards that can be used without phone activation. This is a problem if the letter containing your credit card is intercepted by an identity thief, like what happened to reader PC Guy. The kicker? He didn’t even request the card, it was a forcible reissue when his store-branded card switched from Visa to Mastercard. His story, inside.

One afternoon, I received a call on my cell phone with “unavailable” appearing on the Caller-id. Ordinarily, I might have just ignored it, but I answered the call and an electronic voice informed me that it was Chase Fraud Services calling about unusual activity on my account–the call continued as follows:


Chase: Hello, this is Chase Fraud Services with an urgent call regarding your Chase Credit Card. We have determined there may be fraudulent activity on your account. Please take a moment to confirm recent purchases. Please press one to continue:

Me: One

Chase: Did you make a purchase on (yesterday’s date–they waited one day to call me) in the amount of $14.95 at [redacted–internet site]?

Press one for yes or two for no.

Me: Two

Chase: Let me confirm, you did not make a purchase yesterday in the amount of $14.95 at [redacted–internet site]?


Chase: Did you make a purchase on (yesterday’s date) in the amount of $39.95 at (an Internet Data broker–for what I later found out was a background report on me)

Chase: Press one for yes and two for no.

Me: Two

Chase: Please hold for a representative.

[Five minute hold time in order to speak to a fraud representative.]

Chase: Sir, before we proceed with this call, I need to verify your identity. What are the last 4 digits…?

Me: Excuse me, but I refuse to provide you with any personal information. I did not initiate this call and I have no proof you are who you say you are. And for all I know, this could be a” phishing” scam.

[What in the world is Chase thinking by calling customers asking them to identify themselves? It’s no wonder people fall prey to phishing scams.]

Chase: Sir, this is not a phishing scam, this is Chase.

Me: Well, that’s reassuring.

Chase: Sir, do you have your Toys-R-us Master Card in your possession?

Me: Not on me, but it is at home.

Chase: So you are confirming that you received it?

Me: Wait a second, this is a phishing scam! I have a Toys-R-us VISA and not a MasterCard. Besides, my card doesn’t expire anytime soon, so why are you asking if I received it?

Chase: Sir, I am going to suspend this account, and place a fraud alert on your credit report. Please do not use your card; we will replace it with a new account number.

Me: Wait a second, what the hell are you talking about? I haven’t used my card in months. It doesn’t expire, and it’s a Visa, not a MasterCard! Please explain what’s going on here.

Chase: Sir, we sent you a new card about a month ago.

Me: Why did you do that when it doesn’t expire anytime soon?

Chase: We had a branding change. The store signed on with MasterCard and as a result, we sent you a new card with a new account number.

Me: And is there a reason why you guys didn’t bother to notify me to expect a new card in the mail?

Chase: Sir, we have millions of customers, we couldn’t possibly notify every customer each time we send out a new or renewal card.

Me: Why is that? I signed up for Chase alerts, electronic statements and electronic notifications–it doesn’t cost you anything to email a customer.

Chase: Sir, I don’t make the rules.

Me: This is just outrageous. I don’t want yet a third account number generated. Please do not send me a new card. Just close the account.

Chase: Sorry sir, I cannot do that.

Me: What do you mean you cannot do that?

Chase: Sir, when we suspend an account for fraudulent activity, the system automatically generates a new account number. So there is nothing I can do. You will receive a letter from Chase, please sign and have it notarized and return it or you will be held responsible for the unauthorized charges.

Me: Wait a second, something doesn’t make sense. How did anyone manage to use the new card
if it requires activation from my home phone number?

Chase: That is a good question. Hold on a moment.

Chase: Sir, it was not activated. And rest assured that all these charges were declined as a result.

Me: Excuse me, but if they were declined, then why are you sending me a letter to be notarized?

Chase: Sir, it’s a procedure we must follow under these circumstances.

Still thinking that this bizarre conversation was a phishing experiment, I logged on to Chase online and confirmed that my available credit was reduced to zero on this account. The call was legit, after all! What we have here is a perfect storm of coincidences that led to this incident and if you think ID theft cannot happen to you, think again. The credit card was not stolen. It was not intercepted in the mailing process. It turns out that a careless Postal Service letter carrier delivered it to the wrong address, directly into the hands of a professional ID thief.

Without missing a beat, that person managed to use the card on the Internet for a small purchase at [redacted–internet site] presumably to see if it works, and then proceeded to use the card to pay for a background check on me at two data brokers. The Chase fraud representative lied–Chase did not, in fact, decline these charges.

In an attempt to find out who used my card, I called each merchant and I was informed that they are unable to give me any information because they could ultimately be held liable if I went after that person. I later found out they live in my zip code and through other sources, their name and address. (all three merchants agreed to immediately reverse the charges–something I asked them not to do, because I wanted Chase to investigate this).

I learned that the magnetic strip on the back of the credit card remains deactivated until a phone call is made to activate it. However the account number itself, will work if it is used online. [ed. The magnetic strip is just a dumb magnet. The “activation” occurs within the electronic credit card systems, not within the card itself]

I consider myself a savvy consumer having put in place measures to prevent this from ever happening in the first place:
1) I signed up for a credit report monitoring service that emails me whenever there is new or unusual spending activity.
2) I routinely shred all documents containing personal information.
3) I opted out at the DMA website and subscribed to Catalog Choice to eliminate junk mail.
4) I signed up for electronic statements to prevent misdirected mail
5) I routinely monitor my FICO score.
6) I signed up for credit card alerts sent to my BlackBerry.
7) I pay all my bills using Internet banking instead of sending checks in the mail.

Following this incident, I had to take additional measures to protect myself by placing a credit freeze on my credit report at all three credit bureaus as I learned that the “fraud alert” Chase placed for me is not foolproof. Apparently, if someone applies for credit electronically, the computer does not recognize the alert. (one reason why “Life lock” is a bunch of BS) Additionally, I went to http://www.optoutprescreen.com to opt out of pre-approved offers for credit and insurance and filed a report with the postal inspector regarding this incident. I also just learned that at least one bank will allow you to pick up renewal cards at a branch, instead of having it mailed to your home.
[Consumerist editors – you may want to use the following for an additional article–although it is related to this incident, it bears a separate warning:]

Do you frequently get a letter in your mailbox addressed to a neighbor? Or, perhaps, addressed to someone living down the block? Did it ever occur to you that if you are receiving that letter addressed to someone else, perhaps they are receiving your mail?

You may not be aware that the postal service has a regular carrier working your route on a five day work week. As mail is delivered six days a week, that means one day each week (usually on a Tuesday) a substitute carrier delivers your mail and they rarely know the route. These subs are not the most accurate to begin with and the postal service rarely keeps them on a regular schedule. So you can be sure that once a week mail will be delivered to the wrong address.

That is generally not a problem when all your neighbors are honest people. But, find someone who just happens to be in foreclosure or is about to be evicted and you may find yourself in my situation.With shoddy mail service, the banks are effectively playing Russian roulette with your account and personal information when they bombard you with balance transfer checks and unsolicited cards at random.

PC Guy is not the only one. KNTV did an investigation on this and the new credit cards they ordered were able to not just be used online, they could swipe them at stores, too. When questioned, Washington Mutual said they allow for small purchases to be made on non-activated cards as a courtesy to their customers. You know what would be a real courtesy? Protecting me from identity theft.


Edit Your Comment

  1. sleze69 says:

    So I guess the lesson here is that Chase and Washington Mutual credit cards don’t adequately protect their customers from identity theft.

  2. Rando says:

    Lower level STORE branded cards usually come already activated simply because there isn’t a call center in the world that could handle the amount of activation cards it would receive. You generally have to provide proper ID at the store the next time you use it.

  3. Jon Mason says:

    The security on credit card usage is already so low without them pulling this shit…

  4. RhymePhile says:

    When PC Guy says he opted out at the DMA website I had to Google what that meant. It’s the Direct Marketing Association (obviously) and you can use their Mail Preference Service…as long as you confirm your address by giving them your credit card number to “validate your identity”!

    No thanks. I don’t care if they are an association; I’m not giving direct marketers any more ways to get at me.

  5. Syrenia says:

    Last fall, Citibank called me to find out if I had received a replacement card, because it hadn’t been activated yet. (It was sitting in my “things to take care of” pile.) They left a recording on my cell phone that said that they had recently sent me a card that had not been activated, and that if I had not received the card, I should contact them using the phone number on my old card or statement.

    Tangent: A few years ago, their fraud department called me at home one day because my card was being used heavily in an unusual manner. My husband explained that I was out shopping, replacing items that had been stolen during a recent burglary. Citibank was unconvinced and flagged my account so that at the next purchase, the clerk was instructed to call Citibank. They told him to check my ID (including “does it look like her”) and then put me on. I explained about the robbery, and they lifted the hold on my account.

    First-line customer service might be hit-or-miss at times (though I usually have excellent luck on the rare occasions that I call), but their fraud department seems to be on top of things.

  6. stageright says:

    And from the picture I thought this was gonna be Paypal, once again, screwing their customers on the debit program…

  7. Imaginary_Friend says:

    This is so unbelievably fucked up. I do everything this guy does to protect myself from identity theft and basically it’s all wasted effort due to the credit card companies’carelessness.

    Nothing will change until they are sued, fined and/or legislated into stopping these bullshit practices that put consumers at risk.

  8. econobiker says:

    @RhymePhile: Back in 2001 I signed everyone’s email I could find on the DMA’s website up for the spammiest offers on the ‘net. A couple of years later they came out against spam.

    That said, it seems like this guy has his stuff id protect together yet it still failed. Nice to hear about the “lifelock” issue too…

  9. Rectilinear Propagation says:

    When questioned, Washington Mutual said they allow for small purchases to be made on non-activated cards as a courtesy to their customers.

    How does that even make sense?


  10. missjulied says:

    We regularly get mail for someone who lives at our address, but East (we’re West). Both mail carrier errors (when the letters actually do have the correct zip code – don’t they even look?), and some of this person’s mail with our address actually on it. Including, a couple of years ago, his replacement credit card.

    I cut it up and called the credit card company and let them know they had the wrong address for this person. They thanked me and then sent a replacement card – to my address! This time I called the real recipient and let him know what was going on. He must have fixed something, as we never got another card in the mail, but that credit card company is still sending a bunch of his correspondence our way, including recently a letter with his PIN on it!

    Very lucky for this person that we are not identity thieves.

  11. moore850 says:

    So why aren’t credit cards required to be sent registered mail or anything like that?

  12. K-Bo says:

    @moore850: Because the credit card companies would spend millions of dollars lobbying to stop any law like that, because it would cost them more to mail, and take away their ability to blame the USPS when things go wrong.

  13. MeOhMy says:

    That’s great…I always knew that the stupid credit card activation phone call was a thinly veiled scam to get you on the phone to sell subscription services.

  14. Syrenia says:

    @missjulied: I was getting statements and balance transfer checks for a previous resident. (Same CC company as one of mine, so I recognized the envelopes.)

    I hate balance transfer checks with a passion. Oh, wait, they are “convenience checks” now. Whatever, I despise them and hate having to shred them. Every so often, I call and ask all my CC companies to stop with the checks, and they do for a while. You’d think after so many years of my not using them, they’d stop sending them.

  15. Juliekins says:

    This is why we pay for a PO Box at the post office. Our “billing” address is there, so they send all of our bills, and those annoying checks there, as well as the replacement cards.
    Its ‘safer’ than the normal postal mail for several reasons. One of which is you have to have a key to access it, so only specific people can open your box.
    We do this because my older brother’s mail got stolen while there was those checks in it, and the thief used the checks to charge over $5000 onto his account. My brother was liable for $50, which sucked, but its better than the $5000.

  16. johnva says:

    I hate it when the credit card company calls me. I probably would not give out any personal information over the phone to someone who called me, either. But mine doesn’t call me with “unavailable” showing on the caller ID…it shows a number, instead. I can quickly Google this number to get at least some reassurance. The CSR’s always act like I’m acting weird and paranoid when I tell them I need to verify their identity before I give them any information.

  17. smythe says:

    @missjulied: Why do you keep opening someone else’s mail??? I still get mail from the previous owner of my house even thought its been 7 months, however I never open them and write return to sender on everything. It’s illegal to open someone else’s mail

  18. logie-al says:

    Last month I received a new Discover card because my old one had expired. I don’t use the card and have no balance on it. It came with the same “call to activate” warning and everything. As I never use it, I haven’t called.
    Yesterday I received in the mail from Discover a very important looking ‘pull-tab’ letter. Upon opening it, in large bold letters, it says “IMMEDIATE RESPONSE REQUESTED” and in smaller print says, “We recently sent you a new Discover Card to replace the one that expired, and we’ve noticed it hasn’t been activated or used for any purchases. (emphasis mine) Please call us at 1-800….. as soon as possible to confirm you’ve received your card.

    So right there they say that the card doesn’t have to be activated to be used. What a bunch of crap. They’re just trying to make sure I have the card, I know, but if the “call to activate” really worked, then they shouldn’t need to make sure I get the card.

  19. mike says:

    I’ve actually been concerned about this type of phishing. Unlike the interlog, there’s no way to verify who’s calling you is indeed from your bank.

    I wonder if there is a way to set up something similar to a site key to make sure that the bank can verify itself.

    “When was your company founded?”
    “What is my current interest rate?”
    “How much could a woodchuck chuck if my credit limit was $6000?”

  20. Dude, I just had a charge appear on an “unactivated” card too! I was calling to report the fraud this a.m.!

  21. SadSam says:

    This totally sucks, this guy is doing everything right and still getting screwed by the cc companies. The only solution is to not have any credit cards (I had to throw that out since everytime there is a post about debit card issues the solution is to only use credit cards). But seriously, WTF.

  22. missjulied says:

    @smythe: I don’t necessarily look at the address on every piece of mail before opening it, do you? It’s not like I’m getting someone else’s mail every day.

  23. jeff303 says:

    @smythe: I was wondering that too. How would you even know a mailing contained a PIN number unless you opened it?

  24. hititorquititornot says:

    identity theft FTW!!!

    my neighbors (well people that live in my apartment building) keep stealing my packages even when i tell USPS to stop leaving them at my door and have me pick them up at the station. As soon as the tracking number says “delivered” the USPS says there is nothing they can do (unless the shipper pays for insurance, which many do not offer)

    any ideas that you guys can help me with?!

  25. Nighthawke says:

    Mail carrier errors NEED to be reported to the local postmaster SOONEST so that they can remedy the problems.

    They have a complaint form for issues like this that you can fill out and drop in the mail slot.

    I had a card that came in tardy, after I had received a confirmation letter. I pulled the trigger on it too fast and got that card number killed, before I was supposed to go on a trip. Even with expedited handling, it still took a week to get a new card out of them. The hassle of going through all my services to redo the card number on them!

  26. humphrmi says:

    @sohmc: If I understand SecureID correctly, both parties can decode a token pin at the same time as long as the other authenticating factors are in place. So those banks that offer SecureID secondary authentication tokens could implement this. Again, if I understand correctly, it would go like this:

    Bank Fraud Dept: Sir, this is XXX bank with a fraud alert, please confirm your SecureID PIN

    You: Pin XXXX

    Bank: Thank you, your current SecureID Token # is XXXXXX.

    You [confirm Token number on your SecureID FOB]: OK, you are Bank XXX fraud department, what’s up?

    This is basically “reverse verification”, instead of you using your PIN and Token to verify, you give your PIN and they use it to give you your current sixty second token number, which you can rely upon to verify their identity. Again, I’ve heard this is possible, but I’m not an expert.

    The only problem there lies in the fact that for the remaining 60 seconds or so, the clerk who just called you has your current PIN and Token ID, because you’ve just confirmed both to him/her. Not sure how to deal with that.

    Also, of course, there are other secondary authentication schemes out there, I’m not in any way endorsing RSA.

  27. BlondeGrlz says:

    @Syrenia: I recently did some credit card juggling and then paid off a Discover card so I could use it to buy a bunch of new stuff for our new house (cashback woo!). I hadn’t even made it to the second store before Discover called my house and my cell phone to make sure I was authorizing the activity. None of my previous CC/banks have even done that and it was a nice introduction to their company.
    Actually, I’ve used my BOA credit card unactivated in the past. They sent me a new one because the old one was stolen. Ironic.

  28. Landru says:

    @smythe: You can open and keep anything that comes to your house.

  29. Gadgetgirl says:

    What gets me about credit cards sent in the mail is that the mailings aren’t padded as to disguise the credit card inside. Bad enough just about everyone knows credit cards mainly ship from Wilmington, DE, but at least go the extra mile and hide the card.

    Back to the story, it’s scary that card issuers routinely allow non swipe credit card transactions on unactivated accounts. It takes but a minute (including declining any offers while you *wait* for the card to be activated) to call the tool free number in order to get your account verified.

  30. 44 in a Row says:

    You can open and keep anything that comes to your house.

    I’m not a lawyer, but for the record, I wouldn’t be so sure about that. The mail tampering statute (18 U.S.C. § 1702) refers specifically to delivery to a person, not an address.

    “Whoever takes any letter, postal card, or package out of any post office or any authorized depository for mail matter, or from any letter or mail carrier, or which has been in any post office or authorized depository, or in the custody of any letter or mail carrier, before it has been delivered to the person to whom it was directed, with design to obstruct the correspondence, or to pry into the business or secrets of another, or opens, secretes, embezzles, or destroys the same, shall be fined under this title or imprisoned not more than five years, or both”

  31. picantel says:

    I feel for this person. I have been the victim for over 4 years of ID theft from some unknown ahole and no company will ever help me track them down. I subpoened crapital one in federal court and they refused to provide the information and then told my attorney they no longer had it even though I had them on tape telling me they had this information. I have sued multiple companies for non permissible credit pulls in the hopes I would get their attention but they just send me a 1k check and then refuse to provide the ip address or any other information on the crook. However, they then turn around and whine to the government about all the unchecked ID check.

  32. NotATool says:

    Not to mention, the call-to-activate process itself is always a sham. You call to activate your new card, and it takes several minutes because the banks like to use that opportunity to upsell you on BS services like credit protection and whatnot.

    I get so angry listening to sales pitches just to activate my card, all under the guise of card security.

    Then to find out, it’s all a sham anyway.

  33. SuperJdynamite says:

    I don’t know why those stickers always say “you must call from your home phone”. I never call from my “home phone” and it’s never a problem.

  34. satoru says:

    @humphrmi: I don’t believe what you are suggesting is possible. You wouldn’t want some other person to be able to generate the user’s token because then, that person can impersonate them. This would be the absolute worst thing to provide to a call center person! I would simply collect people’s PINs over a period of time as they called, then drain all their accounts when I wanted.

  35. Trai_Dep says:

    Credit cards should be, by law, totally liable – with no action whatsoever on the part of the cardholder, or penalty to the conned store – for any fraudulent activity on “unactivated” cards. If there’s no law, there should be.

    This is obscene.

    Oh, and Chase: change your anti-fraud calls: you sound like a phisher.

  36. noquarter says:

    @Landru: You can open and keep anything that comes to your house

    No, you definitely can’t. You can keep anything that comes addressed to you, but not things that come addressed to someone else. You can’t open and keep your roommates’ mail, nor can you open and keep someone else’s mail that was accidentally delivered to your address.

    My local post office told me the proper action when you get misaddressed mail was to cross out any of the bar-code-like stamps the USPS puts on things, write “Not at this address” on it, and drop it in any mailbox.

  37. NotATool says:

    Call-to-activate must be a program run by marketing, not by the fraud prevention department.

  38. K-Bo says:

    @satoru: What you are saying seem to be not that it is not possible, but that it is not safe. Probably true, you have to weigh the risk of the CSR having this Vs. the risk of not being able to verify the CSR is with the company. Both are big problems.

  39. SuperJdynamite says:

    Also, I agree with PC Guy about LifeLock not being all that great. I currently have LifeLock and, true to their word, they have placed “fraud alerts” on my credit reports. A “fraud alert” is supposed to be used by victims of identity theft (which I am not). According to a letter I received from one of the credit bureaus a fraud alert indicates that when extending credit to me the lender is supposed to follow “more stringent procedures” to verify my identity.

    The problem is that these procedures have never been described and I’m not entirely sure that lenders are *required* to follow them. The amount of protection they provide is dubious (it certainly explains how somebody was able to secure a small loan using LifeLock’s CEOs publicly available SSN).

    The other type of credit report protection — a report “lock” — means that, in theory, nobody can access my credit report until I call the credit bureau and “unlock” my report. I believe it costs something like $10 to lock and unlock a report. If LifeLock offered to deal with the credit bureaus and lock/unlock my reports on my behalf it would be totally worth the $9.95/month, but as it stands I may cancel it and just put locks on my reports.

  40. forever_knight says:

    interesting story. this just proves the point that paying for credit monitoring, FICO updates, etc. is not only a waste of time and money but it also gives you a false sense of security.

    would you like a 3 ft. thick concrete bunker to keep your credit cards? i promise it will help prevent identity theft. now gimme your money.

  41. johnva says:

    @K-Bo: What I do instead is simply hang up on them when they claim to be from the credit card company and then call back through the phone number that’s actually on my card. A bit of a pain, but at least then I know that I’m talking to the right person. Now if only companies would figure out that they shouldn’t use outgoing phone calls for this purpose and/or should some means of authentication.

  42. K-Bo says:

    @johnva: This is a way that those of us who care enough about this kind of stuff would think of to get around the problem, but I don’t see it ever becoming standard procedure for the credit card company to call up and say call us back so you know it is us, so only those of us who think about these things benefit from it.

  43. aka Cat says:

    @SuperJdynamite: A few years ago I called to activate a card from my work phone, and the system told me that the activation wouldn’t go through until I called from the right number. I haven’t tried it since, so maybe they’ve gotten lax. Or maybe it was just that issuer who did it right.

    I once had a FedEx overnight envelope show up, with my address but somebody else’s name. (Not the previous tenant’s name, either.) FedEx refused to return the address to the sender. A phone number I got by googling the sender’s name and address sent me to phone tree hell. Finally I just opened it and shredded the contents — I wasn’t sending that cardboard envelope through my shredder!

    I always wondered if the sender and recipient got that straightened out.

  44. Buran says:

    @Troy F.: They tried to upsell me twice (with a barely comprehensible Indian accent too) the last time I activated a card. Why exactly can’t I do it online?

  45. crabbyman6 says:

    Once I was approved for a credit card, but never received it after a few weeks. I called and alerted the company and sent out a new one, they have no clue what happened to the one they sent out previously, but said it was definitely mailed. Luckily it was never used and the closed it, I was so mad though.

    On another not, I feel like there’s all sorts of potential problems with the “checks” that credit cards send about twice a month to try to get you using them. What if these get misplaced in the mail and they just start racking up charges? Is there any way to opt out of these ridiculous things?

  46. crabbyman6 says:

    Also, my typing is terrible today

  47. Buran says:

    I keep getting DirecTV bills from an address that doesn’t exist — it should be on my block but isn’t. I tried to return the bills to the house next to me which logically would be the right one, but since it’s on the corner its address is that of the cross street and the guy there said he had no idea who the subscriber was.

    With no other clue what to do with the bills I just recycle them since “not at this address” wouldn’t help — they’re just putting them in my mail box because they apparently think I must have asked for them — my real mailing address is just one digit off from the one on the bills.

    Any suggestions?

  48. Buran says:

    @crabbyman6: Yes, although it varies by card — register for and log into online management of that card and look around for an option to opt out of “convenience checks”. If you can’t find it, write to customer support and ask.

  49. johnva says:

    @K-Bo: I don’t see why that couldn’t become the standard behavior. They could just have an automatic dialing machine call and tell you that “xxx Fraud Department” needs to discuss an important matter with you and that you should call the number on the back of your card. This seems like the only secure solution if they aren’t going to go with some sort of two-way authentication procedure. Might be more inconvenient for them, but I could see them doing it if phone phishing becomes a prevalent enough problem.

  50. K-Bo says:

    @crabbyman6: I opted out of every option of paper mail they would let me, now I only get them about 2-3 times a year. Shouldn’t get them at all if I’m not signed up for paper, but hey 2-3 a year is better than 2-3 a month.

  51. sburnap42 says:

    @Trai_Dep: They are. You aren’t liable for any charges that were incurred because of failed security.

  52. SecureLocation says:

    It’s true. i used a new card the other day without calling to “activate” it. They like to use the phone time to try to sell you other stuff.

  53. wildwhuck says:

    @missjulied: how do you know he had recieved a letter with pin information without opening his mail? that is very wrong and how are we to believe that you haven’t stolen his idenity if you are willing to break the law by opening mail that doesn’t belong to you.

  54. nardo218 says:

    This is so fake. Someone wrote this for his freshman creative writing “discover dialogue” assignment.

  55. jonc20 says:

    This just happened to me yesterday. I was mailed a new credit card from BANK OF AMERICA I’m guessing because it was a few months away from expiring. There was no activation required or anything. I was shocked. Thank god I checked my mail soon after it was delivered.

  56. Credit card fraud? Yes.

    Identity theft? No.

    For it to be ID theft, someone would have had to have opened up new accounts and/or loans in his name, or otherwise abused his contact info.

  57. ceilingFANBOY says:

    BOA sent my replacement card already activated to my house…the replacement card they were sending me because they had to close the prior account due to fraudulent use. They even sent two of the cards in the mail, the rushed one and the standard shipping one.

  58. Imaginary_Friend says:

    @Jeff the Riffer: Did you RTA?

    “Without missing a beat, that person managed to use the card on the Internet for a small purchase at [redacted–internet site] presumably to see if it works, and then proceeded to use the card to pay for a background check on me at two data brokers.”

  59. trujunglist says:

    From the article, it appears that through some sort of spying, skiptracing, or other subversive technique, the OP was able to get the address of the dude who tried to steal his money and then attempt ID theft.

    Question: When do we get to hear the story about him going to the person’s house and shoving his foot up their ass?

    I’ve always wanted to catch someone trying to steal large amounts of items or money from me just so I could fuck them up beyond repair. Or, maybe make their lives really miserable by fucking with them relentlessly, and THEN kicking the crap out of them. I have dreams, hours long (well, in dream land), of me destroying the lives faces, and bodies of the people who broke into my car and stole all of my cds and stereo equipment. I really envy the OP for the chance that he has. Hopefully, we get to hear a follow-up!

  60. Eliamias says:

    That is scary. Personally, when I get a new credit card it comes through registered mail and I have to sign for it at the post office after showing ID. Is that just a Canadian thing? Either way, I’m thankful.

  61. RvLeshrac says:


    The DMA is a very legitimate organization. They were the only non-antispam/ISP group at the FTC Spam Hearings years ago that supported extremely strict legislation against spam, since they recognize that bombarding people with crap they don’t want simply reduces the number of responses over time.

    Yes, they’re somewhat responsible for the deluge of junk mail you get every week – but they also have respectable guidelines which they encourage all of their members to follow, including opt-in practices.

  62. WayneB says:

    I had a similar experience with Chase switching me from Visa to Mastercard about 7 years ago. But they didn’t call me, I found out as I signed in at their website when it instructed me to call them immediately. I called and learned that the Mastercard which I knew was coming (they had sent a letter a month earlier to inform me) was pre-pwned and someone tried to buy $500 of stuff at Neiman Marcus. Chase had denied the transaction and shut down my account. They sent me a second Mastercard. Eventually both cards arrived in the mail, and neither envelope showed signs of tampering, so it’s a complete mystery how someone got the card number.

    As the nice person on the phone reviewed the past two weeks of purchases with me, it was disconcerting how Chase couldn’t distinguish between purchases I made on my existing Visa card in the days leading up to the incident and the purchases the thief tried to make on the not-yet activated new Mastercard.

    Side effect: Ever since then, a few times a year I get Neiman Marcus catalogs in the mail.

  63. Catfishy says:

    Let me clear up one thing about the postal service. You have a “Regular” letter carrier who does indeed work 5 days a week. They are on a rotating schedule with their days off advancing by one day each week. So if they are off on Monday this week they will be off on Tuesday next week and so on. They get one 3 day weekend every 5 weeks when the Friday (last day of old week) and Saturday (first day of new week) run together. On the Regular’s day off, they have a regular carrier called a T-6 on your route. It is the same guy every week. This is his route. He has 5 routes that he is responsible for and carries each of them during the week. as a result of needing to know and memorize all 5 of the routes, he is paid an extra paygrade over a Regular carrier. His day off rotates as well. Your house will be delivered by your Regular or this T-6 carrier every day, and the only time there will be a stanger carrying your mail will be during the vacations or sick days of your Regular.

    Having said all of this, there is always the possibility of mail being misdelivered. I will make no excuses for any carrier because mistakes are made period. Mail is sorted to some extent by a computer these days. That barcoding at the bottom of your mail shows your zip code, route, and address. When the computer misplaces a letter it is bundled in the wrong address. Ultimately it is the job of your carrier to double check before putting the mail in the box and catching these misplaced letters, but since they are humans they do make mistakes. It happens to everyone. Because it happens once, there is no reason to then assume that because you had a misdelivery to your house that the rest of the houses on your route also got misdelivered mail. People need to realize that the guy who is delivering the mail is a human and is not infallible. He’s working in the snow while you are home because your company shut down. He’s delivering from a boat when a hurricane drowns your city. He’s delivering after an earthquake has devastated your town. Remember those times as well as that one misdelivery if you can. Humans do screw up. Too bad it happened that your mail went to a thief. The thief is to blame in this case. Sure the mail allegedly went to the wrong house but it is possible that the thief stole it from your mailbox too. Any way, the sticker is BS and that is the story.

  64. sventurata says:

    @Syrenia: Was your husband authorized to discuss the account? If not, as per privacy laws, they’re not allowed to take what he says into account. Most people don’t keep track of what cards their SO is on, so that might be why you were further detained.

    @johnva: If they’re asking for “personal information,” you need to find a better bank. If they’re asking you to confirm yes/no to purchases that you’ve made, you’re not in danger. The safest, failproof, least arrogant move is to call the customer service line on your card/statements. (I know you probably know this, but I can’t reiterate it enough!)

    Reading your later comment, yes, the suggestion to leave an automated message to call the Frd. Dept is a better method, but would the response rate be as high? (We don’t use the automated menus like Chase does, so I can’t speak for those, but having a live person on both ends of the line really expedites the process!) Many people find fraud verification calls irritating and choose not to respond (or don’t receive the messages, are too rushed, etc.)

    @sohmc: See above. Back of the card, ask to speak with the fraud department. A typical fraud rep can’t answer those piercing questions!

    @humphrmi: Intriguing. I’ll have to read up on that. I’ve used SecureCode fobs for other purposes, but not customer service.

    @SuperJdynamite: You’re subject to extra verification. Some of the home phone systems are set up to activate entirely through the NIVR (not the best method, considering ANIspoof devices costing under $30 can copy and display anyone’s number these days.)

    @NotATool: Basically. Depends on the bank, but you’re not far off. Try using it for large or suspicious purchases and let us know how that goes.

    @forever_knight: Agreed! Face it folks, identity theft is a part of modern life, and you can never fully protect yourself from it. Diligence is admirable, but it’s never foolproof.

    @ceilingFANBOY: now with 100% more fanboy: The rushed cards are always pre-activated, because they are delivered (ostensibly) to you personally, or someone authorized to sign on your behalf.

  65. sventurata says:

    And I haven’t even talked about the article yet!

  66. billhelm says:

    @johnva: caller id can be spoofed very easily…

  67. sventurata says:


    1) Stealing someone’s card from the mail is not ID theft, it’s mail fraud. ID theft/account takeovers typically involve data that can be used to impersonate the victim and obtain new credit. Account takeover can rely on stolen mail, but not just the one card… it’s when someone who possesses this data (DOB, SSN, mother’s maiden name, knowledge of existing credit/previous addresses/contact info) alters your account without your permission to add on other users, change your address, etc.

    Mail fraud doesn’t have to rely on any of the above, all they need is an intercepted card. Not ID theft. If I stole your Amazon.com package, same deal.

    2) The Chase rep sounds like a tool.

    3) But hearing “Aha! This is a phishing scam!” ad nauseam would make anyone flinch.

    4) The letter doesn’t need to be “notarized” … in other words, “certified by a licensed public officer who serves as an impartial witness to the signing of documents” (thanks Google). You need to sign it. Big difference.

    5) I’m sorry to rag all over your unpleasant and unsettling experience, but it’s quite irritating to hear people who don’t know what they’re talking about bandy about terms like they’re experts. This has bothered me for some time at Consumerist, but, hell, not like I’m an expert in much either! Editors… work with me here!

  68. Bryan Price says:

    I live at 726 Winfred S. There exists (and not far away either) a 726 Winfred N. Things I’ve expected to show up here show up there, and things that should be showing up there show up here. USPS, UPS, FedEx, DHL. You name it.

  69. richtaur says:

    Wow I got mad just READING this.

  70. notallcompaniesareevil says:

    I think it’s probably safe to give out the last 4 digits of your account number unless you have a real reason to think the person on the other end of the phone is a fake. Don’t give out all of the digits, however, whatever you do.

  71. tomsucks says:

    I usually hate commenting on these because most of the comments that are irrelevant exist anyway and push down good material. But, a friend of mine in New York complained constantly of this, he lived at * ** Way, and another person around the corner at * ** Drive would get his mail, and vice versa. Including his netflix, which they would watch and return a few days or a week later.

    They complained to the postmaster several times, nothing happened. Deliver all important mail registered, dammit. How hard is that? To say “you gotta sign for this letter”. Sure, it costs more, but is your credit score worth less than $1.20?

  72. Though the company is entirely the subject of this post, I would like to use this opportunity to reiterate my pure, unadulterated hatred of Paypal.

    Paypal, for helping thieves steal from me and not doing anything about it (except for reporting me to a credit agency), I hate you so much.

    More on this later.

  73. humphrmi says:

    @Mrs. Basil E. Frankweiler:

    Intriguing. I’ll have to read up on that.

    Even though I suggested it, I’m flip-flopping. As @satoru said, giving your PIN to CS would be the worst idea ever, because it doesn’t change, only the token does. I hadn’t thought it through, now that I have, it sucks. Sorry. But there’s got to be some better way to do this, some way that you can verify the identity of a company that calls you and claims that they want to fix a problem that you don’t know about yet.

    BTW great nick. I read that novel as a kid and loved it.