WaMu: You're Lying About Someone Breaking Into Your iTunes Account

WaMu’s crack fraud department is at it again, according to reader Kristin. Someone broke into her iTunes account and bought a couple hundred dollars worth of iTunes gift cards with her debit card information. She disputed the charge and WaMu told her not to worry — they’d take care of it. Two months later, while on a trip to Chicago, WaMu reversed the credits, causing Kristin to become severely overdrawn. No amount of protesting will convince WaMu that she wasn’t lying about the iTunes break-in. Why? Because she never responded to some mail they sent to her old address.

I wanted to tell you guys about my positively sexy Washington Mutual experience. On 6/01/08, someone hacked into my iTunes account, and using my debit card information, purchased two $200 gift cards, something I noticed when checking my online statement. I call WaMu immediately, tell them about the fraud, and they say they will issue me provisional credits, which they do. I then ask the fateful questions that started this mess:

“Is there anything I need to do or give you? Should I call iTunes? Do I need to investigate?”

The answer was a swift, resounding, no. You don’t need to do anything. We will contact Apple and we will investigate.

I’ve had good luck with WaMu, so I honestly had no reason to think that this was not even close to the correct answer. I’ve never been defrauded before, so I assumed that I had done my part, and that if something came up, they have my phone number and the WaMu message center, so they could let me know immediately. This was incredibly stupid.

Fast forward two months and change, I’m taking a trip from LA to Chicago for my very first production of a play I’d written. I check my balance before I leave. I take the red eye, I buy food, gum, etc. I land in Chicago at about 6 AM, and crash. The next day I try to use my card. It’s declined. I have a dress rehearsal in three hours.

I check my balance and the two credits are gone, the withdrawal dated for sometime between when my connecting flight left Las Vegas and when I woke up. I am now severely overdrawn. What’s worse, the four things I purchased while in LA and in transit conveniently all clear in the day after the provisional credits are revoked, each invoking their own overdraft. No warning. No notice. No calls.

I go the bank, the teller tells me that the bank has deduced that I lied about the fraud, and there’s nothing I can do. I throw a fit, he gives me a number to call. I call the number. The CSR tells me that what happened was that affidavits were sent to my graduate housing address on, literally, the day I moved out after getting my master’s and because they were sent back returned, there’s nothing he can do.

This is the first I’m hearing about affidavits, period. This is the first I’m hearing about affidavits being sent to an address I wasn’t at, and the first I’m hearing about them being sent back. I pitch a fit. He tells me that I could try sending proof of my residency claim and info to a fax number, and address it to an Alex Wilson.

I fax my proof of residency, and call CS back to follow up, asking if I could get Alex Wilson’s extension. I am told that Alex Wilson is not a real person. He is just a name for people to fax things to.


Also, there is no way for me to follow up with him, or the office where the documents were sent. I have to be patient and wait for a letter in the mail. I honestly have no idea if any of this is true.

I should mention at this point that due to be being stranded and broke, I have missed the final rehearsal, and half of the shows. I call CS back again. I explain the situation, I ask if there is anything she can do. She notes that the investigation is opened back up, but that now I need to contact iTunes and fax WaMu proof that what I say happened, did.

What about the affidavits? What about the part where I didn’t need to contact anyone? The CSR reinforced that she didn’t know what I was told in the past, but this was what I needed to do now. And I can’t have my provisional credit back, or the four overdrafts.

At this point, I have missed my show entirely. I call Executive Customer Service the day my flight is leaving, and leave a message. No response. I beg for a ride to the airport, and on my layover, write an e-mail to ECSR, explaining what happened. I get an e-mail the next day that is kind and apologetic, and says that this should be resolved in 24-48 hours. I celebrate pre-maturely.

I check in with her at 24 hours, she is still working on it. I check in at 48, no response. And then, at about 76 hours, I get an e-mail that diplomatically informs me that I am lying about how I was informed and guided after the fraud, and that it was my fault for moving (and I guess, by proxy, getting my masters) at the wrong time, and my fault for not having a future address at that time, despite my not having any idea what that address would be used for beyond account identity verification. It was phrased: “According to our policies, what you have suggested could never f*cking happen and you are full of sh*t.”

And that, despite the fact that I faxed the required info when I returned to LA, that I have repeatedly referred to this as fraud, and not a dispute, that I have a f*cking phone and access to a message center that they use to inform me of other important things, I got the dreaded “we have insufficient information to dispute the charge with the merchant.”

Not having the presence of mind to disbelieve what the debit fraud CSR says costs about 536 dollars, priceless memories, and a week and a half. Took a screenshot of my message center inbox, just in case. What other evidence do I need to start assembling so that I can nail these bastards?


The Electronic Funds Transfer Act, which governs debit card transactions, is pretty clear on this issue. If you report the theft of your card or your code within two business days, your liability is limited to $50. We’re pretty sure that someone stealing your debit card information from your iTunes account and ordering gift cards with it counts as fraud and not an “error.” Here’s some more information about the law from the Federal Reserve.

With this in mind, why not file an official complaint with their regulator? It’ll be valuable later on if you have to keep fighting with them. Here’s how you do that:

  1. Contact WaMu with a formal complaint. You can do this in writing, or by email. Keep a copy of this complaint for your records.

  2. Figure out which agency regulates your bank by calling or using FDIC’s Bank Find. We happen to know that Washington Mutual’s primary regulator is the Office of Thrift Supervision.
  3. Write a formal complaint letter to the bank’s regulatory agency. Follow the FTC’s instructions for writing a complaint.

    This document also has the correct contact information for the various regulatory agencies. Keep a copy of this complaint for your records.

    By filing a complaint, the regulating agency will investigate whether WaMu actually violated any banking regulations.

That might be enough to get their attention. If not, you might want to locate some free legal help in your area and see if they have any ideas. You could also try sending an EECB to Apple, since it was their website that got broken into. Maybe they can help you deal with WaMu, or provide some additional evidence for you. …And who knows? Maybe you can sue WaMu in small claims court. This small claims advice page says you can serve a small claims lawsuit to a bank teller!

For more information about launching an EECB, click here.

(Photo: Stirwise )

UPDATE: 9/02/08: In response to our email inquiry, WaMu has said they’re interested in checking out this story.