What to do when fraudsters strike your debit card account

MarketWatchDecember 10, 2013 

The first time my oldest daughter got an email from her credit-card company, she learned how to protect herself from spam and pfishing scams. The second time – this week – she applied the first lessons, and then learned how to protect her accounts, savings and credit record.

But the process was harrowing for a 22-year-old who has learned a lot of financial lessons at an early age, and when I discussed her case with friends, they noted how ill-prepared they would be to deal with the problems my daughter had faced, and how their kids would be lost amid a crisis like this.

The advice I gave my kid as she went through this process was borne of years writing about personal finance stories just like this; while she was on the horn with Bank of America handling the situation, I checked with some experts to make sure I hadn’t forgotten anything.

One of the key lessons is that a situation like this one – even if it is handled easily – is not over for six to eight months. Whether this happens to you, your children or anyone you know, here’s how to handle it from start to finish.

The process started with an email; while this was the first time her card actually was misused, it was not the first time she had been notified about unusual account activity. The previous notes were all scams. When they arrived at an old email address, or suggesting she had an account at an institution she had never banked with – or when the “instructions” were riddled with misspellings and/or grammatical mistakes or requests for her to provide a password, they were easily rooted out as frauds. (One key sign of a problematic “alert” is that it asks for account information instead of providing you with information about the account and what has happened.)

The alert early this week from Bank of America looked real, however. It had the same scary language of the pfishing scams – which asked for an immediate response in order to keep a card working without interruption – but it also had the right ending numbers for her debit card, it correctly noted the last time she had signed into her account online and more.

The fact that it looked legitimate – and turned out to be -- freaked her out that someone was not just stealing her card information but her identity.

First, she had to check out the situation and make sure it was real. While the email had a link to BankofAmerica.com, she knew from the scams that you never just click on those links in these types of emails; if the note is a fraud, the links look real but lead to trouble. So she logged into her account directly – without clicking a link – and was confronted with several purchases made across the country, in places where she has not traveled. She followed that with a call to the bank’s fraud center. The good news was that the fraud had already been caught. Upon notifying Bank of America, the situation quickly was cleared up; accounts were closed and re-opened with new numbers, cards canceled and re-issued, fraudulent debits credited back to the account.

She asked about the need to file a police report and was told it wasn’t necessary, but it’s not a bad idea in situations where the customer finds the fraud before the bank does; issuers must investigate and provide provisional credit quickly (big institutions generally do this within 48 hours, but the law gives them up to 14 days), but if a consumer is worried that the card issuer might contest the situation, a police report never hurts.

“It’s understandable that she was freaking out, and it’s one reason why I really don’t like debit cards tied to a main account,” said credit expert Gerri Detweiler (www.gerridetweiler.com). “There is always the risk of someone draining the account while you are trying to pay bills.”

There’s also the worry about what happened to create the problem and whether it could lead to bigger problems.

In talking to bank representatives, the likely conclusion was that the situation was just a compromised card number, and not some bigger problem.

That’s calming, but not a reason to put her guard down.

The next effort involved checking her credit report, which is available free from each major credit bureau once per year at annualcreditreport.com. One mistake people make here – in light of a problem like this – is checking all reports at once, rather than reviewing one immediately and checking the others later to see if any problems lingered.

“I don’t think she has to place a fraud alert or freeze on her credit reports unless she sees something unusual on her credit files, because it’s probably just this account that has been compromised,” said Greg McBride, senior financial analyst for BankRate.com. “But she can always place a fraud alert if she is nervous or notices anything else unusual going on.”

Even with everything seemingly resolved (without a freeze on her credit reports), checking her credit files with the remaining agencies means she will still be living this problem for six to eight months.

One last precaution before closing the book on this involved changing the password for her bank account, just to be safe.

“Even when the bank catches this and it’s cut-and-dried – as it seems to be in this case – you want to take all of the precautions,” said Anne Pace, a Bank of American spokeswoman. “Once you go through any of this once, you know you don’t want it to happen again, and you really don’t want it to turn into something worse, so take the precautions until you feel safe again.”

Chuck Jaffe is senior columnist for MarketWatch. He can be reached at cjaffe@marketwatch.com or at P.O. Box 70, Cohasset, MA 02025-0070.

The News Tribune is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service