UPDATE: Credit Card Fraud - $30K

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
User avatar
Prokofiev
Posts: 952
Joined: Mon Feb 19, 2007 9:45 pm
Location: New Orleans

UPDATE: Credit Card Fraud - $30K

Post by Prokofiev » Sat Aug 18, 2018 10:13 am

I checked my credit using Credit Karma several weeks ago and found that my FICO score had dropped from 809 to 698.

What happened? It showed that one of my credit cards that I seldom use was maxed-out at $30,000. I tried to log-in to the account, but it didn't recognize my password. Or my secret questions. Or even my log-in Email address. So I called Citibank and found out someone had charged 3
$10k charges to my account. They had changed the Email address, password, telephone and physical address of the card account before doing this.
How was that possible? This account was compromised from the web, not from using the card number or physical card. They were able to change all my account info without me being notified via Email or telephone or snail mail. Citi suggested that not all my alerts had been turned on, but I'm not sure that is true nor should it matter. Alerts for address change should always be mailed to the old address. Email changes sent to the old Email, etc.

I expect this to be resolved shortly, but due to the large value of the fraud, it is being handled by a special Citi fraud group. I reported it 4 weeks ago and after calling them again yesterday, they said the investigation is continuing. They refused to answer any questions concerning how a data breach was possible. Someone needed my ID and Password to get into the system, but I almost never use this card or log-in to the account so I cannot think of how that was possible. Much less changing all my contact info without me being notified. Seems like it could be an inside job?

Just a heads-up to others since this has never happened to me before. Yes, small fraud amounts have been charged without card being present before on other credit cards, but they just used the info copied from the physical card at a restaurant or store or web-vendor. This was clearly a data breach into my online account.
Last edited by Prokofiev on Wed Sep 19, 2018 11:12 am, edited 1 time in total.
Everything should be made as simple as possible, but not simpler - Einstein

BanquetBeer
Posts: 210
Joined: Thu Jul 13, 2017 5:57 pm

Re: Credit Card Fraud - $30K

Post by BanquetBeer » Sat Aug 18, 2018 10:17 am

Surprise to me you monitor your credit score more frequently than your account. Don’t you check all your accounts monthly? Seems main impact to credit would come after non-payment and may result in contacting credit company later than their requirements for fraud alert.

nordsteve
Posts: 648
Joined: Sun Oct 05, 2008 9:23 am

Re: Credit Card Fraud - $30K

Post by nordsteve » Sat Aug 18, 2018 10:20 am

Do you use the same email/password combination on other sites? That's a common attack vector that matches what you describe.

JDP
Posts: 30
Joined: Wed Mar 15, 2017 10:39 am

Re: Credit Card Fraud - $30K

Post by JDP » Sat Aug 18, 2018 11:08 am

Prokofiev wrote:
Sat Aug 18, 2018 10:13 am
They had changed the Email address, password, telephone and physical address of the card account before doing this.
How was that possible? This account was compromised from the web, not from using the card number or physical card. They were able to change all my account info without me being notified via Email or telephone or snail mail.
Maybe the hacker has access to your email as well. The credit card notification setting could have been changed to a paperless option, such as email only. When that notification was sent to your inbox, it may have been quickly deleted. Then, after changing your email address, all subsequent changes to your account would have occurred without you knowing.

If available, utilize two-step verification for all account and email logins and contact information changes.

User avatar
HueyLD
Posts: 6241
Joined: Mon Jan 14, 2008 10:30 am

Re: Credit Card Fraud - $30K

Post by HueyLD » Sat Aug 18, 2018 11:13 am

My guess is that it is a good idea to close out rarely used accounts.

squirm
Posts: 1484
Joined: Sat Mar 19, 2011 11:53 am

Re: Credit Card Fraud - $30K

Post by squirm » Sat Aug 18, 2018 11:19 am

wow, that's scary. I've been thinking about doing the 2fa on credit card accounts. i do check all my credit card accounts when i pay them off everyone whether i used it or not. on the banks that let me, i have them notify me when there is over a $500 charge.

User avatar
Prokofiev
Posts: 952
Joined: Mon Feb 19, 2007 9:45 pm
Location: New Orleans

Re: Credit Card Fraud - $30K

Post by Prokofiev » Sat Aug 18, 2018 12:33 pm

BanquetBeer wrote:
Sat Aug 18, 2018 10:17 am
Surprise to me you monitor your credit score more frequently than your account. Don’t you check all your accounts monthly? Seems main impact to credit would come after non-payment and may result in contacting credit company later than their requirements for fraud alert.
I monitor almost all my credit accounts weekly. But this rarely used account is 33 yo and has no annual fee. I charge $10-20 /yr just to keep it open. Why?
Because it adds alot to my average account age and my total credit - hence lower utilization. I have 8 cards and cancel 3-4 each year, replacing them with new cards for the sign-up bonus. My FICO was dinged not due to being late, but because my outstanding balances were now over 35% of my total credit limit. Usually it is 5% or less.
Everything should be made as simple as possible, but not simpler - Einstein

User avatar
Prokofiev
Posts: 952
Joined: Mon Feb 19, 2007 9:45 pm
Location: New Orleans

Re: Credit Card Fraud - $30K

Post by Prokofiev » Sat Aug 18, 2018 12:36 pm

JDP wrote:
Sat Aug 18, 2018 11:08 am
Maybe the hacker has access to your email as well. The credit card notification setting could have been changed to a paperless option, such as email only. When that notification was sent to your inbox, it may have been quickly deleted. Then, after changing your email address, all subsequent changes to your account would have occurred without you knowing.
Had not thought of that. Having my Email account compromised would be a possible disaster.
Everything should be made as simple as possible, but not simpler - Einstein

thrifty_one
Posts: 6
Joined: Fri Mar 16, 2018 12:32 pm
Location: Missouri

Re: Credit Card Fraud - $30K

Post by thrifty_one » Sat Aug 18, 2018 12:47 pm

sorry to hear what you're going thru - For my one emergency CC that i infrequently use (also a citibank card) i keep it locked unless i plan to use it.

User avatar
munemaker
Posts: 3527
Joined: Sat Jan 18, 2014 6:14 pm

Re: Credit Card Fraud - $30K

Post by munemaker » Sat Aug 18, 2018 1:04 pm

Sorry to hear about your experience. Sad thing is you will never know the details of what happened because they will never tell you.

I had fraudulent charges against a card that was never even activated. I am sure I would not have been able to use this card that was never activated. Yet, they let someone else fraudulently charge my account. How does this happen? They would not tell me.

The secrecy bothers me almost as much as the fraud.

User avatar
munemaker
Posts: 3527
Joined: Sat Jan 18, 2014 6:14 pm

Re: Credit Card Fraud - $30K

Post by munemaker » Sat Aug 18, 2018 1:06 pm

BanquetBeer wrote:
Sat Aug 18, 2018 10:17 am
Surprise to me you monitor your credit score more frequently than your account.
Between my wife and I, we have maybe a dozen active credit card accounts. It is a lot easier and quicker to check credit karna weekly than it is to log into each account.

retiredjg
Posts: 34217
Joined: Thu Jan 10, 2008 12:56 pm

Re: Credit Card Fraud - $30K

Post by retiredjg » Sat Aug 18, 2018 1:13 pm

Prokofiev wrote:
Sat Aug 18, 2018 12:33 pm
My FICO was dinged not due to being late, but because my outstanding balances were now over 35% of my total credit limit. Usually it is 5% or less.
From over 800 (outstanding) to under 700 (not so good) is a pretty big ding. I'm surprised it is that high.

I

vtMaps
Posts: 412
Joined: Tue Oct 14, 2008 12:05 pm
Location: central Vermont

Re: Credit Card Fraud - $30K

Post by vtMaps » Sat Aug 18, 2018 1:15 pm

Prokofiev wrote:
Sat Aug 18, 2018 10:13 am
due to the large value of the fraud, it is being handled by a special Citi fraud group.
All of my financial institutions (except treasury direct) offer fraud protection for online fraud. I am required (in the fine print of the fraud protection) to let them investigate my computer to see if it is/was compromised.

So I am curious... did they ask to see your computer?

--vtMaps
The optimist proclaims that we live in the best of all possible worlds; and the pessimist fears this is true. --James Branch Cabell

delamer
Posts: 6284
Joined: Tue Feb 08, 2011 6:13 pm

Re: Credit Card Fraud - $30K

Post by delamer » Sat Aug 18, 2018 1:16 pm

Sorry about your predicament.

My first thought was whether the hackers were able to ascertain this was a rarely used card with a high credit limit, and targeted it for that reason?

I know there are lots of Bogleheads that churn credit cards for bonuses, but one reason that I don’t is because more cards leads to more opportunities for this type of fraud. And we also prefer to have our credit frozen.

User avatar
Prokofiev
Posts: 952
Joined: Mon Feb 19, 2007 9:45 pm
Location: New Orleans

Re: Credit Card Fraud - $30K

Post by Prokofiev » Sat Aug 18, 2018 1:22 pm

vtMaps wrote:
Sat Aug 18, 2018 1:15 pm
Prokofiev wrote:
Sat Aug 18, 2018 10:13 am
due to the large value of the fraud, it is being handled by a special Citi fraud group.
All of my financial institutions (except treasury direct) offer fraud protection for online fraud. I am required (in the fine print of the fraud protection) to let them investigate my computer to see if it is/was compromised.

So I am curious... did they ask to see your computer?
Not yet! But you guys are getting me worried. I thought this would be a simple reversal of charges, a new card sent out and a document to sign swearing that the charges were not mine. We will see what happens. I do not want to write a $30k check for this!

I will update this post when all is settled, one way or another.
Everything should be made as simple as possible, but not simpler - Einstein

gotester2000
Posts: 591
Joined: Sun Nov 12, 2017 1:59 am

Re: Credit Card Fraud - $30K

Post by gotester2000 » Sat Aug 18, 2018 1:34 pm

Is it possible to get an activity log of your account from citibank - that should answer your questions?

User avatar
munemaker
Posts: 3527
Joined: Sat Jan 18, 2014 6:14 pm

Re: Credit Card Fraud - $30K

Post by munemaker » Sat Aug 18, 2018 1:35 pm

Prokofiev wrote:
Sat Aug 18, 2018 1:22 pm
I do not want to write a $30k check for this!
No way that will happen. You are protected by law.

Nate79
Posts: 3604
Joined: Thu Aug 11, 2016 6:24 pm
Location: Delaware

Re: Credit Card Fraud - $30K

Post by Nate79 » Sat Aug 18, 2018 2:21 pm

I have zero worry about my credit card accounts. I would never waste time with 2FA for a credit card where you are protected from fraud. I just monitor them regularly with mint.com.

j0nnyg1984
Posts: 427
Joined: Sun Apr 24, 2016 9:55 am

Re: Credit Card Fraud - $30K

Post by j0nnyg1984 » Sat Aug 18, 2018 2:25 pm

BanquetBeer wrote:
Sat Aug 18, 2018 10:17 am
Surprise to me you monitor your credit score more frequently than your account. Don’t you check all your accounts monthly? Seems main impact to credit would come after non-payment and may result in contacting credit company later than their requirements for fraud alert.
I have many unused credit cards with no annual fees. The cards are in a box in my closet; why would I check the accounts monthly?

BeneIRA
Posts: 497
Joined: Sat Nov 29, 2014 8:43 pm

Re: Credit Card Fraud - $30K

Post by BeneIRA » Sat Aug 18, 2018 2:32 pm

OP, Credit Karma's credit score isn't a real FICO score, it is Vantage 3.0, which virtually no one actually uses. I am sure your FICO score decreased as well, but not over 100 points. Best of luck getting this resolved.

TravelGeek
Posts: 2369
Joined: Sat Oct 25, 2014 3:23 pm

Re: Credit Card Fraud - $30K

Post by TravelGeek » Sat Aug 18, 2018 2:44 pm

munemaker wrote:
Sat Aug 18, 2018 1:06 pm
BanquetBeer wrote:
Sat Aug 18, 2018 10:17 am
Surprise to me you monitor your credit score more frequently than your account.
Between my wife and I, we have maybe a dozen active credit card accounts. It is a lot easier and quicker to check credit karna weekly than it is to log into each account.
I have a dozen cards, but I need to log only into six banks. I do that weekly for most of them, and at least no they for those that I rarely use (US Bank, BofA).

What level of detail does CK give you? The current balance? The most recently reported balance? Transaction details? I would want the latter. All fraudulent transactions for me have been on cards that I actively use, which sort of makes sense. My sock-drawered cards don’t get much exposure because I don’t use them at restaurants or online merchants.

ResearchMed
Posts: 7480
Joined: Fri Dec 26, 2008 11:25 pm

Re: Credit Card Fraud - $30K

Post by ResearchMed » Sat Aug 18, 2018 2:55 pm

delamer wrote:
Sat Aug 18, 2018 1:16 pm
Sorry about your predicament.

My first thought was whether the hackers were able to ascertain this was a rarely used card with a high credit limit, and targeted it for that reason?

I know there are lots of Bogleheads that churn credit cards for bonuses, but one reason that I don’t is because more cards leads to more opportunities for this type of fraud. And we also prefer to have our credit frozen.
Regarding the "credit frozen" comment above...

DH recently applied for an AAdvantage Barclaycard (we have several American CitiCards) for the bonus and also in hopes of a true chip and PIN.

We have all credit reports frozen, and in the past, they've declined the "automatic/instantaneous" approval, and shortly thereafter, asked him (or me, depending, etc.) to unfreeze.

This time... it was just approved. NO request to unfreeze credit! :shock:
Although this is "convenient", we don't like it one bit.

RM
This signature is a placebo. You are in the control group.

RudyS
Posts: 1341
Joined: Tue Oct 27, 2015 10:11 am

Re: Credit Card Fraud - $30K

Post by RudyS » Sat Aug 18, 2018 3:02 pm

Credit info can be released, even if frozen, to entities that have an existing relationship with you. I.e., American?

User avatar
BL
Posts: 8395
Joined: Sun Mar 01, 2009 2:28 pm

Re: Credit Card Fraud - $30K

Post by BL » Sat Aug 18, 2018 3:09 pm

Perhaps you should go to annual credit.com to get free complete copies of your credit reports (not scores):
https://www.annualcreditreport.com/index.action

delamer
Posts: 6284
Joined: Tue Feb 08, 2011 6:13 pm

Re: Credit Card Fraud - $30K

Post by delamer » Sat Aug 18, 2018 3:18 pm

ResearchMed wrote:
Sat Aug 18, 2018 2:55 pm
delamer wrote:
Sat Aug 18, 2018 1:16 pm
Sorry about your predicament.

My first thought was whether the hackers were able to ascertain this was a rarely used card with a high credit limit, and targeted it for that reason?

I know there are lots of Bogleheads that churn credit cards for bonuses, but one reason that I don’t is because more cards leads to more opportunities for this type of fraud. And we also prefer to have our credit frozen.
Regarding the "credit frozen" comment above...

DH recently applied for an AAdvantage Barclaycard (we have several American CitiCards) for the bonus and also in hopes of a true chip and PIN.

We have all credit reports frozen, and in the past, they've declined the "automatic/instantaneous" approval, and shortly thereafter, asked him (or me, depending, etc.) to unfreeze.

This time... it was just approved. NO request to unfreeze credit! :shock:
Although this is "convenient", we don't like it one bit.

RM
I am with you on that, even with the existing relationship exception that RudyS mentioned.

User avatar
BolderBoy
Posts: 4148
Joined: Wed Apr 07, 2010 12:16 pm
Location: Colorado

Re: Credit Card Fraud - $30K

Post by BolderBoy » Sat Aug 18, 2018 5:50 pm

munemaker wrote:
Sat Aug 18, 2018 1:35 pm
Prokofiev wrote:
Sat Aug 18, 2018 1:22 pm
I do not want to write a $30k check for this!
No way that will happen. You are protected by law.
Also, credit card fraud is a fraud against the CC company, not you. To the CC company you are merely a means to an end - making money.
"Never underestimate one's capacity to overestimate one's abilities" - The Dunning-Kruger Effect

Broken Man 1999
Posts: 1530
Joined: Wed Apr 08, 2015 11:31 am

Re: Credit Card Fraud - $30K

Post by Broken Man 1999 » Sat Aug 18, 2018 6:09 pm

j0nnyg1984 wrote:
Sat Aug 18, 2018 2:25 pm
BanquetBeer wrote:
Sat Aug 18, 2018 10:17 am
Surprise to me you monitor your credit score more frequently than your account. Don’t you check all your accounts monthly? Seems main impact to credit would come after non-payment and may result in contacting credit company later than their requirements for fraud alert.
I have many unused credit cards with no annual fees. The cards are in a box in my closet; why would I check the accounts monthly?
Perhaps because you don't want the hassle of trying to straighten out a compromised account. You liability may be zero, but the hassle factor can be great.

The last time I had credit card fraud, my card issuer mailed me a replacement card very quickly. I tried to activate the new card, and it had been compromised before I even had possession of the card! I think the fraud was internal to the bank. But, the bank has never told me "who" was involved.

I have a couple of cards I use infrequently, but all my CC are checked at least weekly, and I have email alerts for any cards that offer the heads-up. I use a password keeper and I can my sign-in to all my financial accounts very quickly and very easily.

I can't stop all CC fraud, but I can get the CC folks involved while the trail is hot.

Broken Man 1999
“If I cannot drink Bourbon and smoke cigars in Heaven than I shall not go. " -Mark Twain

Momus
Posts: 538
Joined: Tue Feb 21, 2012 9:23 pm

Re: Credit Card Fraud - $30K

Post by Momus » Sat Aug 18, 2018 7:13 pm

I use mint. For credit monitoring and transactions monitoring, I'll see any discrepancy within 1d. If the account won't sync, I know what's up.

I don't care about cc fraud, not my problem. The bank will reimburse you 100%.

User avatar
VictoriaF
Posts: 18604
Joined: Tue Feb 27, 2007 7:27 am
Location: Black Swan Lake

Re: Credit Card Fraud - $30K

Post by VictoriaF » Sat Aug 18, 2018 7:20 pm

I have some old credit cards that I seldom use but keep in order to have a longer credit history and a slightly better credit score. I make one annual purchase on each of these cards to ensure that the bank would not cancel them for the lack of activity.

All my cards include alerts, but in the OP's case the alert protection was by-passed.

I also have low credit limits on most of my cards. It does not prevent fraud, but the potential hit on the credit score would probably be lower.

Victoria
WINNER of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)

User avatar
Doom&Gloom
Posts: 2295
Joined: Thu May 08, 2014 3:36 pm

Re: Credit Card Fraud - $30K

Post by Doom&Gloom » Sat Aug 18, 2018 7:34 pm

Broken Man 1999 wrote:
Sat Aug 18, 2018 6:09 pm
j0nnyg1984 wrote:
Sat Aug 18, 2018 2:25 pm
BanquetBeer wrote:
Sat Aug 18, 2018 10:17 am
Surprise to me you monitor your credit score more frequently than your account. Don’t you check all your accounts monthly? Seems main impact to credit would come after non-payment and may result in contacting credit company later than their requirements for fraud alert.
I have many unused credit cards with no annual fees. The cards are in a box in my closet; why would I check the accounts monthly?
Perhaps because you don't want the hassle of trying to straighten out a compromised account. You liability may be zero, but the hassle factor can be great.

The last time I had credit card fraud, my card issuer mailed me a replacement card very quickly. I tried to activate the new card, and it had been compromised before I even had possession of the card! I think the fraud was internal to the bank. But, the bank has never told me "who" was involved.

I have a couple of cards I use infrequently, but all my CC are checked at least weekly, and I have email alerts for any cards that offer the heads-up. I use a password keeper and I can my sign-in to all my financial accounts very quickly and very easily.

I can't stop all CC fraud, but I can get the CC folks involved while the trail is hot.

Broken Man 1999
I agree all the way to the last sentence, which I would alter to:

"I can't stop all CC fraud, but I can get the CC folks involved early enough to keep me from being inconvenienced more than necessary." In my experience, the CC folks are aware of it before I am anyway.

I don't really care whether the CC people catch the perps or not. That is between them and law enforcement. If the CC people offer me a product that is useful and profitable for me to use, I will continue to use it. If not, I'll figure out another way.

I understand that the CC folks do not want to release details of how the fraud was committed. It wouldn't help me prevent another occurrence and they don't want to educate people as to how to defraud them. It's not personal; it's just business.

Good luck, OP. I would be concerned but not worried. This should work out fine for you.

retiredjg
Posts: 34217
Joined: Thu Jan 10, 2008 12:56 pm

Re: Credit Card Fraud - $30K

Post by retiredjg » Sat Aug 18, 2018 7:44 pm

Doom&Gloom wrote:
Sat Aug 18, 2018 7:34 pm
I understand that the CC folks do not want to release details of how the fraud was committed. It wouldn't help me prevent another occurrence and they don't want to educate people as to how to defraud them. It's not personal; it's just business.
I agree. And in cases where it was an inside job or the result of them not doing their job to protect your information, telling you that would expose them to civil liability. Maybe even criminal liability. They don't want that.

Frustrating because I would want to know how it happened. But no, they aren't likely to reveal how it happened in most cases.

User avatar
JMacDonald
Posts: 2146
Joined: Mon Feb 19, 2007 5:53 pm

Re: Credit Card Fraud - $30K

Post by JMacDonald » Sat Aug 18, 2018 7:57 pm

Prokofiev wrote:
Sat Aug 18, 2018 12:36 pm
JDP wrote:
Sat Aug 18, 2018 11:08 am
Maybe the hacker has access to your email as well. The credit card notification setting could have been changed to a paperless option, such as email only. When that notification was sent to your inbox, it may have been quickly deleted. Then, after changing your email address, all subsequent changes to your account would have occurred without you knowing.
Had not thought of that. Having my Email account compromised would be a possible disaster.
This would be good time to change all of your passwords and activate alerts on any of your accounts.
Best Wishes, | Joe

User avatar
celia
Posts: 8496
Joined: Sun Mar 09, 2008 6:32 am
Location: SoCal

Re: Credit Card Fraud - $30K

Post by celia » Sat Aug 18, 2018 8:30 pm

Prokofiev wrote:
Sat Aug 18, 2018 10:13 am
How was that possible? This account was compromised from the web, not from using the card number or physical card.

...Someone needed my ID and Password to get into the system, ...
How do you know this? Did they tell you this? I would be surprised if they shared this with you.

I think it is more likely that someone hacked into their database, looked for accounts that weren't used lately, then change the appropriate fields (email, address, etc). Your logon is irrelevant.
munemaker wrote:
Sat Aug 18, 2018 1:35 pm
Prokofiev wrote:
Sat Aug 18, 2018 1:22 pm
I do not want to write a $30k check for this!
No way that will happen. You are protected by law.
Why do you say there's "no way" Prok could pay for it if he wanted? Anyone can send in money to pay someone else's bills. :sharebeer

User avatar
Prokofiev
Posts: 952
Joined: Mon Feb 19, 2007 9:45 pm
Location: New Orleans

Re: Credit Card Fraud - $30K

Post by Prokofiev » Sat Aug 18, 2018 9:27 pm

celia wrote:
Sat Aug 18, 2018 8:30 pm
Prokofiev wrote:
Sat Aug 18, 2018 10:13 am
How was that possible? This account was compromised from the web, not from using the card number or physical card.

...Someone needed my ID and Password to get into the system, ...
How do you know this? Did they tell you this? I would be surprised if they shared this with you.

I think it is more likely that someone hacked into their database, looked for accounts that weren't used lately, then change the appropriate fields (email, address, etc). Your logon is irrelevant.
Well, I actually don't know how it was compromised. There is a real possibility this happened on their end, but of course they are not going to tell you this. I have asked them twice what they think happened, but they never give any details or much info. I always want to play Sherlock Holmes and help them solve the crime and they are never very interested. But this event is unique for me and I would like to know how someone got into my account. They gave me the new address and telephone number, asking if they were familiar. They are not. All 3 purchases were made to the same vendor about 3 days apart. I did not recognize the vendor name. It was not a store or bank name.
Everything should be made as simple as possible, but not simpler - Einstein

LocusCoeruleus
Posts: 12
Joined: Wed May 24, 2017 10:00 pm

Re: Credit Card Fraud - $30K

Post by LocusCoeruleus » Sat Aug 18, 2018 10:33 pm

OP - until a source is identified - or they tell you (unlikely), consider implementing a step wise process along the lines of:
  • Secure your home computer - make sure you're operating system has updates installed; antivirus upto date; use a hard wired connection; Download and run a malware scanner; run updates on router if any. Update router password and wifi password. Make sure your web browser is up to date.
  • Once the system is secure, change your email password and enable 2 factor. Consider using a password manager. Change your cell phone company password. Change password for banks/credit card and enable 2fa. Also change the security questions/answers. Do not use real answers to questions that can be found - so questions like fav restaurant, street you grew up on, etc - don't use real answers - use random letters and save the answers as part of the password manager.
  • Consider freezing all 3 credit reports.

danaht
Posts: 535
Joined: Sun Oct 18, 2015 11:28 am

Re: Credit Card Fraud - $30K

Post by danaht » Sat Aug 18, 2018 10:57 pm

Sorry to hear about this. One thing I would say is to never use the same password for any of your accounts. Use a password manager like "Password Safe" (https://www.pwsafe.org/) to create and store random complex passwords that are unique for each account you have. That way if a thief hacks a site - and get's your password and other personal information (ie email address) from that site - the password he/she gets from the site will not be the same password as your email account. Once the thief has your email password - they can read your emails and find out what accounts you might have. They can also reset passwords, etc - via the hacked email account. Then they can delete any password reset emails to hide evidence that they hacked your email account. It's very important to use different passwords and not variations of the same password. Also, the best protection is to get some type of 2 factor authentication for your financial accounts via your mobile phone. This way even if the thief has access to your email - they still can't access the accounts - because they do not have access to your phone to get the authentication code.

Also I don't use sites that aggregate and store all your financial passwords (ie Mint). If something like Mint ever gets hacked - they will have all your accounts + all your account passwords. I think the financial institutions need to find a better way to share information with things like Mint (some type of read only limited access account). Until they do this - I'll stay away from applications like Mint.

investor4life
Posts: 119
Joined: Fri Oct 08, 2010 9:45 am

Re: Credit Card Fraud - $30K

Post by investor4life » Sun Aug 19, 2018 12:22 am

Sadly, Citi does not have 2FA (not sure why).

I usually use some jumbled-up character sequence as my user-id on sensitive accounts (and different user-ids on different accounts), not my email address unless that's the only option. It is like a second password of sorts and one more hoop for a hacker to jump through. More work for me, but I can live with it.

User avatar
camillus
Posts: 526
Joined: Thu Feb 28, 2013 9:55 pm

Re: Credit Card Fraud - $30K

Post by camillus » Sun Aug 19, 2018 1:26 am

Mint.com is a good suggestion for providing you daily surveillance of all accounts with the ease of entering a PIN number.

Another suggestion is that if you are keeping cards open just to improve your average "age of accounts," that you see about having your credit limit reduced. This way if a thief gets your account the damage is theoretically somewhat contained to a smaller credit limit.

I have found that after playing the credit card sign up game on and off for a few years, my score (and DW's) stays above 800 no matter what I do or what accounts get closed - as long as I keep up my current behavior of paying off balances monthly.

I now have a credit freeze in place with each bureau. Getting a temporary thaw to apply for a card or to change broadband cable providers, for example, is fairly painless.

Trism
Posts: 249
Joined: Mon Jul 18, 2016 6:34 pm

Re: Credit Card Fraud - $30K

Post by Trism » Sun Aug 19, 2018 2:57 am

BeneIRA wrote:
Sat Aug 18, 2018 2:32 pm
OP, Credit Karma's credit score isn't a real FICO score, it is Vantage 3.0, which virtually no one actually uses. I am sure your FICO score decreased as well, but not over 100 points. Best of luck getting this resolved.
Correct. Kredit Carma provides skores almost no one uses to evaluate creditworthiness.

And no, Vantage skores are not "close enough," especially if you are seeking credit. For entertainment purposes, knock yourselves out with the skores.

Kredit Carma generally recommends cards I already have, even though they have my credit data, and they also list my approval odds as "fair" for mediocre cards designed for people with marginal credit, despite my 830+ FICO scores.

gd
Posts: 1411
Joined: Sun Nov 15, 2009 8:35 am
Location: MA, USA

Re: Credit Card Fraud - $30K

Post by gd » Sun Aug 19, 2018 8:03 am

The labor of monitoring accounts and increased fraud risk (with a tradeoff between the two) is a less-appreciated background expense of gaming credit card accounts. File under no free lunch.

danaht
Posts: 535
Joined: Sun Oct 18, 2015 11:28 am

Re: Credit Card Fraud - $30K

Post by danaht » Sun Aug 19, 2018 9:03 am

gd wrote:
Sun Aug 19, 2018 8:03 am
The labor of monitoring accounts and increased fraud risk (with a tradeoff between the two) is a less-appreciated background expense of gaming credit card accounts. File under no free lunch.
How soon can you usually close a credit card account - once you have received the free sign-up rewards? The reason I am asking is because I signed up for a Kroger credit card (from US National Bank) that payed $150 in sign-up bonuses. But I am no longer using it - because I have other CCs that are better for rewards. It's been sitting idle for 6 months and after reading this thread - I kind of want to close it this week.

User avatar
Prokofiev
Posts: 952
Joined: Mon Feb 19, 2007 9:45 pm
Location: New Orleans

Re: Credit Card Fraud - $30K

Post by Prokofiev » Mon Aug 20, 2018 8:52 am

BeneIRA wrote:
Sat Aug 18, 2018 2:32 pm
OP, Credit Karma's credit score isn't a real FICO score, it is Vantage 3.0, which virtually no one actually uses. I am sure your FICO score decreased as well, but not over 100 points. Best of luck getting this resolved.

Yes, I thought over 100 points seemed very high. But this morning I received an Email from Credit Karma = "Great news! Your score increased". So I checked their site and it went from 683 to 813! So does that mean the fraud has been resolved? No. Checking my CITI account shows I still owe $30,200. But they did not report this disputed amount for August, hence the change in the Karma score. Just dropping this $30k account, gave me an increase of 130 points. I will still report back when/if it is resolved with Citibank.
Everything should be made as simple as possible, but not simpler - Einstein

TravelGeek
Posts: 2369
Joined: Sat Oct 25, 2014 3:23 pm

Re: Credit Card Fraud - $30K

Post by TravelGeek » Mon Aug 20, 2018 9:09 am

RudyS wrote:
Sat Aug 18, 2018 3:02 pm
Credit info can be released, even if frozen, to entities that have an existing relationship with you. I.e., American?
Except that American isn’t the creditor here. The banks issuing cards that produce AAmiles are Citi and Barclays, and just because you have a relationship with one doesn’t mean you have a relationship with the other. So it is in fact odd that the credit freeze didn’t prevent Barclays from issuing a new card if RM’s spouse didn’t have a relationship with them.

User avatar
Watty
Posts: 14401
Joined: Wed Oct 10, 2007 3:55 pm

Re: Credit Card Fraud - $30K

Post by Watty » Mon Aug 20, 2018 9:20 am

Be glad that it was not a debit card and you were fighting to get your money back.

I have avoided those like the plague.

ResearchMed
Posts: 7480
Joined: Fri Dec 26, 2008 11:25 pm

Re: Credit Card Fraud - $30K

Post by ResearchMed » Mon Aug 20, 2018 9:22 am

TravelGeek wrote:
Mon Aug 20, 2018 9:09 am
RudyS wrote:
Sat Aug 18, 2018 3:02 pm
Credit info can be released, even if frozen, to entities that have an existing relationship with you. I.e., American?
Except that American isn’t the creditor here. The banks issuing cards that produce AAmiles are Citi and Barclays, and just because you have a relationship with one doesn’t mean you have a relationship with the other. So it is in fact odd that the credit freeze didn’t prevent Barclays from issuing a new card if RM’s spouse didn’t have a relationship with them.
This ^^

American Airlines isn't issuing the credit.

And neither of us have any account or any relationship with Barclays, other than my long-closed account. If was closed in something like the '80's, and DH and I do not share a last name (and I wasn't married to him back then, anyway). We live in a different city than when I closed the account. I can't imagine they somehow linked my ancient account to his new application.

Now, we don't yet know what his credit limit is, until the card actually arrives, with the letter/etc.

Any chance they can somehow track DH's general credit with those services that don't require a credit check, and if it's "good enough", they can give him a somewhat low limit straightaway?

We'll see what happens later, when I apply for that same card. I want those bonus points, too.
I'm hoping they DO require me to unlock...

RM
This signature is a placebo. You are in the control group.

Bill Bernstein
Posts: 561
Joined: Sat Jun 23, 2007 12:47 am

Re: Credit Card Fraud - $30K

Post by Bill Bernstein » Mon Aug 20, 2018 9:32 am

Hi All:

Scary thread, sorry for your hassle.

Another useful hack is to have all your credit cards email daily balances and all transactions over a limit of . . . . $1.00 (the minimum they'll allow.) In the worst case scenario, a hacked email account, the missing alerts would be a very loud dog that didn't bark.

That may seem extreme and intrusive to some, but it takes only a few seconds to scan each message, a fraction of the time it takes to do the actual transactions. In this day and age, most folks' spending is done via credit cards, and it's a fine control and good piece of mind.

Bill

deltaneutral83
Posts: 874
Joined: Tue Mar 07, 2017 4:25 pm

Re: Credit Card Fraud - $30K

Post by deltaneutral83 » Mon Aug 20, 2018 9:55 am

Get mint/Personal capital or whatever and check all account balances, very easy. Deny all international charges and/or update as you travel abroad. Set your limit for each credit card to give you a text when charge exceeds $xxx.

ResearchMed
Posts: 7480
Joined: Fri Dec 26, 2008 11:25 pm

Re: Credit Card Fraud - $30K

Post by ResearchMed » Wed Aug 22, 2018 4:03 pm

ResearchMed wrote:
Mon Aug 20, 2018 9:22 am
TravelGeek wrote:
Mon Aug 20, 2018 9:09 am
RudyS wrote:
Sat Aug 18, 2018 3:02 pm
Credit info can be released, even if frozen, to entities that have an existing relationship with you. I.e., American?
Except that American isn’t the creditor here. The banks issuing cards that produce AAmiles are Citi and Barclays, and just because you have a relationship with one doesn’t mean you have a relationship with the other. So it is in fact odd that the credit freeze didn’t prevent Barclays from issuing a new card if RM’s spouse didn’t have a relationship with them.
This ^^

American Airlines isn't issuing the credit.

And neither of us have any account or any relationship with Barclays, other than my long-closed account. If was closed in something like the '80's, and DH and I do not share a last name (and I wasn't married to him back then, anyway). We live in a different city than when I closed the account. I can't imagine they somehow linked my ancient account to his new application.

Now, we don't yet know what his credit limit is, until the card actually arrives, with the letter/etc.

Any chance they can somehow track DH's general credit with those services that don't require a credit check, and if it's "good enough", they can give him a somewhat low limit straightaway?

We'll see what happens later, when I apply for that same card. I want those bonus points, too.
I'm hoping they DO require me to unlock...

RM
UPDATE:

His card arrived, with a rather hefty credit limit, much to our surprise.

The docs that came along with the card specifically mentioned TransUnion, although it wasn't fully clear that they actually pulled that credit record/score. (But if not, why mention it?)

We'll see what happens in a while, when I apply for one.

RM
This signature is a placebo. You are in the control group.

mptfan
Posts: 4724
Joined: Mon Mar 05, 2007 9:58 am

Re: Credit Card Fraud - $30K

Post by mptfan » Wed Aug 22, 2018 4:19 pm

This is one of the reasons I do not keep any open rarely used accounts. I either regularly use and monitor an account, or I close it.

mptfan
Posts: 4724
Joined: Mon Mar 05, 2007 9:58 am

Re: Credit Card Fraud - $30K

Post by mptfan » Wed Aug 22, 2018 4:22 pm

Momus wrote:
Sat Aug 18, 2018 7:13 pm
I don't care about cc fraud, not my problem. The bank will reimburse you 100%.
Only if you notify them of the fraud within a certain amount of time after you receive the statement with the fraudulent transaction, I think the time frame is 60 days but I may be corrected on that.

Post Reply