So someone drained $13k from my checking account...

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills.
RetireSomeday5
Posts: 93
Joined: Fri Jan 27, 2017 8:50 am

Re: So someone drained $13k from my checking account...

Post by RetireSomeday5 »

This happened to me about a year ago. It was also USAA that was attached. When the bank looked into it there was even a persons name attached to the transaction. I did some google research and apparently others have had USAA attached to withdrawals as well. The bank never did explain what happened, but as memory serves USAA actually refunded the money-- not FDIC compensation. But I could be wrong on that.
User avatar
dm200
Posts: 23214
Joined: Mon Feb 26, 2007 1:21 pm
Location: Washington DC area

Re: So someone drained $13k from my checking account...

Post by dm200 »

I am in one or two aspects of this kind of account/activity.

1. An "ACH" (Automated Clearinghouse) transaction is different than a debit card withdrawal. Different rules apply.

2. In general, anyone you have ever written a check to (or has access to such checks) has the information to process an ACH withdrawal or deposit

3. The applicable ACH rules allow posting by account number only. Many (perhaps most) banks and credit unions do not require a name match.

4. The key is to catch and report any unauthorized withdrawals from your account. The quicker you report it, the better the chance of getting your money back.

5. Sometimes fraudsters will put through ACH deposits or withdrawals of small amounts as a "test". If they "stick", then a big amount comes through.

It is possible that this was not fraud, but some kind of clerical error.

Some of the things posted in this thread are just plain incorrect.
User avatar
BrandonBogle
Posts: 4467
Joined: Mon Jan 28, 2013 10:19 pm

Re: So someone drained $13k from my checking account...

Post by BrandonBogle »

cresive wrote: I need to call my CU and see what protections they have in case of such an emergency. Do you think you were able to retrieve your money because you were within the 2 day Fed hold on transfers? What would have happened if you didn't discover the theft for a few days?
ACH Transactions are subject to Federal regulations. You have 60 days from when you receive your statement to report it and have it reversed.
User avatar
dm200
Posts: 23214
Joined: Mon Feb 26, 2007 1:21 pm
Location: Washington DC area

Re: So someone drained $13k from my checking account...

Post by dm200 »

not FDIC compensation.
As far as I know and understand, the FDIC would only get involved in distributing funds if the FDIC Insured bank failed.
LiterallyIronic
Posts: 1577
Joined: Sat Dec 05, 2015 9:36 am

Re: So someone drained $13k from my checking account...

Post by LiterallyIronic »

Rupert wrote:
LiterallyIronic wrote:
Cash wrote: The only direct withdrawals and deposits to the account are from paychecks, utilities, credit card companies, ACH links to other financial institutions, and the (very) occasional check. Was one of those institutions compromised? I haven't received any notices. Did someone get an old check? Puzzling.
Yeah, I hear you on that. I try to keep mine to a minimum, too. I avoid direct deposit if at all possible and just take paper checks to the bank. I pay the utility companies with money orders. My only credit card is through my bank. I don't have personal checks - in fact, I don't really see anybody using those anymore. The only place that gets to pull money directly from my account is Vanguard.
It's not literally ironic but is curious that you don't use personal checks but expect other people to give you checks.
Ha, I hadn't thought about it that way! That is kind of funny. To be fair, though, I would also accept cash. :D
User avatar
Kevin M
Posts: 15787
Joined: Mon Jun 29, 2009 3:24 pm
Contact:

Re: So someone drained $13k from my checking account...

Post by Kevin M »

Sorry for the hassle, but thanks for sharing.

I schedule several monthly transfers from savings account A to a checking account to cover my bill auto-pays for the month (goal is to keep minimum in 0.1% checking and more in 1% savings). I have checking overdraft protection linked to savings account B. I was thinking mainly about the monthly limit of 6 outbound transfers from each savings account in setting it up this way, so generally have tried to have about equal amounts in each savings account.

Your story motivates me to reduce the amount I keep in savings account B, the overdraft account, to just enough to cover any likely overdrafts. Today is the last day in my monthly cycle for these accounts, so I'm going to go make that transfer from savings account B to savings account A now.

I want overdraft protection because sometimes a bill might come in a bit earlier than expected, or I just might overlook something. I'm not going to drop overdraft protection based on what I read in this thread, nor am I going to turn off autopay pulls, use money orders, stop auto-deposits, or any of the other steps mentioned that I consider overly-cautious (for me).

Kevin
If I make a calculation error, #Cruncher probably will let me know.
User avatar
dm200
Posts: 23214
Joined: Mon Feb 26, 2007 1:21 pm
Location: Washington DC area

Re: So someone drained $13k from my checking account...

Post by dm200 »

A few comments on "overdraft" protection on checking accounts: [NOT overdraft line of credit]

Under current law and regulations, you may ONLY be charged an overdraft fee if/when your account pays an overdraft if you affirmatively agree to the fee. There are some circumstances/situations where the bank or credit union MUST overdraft your account. If you agree to the fee, they charge the fee; if you do not, they cannot charge the fee. One example of an overdraft situation that the bank or credit union cannot control is use of a debit card to purchase gasoline at the pump. Say, for example, that you have a balance of $25.00 in your checking account and use a debit card to purchase $35.00 gasoline at the pump. The transaction goes through for a dollar, pending the actual charge. The "overdraft" cannot be rejected when the $35.00 comes through - so it will bring the balance into the negative.

If you have not agreed to the overdraft fee, the bank or credit union cannot charge a fee. This is why I have not authorized paying overdraft fees on my personal checking account.

I believe some kinds of charges at restaurants can also cause an overdraft in the same (or similar) ways.

On the matter of account owner authorizing overdraft fees (a degree of protection for situations where the bank or credit union could bounce a check or payment), these overdraft fees can amount to a lot of money - and the CFPB (and perhaps other government regulators) are looking at placing some kind of restrictions on such fees by banks and credit unions. It is, in my opinion, completely unknown what may happen. [Since this regulatory and not proposed statutory, I believe discussion of this is allowable under the rules of this forum]
User avatar
Kevin M
Posts: 15787
Joined: Mon Jun 29, 2009 3:24 pm
Contact:

Re: So someone drained $13k from my checking account...

Post by Kevin M »

^ At my bank, what I'm talking about is referred to as "overdraft transfer". I don't use a debit card or ATM card for this account, so no scenario involving those is applicable.

When a credit card autopay or any other payment hits my checking account, I want it paid, even if I've neglected to transfer enough from savings to checking, so it's not at all just about whether or not I get charged an overdraft fee. I have managed this in different ways in the past, but this is how I'm managing it now, and it works for me.

Kevin
If I make a calculation error, #Cruncher probably will let me know.
aredhel
Posts: 23
Joined: Thu Jan 19, 2017 10:20 am

Re: So someone drained $13k from my checking account...

Post by aredhel »

mptfan wrote:Ok, this one is easy...just do not use a debit card for purchases. Period. No exceptions. Problem solved.
Problem not solved. I had a debit card I never used, not even once, hacked; the hacker put a recurring Netflix charge on my account. How did the hacker get the information? Who knows. But it wasn't because I was using my debit card (as I pointed out to the bank when I discovered and reported the fraud).
User avatar
F150HD
Posts: 3926
Joined: Fri Sep 18, 2015 7:49 pm

Re: So someone drained $13k from my checking account...

Post by F150HD »

dziuniek wrote:

Why would the bank even let this transaction go through?
dunno.

My Citi card, I get a text for any purchase over $300. Wonder if I can do that for my checking account. Have never asked Wells Fargo about that. Think I might drop them a message right now!

I've had 2 credit card #s stolen over the past 10 years. On each occasion I went to use my card and it would not work and I got a call from the cards fraud division. Most recently last summer- I was coming back from the east coast on a motorcycle and was on the Ohio Turnpike getting fuel. Thankfully I was on the way home and had a few hundred in cash, as otherwise not sure how I could've gotten fuel to get home. So, lesson learned. Carry 2 cards on a trip, or enough cash to get me somewhere the card can be shipped to.
Long is the way and hard, that out of Hell leads up to light.
ThreeBears
Posts: 169
Joined: Mon Nov 28, 2016 10:13 am

Re: So someone drained $13k from my checking account...

Post by ThreeBears »

[quote="dm200"]A few comments on "overdraft" protection on checking accounts: [NOT overdraft line of credit]

Under current law and regulations, you may ONLY be charged an overdraft fee if/when your account pays an overdraft if you affirmatively agree to the fee. There are some circumstances/situations where the bank or credit union MUST overdraft your account. If you agree to the fee, they charge the fee; if you do not, they cannot charge the fee. One example of an overdraft situation that the bank or credit union cannot control is use of a debit card to purchase gasoline at the pump. Say, for example, that you have a balance of $25.00 in your checking account and use a debit card to purchase $35.00 gasoline at the pump. The transaction goes through for a dollar, pending the actual charge. The "overdraft" cannot be rejected when the $35.00 comes through - so it will bring the balance into the negative.

-It was nice to hear that at least ONE person here understands that there are consumer protections for consumer. Regulation E would have protected this account owner. An ACH transaction is still an electronic transfer, and consumers are protected from unauthorized transactions. In fact, I'm pretty sure the bank isn't even permitted to require an affidavit.
User avatar
Kevin M
Posts: 15787
Joined: Mon Jun 29, 2009 3:24 pm
Contact:

Re: So someone drained $13k from my checking account...

Post by Kevin M »

ThreeBears wrote: -It was nice to hear that at least ONE person here understands that there are consumer protections for consumer.
Many of us understand this. I think many of us are mainly discussing ways to minimize the hassle--at least that's what I'm thinking about. I'd rather be out $5K or $10K for a few days than be out $20K or $30K for a few days.

Kevin
If I make a calculation error, #Cruncher probably will let me know.
rralex1
Posts: 119
Joined: Wed Feb 18, 2015 3:21 pm

Re: So someone drained $13k from my checking account...

Post by rralex1 »

The great thing about social media is that everyone has a voice.. As someone who has been in the physical and cyber security space for 25 years there is no free lunch nor impenetrable target.

I appreciate the balanced emotionally intelligent suggestions that have been provided. To suggest that never using debit cards as a solution however, is absolutely ludicrous.

Consider protecting your assets as the following. Regardless of the asset. What is the target that you are protecting? Surround it with concentric circles of protection that by the way will NOT prevent all criminals from accessing the target. It will only slow, dissuade, and deflect efforts towards more vulnerable targets. Again, the same goes for your physical assets by the way.. I could go on.

So, protect your passwords and UID's. Use push instead of open pull strategies to pay bills. Make sure you understand the policies of the companies you do business with in terms of protection regarding any and all on line activity. All companies do not have the same capacity to protect their on line share holders. Have alerts set up as did the OP to allow immediate action when an exception is identified. And finally, distribute your finances prudently, but not extraordinarily.

All told, we are in the very, very early stages of understanding the potential and the vulnerabilities of our on line activity. Think back only 10 years.. More to come.
Topic Author
Cash
Posts: 1572
Joined: Wed Mar 10, 2010 9:52 am

Re: So someone drained $13k from my checking account...

Post by Cash »

Kevin M wrote:
ThreeBears wrote: -It was nice to hear that at least ONE person here understands that there are consumer protections for consumer.
Many of us understand this. I think many of us are mainly discussing ways to minimize the hassle--at least that's what I'm thinking about. I'd rather be out $5K or $10K for a few days than be out $20K or $30K for a few days.

Kevin
Yeah I agree with another poster that my situation is somewhat comforting in retrospect because I was able to catch the fraud early due to my alerts, and Alliant credited my account the same day.

Looking back, my biggest potential problem came from what I believe is an unlimited amount that could be transferred from my savings account to my checking account to cover the overdraft (like you, I am not charged fees for this service by Alliant). That account is actually my primary account for cash savings, so I could have temporarily been out a lot more money. I'm going to limit the amount in that account and transfer the rest to a non-linked account.

The other problem is, as you've noted, the hassle. Now I have to change direct deposits, credit card payments, utility payments, etc. I'd like to minimize the likelihood of having to do that in the future. So I think I will send direct deposits to an account that has no links to external accounts, and I will utilize bill pay as much as possible (I just checked an old bill pay check, and it does not have my account number). I was trying to move to a set-it-and-forget-it model of automatic funds distribution, but I'm now rethinking that.
Topic Author
Cash
Posts: 1572
Joined: Wed Mar 10, 2010 9:52 am

Re: So someone drained $13k from my checking account...

Post by Cash »

Uh-oh...another USAA.com transfer in the amount of $20.16 posted today. I think this checking account officially closes tonight, but I just transferred my money to a different account...
sport
Posts: 12094
Joined: Tue Feb 27, 2007 2:26 pm
Location: Cleveland, OH

Re: So someone drained $13k from my checking account...

Post by sport »

rralex1 wrote: To suggest that never using debit cards as a solution however, is absolutely ludicrous.
What is ludicrous about not using debit cards? I've never used one in my life. My credit cards give me rebates. Why would I want to use a debit card that pays no rebates, has lesser consumer protection, and puts my checking account balance at risk? Debit cards seem to exist primarily for the benefit of the bank, not the consumer. Now, if someone is so childish that they cannot control their spending using a credit card, and need to be limited by the balance in their account, I guess a debit card might be useful. However, if one uses credit responsibly and does not run up bills they cannot pay, a credit card is clearly superior for the reasons listed above.
radiowave
Posts: 3352
Joined: Thu Apr 30, 2015 5:01 pm

Re: So someone drained $13k from my checking account...

Post by radiowave »

I agree, why use a debit card when you have access to multiple credit cards? I get text alerts for every credit charge. Actually last night my wife and I went out for dinner and the phone texted me before the waitress came back with the card to our table. I also get text alerts for all deposits and withdrawals on my checking. Yeah, it does get annoying sometimes but I like to know what is happening to my accounts as a primary first line of defense. The only time I will use a debit card is for an ATM withdrawal.
Bogleheads Wiki: https://www.bogleheads.org/wiki/Main_Page
Papajoe56
Posts: 30
Joined: Sat Mar 25, 2017 8:31 am

Re: So someone drained $13k from my checking account...

Post by Papajoe56 »

Sorry for your headache on the $13k
I work for a bank on the operations side,and I do not own a debit card, nor an ATM card.
Debit Card/ATM card fraud is a constant problem, and one I do not want to deal with.
One should never use Debit or ATM cards when out of country.
One should never click on an e-mail link from a financial company.
I opted out of "free" overdraft protection, and have no pulls from any accounts.
Overdraft protection really benefits the bank, not the customer.
I most always use credit cards,push, or cash to pay.
Credit cards are paying me 1% - 3% when I use them, so I take the money.
Maybe wrote 10 checks last year, when credit card was not an option, or I needed cancelled check in records.
No cell phone banking for me, or any financial use on cell for that matter.
I only do financial business at home, or the office.
I use a password manager on home computer, and use the longest passwords a financial site will let me.
Although I must admit, this site lets one use up to 100, which is rare, I only used 30.
Funny, that my bank only allows 16 character max password.
Changing passwords frequently on a password manager is easy and painless.
I use multifactor authentication of some type on all financial websites that have the option.
Every little bit helps.
aredhel
Posts: 23
Joined: Thu Jan 19, 2017 10:20 am

Re: So someone drained $13k from my checking account...

Post by aredhel »

Kevin M wrote:
ThreeBears wrote: -It was nice to hear that at least ONE person here understands that there are consumer protections for consumer.
Many of us understand this. I think many of us are mainly discussing ways to minimize the hassle--at least that's what I'm thinking about. I'd rather be out $5K or $10K for a few days than be out $20K or $30K for a few days.

Kevin
Plus, a lot of people couldn't afford to be down even $5k for a few days - they live paycheck-to-paycheck, and have only one bank account. Spreading the word that it could be a significant amount of time before you will get your money back, and that it's a very good idea to have a backup bank account you can use just in case your primary account has to be temporarily shut down due to fraud is important.
ThreeBears
Posts: 169
Joined: Mon Nov 28, 2016 10:13 am

Re: So someone drained $13k from my checking account...

Post by ThreeBears »

aredhel wrote:
Kevin M wrote:
ThreeBears wrote: -It was nice to hear that at least ONE person here understands that there are consumer protections for consumer.
Many of us understand this. I think many of us are mainly discussing ways to minimize the hassle--at least that's what I'm thinking about. I'd rather be out $5K or $10K for a few days than be out $20K or $30K for a few days.

Kevin
Plus, a lot of people couldn't afford to be down even $5k for a few days - they live paycheck-to-paycheck, and have only one bank account. Spreading the word that it could be a significant amount of time before you will get your money back, and that it's a very good idea to have a backup bank account you can use just in case your primary account has to be temporarily shut down due to fraud is important.

Under Regulation E, banks must provide provisional credit within 10 business days. It didn't sound like most of the people posting realized that. The bank then has 45 (or 90 days) to resolve the dispute. If the bank can't prove that the consumer was responsible the charges, the bank must make the provisional credit final. With credit cards as an alternative source of financing, I think most people could weather a 10-business day gap of money. It wouldn't be ideal, but a sufficiently small risk that most people should avoid the suggestions on this site like never using a debit card.
rralex1
Posts: 119
Joined: Wed Feb 18, 2015 3:21 pm

Re: So someone drained $13k from my checking account...

Post by rralex1 »

sport wrote:
rralex1 wrote: To suggest that never using debit cards as a solution however, is absolutely ludicrous.
What is ludicrous about not using debit cards? I've never used one in my life. My credit cards give me rebates. Why would I want to use a debit card that pays no rebates, has lesser consumer protection, and puts my checking account balance at risk? Debit cards seem to exist primarily for the benefit of the bank, not the consumer. Now, if someone is so childish that they cannot control their spending using a credit card, and need to be limited by the balance in their account, I guess a debit card might be useful. However, if one uses credit responsibly and does not run up bills they cannot pay, a credit card is clearly superior for the reasons listed above.
You miss the point of my reply. It was suggested that the solution to the problem of the cyber crime perpetrated on the OP was as simple as to "never use a debit card - Period." That is not the solution, and through experience I provided some actionable alternatives (there are many more), rather than a rant. I carry no bias towards debit cards or credit cards, and remain debt free.

As for comparisons between borrowing money and gaming credit card issuers by paying them off each month, or spending what one has, or using credit cards vs debit cards, it is worthwhile to note that growth in cc debt in the US. continues to grow and now tops $750 Billion.. (generating profit that serves to exist primarily for the benefit of banks not the consumer..). Also sadly, that credit cards account for the lowest income households in America carrying an average of more than $10,000 in credit card debt (that they don't pay off each month). That however, is topic for a different discussion. :beer
User avatar
topper1296
Posts: 836
Joined: Fri Apr 03, 2009 10:50 pm
Location: Nashville TN

Re: So someone drained $13k from my checking account...

Post by topper1296 »

Glad the OP had this issue resolved pretty fast. Here are a couple things I do. I never carry a debit card, only a credit card. I have my regular recurring bills on a separate CC that I never carry on me or ever use for online purchases. If my primary CC that I carry on me and use for day to day purchases ever get hacked, my regular bills will still be paid. I did have my primary CC hacked once about a year ago, but my regular bills were still paid on time and I didn't have to worry about setting them up again for bill pay.

On a related note, I don't keep all of my eggs in one basket by not keeping everything with just one institution. There have been a lot of threads about keeping everything at Vanguard. I was shocked at how many people keep everything in one place. I view keeping everything in one place as foolish as keeping everything in just one asset class. IMO, diversifying WHERE one invest/saves is as important as diversifying in WHAT one invest/saves in.
Topic Author
Cash
Posts: 1572
Joined: Wed Mar 10, 2010 9:52 am

Re: So someone drained $13k from my checking account...

Post by Cash »

rralex1 wrote:It was suggested that the solution to the problem of the cyber crime perpetrated on the OP was as simple as to "never use a debit card - Period." That is not the solution
True, because I haven't used a debit card (other than for ATM withdrawals) in at least 15 years.
mptfan
Posts: 7217
Joined: Mon Mar 05, 2007 8:58 am

Re: So someone drained $13k from my checking account...

Post by mptfan »

rralex1 wrote: It was suggested that the solution to the problem of the cyber crime perpetrated on the OP was as simple as to "never use a debit card - Period."
This is not correct.

My suggestion to not use a debit card was in response to a post by Miakis, not the OP, in which Miakis wrote the following...."I have a client who had her business debit card hacked and duplicated - it was never lost - but it was mysteriously being used to purchase airplane tickets and hotel stays. She was using it for only a couple of transactions per month as her card for a couple of monthly subscriptions."

I did not suggest that never using a debit card was a solution to the problem of the cyber crime perpetrated on the OP.
Last edited by mptfan on Sat Mar 25, 2017 11:17 am, edited 1 time in total.
mptfan
Posts: 7217
Joined: Mon Mar 05, 2007 8:58 am

Re: So someone drained $13k from my checking account...

Post by mptfan »

Cash wrote:
rralex1 wrote:It was suggested that the solution to the problem of the cyber crime perpetrated on the OP was as simple as to "never use a debit card - Period." That is not the solution
True, because I haven't used a debit card (other than for ATM withdrawals) in at least 15 years.
Cash, it is true that is not the solution to the issue you reported, and if you read my previous post, you will see that it was not intended or offered as a solution to the issue you reported.
mptfan
Posts: 7217
Joined: Mon Mar 05, 2007 8:58 am

Re: So someone drained $13k from my checking account...

Post by mptfan »

ThreeBears wrote: Under Regulation E, banks must provide provisional credit within 10 business days. It didn't sound like most of the people posting realized that. The bank then has 45 (or 90 days) to resolve the dispute. If the bank can't prove that the consumer was responsible the charges, the bank must make the provisional credit final.
And what if the bank does not do what it is supposed to do? What if the bank takes the position that the consumer was responsible for the charges?
ThreeBears
Posts: 169
Joined: Mon Nov 28, 2016 10:13 am

Re: So someone drained $13k from my checking account...

Post by ThreeBears »

mptfan wrote:
ThreeBears wrote: Under Regulation E, banks must provide provisional credit within 10 business days. It didn't sound like most of the people posting realized that. The bank then has 45 (or 90 days) to resolve the dispute. If the bank can't prove that the consumer was responsible the charges, the bank must make the provisional credit final.
And what if the bank does not do what it is supposed to do? What if the bank takes the position that the consumer was responsible for the charges?
That's a fair question. I just think that it's rare. Once you point out to the low-level employee that there is a federal regulation, they will confirm with their compliance department. If you still think the bank made a mistake, you can report them to their federal regulator. For most large banks, this is the CFPB.

In 99.9% of these cases, the law favors the consumer. However, people don't know the law. Also, bank's are occaisionally ignorant of the law (at least low-level employees). But, once you point out the law, they'll comply. I think there's pretty low risk with losing money permanently on an unauthorized ACH transaction.

Finally, the bank has to have affirmative evidence that the consumer was responsible for the charge. Most of the time, no such evidence exists.
mptfan
Posts: 7217
Joined: Mon Mar 05, 2007 8:58 am

Re: So someone drained $13k from my checking account...

Post by mptfan »

ThreeBears wrote: That's a fair question. I just think that it's rare. Once you point out to the low-level employee that there is a federal regulation, they will confirm with their compliance department. If you still think the bank made a mistake, you can report them to their federal regulator. For most large banks, this is the CFPB.
I think you misunderstand my question. I accept that the bank "knows the law," what I am saying is the bank, knowing the law, may take the position that the consumer IS responsible for the transaction while the consumer may disagree, then what? For example, the bank may take the position that the consumer did not take reasonable measures to protect their password, or their computer, and allowed someone else to access their account. I am NOT saying that the consumer did that, I am saying the bank may take the position that the consumer did that. So I am not saying that the bank does not know the law, I am saying that there are many potential factual scenarios where the consumer and the bank may disagree about who is responsible for the transaction when applying the known law.
User avatar
dm200
Posts: 23214
Joined: Mon Feb 26, 2007 1:21 pm
Location: Washington DC area

Re: So someone drained $13k from my checking account...

Post by dm200 »

I accept that the bank "knows the law," what I am saying is the bank, knowing the law, may take the position that the consumer IS responsible for the transaction while the consumer may disagree, then what? For example, the bank may take the position that the consumer did not take reasonable measures to protect their password, or their computer, and allowed someone else to access their account. I am NOT saying that the consumer did that, I am saying the bank may take the position that the consumer did that. So I am not saying that the bank does not know the law, I am saying that there are many potential factual scenarios where the consumer and the bank may disagree about who is responsible for the transaction when applying the known law.
From both the bank/credit union position and the consumer position, this work both ways. Often, common sense and fairness are out the window when dealing with certain laws and regulations. I cannot comment specifically on exact customer details, but it is true that the bank/credit union can take the position that the consumer must notify the bank/credit union within a certain period to contest certain transactions.

On the other hand, the consumer/customer can do some really irresponsible things (such as writing the password on the debit/atm card) and can successfully contest a transaction.
Topic Author
Cash
Posts: 1572
Joined: Wed Mar 10, 2010 9:52 am

Re: So someone drained $13k from my checking account...

Post by Cash »

mptfan wrote:
Cash wrote:
rralex1 wrote:It was suggested that the solution to the problem of the cyber crime perpetrated on the OP was as simple as to "never use a debit card - Period." That is not the solution
True, because I haven't used a debit card (other than for ATM withdrawals) in at least 15 years.
Cash, it is true that is not the solution to the issue you reported, and if you read my previous post, you will see that it was not intended or offered as a solution to the issue you reported.
Oh sorry, I wasn't talking about you specifically. But several posts made that assumption.
MnD
Posts: 5194
Joined: Mon Jan 14, 2008 11:41 am

Re: So someone drained $13k from my checking account...

Post by MnD »

I'm skeptical of the several warnings in this thread against allowing auto-pulls from ones checking account.

I've used "auto-pulls" from checking for decades and never had any banking problems. Now that I use a credit cards for everything possible they are limited to monthly pulls from two huge credit-card companies (that are also banks themselves) and a mortgage payment pull also from a national bank. The only non-bank auto-pull from checking is from a huge regional utility company that surcharges for credit card use.

In contrast over the years I've probably had 5 credit cards hacked (actual fraud charges) and another 5 or more replaced early after being compromised but with no fraud charges to my account. A number of these hacks happened after we had been doing a lot of shopping and dining out at independant stores and restaurants. I've also had a debit card that was used exclusively for ATM's cloned and used for fraudulent charges - I suspect a single use at a retail store off-brand ATM led to that.

So I'm a lot more suspect of credit card and debit card use (and paper check use) providing the "keys" to your credit and banking accounts versus auto-pulls from major institutions, which are often limited to FDIC banks themselves if you are using credit cards for all spending possible. The advantages of "auto-pay in full" IMO outweighs the risks, which I doubt are any higher than risks involved in manually initiated or automated push type electronic payments.
70/30 AA for life, Global market cap equity. Rebalance if fixed income <25% or >35%. Weighted ER< .10%. 5% of annual portfolio balance SWR, Proportional (to AA) withdrawals.
S_Track
Posts: 535
Joined: Sat Feb 18, 2017 11:33 am

Re: So someone drained $13k from my checking account...

Post by S_Track »

Great topic, I have made it a rule not to allow pulls from my online checking account. Given that, how do you folks transfer money to VG. The website is suggesting a pull from my checking account. Is that what you all do? I was hoping I could set up and automatic Bill pay (send them a check for $X each month) from my online billing, thus make it a push rather than a pull. Is there a way to do this? I saw where you can send them a hand written check but they require you to accompany a form with the check. Thanks
TravelGeek
Posts: 4902
Joined: Sat Oct 25, 2014 3:23 pm

Re: So someone drained $13k from my checking account...

Post by TravelGeek »

mptfan wrote:
By that definition, everyone who has possession of one of your checks has access to your account, so yes. But there are different types of access, and when you authorize a company to do an ACH transfer directly from your account, electronically, that is a whole different type of access and it is much easier for someone in that company to just push a button and transfer money that way as compared to going through the trouble of printing up checks and forging your signature.
I don't believe that my local gas company has a computer system that would allow one of their employees to "just push a button" and cause a transfer from my account into their personal account.

I think I am at "much greater" (*) risk from checks such as the one I wrote to some neighborhood girl scouts who came to my door (with a mom) to sell me cookies. Or the once-a-year sprinkler service that I pay by check. Or the birthday check that my wife sends to nieces with questionable friends.

(*) probably statistically a small risk compared to, say, walking around town with distracted drivers with cell phones glued to their ears
mptfan
Posts: 7217
Joined: Mon Mar 05, 2007 8:58 am

Re: So someone drained $13k from my checking account...

Post by mptfan »

dm200 wrote: From both the bank/credit union position and the consumer position, this work both ways.
The consumer can take whatever position he or she wants, but it has no bearing on whether or not he or she gets her money back from a bank after a fraudulent transaction. It is only the bank's position that matters on that point, so I really don't see that as working both ways.
ThreeBears
Posts: 169
Joined: Mon Nov 28, 2016 10:13 am

Re: So someone drained $13k from my checking account...

Post by ThreeBears »

mptfan wrote:
ThreeBears wrote: the bank may take the position that the consumer did not take reasonable measures to protect their password, or their computer, and allowed someone else to access their account.
This is a good point. Again, the regulation does not give the bank much wiggle room for finding excuses. The commentary to Regulation E states the following:

Consumer negligence. Negligence by the consumer cannot be used as the basis for imposing greater liability than is permissible under Regulation E. Thus, consumer behavior that may constitute negligence under state law, such as writing the PIN on a debit card or on a piece of paper kept with the card, does not affect the consumer's liability for unauthorized transfers. (However, refer to comment 2(m)-2 regarding termination of the authority of given by the consumer to another person.)

So, to directly answer your points: Yes, " the bank may take the position that the consumer did not take reasonable measures to protect their password" . . . but such a position does not provide the bank with a valid reason to avoid providing a reimbursement for the unauthorized transaction.

Like I said, most people on the board here do not realize how strong consumer protection laws are.
Topic Author
Cash
Posts: 1572
Joined: Wed Mar 10, 2010 9:52 am

Re: So someone drained $13k from my checking account...

Post by Cash »

^^ That is good to know
User avatar
VictoriaF
Posts: 20122
Joined: Tue Feb 27, 2007 6:27 am
Location: Black Swan Lake

Re: So someone drained $13k from my checking account...

Post by VictoriaF »

Papajoe56 wrote: One should never use Debit or ATM cards when out of country.
I agree with your other recommendations. But this one does not work. When you are out of the country, you have to get local cash somewhere for places that do not accept credit cards. And if you travel for a long time, you don't want to take too much cash all at once, and thus need multiple trips to an ATM.

Victoria
Inventor of the Bogleheads Secret Handshake | Winner of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
rralex1
Posts: 119
Joined: Wed Feb 18, 2015 3:21 pm

Re: So someone drained $13k from my checking account...

Post by rralex1 »

mptfan wrote:
rralex1 wrote: It was suggested that the solution to the problem of the cyber crime perpetrated on the OP was as simple as to "never use a debit card - Period."
This is not correct.

My suggestion to not use a debit card was in response to a post by Miakis, not the OP, in which Miakis wrote the following...."I have a client who had her business debit card hacked and duplicated - it was never lost - but it was mysteriously being used to purchase airplane tickets and hotel stays. She was using it for only a couple of transactions per month as her card for a couple of monthly subscriptions."

I did not suggest that never using a debit card was a solution to the problem of the cyber crime perpetrated on the OP.
My misunderstanding as I though that the response had to do with the basis of the thread topic. Duly acknowledged. Your proposed solution to the client who had her business card hacked and duplicated being "to never use debit cards ever.. Period", remains as valid as suggesting that the solution to credit card cyber crime is to never use credit cards..ever Period. Yes, you are correct specifically on both counts..

Being in the business of addressing these specific kinds of issues often, my recommendation is to not vest in a bias suggesting a generalized, simple, all encompassing answer to any issue of cyber crime as "the" answer. It remains a fundamental issue of security (physical and otherwise) to enable multiple layers of protection, often conceptualized as concentric circles of protection, to buffer and delay access to the core assets that are protected. The penetration cannot be stopped. Period. And the issues are only in their infancy.

There are some great actionable recommendations in this thread including
Papajoe56 wrote: I work for a bank on the operations side,and I do not own a debit card, nor an ATM card.
Debit Card/ATM card fraud is a constant problem, and one I do not want to deal with.
One should never use Debit or ATM cards when out of country.
One should never click on an e-mail link from a financial company.
I opted out of "free" overdraft protection, and have no pulls from any accounts.
Overdraft protection really benefits the bank, not the customer.
I most always use credit cards,push, or cash to pay.
Credit cards are paying me 1% - 3% when I use them, so I take the money.
Maybe wrote 10 checks last year, when credit card was not an option, or I needed cancelled check in records.
No cell phone banking for me, or any financial use on cell for that matter.
I only do financial business at home, or the office.
I use a password manager on home computer, and use the longest passwords a financial site will let me.
Changing passwords frequently on a password manager is easy and painless.
I use multifactor authentication of some type on all financial websites that have the option.
Every little bit helps.
themesrob wrote:echoing some of the advice above, my personal rules are:
- never use debit cards except for ATM withdrawals
- set text/email alerts for online transactions at a lower-than-you'd-think threshold
- set up paypal and venmo (with strong passwords, obviously), and use them whenever possible to pay in situations where people usually demand checks (cleaning service, electrician, etc.)
- try to keep your checking account balance in alignment with any immediate needs, and transfer funds in/out to HYSAs (the information for which is never shared with third parties other than your primary bank) glad the situation was resolved for you quickly.
topper1296 wrote:Here are a couple things I do. I never carry a debit card, only a credit card. I have my regular recurring bills on a separate CC that I never carry on me or ever use for online purchases. If my primary CC that I carry on me and use for day to day purchases ever get hacked, my regular bills will still be paid. I did have my primary CC hacked once about a year ago, but my regular bills were still paid on time and I didn't have to worry about setting them up again for bill pay.
There is also in my opinion, no need to break into a cold sweat as written in one post, although I get it. Conversely it should provide value and confidence that people here are vesting in knowledge that can help us all be more prepared for the future. Me included. :beer

Have a good weekend.
User avatar
dm200
Posts: 23214
Joined: Mon Feb 26, 2007 1:21 pm
Location: Washington DC area

Re: So someone drained $13k from my checking account...

Post by dm200 »

mptfan wrote:
dm200 wrote: From both the bank/credit union position and the consumer position, this work both ways.
The consumer can take whatever position he or she wants, but it has no bearing on whether or not he or she gets her money back from a bank after a fraudulent transaction. It is only the bank's position that matters on that point, so I really don't see that as working both ways.
I believe that if the consumer is correct (about applicable law and regulations) and states the correct position to the proper level of management at the bank or credit union, it is very likely that the bank or credit union will follow the appropriate law and regulation. Banks and credit unions probably know that the consumer can easily file a complaint with the appropriate regulator and/or the CFPB.
User avatar
dm200
Posts: 23214
Joined: Mon Feb 26, 2007 1:21 pm
Location: Washington DC area

Re: So someone drained $13k from my checking account...

Post by dm200 »

ThreeBears wrote:
mptfan wrote:
ThreeBears wrote: the bank may take the position that the consumer did not take reasonable measures to protect their password, or their computer, and allowed someone else to access their account.
This is a good point. Again, the regulation does not give the bank much wiggle room for finding excuses. The commentary to Regulation E states the following:
Consumer negligence. Negligence by the consumer cannot be used as the basis for imposing greater liability than is permissible under Regulation E. Thus, consumer behavior that may constitute negligence under state law, such as writing the PIN on a debit card or on a piece of paper kept with the card, does not affect the consumer's liability for unauthorized transfers. (However, refer to comment 2(m)-2 regarding termination of the authority of given by the consumer to another person.)
So, to directly answer your points: Yes, " the bank may take the position that the consumer did not take reasonable measures to protect their password" . . . but such a position does not provide the bank with a valid reason to avoid providing a reimbursement for the unauthorized transaction.
Like I said, most people on the board here do not realize how strong consumer protection laws are.
The one area of consumer "negligence" where the bank or credit union may look for (and do what can be done to document it) is the consumer gives the access code (such as ATM Card PIN) to someone and that someone draws out much more (perhaps more often) than was intended by the account holder.
ThreeBears
Posts: 169
Joined: Mon Nov 28, 2016 10:13 am

Re: So someone drained $13k from my checking account...

Post by ThreeBears »

dm200 wrote: The one area of consumer "negligence" where the bank or credit union may look for (and do what can be done to document it) is the consumer gives the access code (such as ATM Card PIN) to someone and that someone draws out much more (perhaps more often) than was intended by the account holder.
Yes, that's a solid point. But, I would call it delegated authority gone awry (just to keep it separate from general "negligence").

From Regulation E commentary:

"Authority. If a consumer furnishes an access device and grants authority to make transfers to a person (such as a family member or co-worker) who exceeds the authority given, the consumer is fully liable for the transfers unless the consumer has notified the financial institution that transfers by that person are no longer authorized."

I believe there has been some use of this commentary when a consumer grants authority to a third party (like Venmo) and then the undesired transaction comes in by way of previously granted authority.

Again, the bank has to have a documented reason to go this route. They can't just assume it and require the consumer to prove their assumption is wrong. dm200 - I'm sure you get this. I'm just stating this for other people's education.
TravelGeek
Posts: 4902
Joined: Sat Oct 25, 2014 3:23 pm

Re: So someone drained $13k from my checking account...

Post by TravelGeek »

VictoriaF wrote:
Papajoe56 wrote: One should never use Debit or ATM cards when out of country.
I agree with your other recommendations. But this one does not work. When you are out of the country, you have to get local cash somewhere for places that do not accept credit cards. And if you travel for a long time, you don't want to take too much cash all at once, and thus need multiple trips to an ATM.

Victoria
Agree with you. I have used my ATM card in many foreign countries.

The world is a big place. I don't think there is a greater risk of fraud at a Citibank ATM in Tokyo or a Deutsche Bank ATM in Frankfurt than a random ATM at a gas station somewhere on I-95.
User avatar
dm200
Posts: 23214
Joined: Mon Feb 26, 2007 1:21 pm
Location: Washington DC area

Re: So someone drained $13k from my checking account...

Post by dm200 »

Again, the bank has to have a documented reason to go this route. They can't just assume it and require the consumer to prove their assumption is wrong. dm200 - I'm sure you get this. I'm just stating this for other people's education.
Yes. The most common form of such documentation is from the card holder him/herself. Upon discussions with the bank or credit union about the disputed transactions, or perhaps when confronted with a photo/video of a family member withdrawing money from an ATM, the card holder might say something like, "Oh yes. I gave the card and PIN to my grandson, Johnny, to get $40 from the ATM. He was not supposed to take out $200 and then go the next day and get another $200." The fact that, admitted by the card holder, the card and PIN were given to another person usually will relieve the bank or credit union of the need to give the money back to the card holder.
User avatar
BrandonBogle
Posts: 4467
Joined: Mon Jan 28, 2013 10:19 pm

Re: So someone drained $13k from my checking account...

Post by BrandonBogle »

dm200 wrote:
ThreeBears wrote:Again, the bank has to have a documented reason to go this route. They can't just assume it and require the consumer to prove their assumption is wrong. dm200 - I'm sure you get this. I'm just stating this for other people's education.
Yes. The most common form of such documentation is from the card holder him/herself. Upon discussions with the bank or credit union about the disputed transactions, or perhaps when confronted with a photo/video of a family member withdrawing money from an ATM, the card holder might say something like, "Oh yes. I gave the card and PIN to my grandson, Johnny, to get $40 from the ATM. He was not supposed to take out $200 and then go the next day and get another $200." The fact that, admitted by the card holder, the card and PIN were given to another person usually will relieve the bank or credit union of the need to give the money back to the card holder.
In many such cases, a bank would still offer to reimburse the client if the client signs an affidavit that they would be willing to press charges if the bank decides to bring a case against the "thief". Oftentimes, this person is a family member or other close individual and the client chooses not to go down that route, but the choice is theirs.
MikeG62
Posts: 5065
Joined: Tue Nov 15, 2016 2:20 pm
Location: New Jersey

Re: So someone drained $13k from my checking account...

Post by MikeG62 »

Cash wrote:...How did the fraudster get the account number? The only direct withdrawals and deposits to the account are from paychecks, utilities, credit card companies, ACH links to other financial institutions, and the (very) occasional check. Was one of those institutions compromised? I haven't received any notices. Did someone get an old check? Puzzling.
Was the credit union able to provide answers into these questions?

At the end of the day, there is an electronic trail and I would think they can figure out what it is and how this happened. Personally, I would not let this go without insisting they tell me how this occurred (or convince me that there is no way for them to ever determine that) and I'd threaten to close my accounts with them and take my business elsewhere if they did not provide me with answers as a lever to get them to do the requested leg work.

It is only with that information that you/us have a fighting chance at preventing this from happening in the future.
Real Knowledge Comes Only From Experience
Topic Author
Cash
Posts: 1572
Joined: Wed Mar 10, 2010 9:52 am

Re: So someone drained $13k from my checking account...

Post by Cash »

When this type of thing happens with credit cards, I often get some sort of case closed letter. I assume I will get the same from the credit union and follow up at that time. I'll report back!
wrongfunds
Posts: 3187
Joined: Tue Dec 21, 2010 2:55 pm

Re: So someone drained $13k from my checking account...

Post by wrongfunds »

In general, anyone you have ever written a check to (or has access to such checks) has the information to process an ACH withdrawal or deposit
What I do not understand is how a new entity is able to withdraw money from an account by just knowing the account number (and possibly name)? But I know it is true. The university tuition payment only requires the account number. If one is not worried about getting caught and ending in federal jail, it is trivial to put somebody else' account number for paying $30K tuition to university in single fraudulent transaction. By the way, this university only allows pull and not push to their account.

I just do not understand how ACH was designed in the first place to allow this travesty?
User avatar
dm200
Posts: 23214
Joined: Mon Feb 26, 2007 1:21 pm
Location: Washington DC area

Re: So someone drained $13k from my checking account...

Post by dm200 »

wrongfunds wrote:
In general, anyone you have ever written a check to (or has access to such checks) has the information to process an ACH withdrawal or deposit
What I do not understand is how a new entity is able to withdraw money from an account by just knowing the account number (and possibly name)? But I know it is true. The university tuition payment only requires the account number. If one is not worried about getting caught and ending in federal jail, it is trivial to put somebody else' account number for paying $30K tuition to university in single fraudulent transaction. By the way, this university only allows pull and not push to their account.
I just do not understand how ACH was designed in the first place to allow this travesty?
I cannot "explain" or "justify" the whole ACH "system". Pretty much most of the rules of the ACH system are "delegated" to NACHA (National Automated Clearinghouse Association). There are regular changes to the ACH system (and rules, practices) from time to time, such as the "Same Day" ACH. I suspect that this "system" developed over the decades and was never fully "designed" to prevent fraud as it is practiced today.

Every (or, perhaps almost every) US Bank or Credit Union has a "Routing and Transit Number" (RTN), also known as the ABA Number. Some banks and credit unions may have more than one, usually due to mergers. These RTNs and the associated bank or credit union are 100% public information. So, for example, if someone (up to no good) knew you have an account at the XYZ Federal Credit Union, they can easily find out the RTN. There is even a book you can buy with the entire list. Banks and credit unions often list their RTN(s) on their web sites.

Access (in theory) to the ACH system should be controlled by the payroll services, banks, credit unions, investment companies, etc. However, in practical terms LOTS of employees and contractors can get into the system and do bad things. While they would be tracked down and caught eventually, it is probably true that they would be long gone when tracked down.

One (in my experience) conduit of improper ACH debits are the billing services that process transactions for various merchants. I have seen these bogus charges coming through from flower (florist) orders. Some ACH fraud occurs without a valid account number. A large ACH debit (with the wrong name and account number) goes to a bank or credit union. The money goes out right away (on the settlement date), and then would be rejected by the bank or credit union (probably the next day). Maybe, for some reason, the bank or credit union does not reject if and there is a delay. Losses (to somebody) can happen in such situations.

Some (perhaps many or most) banks and credit unions post ACH transactions by account number only (fully allowed by the NACHA rules) and do not, normally, reject or flag name mismatches. [My opinion is that they should, but the rules do not so require]. So, for example, if you want to get your federal or state income tax refund sent to your bank or credit union, you just put the RTN and your account number on your tax return. If, for example, "John Smith" has an account 1234567 at the bank or credit union, and gets the RTN correct, but mistakenly writes 1234576 on the return and there is an account 1234576 belonging to Maria Gomez - then the refund might appear in Maria Gomez' account. Scary Indeed!!!
wrongfunds
Posts: 3187
Joined: Tue Dec 21, 2010 2:55 pm

Re: So someone drained $13k from my checking account...

Post by wrongfunds »

Why can't ACH withdrawal be limited to only accounts which has prior authorization on file? That is how I thought it worked based upon the DCA going in to mutual funds. But when my kids went to college and paying tuition from the university's website made it clear that there are no such checks in the system.

I can't think of why such a restriction can't be put in today.
User avatar
dm200
Posts: 23214
Joined: Mon Feb 26, 2007 1:21 pm
Location: Washington DC area

Re: So someone drained $13k from my checking account...

Post by dm200 »

wrongfunds wrote:Why can't ACH withdrawal be limited to only accounts which has prior authorization on file? That is how I thought it worked based upon the DCA going in to mutual funds. But when my kids went to college and paying tuition from the university's website made it clear that there are no such checks in the system.
I can't think of why such a restriction can't be put in today.
Who (or where) and how would such limits be imposed and enforced? A bank or credit union is supposed to have such (or equivalent) authorizations. But - that is not managed centrally, but at the bank or credit union level.

It is also allowed (by statute and/or regulations) that a check can be converted to an ACH. By writing such a check, authorization is assumed.

While I cannot respond to the specifics of a University tuition paid by ACH, my guess is that by logging in and requesting such payment(s) be made by a debit to a bank or credit union account - that request is considered the "authorization".
Post Reply